Well, here we are. A new year, a new name, and a bunch of sessions for me to deliver!
It probably goes without saying that there has been a wee bit of pressure this time around preparing the sessions that I am delivering. It came to a total of 5 sessions which when I said yup, I guess I hadn't really thought about all the time involved to do a professional job. It's not just me I am representing. It's Auldhouse and Microsoft. 3 are exam crams, and present an interesting challenge in their own right, and 2 are the traditional "Break-Out" sessions.
Within the next couple of weeks I will publish the build guides for the demos that I used this week in both my solo AD-RMS session, conveniently linked
here (so that you can access the PowerPoints) and also the
joint session with the amazing Daniel Bowbyes (co-runner of the
WWIAUG meet-up in Wellington).
In getting ready for each session, we presenters always go through the hoops and loops. Did I do enough? Did I do too much? Will that meet the session level? WHY IS THE CLOCK GOING SO FAST/SLOW! (depending on your state of mind, of course!) I think my weakness is wanting to know too much, and deliver it all as fast as I can.
Anyway, as a loose outline for now, here is how I built each of the Labs.
AD-RMS and Azure RMS
AD-RMS
In order for this to work, and for things to move smoothly, I went through the following steps (loosely)
Built 4 virtual machines. Two were Server 2012R2, two were Windows 10. The servers were configured as a DC and a member. I created a number of OUs, users, and security groups, as well as user accounts for the ADRMS service. Oh, and let's not forget the SuperUsers group.
On the DC I also created a preference to map drives to all users for the a file share to place IRM protected content.
After that, I joined all the computers to the domain. I made sure that for Client 1 I had logged in two users from the Design group, and on the other client, two users who were not in Design.
I then pre-staged the ADRMS install on the member server, created the shares for the users and the certificates.
At that point, I then create a checkpoint for each VM and spent a good week going back and forth, rolling forward and back through the demos that I have written for Ignite, making sure that I knew where all the sticking points may or may not be.
Azure-RMS
For the Azure RMS, I have had to sort out that "Here's one I prepared earlier" solution. There is a good reason for this. Activating Azure RMS, and getting it to a state where it can be demonstrated would take far longer than the 15mins that I have for that part of the session. SO... before I demoed this, I have already activated RMS in my Office 365 subscription, and imported and run the necessary PowerShell scripts to make RMS work for my region (AP).
From there, I simply made a couple of emails out to myself at work, and sent them. One was Do Not Forward, one was Confidential - internal only. Then it's onto my work email account to see the results (and I have a couple of those emails saved in my inbox, just in case)
Windows 10 + Azure AD + Intune
This was a doozy to prepare for, and while I think the steps will seem pretty minimal, believe you me, there was a lot of work in learning the technology before even starting this. AND there is a lot to learn, and like my baby, Office 365, this is an entirely greenfield developmental area and when the session was suggested, some of the technology hadn't yet been fully released.
So here's how it went.
I bought a domain.
www.malcyjmct.nz
I then added that to my Office 365 subscription.
After that, I then imported the malcyjmct.nz domain as a custom domain to Azure AD
From there, I setup a trial of Azure AD Premium to get the ability to add InTune
After that, it was a matter of twisting a few nuts and bolts to finesse it all to work together. Once that was done, it was onto the setup with the laptop, kindly loaned to Daniel and I by HP. And it is an amazing piece of kit! I installed Windows 10 Pro, and then rolled in ALL the updates. Without that effort, that initial AAD join HAS taken over an hour to progress to "Welcome to Windows, we hope you enjoy your stay." That was perhaps one of the biggest lessons learnt.
A few (ready MANY) joins, disjoins, joins, disjoins, demos, fails, demos, fails, foibles and quirks later, a smooth process has been ironed out. Essentially, a complete reset of the PC (and I have learnt that Sysprep isn't the tool for the job) and deletion of the computer account from Azure, and we're away.
SSO comes as a part of the build and start, so that is a HUGE relief, and at that stage, the certificates and user accounts all show in the right place.
I have learnt to expect a latency of between 20 and 40 minutes for this demo, meaning that I have built a SECOND laptop, that will stay constantly joined to the Azure AD. I have also installed a couple of additional pieces of software there, including the Azure Remote agent, meaning that I can demo a remote restart, and a remote device scan etc.
OK, once that was all sorted, I then created three distinctly different types of InTune policy, in order to high level demonstrate the capabilities of Azure. They are as follows:
A standard config policy to tweak Internet Explorer
A WiFi policy, which needed to importing of an XML file generated by netsh
An OMA-URI (Open Mobile Alliance Uniform Resource Identifier) policy to lock down AutoPlay
From there on in, it was a matter of demonstrating, from starting the "out of the box" laptop, through to joining it to Azure AD, accepting the incoming phone call, and then creating the pin for our new laptop. Incidentally, that whole piece takes about 5-10 minutes, but is pretty bloody smooth to be fair.
Anyway, that is a brain dump for now. It's about 10:30pm the Monday night before Ignite launches, and I am ready for sleep now.
I will post something a little bit more detailed in the next week or so for those that need a bit more detail.
Thanks for reading, and please look forward to more posts in the very near future!
Cheers,
Malc.