Ignite Roundup

Ignite Roundup

Microsoft Ignite 2017 was wrapped up on the 29th September 2017. Here are just a few of the announcements that might be of particular interest to ComputerWorld’s customers.

Office 365 F1 and Microsoft 365 F1 plans

Microsoft 365 (a licensing bundle comprising Office 365, Windows 10 and the Enterprise Mobility + Security suite) was launched several months ago.

The “F1” plan is a new announcement, and there will be an F1 plan for both Office 365 and Microsoft 365. Designed for “Frontline Workers”, it combines productivity tools such as StaffHub (for managing shifts and time), PowerApps and Flow, with lower limits for mailbox and cloud storage. This reflects the notion that front-line workers generally do not generate content to the same extent that an office-based knowledge worker might.

Notably, the F1 license includes only online versions of the productivity applications. If this bears more than a passing similarity to the “Kiosk” K1 plan, it’s no coincidence. F1 has replaced K1 along with the changes outlined below.


GDPR Compliance with Microsoft 365

GDPR is a hot topic, and many of the features in the Microsoft 365 bundle (particularly the Enterprise Mobility + Security offering, but also Windows 10 Enterprise) can enhance your GDPR position.


Windows Autopilot

While announced before Ignite, Windows Autopilot is a provisioning technology that allows a shop-bought Windows 10 device to be enrolled into a company’s mobile device management system and managed without having to pass through the hands of the IT department. It is particularly relevant with subscription schemes that include a Windows 10 Enterprise user license, as the Windows 10 device can unlock the enterprise features as soon as a licensed user logs in.

Devices can be encrypted, and applications installed via a device management solution such as InTune, with users only having to log in with their corporate credentials. The whole “out of box” experience is then streamlined to suit a corporate device.

Microsoft 365 Education

Those working in schools may be interested in a new Microsoft 365 licensing option.


Skype, Skype for Business, and Teams

Microsoft outlined their plans for the Skype technologies and Microsoft Teams converging into a single platform over time.


Azure File Sync

One of the early announcements from Microsoft’s Ignite Conference was that of Azure File Sync entering public preview.

Azure has had file serving capabilities for some time, in the form of Azure Files. While this feature does allow access via the familiar SMB (v3) protocol, the lack of any real form of access control list (ACL) meant that it wasn’t a great replacement for an on-premises file share. SharePoint Online is often touted by Microsoft as a replacement, but it is quite a different proposition.

Azure File Sync, as it name suggests, allows you to synchronise on-premises Windows Server file shares with Azure Files.

Without a robust synchronisation technology, attempts to keep copies of data both on-premises and in the cloud are precariously risky.

Being a multi-master sync solution means that Azure File Sync should be great for distributed organisations with many offices, and home workers to support. Indeed, without using some form of remote or virtual desktop solution, remote users’ access to files is often a real stumbling block without using third-party technologies.

The really clever part is that flexible tiering options are available, so you don’t need to store the entire data set on-premises. You can choose to store infrequently-used files only in Azure. A simple pointer (in NTFS terminology, a reparse point) is placed in the on-premises file system that allows applications to transparently access the file as if it were on-premises. The user doesn’t need to know, or care, where the file is.

Windows ACLs (file permissions) are preserved by Azure File Sync, and are enforced by Windows Server. However, they are not (yet) supported by Azure Files if files are accessed directly in the cloud. The feature is in technical preview, though, and I’m looking forward to full ACL support.

Office 2019

Microsoft has announced that Office 2019 should ship sometime during the second half of next year. The observant may notice that next year is 2018 not 2019, but that raises another point.

Microsoft’s focus is very much now on a cloud-first approach. You can buy the Office desktop applications in the traditional perpetually-licensed way, or on the Office 365 subscription model. Some tweaking of the support statements for the perpetual licenses earlier in the year signalled that Microsoft will be less flexible in their support of older versions of Office connecting to Office 365 services.

With Office 365’s applications receiving several updates per year, the cloud-first approach means that features are released in a more incremental way. So, does it really matter anymore when Microsoft chooses to release a new major version of the software when the updates are being delivered more and more incrementally and customers are having that software update automatically?

The announcement of Office 2019 is a signal that Microsoft isn’t ready to abandon perpetual licensing just yet.

Anyway, reported updates are major revisions to Excel and PowerPoint, along with more inking support (useful with tablet and 2-in-1 devices such as the Surface Pro), and voice control.

The server GUI is here to stay

It’s a great thing that virtually every feature Microsoft has released in recent years can be configured using PowerShell. It is an immensely powerful tool, and automation is increasingly important. Microsoft has also encouraged users to install their servers as Server Core installations, which lack a GUI. Again, I applaud that option being available.

Having said that, most smaller customers do most of their Windows Server management using GUI tools either on a management workstation or on the server itself. For ad-hoc management tasks that are not going to be repeated, it’s the easiest way.

Microsoft has announced Project Honolulu, which is now in technical preview. It is a new, browser-based, management GUI.

More details are here.


OneDrive for Business

I think it’s fair to say that the journey for users of the various SkyDrive and OneDrive for Business clients over the years hasn’t been entirely smooth.

Having said that, there are definite improvements and new features. Some of the features are reworked and improved versions of features that didn’t make it into the “Next Generation” sync client that was released in 2016.

The primary example of this that Microsoft will now fully support libraries encrypted with its Information Rights Management technology. This is encryption that lives within the file itself (rather than the file system).



Azure, by its nature, continues to evolve. Some particular focus has been given to Microsoft on the networking advancements. The changes are far too numerous to list here, but there’s a great Microsoft blog post here:


Office 365 Compliance and Security

Not new, but recent, are the Compliance Manager feature and the Secure Score in the Office 365 portal.

“How does the “Compliance Score” differ from “Secure Score”?

Secure score is a security analytics tool to help organizations better understand their security posture in Office 365, while the compliance score provides a broader view of an organization’s data protection and compliance posture in the Microsoft cloud services - Azure, Dynamics 365, and Office 365. The compliance score and secure score can be associated in that compliance score is calculated across large superset of data protection and compliance controls; whereas secure score is focused on subset of configurable security controls.”

More at the following blog:


Email Encryption and Rights Protection in Office 365

Some great enhancements to the information protection features in Office 365 have been made, particularly in the way non-Office 365 recipients can read protected emails. If you’ve not seen these capabilities, take a look.


Pass-through Authentication is now Generally Available

This seems to have been a long time coming, as Pass-through Authentication (PTA) has been in preview for the best part of a year, but Microsoft has announced that PTA is generally available and that means it’s supported for use in production.

I wrote a blog on PTA back in January and we’ve run PTA internally in our demo environment and implemented it for customers’ non-production Office 365 pilots.


In essence, if you were thinking of using AD FS, you would like seamless single sign-on, or you cannot have password hashes stored in Microsoft’s cloud, then PTA is likely to meet your needs and is much simpler than AD FS.