Our last #1EMVPchat Twitter Party played host to a strong lineup of MVPs—one of whom was Mr. Adam Fowler. Adam hails from Austraila where he’s been working in IT for over 15 years. We had a chance to speak with him a little bit more after the party to get exclusive answers to some big questions on our mind.
1E: In an IT world moving to embrace ‘modern management’ and ‘bring your own devices’ – how have typical deployment and management strategies changed?
Adam Fowler (AF): Even if you haven’t looked at a BYOD approach, the user expectation has shifted to being able to access company data and resources from wherever they choose. This could be their own mobile phone running iOS or Android, personal desktop/laptop which could be Mac or PC, or anything else they come up with. There’s a push to have managed data rather than managed devices, but we’re still a long way off from that working with legacy 3rd party vendor applications.
I like the initial idea of managed data and enforcing policies like blocking the clipboard so you can’t copy/paste when accessing company info, but this also gets in the way when people decide to work however they’re going to work.
When we’re in a pure web app based world it’s going to be more possible, but from my experience, there’s still a large section of the userbase who expects a fully managed environment, without a single popup getting in their way.
You also can’t stop someone taking a photo of anything they’re looking at, so weighing up locking things down vs the risk is a big decision to make, but you can’t go into it expecting to fully protect your data leaking out from employees.
1E: Is it the end of Group Policy via Active Directory as we know it?
AF: Not for a while at least. Group Policy is still ahead of what Azure/Intune can do in the Microsoft world for granularity. The number of registry settings required for tweaking the Windows 10 experience can still be huge, and being able to change the default user experience, as well as specific use case experiences with such granularity that Group Policy gives isn’t going away anytime soon in Enterprise.
Group Policy from Azure’s Directory Services combined with Intune is slowly on the way, but until that reaches pure feature parity with on-premises Active Directory, there’s not as much incentive to move and go through the pain of migrating.
1E: As Redmond moves to a subscription model for nearly everything, how do servicing changes to Configuration Manager, Windows and Office affect the typical business and technical operations at an organization?
AF: Right now the subscription model works reasonably well (debates aside on buying licensing vs owning). Every year, if you were on an Enterprise Agreement, you’d go through a true-up to get your licensing right, and rarely drop your numbers because it was cheaper to keep spare licenses under Software Assurance in case you needed them again, rather than rebuying.
A benefit of the subscription model is that you can go up and down on these licenses without penalty. It’s a set amount per month per user, so you don’t have to worry as much about future guesses of headcount – just add or remove as you please.
You can still use Office 2016 MSI for installs, even if you’ve got an Office 365 subscription – so unless that changes, there’s not a big impact to technical operations that I’m aware of.
1E: What’s the best thing about being an MVP?
AF: Beyond the fancy glass trophy, it’s great to have extra access to staff inside Microsoft, as well as the other MVPs. Often on mailing lists, it’s MVPs helping each other out, which is a great way to make new contacts and see what others are going through. Otherwise, there are key Microsoft people who are also involved and can help get bugs, issues, and feedback in front of the people who make the calls in Microsoft, which can be a much harder path to follow from the outside.
The MVP community is also made up of a great bunch of people – everyone’s helpful or they wouldn’t be an MVP in the first place!
1E: What are the biggest takeaways from Meltdown/Spectre and other attacks like them?
AF: Don’t assume a system is ever fully secure. These issues have been around for a very long time, and you’ll never know what vulnerabilities may exist. Also, patch often, patch regularly but don’t rush to patch huge issues on day 1 without proper testing and fallback methods. Having an entire fleet of AMD based computers blue screen wouldn’t be a nice start to anyone’s day!
1E: What do you find most SCCM administrators and architects to be spending their time on these days?
AF: Windows 10 fine tuning. There’s a lot that’s different compared to Windows 7, and new processes such as Windows 10 as a Service mean that you need your task sequences and rebuilding process to be reliable. PCs are going to be rebuilt much more frequently now, and you don’t want to spend time doing manual fixes or troubleshooting.
1E: What’s the one recommendation you’d make to someone that’s just getting started with ConfigMgr? What’s the most important lesson you’ve learned in your career?
AF: Download the Microsoft 365 powered device lab kit and start playing around. You’ll get 11 VMs ready to go that can let you play with ConfigMgr without fear of breaking anything or needing to undo any damage you did.
App deploying and OS deploying are two very different procedures to follow, and App deploying is something easier to start with. Understand how it actually works, and what log files to read to work out if something is successful or not. There’s a steep learning curve at the start, but once you get past that, then you’ll focus more on learning more about the product rather than trying to understand what you’re looking at.
For more great tech advice, news, and MVP buzz, be sure to check out Adam’s blog here.