MY UPCOMING SPEAKING ENGAGEMENT

It is going to be a busy time until the end of November!
I’m very proud to be a part of some great conferences and user groups to present about Modern Workplace stuff like Modern Device Management and Microsoft 365 Governance.

AZURE USER GROUP ZURICH
Already next week you can join me at the Azure User Group in Zurich. There is a full track about Digital Cloud Workplace and how to move from a “legacy” management to a modern cloud (enabled) management or better I say, to a Modern Workplace! Of course, using tools from the Microsoft 365 products. If you like to join check out the agenda and register now for the MeetUp in Zurich:

Tuesday, October 29, 2019
Digital Cloud Workplace at Azure Zurich User Group

EXPERTS LIVE EUROPE
I am happy to let you know that I will be speaking at Experts Live Europe 2019 in Prague. The conference will be held in from November 20-22 2019. This is huge for me and I’m very happy to be a part of this conference, specially as a speaker in this year. If you’re interested to join, you can find more details about the conference here:

Wednesday – Friday, November 20-22, 2019
Experts Live Europe 2019, Prague
My session – 10:30, Club E!

GEEKMANIA
Also in November, at the 29th, we will be at a community event called Geekmania in Zurich, Switzerland. This event covers two tracks, one for Azure and another one for Microsoft 365. I’m happy to provide two sessions in the afternoon.
In the first session I will show, why and how you can use Microsoft 365 and in the second session we will talk about Modern Device Management. Would be cool to see you there and if you have, bring some questions!

Friday, November 29, 2019
geekmania 2019, Zurich, Switzerland

#COMMUNITYPOWER

SPEAKING ENGEMENT

INTEGRATE AZURE INFORMATION PROTECTION (AIP) INTO CLOUD APP SECURITY (MCAS)

If you use the Microsoft 365 Security platform and you have the licences to use Microsoft Cloud App Security (MCAS), I recommend to implement Azure Information Protection (AIP) into MCAS.

Azure Information Protection allows you to label and protect your documents also in an automated way. There are two ways to do that. First: You can use the AIP labels in Azure or second, you migrate your labels to the Office 365 Security & Compliance Center also called Unified Labels. Before you migrate your labels, be aware of some limitations of Unified Labels. Find a detailed overview in this article here.

First of all, assign a licence to your user to use MCAS (usually E5 or the Microsoft 365 Security Add-In) and then login to the MCAS portal. portal.cloudappsecurity.com
From there use the gear in the top right to configure or check your organization settings. They should already be filled out, as this information’s are tenant wide settings.

Navigate to Investigate and select Connected apps. On the plus sign add Office 365 as app and Connect the platform to MCAS.

Also make sure you have enabled Office 365 Auditing in the Security & Compliance portal. Browse to protection.office.com – Search – Audit Log search. If audit log is not yet enabled, enable it. It should be on by default. You can find more details regarding audit log here

Back in MCAS, under settings, select Azure Information Protection. Tick the box Automatically scan new files for AIP labels and content inspection warnings and save it.

MCAS can also inspect protected files using file policies. Grant these permissions to MCAS by activating the option in the settings.

To ignore classification labels set external to your organization, in the Cloud App Security portal, go under Settings and Azure Information Protection. Select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.

Now from Files page and under Investigate you can select the file you like to label. Click the three dots at the right side of the file and choose Apply classification label to apply a label.

Be aware: It takes some time to sync your labels into Cloud App Security and Cloud App Security can apply Azure Information Protection on files that are up to 50 MB.

In the next post I will show you how to apply labels in an automated way to a SharePoint library.

ENABLE MICROSOFT KAIZALA COMPLIANCE

Kaizala is a simple and secure mobile chat app for work. If you need more information about the product, navigate to the product description https://products.office.com/en/business/microsoft-kaizala.
During May 2019, Microsoft started to rollout the Kaizala admin management portal worldwide. To reach the portal, open your browser and browse to manage.kaiza.la.

If you would like to enable the complaint settings, you need to meet some pre-requisites. Those pre-requisites you can find on flowing page:

https://docs.microsoft.com/en-us/Office365/Kaizala/backup-export-org-data#prerequisites

If you check your current licences trough PowerShell, you will see that there is no Kaizala Licence assigned, even if you use Microsoft 365 licences (SPE_E3):

Connect-AzureAD
$userUPN="your admin account here"

$licensePlanList = Get-AzureADSubscribedSku

$userList = Get-AzureADUser -ObjectID $userUPN | Select -ExpandProperty AssignedLicenses | Select SkuID 

$userList | ForEach { $sku=$_.SkuId ; $licensePlanList | ForEach { If ( $sku -eq $_.ObjectId.substring($_.ObjectId.length - 36, 36) ) { Write-Host $_.SkuPartNumber } } }

Output from the script:

This results in the following error message if you try to enable the compliance for Kaizala:
Error : “Please make sure your organization has Kaizala Pro, Microsoft Exchange and Microsoft SharePoint licenses.”

To enable the compliance on the portal, you need a Kaizala Pro licence.
I started a trial on the page https://products.office.com/en/business/microsoft-kaizala and assigend a licence to my admin account:

Shows as Kaizala_Standrad licence
Assigend is a Kaizala Pro licence to the admin account

However, after correcting the licence for the admin account, I was able to configure the compliance settings within the Kaizala portal.

Let me know if you have similar experience or facing other issues.

SPEAKING AT EXPERTS LIVE SWITZERLAND 2019

I’m excited to be chosen as a speaker at Experts Live Switzerland 2019. Experts Live Switzerland 2019 will take place on June 20 in the Workspace Welle 7 in Bern Switzerland. Experts Live Switzerland is a one-day event with 17 sessions in three parallel tracks focusing on Microsoft Cloud, Datacenter and Modern Workplace opics, with Microsoft MVPs, speakers from Microsoft and other industry experts.

I am happy to speak about Modern Workplace and how you can move from a classic or legacy deployment to a new Modern Device deployment. This will cover some Microsoft 365 features like Windows 10, Autopilot & Intune.

Check out the Experts Live Switzerland for more detailed information’s. Would be cool to see you there!

Speaking at Microsoft Tech Summit & Experts Live in Switzerland

The Microsoft community year 2019 starts very soon, also in Switzerland. In the USA the Experts Live US in Austin and the Midwest Management Summit (MMS) are just around the corner.
In the most beautiful capital of the world, Bern, interesting Microsoft community events will take place this year. I am proud to be a part of it.

Microsoft Tech Summit 2019
The Microsoft Tech Summit will take place on April 3 & 4.
The first keynote will be held by Scott Hanselmann, Partner Program Manager & Web Developer at Microsoft: The Microsoft Open Source Cinematic Universe. Also on this day, further information about the Microsoft Datacenters in Switzerland will be presented. I’m looking forward to my session on April 4th where I’ll be happy to share some tips and tricks about Microsoft 365, Autopilot and Intune! Hope to see you there!
Microsoft Tech Summit 2019

Experts Live Switzerland
A bit later this year, in June, exactly at 20th, the Experts Live Switzerland will takes place. Organized by districtUP located in Bern. The event will again take place at Welle 7 directly at the train station. I will speaking about Modern Workplace Management. The one day event and the sessions are held in German. Details will follow soon on my blog or directly under on the Experts Live webpage: www.expertslive.ch

This will be a great start into the community year 2019! So, see YOU there!

Hyper-V error during RDS VDI collection creation

For a RDS VDI test environment we decided to use an internal switch on the Hyper-V server. This is not working.

As a consequence, in Hyper-V the external network was not up. This resulted in the following error during the creation of a VDI collection:

D90C3088

 

Server computer.domain.com either does not have a virtual switch configured or none of the configured virtual switches have an IP address assigned

This is unlikely to be a concern in any type of real life environment because those will have the external NIC connected at all times. However, it may occur when you are in a test environment and are trying to isolate from the production environment.

Conclusion: You have to configure an external switch which is connected to a physical LAN cable. DHCP is enough but of course you can also set a static IP on the NIC.

Issue removing old SQL Server from ConfigMgr

Situation before migration:

1x Primary Site ConfigMgr 2012 R2 no CU (OS Win 2008 R2) – no OS upgrade Support (*)
2x Secondary Sites 2012 R2 no CU
1x SQL Server 2008 R2 SP2 no CU
2’500 Clients worldwide

Goal:

1 Primary Site Current Branch 1511
New OS Windows Server 2012 R2
1 local installed SQL Server
no more Secondary Sites
several DP’s around the world

Most of the things went smoothly but at one point for now we stuck. We’re not able to remove the old remote SQL Server. The Server still appears in the Site System Roles and if we try to remove the Site Database server role (remove is not greyed out) we recieve the error: “The Server cannot be deleted because it contains the following roles:”

811577

We also tried to change the reg keys under SMS_Site_Componets_Manager\Multisite Componet Server\”Name of remote SQL”\Deinstallation Start Time\ set to 1.

811594

 

Solution

Run the following Query in SQL Management Studio in order to find and replace the orphaned relationships.

Change with the corresponding names in < > and run against the SCCM DB :

 *************************************************************

use CM_<sitecode>
declare @ServerName varchar(15)
set @ServerName=’<orphanFQDN>

delete from statusmessages where machinename=@ServerName
delete from Summarizer_Components where MachineName like ‘%’+@ServerName+’%’
delete from summarizer_sitesystem where sitesystem like ‘%’+@ServerName+’%’
delete from statusmessageinsstrs where insstrvalue like ‘%’+@ServerName+’%’
delete from sysreslist where servername=@ServerName
delete from sc_sysresuse where nalpath like ‘%’+@ServerName+’%’

 *************************************************************

After that, reboot the Primary Site. This will remove the server from your Management Console and ConfigMgr Database.

(*)
ConfigMgr CB 1602 no supports OS Upgrade from 2008 R2 to 2012 R2. Make sure you uninstall WSUS first.

https://technet.microsoft.com/en-us/library/mt622084.aspx?f=255&MSPPError=-2147217396

Cheers, Al