Simon May

Client and cloud

Simon May

  • System Center Configuration Manager, Windows Intune and Managing iOS: What’s New?

    In this episode of the Edge show I’m joined by Martin Booth from the Server and Tools Marketing group to take a look at the new features that just shipped to Windows Intune stand alone and unified management experience with Config Manager. We look at iOS management and take a quick look at the road map.


    The post System Center Configuration Manager, Windows Intune and Managing iOS: What’s New? appeared first on INFRASTRUCTURALIST.

  • Five Gadgets to ask Santa for

    What are the best gadgets to get for Christmas? An Xbox One, a Dell Venue 8 Pro, a Spider II, Lotus F1 Team USB Charger and a something to keep the coffee warm. Of course the real test is, are they any good for the IT Guy?

    Over the Christmas period it’s hard to get the right gifts for people that they love and that they actually want. I decided to help out my loved ones this year by bypassing their need to buy me gifts and to just buy them myself so that I could write about them in this blog post, as a result I’ll be happy with socks!

    Xbox One

    First up is the Xbox One because the holidays are a time for fun not just working. The Xbox One comes in at around £520 with a game and is obviously one of the two next gen consoles on the market, there are reviews of it all over the web from core gamers, journos and the like so I thought I’d give you some observations about the console itself that they might have missed.

    The Kinect sensor is built in and voice commands are really handy as is having the sensor automatically sign you in when you’re in the room. What I’ve noticed though is that the sensor doesn’t have to be front on, under the TV or over the TV to work. I have it off angle to the left of my TV since the Kinect’s two meter cable doesn’t quite reach from our media unit to our TV. The Kinect doesn’t always “see” me in the room for a start but starting a game by saying “Xbox go to Forza Motor Sport 5” it seems to be enough to recognise who I am and sign me in.

    The games themselves look stunning, Forza Motor Sport 5 has an amazing level of detail in every single frame you see on screen. The bonnet of my shiny Shelby reflects all detail of the oncoming horizon and i get to see little helicopters hovering around the race track as I drive.

    The controller is excellent, as you’d expect, but the best thing about it is absolutely the rumble buttons which give great feedback while breaking, accelerating and hitting rumble strips in Forza.

    Is it any good in the Datacentre? Well that depends…In the past I’ve been known to move a sofa into the DC over holidays for the operators, combine that with an Xbox One and you’ll probably receive less support calls…

    Dell Venue 8 Pro


    I can’t talk highly enough of this device, actually few can and indeed it’s been so popular that when the Microsoft Store in the US recently offered a holiday discount taking the device down to $199 it sold out in minutes. The device is now available in the UK and it’s *possibly* the best Windows 8.1 device I’ve ever used. You can find my full review here on my Infrastructuralist blog.

    Windows 8.1 is great on this device, really snappy thanks to a quad core Intel Atom, which also supports any desktop app you want. I find it works really well as a Sonos controller in my house as a result. It obviously also means you can use apps like iTunes that aren’t available on Android tablets for example. I don’t and I use Xbox music but some people are hooked on other music platforms (sidebar: devices are important, apps are important but it’s the music infrastrucutre and data that people want access too).

    The Venue 8 Pro ticks all the boxes for me because:

    • the screen is great - ok it could be full HD but it’s great
    • the size is right – lots of Windows 8.1 apps look gorgeous on an 8” screen (Amazon, Twitter, Facebook all adapt)
    • the weight is perfect  - things can be too light as well as too heavy, it’s all about balance.
    • the thickness is nice – I believe that tablets need to replace paper, this device nicely replaces a reporters notebook (it’s almost identical to other tablets that are comparable to pencils)
    • the feel is good – there’s a nice rubbery backing on the device that makes it a joy to hold
    • it can run any Windows app – that means it has the biggest app ecosystem in the world. Not all apps are great with touch though so…
    • you can connect any peripheral – I occasionally connect a mouse, keyboard and 24” 1080p screen using a USB OTG cable.

    IS it any good for the IT Pro? Yes, it runs Windows 8.1 which means I can carry the RSAT around with me and remotely manage anything I want. It’s the best tablet in the world for this, right now in my opinion.

    Spider II


    What the heck is it? Well I am a man of many gadgets and it’s good for many of my gadgets, it’s a USB cable to connect device. One of the things I always have to have in my kit bag is a micro-USB cable to charge my Nokia 925 phone and my Dell Venue 8 Pro before this bit of kit though one thing has always troubled me. Cable length!

    I don’t need a 2m cable or even a 1m cable to charge my phone. Very often I only need a tiny, weeny 1 inch cable to do the job and that’s what the Spider II provides but for lots of devices. It comes with Apple Lighting, iPhone and Micro-USB so it can connect anything that most people have in their pockets. It also comes with a tactility pleasing rubber case emblazoned with a Windows logo.

    Lotus F1 Team USB Charger


    I’ve also started packing one of these into my every day kit and it’s something I’ll be packing into Christmas stockings a plenty. Just like the Spider II it has an iPhone and Micro0USB charging adapter but that’s not this things strength. One of the big problems with tablets and ultrabooks for me is a lack of USB ports and this device helps out there.

    This device has a pass through USB port for power and it has a Micro-SD slot built in. As a result I can always connect some storage and be able to power my devices.

    Microsoft Branded Heat Retaining Aluminium Flask

    It’s getting cold out there folks, it’s time to take some coffee with you but it’s going to get cold … enter the flask.

    So you’ve probably guessed by now that I’m not going to review the flask and that the last three items in this article aren’t the usual types of gadgets I look at…but it’s Christmas (other holidays are available) and so I’m going to give away a Spider II, a Lotus F1 Team USB charger and a Microsoft Branded Heat Retaining Aluminium Flask to three randomly selected folks who retweet this article with the following tweet and also follow me on twitter - @simonster* competition closes on the 10th of January, three lucky winners will be notified after, please refer to the T&C's below.

    Just two small steps needed to win:

    Step 1 - Follow myself on twitter - @simonster

    Step 2 - Tweet: "I’m asking Santa for some gadgets, having read @Simonster’s ‘Five Gadgets to ask Santa for’ on the @TechNetUK blog:

    *you need to follow me so I can get your mailing address and contact the winners!

    **Just to be really clear I’m not giving you my Xbox One or Dell Venue 8 Pro!!

    T&C's found here.

    Merry Christmas


    Terms & Conditions

    1. ELIGIBILITY. This promotion is open to any person resident in the United Kingdom who is eighteen (18) years of age or older at the time of entry and who is a registered member of the Website (the "Website").  IF YOU ARE NOT A REGISTERED MEMBER OF THE WEBSITE YOUR ENTRY WILL NOT BE VALID AND YOU WILL NOT BE ABLE TO WIN A PRIZE.  Follow the instructions on the Website to register.

    Employees of Microsoft or its affiliates, subsidiaries, advertising or promotion agencies are not eligible, nor are members of these employees’ families (defined as parents, children, siblings, spouse and life partners). 

    1. ENTRY. To be entered into the competition you must:

    Follow @Simonster on the Website and Tweet the text “I’m asking Santa for some gadgets, having read @Simonster’s ‘Five Gadgets to ask Santa for’ on the @TechNetUK blog:”.

    To the extent that entry requires the submission of user-generated content such as photos, videos, music, artwork, essays, etc., entrants warrant that their entry is their original work, has not been copied from others, and does not violate the privacy, intellectual property rights or other rights of any other person or entity.

    Entries will be ineligible for the prize draw if they:

    • are incomplete;
    • exceed the maximum number of entries allowed per person;
    • violate the rights of any other person or entity;
    • are received outside of the Promotion Period set out below; or
    • are reported to violate the terms governing use of the Website.

    Only one (1) entry per person will be accepted.  No purchase necessary to enter the promotion.  Entry constitutes full and unconditional acceptance of these Terms and Conditions.  Microsoft is not responsible for lost, corrupted or delayed entries.  Microsoft reserves the right to disqualify anyone who violates these Terms and Conditions.

    1. TIMING. This promotion runs from 1200 GMT on 19th December 2013 until 2359 GMT on 10th January 2014 (inclusive) (the “Promotion Period”).
    2. USE OF YOUR ENTRY. Personal data which you provide when you enter may be used for future Microsoft marketing activity if you indicate your consent to such activity (if applicable).  Otherwise your personal data will be used by Microsoft and agents acting on Microsoft’s behalf only for the operation of this promotion. 
    3. SELECTION OF WINNERS. All valid entries will be submitted for the prize draw.

    Winning entries will be determined by a random draw conducted by Microsoft Ltd. on 13th January 2014 and will be supervised by an independent adjudicator.  Chances of winning depend on the number of entries received.

    A maximum of one prize per eligible entry is allowed.  Winners will be notified or through the Website by 17th January 2014.  If a potential winner has not confirmed receipt of the notification within TEN (10) days after the first attempt, an alternative winner will be selected on the same basis as described above (either at random for prize draws or according to the same judging criteria for competitions).  Winners may be asked to provide identification proving their eligibility before they are entitled to receive the prize.  Winners may be asked to participate in further publicity or advertising.

    1. PRIZE(S). There will be nine (9) prizes in total.  The prizes will be as follows:
    • 3x Prize bundles consisting of a Microsoft Branded Thermos Flask, a Lotus F1 Team USB Charger and a Spider II Device Charger (£35 approximate value)

    Prizes are as stated and are not transferable.  No cash alternatives available.  Microsoft reserves the right to substitute the prizes with prizes of equal or greater value.  All prizes will be sent by Microsoft or its agent no later than 28 days after the prize draw has been made by Microsoft.  Unless otherwise stated, all prizes are subject to their manufacturer's warranty and/or terms and conditions.

    Prizes may be considered as a taxable benefit to the winners. Winners will be directly responsible for accounting for and paying to HMRC, or other relevant tax authority, any tax liability arising on their prize.  Please contact for any query related to the taxable amount for reporting to HMRC, or other relevant tax authority.

    1. WINNERS LIST. Each winner consents to his/her surname being made publicly available upon request.  Winners’ names will be available for a period of 28 days after the selection of winners by written request to    
    2. OTHER. No correspondence will be entered into regarding either this promotion or these Terms and Conditions. In the unlikely event of a dispute, Microsoft’s decision shall be final.  Microsoft reserves the right to amend, modify, cancel or withdraw this promotion at any time but only before the delivery of prizes, without notice.

    Participants in this promotion agree that Microsoft will have no liability whatsoever for any injuries, costs, damage, disappointment or losses of any kind resulting in whole or in part, directly or indirectly from acceptance, misuse or use of a prize, or from participation in this promotion.  Nothing in this clause shall limit Microsoft’s liability in respect of death or personal injury arising out of its own negligence or liability arising out of Microsoft’s fraud.

    Microsoft cannot guarantee the performance of any third party and shall not be liable for any act or default by a third party.  

    1. SPIRIT OF THE COMPETITION. If an entrant attempts to compromise the integrity or the legitimate operation of this promotion by hacking or by cheating or committing fraud in ANY way, we may seek damages from that entrant to the fullest extent permitted by law. Further, we will disqualify that entrant’s entry to this promotion and may ban the entrant from participating in any of our future promotions, so please play fairly.  

    Promoter: Microsoft Limited (“Microsoft”), Microsoft Campus, Thames Valley Park, Reading, RG6 1WG, England.

  • iOS in the Enterprise

    Active Directory is the source of identity in the enterprise and iOS devices should be identified in and by AD in order to provide access to resources, in this article published on WServer News I explain the process of supporting iOS devices in your AD DS with Windows Server 2012 R2 and the Device Registration Service.

    The post iOS in the Enterprise appeared first on Devices, Services, Life: Simon May's Blog.

  • 5 Tips to cope with the BYOD post-holiday rush

    It’s that time of year again. Tech gifts are set to be the most popular this year again (after socks) and tablets are top of that tech gifts list. When you get back to work lots of your users will have shiny new Android, iOS and Windows devices that they’ll probably bring to the office. Some will use them as a distraction from work but many will want to use them to enable working in new ways. Not only that but this year it’s not just the tech trendsetters that will be getting tablets, it’s everyone at all levels in your organisation. Some people will just leave those devices at home for a start but some won’t and that will encourage more and more people to start bringing them into the office. It’s probably not tenable to just ban them outright any more – this season will put pay to that ability for most I think. So what can you do? We have two months and a few small upgrades might get you right to where you need to be.

    1. Email

    There can be no doubt that for almost every organisation on the planet email is the number one productivity, communications, CRM, sales, marketing and lol cat tool in our arsenal. If you’re going to spot a crunch point this will be it. If you’re running your email on-premises still it might be time to start considering a move to the cloud and my personal, favourite approach here is to go hybrid.


    Enabling a BYOD solution for your business at enterprise scale is going to mean you’ll have more and more people wanting to connect more and more devices to your email servers. Within Microsoft we have a limit of 10 which I recently found myself exceeding. Following this year’s holiday buying fest it’s quite likely that any individual might have: a mobile phone, a small tablet (7-8 inch, a present this year from the other half), a larger tablet (10 inch, bought last year as a present to themselves), a company provided laptop, a hot desk computer (only for when the user forgets their laptop). All those devices are going to “require” email access to make them useful. Of course this is also the tip of the iceberg, next year it’ll be wearables.

    Moving the email boxes of users who are entering a BYOD program over to Office 365 and leaving those with more traditional requirements on-premises could be a really smart move. Office 365 gives you this option like no other cloud email service can, integrating into your existing Exchange infrastructure providing that seamless familiar experience that users are used to. It’s too much to go into deep detail in this article about next steps but there are plenty of guides around the web.

    2. Work Place Join, Enterprise Registration

    The chances are that you know who everyone in your company is, what they do and what they should have access to do. The same is probably also true of your company owned laptops and desktops. The reason is of course that these people and devices have accounts within Active Directory (AD) and those accounts then let you specify what those users and computers are allowed to do and what resources they are allowed to access.


    Of course not all devices are created equal, they don’t all run Windows today and even if they do with BYOD they might not be members of your domain, known to AD. Essentially they are ghosts, visible but at the same time hidden. Within the Windows Server 2012 R2 wave we have a feature that helps us manage those ghosts and pull away their white sheet of invisibility, making them known to AD. The feature is the Device Registration Service otherwise commonly known as Workplace Join. This feature is complemented in Windows 8.1 with the ability to workplace join the device and iOS also has a similar ability, although the UI isn’t as slick. When a device is registered by the Device Registration service a few things happen, first an identity is created for the device within AD with a unique GUID (device names Aren’t-used per-se, although it is an attribute of the record) because a device can be enrolled multiple times, potentially by different people. Second a certificate is issued to the device to identify it. Now that our device is known to AD there is all sorts we can do to given the device.

    To deploy Device Registration you’ll need to deploy Windows Server 2012 R2, deploy the Active Directory Federation Services (AD FS) role, update the schema, issue some certificates and make some DNS changes. There’s a good guide to building this out in a lab here.

    3. Publish your internal sites, externally, safely

    Not all your internal websites are the most secret things your company has to offer. The intranet might have some proprietary information on it but you could still publish it securely and safely to people. Especially since we now know not only who they are but from what device they’re connecting. Going hand in hand with deploying AD FS in Windows Server 2012 R2 is going the new Web Application Proxy role which takes internal resources and publishes them externally safely using either claims based auth (AD FS) or pass through auth.

    Using rules for those published services, called relying parties in AD FS parlance, it’s possible to restrict the level of access over those published services using authorization rules that take a look at the claims an incoming request is making. Those claims can include device claims, so we can easily publish our intranet and create a rule that says if this device isn’t registered with AD don’t let the connection through, if the device is registered with AD and the user is allowed access to the intranet then allow the request.

    It’s actually the Web Application Proxy that publishes the enterprise registration service mentioned previously out to the internet. The Web Application Proxy also acts as an AD FS proxy allowing you to keep your AD FS server inside your network and taking these two services and linking them with Office 365 we can easily develop a single sign on environment.

    4. Device Governance

    It’s tough to require the ability to control all aspects of an individual’s personal device, in fact in some places it may soon contravene the law to remote wipe someone’s device without their permission, something you may want to do for example when they level the company. The idea of “governance” however is to allow access to specific resources – such as applications or remote help, once the individual has allowed you specific access to their devices.

    With this power comes the responsibility to not do such things as wholesale wipe their device. Once a device has been workplace joined we have the ability to start to selectively wipe the corporate aspects of their device. For example we could revoke the certificate that we placed on their device when they workplace joined. If they pulled any data down to their device and we’ve encrypted it with EFS, we would then be able to break the chain of trust that allows the device to access said data. Likewise we can do the same for sideloaded corporate apps.

    5. Data Governance

    It would be nice if we all knew all of the data inside our organisations. Sadly we don’t, especially when we consider the data explosion and how much data we will be storing in the future (I think storage space is like your salary: the more you earn the more you spend; the more storage you have the more you use!) Our users aren’t much good at managing their data either – they generally don’t understand ACLs and how to correctly permission their data. It would be far better if there were a better, more automatic way. Thankfully there is…

    Windows Server 2012 introduced Dynamic Access Control (DAC) and dynamic file classification through File Server Resource Manager (FSRM). Essentially this means that, given some rules, we can have our file servers look at the data they are hosting and apply access controls based upon the content of that data. For example we could look at all the Word documents on our file share and if they contain something that looks like a credit card number (using RegEx) we can classify the files as only for the eyes of people in our customer finance department (this is just file classification not DAC). The DAC part of the equation comes into play when we start to use those applied classifications in addition to the claims being made by the party accessing the files.

    The party accessing the files is going to be a user, but the device that the user is using to access the files could vary. In Windows Server 2012 we could take a devices identity in AD (the computer account) and decide that only users with a specific OS can access the files. Now that we have device registration in play too we can not only do this for Windows devices that are domain joined but also for Windows devices and iOS devices that are workplace joined. The upshot being that we could allow Jane from Finance access to a file with a credit card number in only from her Windows 8.1 domain joined device but not from her iOS device unless she registers the device and we therefore have the ability to track the data. All of this has been done without IT needing to understand the specific document or the specific device she used.


    Hopefully this article has been a little thought provoking. It’s probably a very big ask for you to get this stuff into production in time for the holidays but at least you can start to think about building a lab to try this out with those devices that Santa leaves for you. You’ll need some lab guides, and the Windows Server 2012 R2 and Windows 8.1 Enterprise Evals to be able to do just that – luckily it’s all free to try, our present to you.

  • Gadgets for the IT Guy: Surface 2 and Surface Pro 2

    The iconic kickstand a better, full HD screen, lighter form factor and superior sound make Simon May, Microsoft Evangelist, rather obviously fall in love with the new Surface 2 and Surface Pro 2 devices. But are they good for the IT guy.

    Surface Pro 2_Type Cover_purple

    Last week I was lucky enough to be one of the first people to go “hands on” with the new Surface 2 and Surface Pro 2 devices from Microsoft. As always this series is about writing about what they’re like for IT Pros which I’ll get onto in a few lines but before I do let me tell you how I use my current Surface devices. Currently I only own a Surface RT, actually I own three of them and two are for demo purposes. My main Surface device spends most of its time sat by the sofa and it’s used for casual non-work stuff but it’s also used heavily for commuting. For the times I go into London to for work I only take my surface, I don’t need anything else for emails, for meetings, for blogging or my general day to day non-technical work. Surface RT is the perfect device for this because it’s light and I don’t need to charge it. I also have an Android tab sat there, invariably I prefer Surface RT.

    Surface 2

    Surface RT2_Rear view

    Let’s start off looking at the new Surface 2 then which runs Windows RT. The very first thing I noticed when I grabbed the device was how much lighter it feels than the Surface RT, I am sure there’s not much of a weight difference but it’s enough to be noticeable. The very next thing I did was to try the iconic kick stand, it feels as solid as the Surface RT with that pleasing spring when it gets to the end of its movement but the kickstand can be pulled to make it move a smidge further and provide a flatter working angle. I moved the kickstand to the second position and I was quite surprised about how that affected by ability to type. With the first position and on the Surface RT it’s pretty cumbersome to type on screen, with Surface 2 the kick stand position makes it easy to type with both hands –almost touch type.

    My very next move was to power the device up and log in to set it up. Immediately I noticed how sharp the 1080p screen is compared with the 720p screen is on the Surface RT which just made the Surface logo that little bit smoother. It’s also noticeable on the labels on live tiles which are just that little bit more readable. Personally I prefer to have more tiles so I quickly set my Surface 2 to display 4 and the 1080p screen handles that really nicely too. Within about 10 minutes my apps had started to sync down too so I jumped onto twitter which did exactly what you’d expect on a 1080p screen. Wanting to test the screen more I popped into the Windows Store and installed the 500px app to view some beautiful photography. I have to say the clarity of the screen, the contrast of the colours everything about the screen makes it wonderful to look at.

    Office Work

    Taking a look at the desktop to use the Microsoft Office apps also didn’t disappoint me. The higher resolution makes office just that little bit nicer to work with which I think is possibly because it’s slightly more congruous with the display on my Asus Zenbook Prime, things just seem to be the right dimensions.

    Everything starts to feel snappier around the interface than my Surface RT with apps loading just that little bit more quickly. Overall I found the Surface 2 to be a pretty great improvement over the Surface RT for me, I’ll probably be buying my own. Sometimes people say to me that it’s not a great device for IT Pros because it doesn’t run desktop apps, I however find that it does almost everything I need for short periods and does much better than anything else I’ve ever used for such. I have easy access to PowerShell and to Remote Desktop and in fact though remote desktop I deliver a couple of apps I need occasionally (like the RSAT) using Remote App and they basically feel like native tools.

    Another thing I like, which is actually a Windows 8 feature is the ability to wipe my device. The device I used for this review wasn’t mine, was not going to be mine and other people needed to use it, so I used the reset ability of Windows 8 to just reset the device and take away all my customizations before I handed it off. Very handy for recycling your old Surface RT device I thought.

    Surface Pro 2 for the Professional

    Surface Pro 2 RHS

    Next I was onto taking a look at the Sur face Pro 2, a colleague had signed into this device first and it was setup with their Microsoft Account. The very first thing I did was play a movie trailer from Xbox video, not so that I could see the screen – it’s 1080p just like the Surface Pro, but so I could the sound. The Surface Pro 2 and actually the Surface 2 have Dolby audio built in and wow do they sound good! The sound is excellent and probably the best of any tablet device since they have two speakers (lots of tablets only have one – aka Mono) but Surface has multiple drivers and sounds superb. I could happily use the Surface Pro 2 as music device or to watch whole movies on.

    I wanted to give the USB 3 on the device a try so I moved a huge amount of data over from a USB3 memory stick and transfer speeds averaged about 34mbs. Copying from the Surface 2 to the stick managed a similar average transfer speed, so we can tick the “it just works” box. I also ran some benchmarks on the device and it out performed by new laptop (Asus Zenbook Prime) in almost every way from drive speed, 3D graphics performance and various CPU tests. I have to say it was impressive in every respect and obviously a total laptop replacement for an IT Pro – with this you’d only need one device for everything in your life – even a little bit of virtualisation!