A life without servers is here. A life where your critical business IT services are delivered to you at a fraction of the cost with SUBSTANTIALLY more features and security capabilities through the Microsoft Cloud than could ever be available to you through anything you can build onsite. What you need is to work with a consulting company that really KNOWS how to FULLY and COMPLETELY implement not just the Microsoft cloud services you know and love like email, document sharing and communications to your business, but also replace your very limited domain controller based security infrastructure with Microsoft cloud-powered security. ALL OF OUR TECHS are Microsoft Certified Solutions Associates in Office 365. You know having physical servers at your office is a pain in the rear, and really even having virtual servers offsite at a datacenter just to host your file server, or some legacy business applications is a waste of resources--there are better uses for your money.
I was doing Citrix nearly 25 years ago which delivered this type of stuff. We did it at the time using thin client devices (Wyse then later on Axel) which survived jumping from NT to 2003 to 2008 before I changed career path. Setting up new users by just plonking a thin client device on the desk, screen, keyboard, mouse and spending literally two minutes to configure to have a fully polished, TESTED computer I found to be magic... and still do
Windows Hello on the local client is in effect using "Cached credentials" ?. We had to disable it within our Azure hybrid estate as it was causing so many issues with access to mapped network drives. Since cached login info was being used. If the user opted to use a pwd at Login there was no issue. So we disabled it for now. Any other sys admins seen the same type of problem ?.
I have a feeling that some important aspects were left out intentionally or unintentionally. What happens when you change a computer or forgot a computer at home and want to use your coworkers computer? Does windows hello work out of the box or you need a password that you don’t know?
When you change a computer you'd enroll that computer under your Entra ID account in Windows Hello for Business and create a new passkey for that device. If you want to provide support for users that forgot their computers at home, then you'd have a spare that you can let them log into with their password, or login to a co-worker's company computer. Passwords will still always work. Enrolling a computer in Windows Hello for Business is not mandatory. If they forgot their password, you'd have self-service password reset (SSPR) configured in Entra ID. Or, you can allow them to chew up your time with a tedious manual admin password reset. Windows Hello for Business is part of Entra ID and does not work out of the box and it needs to be configured. And, an IT manager has to be open to learn new modern security skills. This requires taking training courses, practicing on a demo M365 tenant to get hand-on experience outside of your production tenant, and ideally certifying on this technology. By doing this, an IT manager will learn how these systems are meant to be configured and how to make them work smoothly and securely. Is the process of re-skilling easy? No. Is it rewarding? For sure. It's also more interesting IT work. There will always be these "what if this or that" scenarios that come up. Once you know the tech well, the answers will come to you quickly and confidently. If you don't have the opportunity to reskill, then find a Microsoft cloud partner. It doesn't have to be Xerillion, but find one that can help you get ramped up quickly.
So, I am not sure I agree with everything, however, in principle I think there is a fair amount of fact here. One question. Passkey access to 365 Accounts is a thing now, and I have enabled it and I can login from my personal computer, but I came to work, tried to login, and it is asking me to insert my security key. Is Passkey limited to people with a single computer they use? This feels like a frustrating limitation. Or have I misunderstood things?
Passkeys don't move with your Entra ID account from computer to computer. Each computer will have it's own unique passkey generated when you enroll the device into Windows Hello for Business.
@@Xerillion well, the passkey is stored in authenticator on my phone. I was expecting to be offered a QR code. Seems to happen some computers and not others.
How do you handle it when you need your password if you dont know it? For exampel when you get a new phone or computer. I really like passwordless but when users use biometric they forget their passwords and it creates support tickets. Any solution for this?
Hi! When going to full passwordless sign-in with a properly configured M365 tenant, password changes should be very rare. I bet I have done it once in the past 3 years and it was a very odd situation where I was on a cruise ship wifi and trying to login to my laptop for the first time in 6 months. As an IT manager you can get out of the business of doing tedious user password resets. This is what SSPR (self service password reset) with Entra ID (Azure AD) is for. We configure this as part of our standard M365 tenant setup. And in our practice, getting as many tedious things off the plate of IT managers is an ongoing refinement process. And as I mention in the video, it's really tough on internal IT managers to learn on these new systems, understand what is important, what isn't, while maintaining the existing system. Anyway, SSPR enablement/configuration, and politely pushing back on users (within reason) when they ask you to manually reset is the way to go. IT admin manual password resets should be very very rare.
@@Xerillion Hi and thanks for reply. SSRP is of course something to teach users better. A problem that I notice is also that when users have PIN codes, they think that the PIN code is their password and do not understand the difference, and that also creates problems when they really need their password. For example, when they have to enroll a phone or computer. Is there a way to enroll new devices without a password? Maybe to approve it on their current device?
What about the companies that print very realistic 3d face masks that can bypass the Windows hello and IPhone locks? Companies print these masks simply from a photo.
I would like to make the point that the Microsoft Product Policy is messed up six ways to sunday.... And it gets expensive very quickly. Even our MSP sometimes can't oversee all the interdependencies between products, admin panels etc. The constant renaming, suffling and -branding of services certainly doesn't help. We are an SMB of ca. 100 people on two locations and a 3 guy IT Team. I have not much confidence that we have it "all under control" despite several audits having told us that we have a better set-up then most companies our size. But they only look at our licenses (MS365 E3 + E5 Security). We have Intune deployed, but we keep having configuration conflicts, our MSP and other consultants are unable to solve. We have policies implemented and still see devices in the wild that somehow just don't have bitlocker enabled. Or have the latest updates installed and I get devices on my desk that haven't seen an update for the last two years. While the policy should force all devices to do so. It works for the majority of devices but clearly not for all. No one can tell me why. HOW can that be?!? We use Defender for Endpoint, but either don't receive any alerts or receive them way too late. (Probably a misconfiguration somewhere, but nobody can tell me where.) Or if I follow the instructions for remediations, I get recommendation to implent things, that we have long since done. And pretty much everyone I talk to reaches a point that they shrug their shoulders (even world class level consultants) and they have to admit they can't explain why the whole thing is behaving like it does.
As the IT lead of a SMB currently moving away from on-prem resources to the M365 ecosystem, I can confidently say this may just be the most valuable video available on RU-vid. Thank you Wayne!
@Xerillion People also don't put all their eggs in one basket, if you put all your eggs in the Microsoft basket and they fail you and others are up the creek without a paddle.
Thanks for commenting @andrewenglish3810. I mean it. And I get your point. I feel there is more missed by having multiple un-integrated, or loosely integrated 3rd party IT security and management servers to to deal with. Also, Microsoft uses these same security products. They are a $3T company. I say if it is good enough for them, it's good enough for most of us. Also, as a company that only integrates these systems, we just don't have issues and IT overall is very peaceful. That being said, IT managers need to train, certify and get years of experiencing properly integrating these system, which is tough for internal IT managers to do and I'm epithetic to that issue. Again, totally respect your point. And thanks for taking a moment to comment.
Hi! Really interesting video. Just a question, when you help out customers within this area...do you always suggest Cloud PC:s as a standard solution? Keep up the good work! 😊 Regards Alexander
Its such great video. I require the security features available within E5 security add-on. Now BP provides Defender for Business. Any add-on i can purchase that would take me to the e5 security level?
Thanks @tanbirprodhan888! Sure, you can purchase the Microsoft 365 E5 Security Add-on. It does require you have at least one M365 E5 license though...which usually is good to give to the IT manager.
Yes to both. I suppose there is always going to be a chance that a desktop application won't work, though we haven't run into one yet in our cloud practice with clients.
Business Premium has a 1.5TB email archive included. Part of the work of these integrations is to advise the client and configure a policy that automatically moves emails from the live mailbox to archive. In the case where someone must have a live 100GB mailbox (rare) we can add on an Exchange Online Plan 1 license which is still less expensive than M365 E3, and still a better value. In cases where someone needs 300+ licenses, M365BP premium isn't an option unless they want to mix Business with Enterprise licenses...something I wouldn't recommend.
@@iansylvester1164 That is true though still cheaper than M365 E3, but even if it was higher, the amount of users we need to apply this add-on is rare when you integrate the 1.5TB archive. I'd estimate for every 30 integration projects we do, which would amount to a total of around 1,000 end-users, I doubt it is even 10. And to make M365 E3 apples to apples with M365 BP, you need to also put add-ons to M365 E3 raising it's cost. That being said, if M365 E3 isn't your thing, all good.
hi, today just apply a microsoft cloud PC but i installed VNC server remoting software inside this cloud PC and doesnt work. it wont load. do you know is it because this cloud PC blocked or other reason.
Just a quick question. I just wanted your input on whether users of Microsoft Office 365 (E3) as well as Windows 365, should be "backing up" their Office 365 data (like OneDrive). I understand about the multiple "Recycle Bins" that are in place (plus the 7-year retention policy) but in terms of a backup process outside of Office 365, I was just wondering which product or 3rd party (if any) you would recommend or if it is not necessary. Thank you for your time!!!
I'd be interested to knowhow you are re-purposing old or refurbished PCs. If you are just installing a fresh version of the OS then there is the overhead of managing and securng these devices. If you are using third party software like Stratodesk or Igel OS then there is additional cost and management required. Be useful to know how you recommend managing these endpoints.
You can take an existing Windows 10 or 11 Pro company computers as-is...manage it with Intune. If Windows 10, manage the upgrade automatically through Intune. Refurbished computers purchased with Windows 11 Pro managed with Intune. Super easy. No overhead. The thing is this...if an IT manager doesn't want to do it, they will find a way not to. If they want to make it happen, they will find a way. Going doing the path I describe in the video would be for an IT manager that is all-in with, and excited about, Microsoft cloud services. If they aren't, that's cool too.
Wow Amazing stuff! Is it possible to do the same with Google Drive stores files? Also, how about slack? I have user access to multiple slack channels that I can't export date or chat history out of ti.. I wonder if there is a way to copy the entire chat and paste it in a model that allows me to ask for a summary or as well crafted report or google sheets docs with the important topics from months or years of conversations inside a slack channel.
Thanks @RealDeal! Yes, it's possible to migrate from Google and Slack for files. I don't know about Slack chat data. Interesting question though, and I'll put that one in the back of my mind.
