SlideShare a Scribd company logo
1 of 48
Download to read offline
MC2MC
How to grow to a Modern Workplace in
16 steps with Microsoft 365
Jasper Bernaers
Modern Workplace Lead @ Synergics
@Jasper_be
https://www.jasperbernaers.com
https://www.linkedin.com/in/jasperbernaers/
Tim Hermie
Senior Modern Workplace Architect @ Synergics
Microsoft MVP Enterprise Mobility
@_Cloud_boy
https://www.cloud-boy.be
https://www.linkedin.com/in/timhermie/
Agenda
• Azure AD Connect
• Exchange Hybrid
• OneDrive/ESR
• Teams/Sharepoint
• MEM
• Voice
• Autopilot
• Increase security
• Software deployment
• GPO to CSP
• Windows Updates
• Azure
• Legacy AD migration
• Collaboration platforms
• Rethink on-premises
• Automate
Why are we bringing this pitch?
• IT-Strategy
• Long-
term decisions will reflect in
Microsoft 365
• We are not expert in every
aspect
• We should know something
about everything :-)
• Microsoft 365 is
connected in the
collaboration stack
• We are working for mid-
size companies (SMB),
they don't have a specific
profile for everything
1. Azure AD Connect
Azure AD Connect
• Install Azure AD Connect (best practice not on your DC).
• Sync your users and groups to Azure AD.
• Sync password hashes to Azure AD.
• Use Azure AD as primary authentication method.
• Enable password writeback (Self-Service).
Why?
• Microsoft Azure AD is beyond the current ‘legacy’ integration and is a
next-gen identity platform. Make it simple. If you don’t need third-
party solutions (which always limits new capabilities) don’t go for it.
• Use native Azure AD. Also it’s a big opportunity to leave things behind
and smoothly shift to ADDS or Azure AD.
• Built-in integration with a lot of SaaS apps.
2. Exchange Hybrid
Exchange Hybrid
• Change the UPN’s if required, same as e-mail preferred. Easier for
users.
• Run the hybrid Exchange wizard and connect your exchange with EXO.
• Pre-sync all mailboxes to a state of 95. Throttled, change the
maximum in your virtual webservices.
• Move to Office 365 in 1 a cut-over scenario.
• Cut-over migration is best-practice under 2000-5000 seats you can do
more, over a weekend.
After the migration
• After the migration of hybrid Exchange the next steps is shifting the
mail relay to O365.
• Make it simple, don't create a super complex mailflow is has no real
value.
• Don’t over-think, don’t create complex hybrid mail flows. You could
keep hybrid-Exchange for the first phase with management to AD and
Exchange Online.
• You could stop the Azure AD Connect and go cloud only, but..
3. OneDrive + ESR
OneDrive
• Document data is one of the post important things running in any
workplace.
• Personal data is crucial for considering for migration.
• OneDrive migration will help support the shift to M365 when you
help to create a better collaboration space for the people.
OneDrive
• Use OneDrive Known Folder move so you can automatically discover
your Desktop, documents and pictures and place them on OneDrive
(automatically). People love this feature. It’s easy to implement and
has additional value without changing the core.
• Migrate your home drives, to OneDrive with the SharePoint migration
tool or different tools when you need more control. Document shift is
important to get away from the current system(s).
ESR – Enterprise State Roaming
• Use ESR to sync favorites and Windows settings to the cloud.
• This together with OneDrive KFM makes sure a user always gets the
“same” device back after refreshing devices.
4. Teams/SharePoint Online
Teams/SharePoint Online
• Assess your current environment and understand the needs.
• Migration of team data could result in Microsoft Teams Libraries.
• Migration of organization data should result in SharePoint Online.
• Still personal data (only touched by 1 person) can land in OneDrive.
• There are great tools on the market to do the assessments. Phased
approach is necessary. Standards & building blocks will help with
speed of implementation.
5. MEM
MEM
• Implement Microsoft Endpoint Manager (Intune) for your Windows
10 devices.
• Onboard all current devices with Hybrid Join and rollout new devices
full Cloud (Azure AD Joined).
• Implement MAM for mobile (Android/iOS) at least. Manage all your
company owned devices.
6. Voice
Voice
• Don’t go for less. Use Microsoft Teams. :-)
• And if you will choose other platforms think about what Microsoft is
preaching: trust – compliance – Inclusion - Security, segmentation..
• More important: Think about the speed of implementation
comparted to the easiness of one platform
• Also think about adoption, everything is changing faster. It's our
'responsibility' to govern these solutions so different creates
complexitiy.
7. Windows Autopilot
Windows Autopilot
• Enroll new device with Windows Autopilot (staging Principe)
• Onboard current domain joined devices with a Group Policy.
• Onboard current hybrid joined devices with an Autopilot profile.
8. Increase Security
Increase Security
• Multi-Factor Authentication or Azure Security Defaults.
• Conditional Access.
• Connect your devices to Azure AD with Microsoft Endpoint Manager.
Hybrid Join – Full Cloud. Just connect it.
• Enroll devices into MDATP if you have the license :-) we have seen..
• Risky User Sign-in policies. Define some security policies. Just basic
alerting.
Increase Security
• Self-Service Password Reset (SSPR) – enable password writeback in
Azure AD Connect.
• Create control on lifecycle management of identities. Expiration,
onboarding, offboarding etc..
• Automatic password reset or disablement of account when breached.
• Shift to primary Azure AD, later 
9. Software deployment
Software deployment
• Microsoft 365 Apps can be quickly deployed by Microsoft Endpoint
Manager.
• Windows Updates is easy with MEM.
• Built an Update strategy (1 x year / 2 x year?)
Software deployment
• Microsoft Edge will deliver great value when it comes to browser
support, can support old ‘sessions’ as well. Azure AD integrated, great
new stuff, super modern. Configure Edge with MEM.
• Use third-party mechanisms as PatchMyPC or Chocolatey for ‘simple’
deployable software.
• Use own written scripts and create packages when necessary.
• Wrap everything as IntuneWin (++ advantages).
10. GPO to CSP
GPO to CSP
• Microsoft is currently working on Policy Analytics which will help the
migration of GPO’s to MDM policies with control. But keep in mind, a
lot of policy are used for legacy.
• We don’t believe in migration of GPO’s. We believe in a basis
workplace ‘greenfield’ were you build standards for everyone. Not for
groups. And if you do. For 10 groups. and 90% same architecture and
flavors.
• So: Don’t migrate non used GPO’s.
• Rethink GPO’s -> MDM.
GPO to CSP
• Start with Security Baselines.
• ADMX backed baselines (ADMX ingestion) will help for smooth and
faster configuration. Whenever it’s not possible use the OMA-URI’s.
• Most important try to be prepared for 80% to shift the authority from
GPO’s to MDM. And leave the GPO’s in your on-premise DC’s behind.
11. Windows Updates
Windows Updates
• Create a Windows 10 update ring with peer-to-peer caching to not kill
the internet break out. VPN etc.. (Delivery Optimization!!!)
• Create segmented of pre-test groups to validate the update version in
production. (Minimum of 2/3 Update Rings!)
• Use the standard Security Baselines to implement the W10 MDM
Baseline and MDATP configuration. Baselines are great but complex.
Test it with a POC!
12. Azure
Azure
• Think about Wim: Rehost, Refactor, Rearchitect, Rebuild, Replace!
• Assess and write down all infrastructure and start with rearchitecting
were possible.
• When you’re hosting well known vendor applications try to get in
touch and ask if they are planning for SaaS, Azure, others.
Azure
• Create an Azure Migrate project and add the Server Assessment
solution to the project.
• Set up the Azure Migrate appliance and start discovery of your server.
To set up discovery, the server names or IP addresses are required.
Each appliance supports discovery of 250 servers. You can set up
more than one appliance if required.
• Once you have successfully set up discovery, create assessments and
review the assessment reports.
Azure
• Use the application dependency analysis features to create and refine
server groups to phase your migration.
• Migrate machines as physical servers to Azure.
• Don’t forget: Rehost, Refactor, Rearchitect, Rebuild, Replace.
• Say goodbye to old legacy applications that are not secured in a
modern world.
13. Legacy AD Migration
Legacy AD Migration
• Shift applications that use AD Groups or AD Authentication to
authenticate applications towards Azure AD worst case ADDS.
• Try to isolate all applications, monitor the active usage of AD and try
to find and understand what you can transform easily.
• Sometimes there is an application which is old for billing or
accountants, mostly used by some people. Don’t integrate, isolate
and shift with dedicated accounts to Azure IaaS. But write it in the
long-term plan and push these vendor for integration of choose other
platforms.
14. Collaboration platforms
Collaboration platforms
• Build your new Microsoft Teams Sites for collaboration.
• Create a SharePoint Hub for all SharePoint sites – create a frame and
design of the requirement and visual for your full organization.
• Build out department and long-term SharePoint collaboration spaces.
• Migrate the old ’20’ years old applications to SharePoint list, with
PowerApps and integrate with power Platform.
15. Rethink on-premises
Rehost, Refactor, Rearchitect, Rebuild, Replace
Rethink on-premises
• Rethink the new needs of on-premises. All collaborations spaces are
shifted to Office 365. Your devices are managed with MEM.
Documents are shifted to OneDrive, Teams and SharePoint.
Authentication and integration with Azure AD is shifted. Printers with
Universal Print of different cloud print solutions as Printix. Core
applications are moved to IaaS and are waiting to become SaaS
overtime.
• What else is there?
16. Automate
Build security mechanisms that can be automated
Automate
• SecOps and your incident responds can be done with
MDATP/MCAS/Sentinel.
• Build on the next level Modern Workplace with Unified Sensitivity
Labeling – which automatic labels classified documents. Use the
unified data classification platform.
• Get grip on actionable risks on devices, users with MDATP in
combination with Cloud App Security to identity and isolate risks.
Sometimes automatic remediation.
Automate
• Start with MAM (Mobile Application Management) to isolate
corporate applications from personal applications on BYOD Devices.
• Evaluate regularly which users have access to data, devices and
physical network.
• Work on Secure Score and Azure Secure Score.
• Automate alerts with Logic Apps.
• Leverage the power of Sentinel.
Q&A

More Related Content

What's hot

Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...Chris Bortlik
 
Microservices with Node.js - Livestreamed for Manning
Microservices with Node.js - Livestreamed for ManningMicroservices with Node.js - Livestreamed for Manning
Microservices with Node.js - Livestreamed for ManningAshley Davis
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18   Azure Information Protection - Albert HoitinghCSF18   Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghNCCOMMS
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSeniorStoryteller
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon
 
SC conference - Building AppSec Teams
SC conference  - Building AppSec TeamsSC conference  - Building AppSec Teams
SC conference - Building AppSec TeamsDinis Cruz
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsAlert Logic
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6Dinis Cruz
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Azure saturday 2017 - Protecting cloud identities using ems
Azure saturday 2017 - Protecting cloud identities using emsAzure saturday 2017 - Protecting cloud identities using ems
Azure saturday 2017 - Protecting cloud identities using emsRonni Pedersen
 
BlackBerry Secure Workspace for Android - Getting down to Business!
BlackBerry Secure Workspace for Android - Getting down to Business!BlackBerry Secure Workspace for Android - Getting down to Business!
BlackBerry Secure Workspace for Android - Getting down to Business!Dennis Reumer
 
Securing and Scaling SaaS
Securing and Scaling SaaSSecuring and Scaling SaaS
Securing and Scaling SaaSguest05bda0
 
Run your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on AzureRun your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on AzureInovar Tech
 
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Alexander Benoit
 
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Alexander Benoit
 
Types of application software 2022
Types of application software 2022Types of application software 2022
Types of application software 2022Neenanath3
 
Owasp summit 2017
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017 Dinis Cruz
 

What's hot (20)

Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
 
Microservices with Node.js - Livestreamed for Manning
Microservices with Node.js - Livestreamed for ManningMicroservices with Node.js - Livestreamed for Manning
Microservices with Node.js - Livestreamed for Manning
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18   Azure Information Protection - Albert HoitinghCSF18   Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
American Megatrends India Corporate Profile
American Megatrends India Corporate ProfileAmerican Megatrends India Corporate Profile
American Megatrends India Corporate Profile
 
SC conference - Building AppSec Teams
SC conference  - Building AppSec TeamsSC conference  - Building AppSec Teams
SC conference - Building AppSec Teams
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
 
Azure saturday 2017 - Protecting cloud identities using ems
Azure saturday 2017 - Protecting cloud identities using emsAzure saturday 2017 - Protecting cloud identities using ems
Azure saturday 2017 - Protecting cloud identities using ems
 
BlackBerry Secure Workspace for Android - Getting down to Business!
BlackBerry Secure Workspace for Android - Getting down to Business!BlackBerry Secure Workspace for Android - Getting down to Business!
BlackBerry Secure Workspace for Android - Getting down to Business!
 
Securing and Scaling SaaS
Securing and Scaling SaaSSecuring and Scaling SaaS
Securing and Scaling SaaS
 
Run your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on AzureRun your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on Azure
 
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
 
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
 
Types of application software 2022
Types of application software 2022Types of application software 2022
Types of application software 2022
 
Owasp summit 2017
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017
 

Similar to How to grow to a modern workplace in 16 steps with microsoft 365

Ibm cloud private and icp for data
Ibm cloud private and icp for dataIbm cloud private and icp for data
Ibm cloud private and icp for dataModusOptimum
 
Azure + DataStax Enterprise Powers Office 365 Per User Store
Azure + DataStax Enterprise Powers Office 365 Per User StoreAzure + DataStax Enterprise Powers Office 365 Per User Store
Azure + DataStax Enterprise Powers Office 365 Per User StoreDataStax Academy
 
How to Solve the Challenge of Windows Server 2003 End of Life
How to Solve the Challenge of Windows Server 2003 End of LifeHow to Solve the Challenge of Windows Server 2003 End of Life
How to Solve the Challenge of Windows Server 2003 End of LifeGreg O'Connor
 
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...Daniel Zivkovic
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science PlatformDecision Science Community
 
Datasheet.net pluginforrd
Datasheet.net pluginforrdDatasheet.net pluginforrd
Datasheet.net pluginforrdMidVision
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplifiedGirlo
 
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...Vincent Biret
 
A Business Perspective on Building SharePoint 2013 Solutions on Windows Azure
A Business Perspective on Building SharePoint 2013 Solutions on Windows AzureA Business Perspective on Building SharePoint 2013 Solutions on Windows Azure
A Business Perspective on Building SharePoint 2013 Solutions on Windows AzureChristian Buckley
 
Get Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptxGet Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptxAnjaliMishra647628
 
Azure_Business_Opportunity
Azure_Business_OpportunityAzure_Business_Opportunity
Azure_Business_OpportunityNojan Emad
 
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...VMworld
 
SQL Server 2014 New Features
SQL Server 2014 New FeaturesSQL Server 2014 New Features
SQL Server 2014 New FeaturesOnomi
 
cloud session uklug
cloud session uklugcloud session uklug
cloud session uklugdominion
 
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo)
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo) Logic Apps: El Poder de la nueva Integración (por Félix Mondelo)
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo) Jorge Millán Cabrera
 

Similar to How to grow to a modern workplace in 16 steps with microsoft 365 (20)

Sumit resume
Sumit resumeSumit resume
Sumit resume
 
Ibm cloud private and icp for data
Ibm cloud private and icp for dataIbm cloud private and icp for data
Ibm cloud private and icp for data
 
Introduction of microsoft azure
Introduction of microsoft azureIntroduction of microsoft azure
Introduction of microsoft azure
 
Azure + DataStax Enterprise Powers Office 365 Per User Store
Azure + DataStax Enterprise Powers Office 365 Per User StoreAzure + DataStax Enterprise Powers Office 365 Per User Store
Azure + DataStax Enterprise Powers Office 365 Per User Store
 
How to Solve the Challenge of Windows Server 2003 End of Life
How to Solve the Challenge of Windows Server 2003 End of LifeHow to Solve the Challenge of Windows Server 2003 End of Life
How to Solve the Challenge of Windows Server 2003 End of Life
 
What is OutSystems?
What is OutSystems?What is OutSystems?
What is OutSystems?
 
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...
Running Business Analytics for a Serverless Insurance Company - Joe Emison & ...
 
Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science Platform
 
Datasheet.net pluginforrd
Datasheet.net pluginforrdDatasheet.net pluginforrd
Datasheet.net pluginforrd
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplified
 
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...
SPFestDc AZR204 Microsoft Graph and SharePoint Framework under steroids with ...
 
Katpro Technologies- Azure Portfolio
Katpro Technologies- Azure PortfolioKatpro Technologies- Azure Portfolio
Katpro Technologies- Azure Portfolio
 
A Business Perspective on Building SharePoint 2013 Solutions on Windows Azure
A Business Perspective on Building SharePoint 2013 Solutions on Windows AzureA Business Perspective on Building SharePoint 2013 Solutions on Windows Azure
A Business Perspective on Building SharePoint 2013 Solutions on Windows Azure
 
Get Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptxGet Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptx
 
Azure_Business_Opportunity
Azure_Business_OpportunityAzure_Business_Opportunity
Azure_Business_Opportunity
 
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...
VMworld 2013: Building the Management Stack for Your Software Defined Data Ce...
 
SQL Server 2014 New Features
SQL Server 2014 New FeaturesSQL Server 2014 New Features
SQL Server 2014 New Features
 
cloud session uklug
cloud session uklugcloud session uklug
cloud session uklug
 
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo)
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo) Logic Apps: El Poder de la nueva Integración (por Félix Mondelo)
Logic Apps: El Poder de la nueva Integración (por Félix Mondelo)
 

Recently uploaded

Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024eCommerce Institute
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8Access Innovations, Inc.
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdfravleel42
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54ZhazgulNurdinova
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Gokulks007
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!Loay Mohamed Ibrahim Aly
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 

Recently uploaded (8)

Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 

How to grow to a modern workplace in 16 steps with microsoft 365

  • 1. MC2MC How to grow to a Modern Workplace in 16 steps with Microsoft 365
  • 2. Jasper Bernaers Modern Workplace Lead @ Synergics @Jasper_be https://www.jasperbernaers.com https://www.linkedin.com/in/jasperbernaers/
  • 3. Tim Hermie Senior Modern Workplace Architect @ Synergics Microsoft MVP Enterprise Mobility @_Cloud_boy https://www.cloud-boy.be https://www.linkedin.com/in/timhermie/
  • 4. Agenda • Azure AD Connect • Exchange Hybrid • OneDrive/ESR • Teams/Sharepoint • MEM • Voice • Autopilot • Increase security • Software deployment • GPO to CSP • Windows Updates • Azure • Legacy AD migration • Collaboration platforms • Rethink on-premises • Automate
  • 5. Why are we bringing this pitch? • IT-Strategy • Long- term decisions will reflect in Microsoft 365 • We are not expert in every aspect • We should know something about everything :-) • Microsoft 365 is connected in the collaboration stack • We are working for mid- size companies (SMB), they don't have a specific profile for everything
  • 6. 1. Azure AD Connect
  • 7. Azure AD Connect • Install Azure AD Connect (best practice not on your DC). • Sync your users and groups to Azure AD. • Sync password hashes to Azure AD. • Use Azure AD as primary authentication method. • Enable password writeback (Self-Service).
  • 8. Why? • Microsoft Azure AD is beyond the current ‘legacy’ integration and is a next-gen identity platform. Make it simple. If you don’t need third- party solutions (which always limits new capabilities) don’t go for it. • Use native Azure AD. Also it’s a big opportunity to leave things behind and smoothly shift to ADDS or Azure AD. • Built-in integration with a lot of SaaS apps.
  • 10. Exchange Hybrid • Change the UPN’s if required, same as e-mail preferred. Easier for users. • Run the hybrid Exchange wizard and connect your exchange with EXO. • Pre-sync all mailboxes to a state of 95. Throttled, change the maximum in your virtual webservices. • Move to Office 365 in 1 a cut-over scenario. • Cut-over migration is best-practice under 2000-5000 seats you can do more, over a weekend.
  • 11. After the migration • After the migration of hybrid Exchange the next steps is shifting the mail relay to O365. • Make it simple, don't create a super complex mailflow is has no real value. • Don’t over-think, don’t create complex hybrid mail flows. You could keep hybrid-Exchange for the first phase with management to AD and Exchange Online. • You could stop the Azure AD Connect and go cloud only, but..
  • 13. OneDrive • Document data is one of the post important things running in any workplace. • Personal data is crucial for considering for migration. • OneDrive migration will help support the shift to M365 when you help to create a better collaboration space for the people.
  • 14. OneDrive • Use OneDrive Known Folder move so you can automatically discover your Desktop, documents and pictures and place them on OneDrive (automatically). People love this feature. It’s easy to implement and has additional value without changing the core. • Migrate your home drives, to OneDrive with the SharePoint migration tool or different tools when you need more control. Document shift is important to get away from the current system(s).
  • 15. ESR – Enterprise State Roaming • Use ESR to sync favorites and Windows settings to the cloud. • This together with OneDrive KFM makes sure a user always gets the “same” device back after refreshing devices.
  • 17. Teams/SharePoint Online • Assess your current environment and understand the needs. • Migration of team data could result in Microsoft Teams Libraries. • Migration of organization data should result in SharePoint Online. • Still personal data (only touched by 1 person) can land in OneDrive. • There are great tools on the market to do the assessments. Phased approach is necessary. Standards & building blocks will help with speed of implementation.
  • 19. MEM • Implement Microsoft Endpoint Manager (Intune) for your Windows 10 devices. • Onboard all current devices with Hybrid Join and rollout new devices full Cloud (Azure AD Joined). • Implement MAM for mobile (Android/iOS) at least. Manage all your company owned devices.
  • 21. Voice • Don’t go for less. Use Microsoft Teams. :-) • And if you will choose other platforms think about what Microsoft is preaching: trust – compliance – Inclusion - Security, segmentation.. • More important: Think about the speed of implementation comparted to the easiness of one platform • Also think about adoption, everything is changing faster. It's our 'responsibility' to govern these solutions so different creates complexitiy.
  • 23. Windows Autopilot • Enroll new device with Windows Autopilot (staging Principe) • Onboard current domain joined devices with a Group Policy. • Onboard current hybrid joined devices with an Autopilot profile.
  • 25. Increase Security • Multi-Factor Authentication or Azure Security Defaults. • Conditional Access. • Connect your devices to Azure AD with Microsoft Endpoint Manager. Hybrid Join – Full Cloud. Just connect it. • Enroll devices into MDATP if you have the license :-) we have seen.. • Risky User Sign-in policies. Define some security policies. Just basic alerting.
  • 26. Increase Security • Self-Service Password Reset (SSPR) – enable password writeback in Azure AD Connect. • Create control on lifecycle management of identities. Expiration, onboarding, offboarding etc.. • Automatic password reset or disablement of account when breached. • Shift to primary Azure AD, later 
  • 28. Software deployment • Microsoft 365 Apps can be quickly deployed by Microsoft Endpoint Manager. • Windows Updates is easy with MEM. • Built an Update strategy (1 x year / 2 x year?)
  • 29. Software deployment • Microsoft Edge will deliver great value when it comes to browser support, can support old ‘sessions’ as well. Azure AD integrated, great new stuff, super modern. Configure Edge with MEM. • Use third-party mechanisms as PatchMyPC or Chocolatey for ‘simple’ deployable software. • Use own written scripts and create packages when necessary. • Wrap everything as IntuneWin (++ advantages).
  • 30. 10. GPO to CSP
  • 31. GPO to CSP • Microsoft is currently working on Policy Analytics which will help the migration of GPO’s to MDM policies with control. But keep in mind, a lot of policy are used for legacy. • We don’t believe in migration of GPO’s. We believe in a basis workplace ‘greenfield’ were you build standards for everyone. Not for groups. And if you do. For 10 groups. and 90% same architecture and flavors. • So: Don’t migrate non used GPO’s. • Rethink GPO’s -> MDM.
  • 32. GPO to CSP • Start with Security Baselines. • ADMX backed baselines (ADMX ingestion) will help for smooth and faster configuration. Whenever it’s not possible use the OMA-URI’s. • Most important try to be prepared for 80% to shift the authority from GPO’s to MDM. And leave the GPO’s in your on-premise DC’s behind.
  • 34. Windows Updates • Create a Windows 10 update ring with peer-to-peer caching to not kill the internet break out. VPN etc.. (Delivery Optimization!!!) • Create segmented of pre-test groups to validate the update version in production. (Minimum of 2/3 Update Rings!) • Use the standard Security Baselines to implement the W10 MDM Baseline and MDATP configuration. Baselines are great but complex. Test it with a POC!
  • 36. Azure • Think about Wim: Rehost, Refactor, Rearchitect, Rebuild, Replace! • Assess and write down all infrastructure and start with rearchitecting were possible. • When you’re hosting well known vendor applications try to get in touch and ask if they are planning for SaaS, Azure, others.
  • 37. Azure • Create an Azure Migrate project and add the Server Assessment solution to the project. • Set up the Azure Migrate appliance and start discovery of your server. To set up discovery, the server names or IP addresses are required. Each appliance supports discovery of 250 servers. You can set up more than one appliance if required. • Once you have successfully set up discovery, create assessments and review the assessment reports.
  • 38. Azure • Use the application dependency analysis features to create and refine server groups to phase your migration. • Migrate machines as physical servers to Azure. • Don’t forget: Rehost, Refactor, Rearchitect, Rebuild, Replace. • Say goodbye to old legacy applications that are not secured in a modern world.
  • 39. 13. Legacy AD Migration
  • 40. Legacy AD Migration • Shift applications that use AD Groups or AD Authentication to authenticate applications towards Azure AD worst case ADDS. • Try to isolate all applications, monitor the active usage of AD and try to find and understand what you can transform easily. • Sometimes there is an application which is old for billing or accountants, mostly used by some people. Don’t integrate, isolate and shift with dedicated accounts to Azure IaaS. But write it in the long-term plan and push these vendor for integration of choose other platforms.
  • 42. Collaboration platforms • Build your new Microsoft Teams Sites for collaboration. • Create a SharePoint Hub for all SharePoint sites – create a frame and design of the requirement and visual for your full organization. • Build out department and long-term SharePoint collaboration spaces. • Migrate the old ’20’ years old applications to SharePoint list, with PowerApps and integrate with power Platform.
  • 43. 15. Rethink on-premises Rehost, Refactor, Rearchitect, Rebuild, Replace
  • 44. Rethink on-premises • Rethink the new needs of on-premises. All collaborations spaces are shifted to Office 365. Your devices are managed with MEM. Documents are shifted to OneDrive, Teams and SharePoint. Authentication and integration with Azure AD is shifted. Printers with Universal Print of different cloud print solutions as Printix. Core applications are moved to IaaS and are waiting to become SaaS overtime. • What else is there?
  • 45. 16. Automate Build security mechanisms that can be automated
  • 46. Automate • SecOps and your incident responds can be done with MDATP/MCAS/Sentinel. • Build on the next level Modern Workplace with Unified Sensitivity Labeling – which automatic labels classified documents. Use the unified data classification platform. • Get grip on actionable risks on devices, users with MDATP in combination with Cloud App Security to identity and isolate risks. Sometimes automatic remediation.
  • 47. Automate • Start with MAM (Mobile Application Management) to isolate corporate applications from personal applications on BYOD Devices. • Evaluate regularly which users have access to data, devices and physical network. • Work on Secure Score and Azure Secure Score. • Automate alerts with Logic Apps. • Leverage the power of Sentinel.
  • 48. Q&A

Editor's Notes

  1. THLE
  2. THLE
  3. THLE