Ignite Notes Day 3

Take Away

  1. New improvements coming to Intune to manage Android for Work.  This session actually gave a good overview regarding the fragmented state of Android OS as well as the MDM challenges around it.  The session discussed upcoming Intune tools to help with this problem.
  2. Vittorio Bertocci best speaker of day in his session Secure your web applications with Microsoft Identity.  I would imagine he throws a great party as well.  Nice walk through of building an asp.net app in VS 2015 using Azure AD authentication.  To be upfront this session was geared more towards web developers but I stayed because I do keep up with Vittorio’s blog.  He is great dynamic speaker and I enjoyed his style.  
  3. The IoT session Explore IOT Scenarios from the field and their reference architectures was mind expanding and my head was swimming with ideas after this session.  Great presentation on what could be an incredible opportunity.

My Notes below for each session

Intune Session to manage Android

  1. Android
    1. Protect identity
    2. App – conditional access
    3. Device
  2. EMS
    1. MDM
    2. MAM
  3. Android fragmentation
    1. 1,294 brands
    2. 24,000 devices
    3. Great for end users but difficult to manage in enterprise
  4. Intune Android management
    1. Native Android 4.0 +MDM
    2. Samsung KNOX
    3. MAM policy for data protection – built into apps
    4. Companion apps
    5. Threat protection for Lookout
  5. Tour of Android and Intune
  6. Android for Work
    1. Common pain points
      1. missing VPN, silent app install, configurable end client
      2. Android fragmentation affects managebility
    2. Enhanced on-device management capability
      1. Android 6.0
    3. App management
    4. Productivity apps
    5. Partnership community
  7. Intune Support for Android for Work  **Roll Out starts in October
    1. Enhanced device management
    2. App management improvements
    3. Security apps
    4. Email client app config
  8. Android for Work Scenarios
    1. BYOD (Available Oct) – Some apps owned by corp IT others by users
    2. Corp owned, personally enabled
    3. Kiosk (COSU)
  9. New provisioning requirements
    1. IT admin must onboard Itune tennant before enrollment
    2. Previous requirements for for Google domain are no longer a requirement
    3. Deploy apps (play.google.com/work)
    4. LOBs
  10. Android for Work and Intune MAM for data protection (See presentation)
  11. MAM –
    1. enforce corp data access requirements
      1. Require PIN for launching app
    2. Prevent data leakage

Explore IOT Scenarios from the field and their reference architectures

  1. Ref architecture
    1. Example – Car – lots of devices but all aggregated on platform gateway
  2. World’s largest integration project
  3. Azure IOT Suite – really a solution (azureiotsuite.com)
  4. Need to be careful about cost implications in architecture

Real Customers

Towering IoT

  1. Problem – brownfield systems
    1. Old and proprietary
    2. BACNET is legacy protocol
  2. Drivers – Green Buildings
    1. BMS (Building management systems) and cloud

Azure IoT Hub

  1. Older brother is event hubs
    1. Event hub is one direction and is limited to 5k devices per namespaces
  2. IoT Hub hyper-scale solution
  3. Cloud scale messaging
  4. Two way communication
  5. Per device auth
  6. Multi-protocol support
  7. Cloud-scale
  8. Communication is TLS based
  9. Device management



  1. Connect my medical device
  2. Allow physician to access data
  3. Gateway is changing
    1. Replace event hubs with Iot hub
    2. Replace service bus with event hub


IoT Discarded

  1. Trash bin
    1. Am I full?
    2. Remote location
    3. 5+ year battery life
    4. ¾ G Connectivity
    5. 1 data point per day
    6. Route optimization based on when bin is full during the day


Industrial IoT

  1. PLCs (Industrial protocol)
  2. 80% of projects will be industrial IoT
  3. Industrial IoT is hard
    1. Lots of protocols
    2. Lots of PLCs and no standards
    3. Lots of machine manufactures
    4. Integration


Global Deployment

  1. Front door/provisioning/Bootstrapping
    1. IoT fascade calls end point to determine device identity and route to correct hub
    2. Suitable for new, reset or offline system
    3. Devices needing geo-location
    4. Migration from IoT Hub to IoT hub
    5. HA/DR

Secure your web applications with Microsoft Identity

  1. Vittorio Bertocci best speaker of day.  I would imagine he throws a great party as well.
  2. Nice walk through of building an asp.net app in VS 2015 using Azure AD authentication

Ignite Day 2 Notes and Highlights

I attended a number of sessions today but two events stand out. First, I got to try out the new Hololens and second there were some new announcements in the Azure Identity world.

Hololens Review

I was able to get an appointment to try out a Hololens at the Microsoft exhibit hall. For those of you who haven’t seen this before, this is another technology that you think is somewhere in the future but is here today. Hololens is based on augmented reality which allows you to view virtual objects in your everyday world. This is different from virtual reality where you are completely emerged in a different world. Think Star Wars game (augmented reality) vs. The Matrix (virtual reality).

I used the headset in Microsoft’s “living room” of tomorrow. This technology is incredible and I am certain that we will see augmented reality, at the very least, in the workplace within the next few years. By far the coolest thing I got to see was the galaxy explorer in my “living room”. I could virtually examine the solar system and a nebula all from house.  I was also able to pin virtual photos and videos around my house by selecting them from the device’s camera roll.  Incredible.

The possibilities for this technology are endless from virtual business meetings, education as well as entertainment. Virtual and augmented reality is going to happen. Check out this Wired article for the best state of the industry overview that I have read.

The future is now, you just need $3,000 to buy a developer Hololens.

Identity sessions

The Identity team announced a new product today that might be an ADFS killer. Azure AD Pass-through Authentication (PTA) is expected to be released sometime in the first half of 2017 and looks to simplify the SSO and federation processes typically performed by ADFS.

Features include:

  • Forms based authentication for non-domain joined/outside of corporate network users (PTA)
  • SSO for domain joined users on corporate network (SSO)
  • No need for dedicated servers
  • PTA can be installed on existing servers or DC’s
  • SSO is only a computer account in AD
  • No load balancers
  • PTA automatically uses all available connectors no need to load balance
  • No DMZ
  • All connections are outbound
  • No unauthenticated endpoints on the internet
  • No certificates to manage


Microsoft Ignite Day 1: Evening Keynote Notes


Bottom Line

AI is very real and here. Microsoft is quite serious about bringing this to mainstream.


The sole focus of Satya’s keynote was the vision of AI everywhere, most notably, through Cortana, in Microsoft’s core cloud offerings including Azure, O365 and Dynamics. In fact that was basically it. The entire hour centered on this vision of “Democratizing AI”.

There were a number of very cool things presented most notably a Hololens app for a home remodeling project tied in to Pinterest where Cotrana used this to determine your decorating taste. Very Star Trek, but very practical and apparently something coming to the real world very soon.

Other highlights include

  • If you hated the Windows Paper Clip from back in the day you might really hate the new personal assistant infused with AI to make sure you exercise, eat right and keep up with your work.
  • O365 and Dynamics infused with AI to increase productivity and enhance the customer experience.
  • Awkward appearance by Deion Sanders for a fantasy football app demo as well as some on stage presentations from various AI/super computer teams.
  • War and Peace translated in under 2 seconds with new FPGA board
  • All of Wikipedia translated in .9 seconds when full power of Azure employed


Below are my raw notes for those who are interested:

Democratizing AI

  • empower every person with tools to solve big problems
  • handwriting recognition
  • holographic computer
  • Office apps with intelligence

What is lacking is the ability to make sense of all the data being generated


  • Agents – Cortana
  • Apps
  • Services
  • Infrastructure


  • Reminder app to be proactive
  • Health monitoring and insights
  • To do list
  • Keep track of key metrics
  • Sticky notes


  • Neural net typing to improve speed
  • O365
  • Skype Translator
  • Word – spelling, grammar, context
  • MyAnalytics
  • Dynamics 365 – relationship assistant (Ships 11/16) – changes that are happening with customer in news or LinkedI
  • Customer support – tech support agent (bot) can escalate to real person. Bot (virtual assistant) can look up trouble shooting info for rep


  • Cortana intelligence
  • Machine learning (bot framework) **convenient way for user to interact. Bot needs conversational understanding. NFL fantasy football bot coming. Deion Sanders makes appearance on stage. Cortona predicts Saints win on Monday Night Football.
  • Cognitive services apis – uber driver and rider recognition and verification
  • Cognitive services apis – Pintrest -Lowes – see remodel at the store via Hololens – Cortana deep neural network and deep learning to match product design at Lowes. The analytics based on the dwell time in the home decor demo very interesting


  • Azure -CPU scale – AI super computer in cloud (FPGA) -deployed in hyper scale data center – super charged board. Very cool translation demo. War and Peace translated in two seconds. All of Wikipedia translated in less than a tenth of second if full hyper scale used
  • Global
  • Trusted
  • Intelligent
  • From silicon to cloud

Notes from Ignite: Day 1

For those of you not able to make it to Ignite, here are my notes and highlights from the day.

Quick take aways

  • “Identity is the new perimeter”
  • All Azure, all day – no MIM sessions
  • Security and EMS front and center day 1
  • Good-bye Silverlight in new integrated EMS console previewed in breakout session
  • Mobile Application Management (MAM) vs. MDM drives users acceptance of device protection

Morning Keynote Highlights

  • Yeah Microsoft!
  • Satya and Adobe announce new cloud services based on Azure
  • Scott Guthrie gives good overview of Azure successes with showcase customers

Favorites from today

  • Windows Hello – use your face as a password, very cool.  I actually saw this in action with a fellow attendee who has this working on his real work machine.  Good by passwords, but how do you reset your face?
  • Got a pass to try a real world Hololens on day 2.  I am really looking forward to trying this out.

Other cool stuff

  • EMS  policies to restrict copy and paste from restricted apps demoed
  • Intune Powershell to be released soon and opens interesting scenario to wipe phones when users terminated.  Might be a nice tie in with Powershell MA

IDM Masters Interview #4 – Ryan Newington

What a fun interview! I had a great time chatting with Ryan Newington about all things MIM along with Powershell. Hear about:

  1. What’s it like to manage 200,000 + plus identities across 4 continents for a large academic institution
  2. How the Ryan’s Lithnet Powershell tools came about and why you should use them to manage your FIM/MIM infrastructure
  3. What technologies Ryan currently struggles with
  4. What future enhancements that he would like to see included in future versions of MIM
  5. New improvements Ryan is making to the Lithnet suite for the MIM Sync engine

The final part of interview is particularly entertaining. We talk about:

  1. Ryan’s favorite books 🙂
  2. How he nearly ended up in fast food management instead MIM development
  3. His favorite dish and milkshake at McDonald’s

All and all it was a great deal of fun and Ryan is a great person to talk with. Take a listen and I hope that you enjoy our conversation as much as I did.


Ryan Newington Announces Updated Lithnet FIM/MIM PowerShell Module

More news today on the FIM/MIM third party front. Ryan Newington announced the the release today of his updated Lithnet FIM/MIM PowerShell Module. His Powershell Module is really something else and offers a significant improvement over the out the box FIM modules from Microsoft. Make this part of your toolset if it isn’t already.