Delivering Zscaler at helped secure their working environment

In case you missed my Tech UG presentation last week, please click here for a link to the recording.

During the presentation I talk about:

  • adoption of Cloud Computing
  • The Data Centre traffic challenge and the limitations of a perimeter based approach to security
  • The benefits of cloud based web security
  • The significance of split tunnelling
  • Using Zscaler Private Access (ZPA) to help deliver Zero Trust Network Access (ZTNA)
  • Using Zscaler Internet Access (ZIA) to secure access for Office 365 and Azure DevOps 
  • How COVID19 affected Zscaler project delivery

Microsoft Ignite 2019, Orlando

It was another successful conference at Microsoft Ignite 2019 in Orlando last week. The scale has somewhat changed since my last Ignite visit in 2011, the Orlando Convention centre is enormous, and it needed to be hosting ~30,000 attendees. Satya Nadella’s opening Keynote focussed on Tech Intensity at a Global Level across these key areas:

  • Microsoft 365
  • Dynamics 365
  • Power Platform
  • Developer Tools
  • Trust
  • Azure

With over ~1700 Ignite sessions to choose from it was a busy week ending with a conference party evening hosted in Universal Studios exclusively for Ignite Attendees, superb!

As ever the event was full of technical sessions and included an expo hall where I had the opportunity to target some of my product related questions directly to the engineering teams. I’ve listed some of my key take away’s from the event including answers to my product related questions below.

Microsoft Endpoint Manager

  • This rebrand encompasses the convergence of Intune and SCCM aimed at bringing together all endpoints through a single management plane
  • Intune Device Firmware Configuration Interface (DFCI) is now in public preview providing the ability to remotely configure device firmware
  • Microsoft Security Baselines for Edge and Office will be made GA 2020 H1

Azure Arc

  • This is the new control plane for multi-cloud, multi-edge
  • Provides management functionality for Azure Stack appliances which extend your Azure environment on-premise

Azure Synapse (Data Layer)

  • This is a service which brings together Data Lake and Big Data solutions and can deliver quite advanced predictive analytical capabilities

Project Silica

  • This is an impressive femtosecond laser etched glass storage solution which will be used by Warner Brothers to satisfy their requirement for storing mass amounts of media data

Power Platform

  • This marks the introduction of Power Automate (formerly Microsoft Flow) and Power Virtual Agents
  • I attended a few sessions on this throughout the week and the chat bot capabilities provided by Power Virtual Agents provides an interesting solution to optimise some of the repetitive tasks undertaken within an organisation without the need to write code
  • This product also provides a wizard that can automate processes executed by legacy Win32 apps!


  • There was a lot of focus on Microsoft Teams this week through Satya’s keynote, extensive workshops, in-depth sessions, and a wide range of Microsoft Partner demonstrations in the Expo hall
  • Microsoft Teams Content cameras are now available which make people translucent so the so meeting participants can always see the content of the whiteboard
  • Private Channels are now GA
  • Proximity Join capabilities will be introduced for Microsoft Teams Rooms (MTR) through “Bluetooth Beaconing”
  • Direct Guest Join for 3rd Party meetings will be introduced in 2020 H1 to enable Teams meeting interoperability with Cisco WebEx and Zoom clients
  • In 2020 H2 Microsoft will release a Device Management console within the Teams Management portal. This will list all shared office spaces, the equipment within those spaces and their health status
    • Users will have the ability to reset MTR devices
    • This technology will also assist in understanding how shared spaces are used by users based on their usage activity
    • This console will provide the ability to audit changes made to shared space equipment
    • Eventually this functionality will be integrated into the Microsoft Endpoint Management tool (MEM)
  • Support for emergency dial features on Teams phone lock screens will be made available in 2020 Q1
  • Automatic pairing and unlocking (sign-in) of Teams phones from the Desktop App will be introduced in 2020 Q1
  • Advanced collaboration features where you can share content from your Desktop Teams app and use a Teams phone for voice will be introduced 2020 Q2.

Project Cortex

  • This is an AI initiative to provide Data insights into Teams channels by creating a knowledge network based on relationships among topics, content, and people
  • Known topics identified within Teams conversations are automatically highlighted and when clicked open knowledge centre pages showing an aggregation of related content

Microsoft Edge (Chromium)

  • Edge Chromium will be in GA January 2020.
  • A significant announcement was the new Microsoft Edge includes Internet Explorer mode and Microsoft have committed to fix legacy IE application issues in Edge Chromium for free!
  • Increased security capabilities simplified into 3 security lockdown modes; Basic, Balanced and Strict
  • A new InPrivate mode across your entire web experience, so your online searches and browsing are not attributed to you
  • Bing search through Edge Chromium will provide unified search results from Internet and Intranet content

Windows Virtual Desktop (WVD)

  • It was great to see a sneak peak of the WVD User Interface scheduled to be available before the end of the year
  • Although this interface will be limited to managing host pools and User access I am pleased to see Group based user management included

MSI-X App attach

  • This will significantly enhance WVD capabilities enabling applications to be layered dynamically onto the virtual Desktop through FSLogix
  • Microsoft intends on integrating MSIX App Attach into the WVD portal
  • MSIX App Attach capabilities will be built natively into the OS which will be GA 2020 H1

Office 365 Groups

  • An “Access package” can be created per business unit role which provides a method of consolidating all Office 365 Group memberships. This will create an Access Portal link URL which can be emailed to employees or provided through a SharePoint Site
  • This can be used to accelerate the process of onboarding new users

Azure B2C

  • Identity Protection and Conditional Access will be made available in 2020 H1 as premium features

Azure File Shares

  • A new Azure File Shares tiering system will be introduced to enable the storage Tier to be changed dynamically without downtime
  • Hybrid AD domain join file share support will remove the need for AADS which will be GA 2020 H1
  • NFS 4.1 Support for Azure File Shares (currently in Preview)
    • This enables File Share mounting on Linux

Product Centric Q&A

  1. Windows Virtual Desktop (WVD)
    • When will Shadowing be introduced into the WVD Portal?
      • This is on the roadmap scheduled for April 2020
    • When will Auto Scale functionality be introduced into the WVD Portal?
      • This is on the roadmap scheduled for April 2020
    • When will B2B capabilities be added to WVD?
      • This is currently a backlog item and not featured on the product roadmap
    • When will we be able to perform native Intune Management for WVD?
      • This is on the roadmap scheduled for 2020 H1
    • When can we join WVD desktops natively to Azure AD?
      • This is on the roadmap scheduled for 2020 H1 
  2. When will native remote control functionality be introduced into Intune (now Windows Endpoint Manager)?
    • This is on the roadmap for 2020
  3. When will self-service password Reset be able to be subjected to Conditional Access policies?
    • This is currently a backlog item and not featured on the product roadmap
  4. When will we be able to assign Privileged Identity Management (PIM) roles to Azure AD Groups?
    • PIM Group based role assignment is currently available in private preview
  5. When will Teams and Skype (Consumer) integration become available?
    • This functionality will become available in December 2020.
  6. When will Azure Files support Conditional Access?
    • At present Microsoft are focussing on direct storage functionality and performance and Conditional Access support is on the backlog potentially as late as 2021

Presenting at Tech UG Cardiff

I will be speaking at the next Tech UG event in Cardiff on how to deliver End User Compute in a “Cloud first” era. I will demonstrate how organisations can deploy, secure and manage Windows 10 and Windows Virtual Desktop. #Windows10 #Office365 #WVD #Intune

Tech UG Cardiff event page:

Presenting at the Citrix and Microsoft Cloud Seminar

It was a great afternoon at the Citrix and Microsoft Cloud Seminar last week. Pontec and Network Jigsaw delivered a joint presentation on our experiences delivering an Azure hosted VDI environment brokered by the Citrix Virtual Apps and Desktops Cloud Service for one of the largest public sector organisations in Wales.


Citrix opened the event presenting their latest workspace and SD-Wan capabilities. Microsoft also presented their latest innovations in Cloud computing and Windows Virtual Desktop (WVD). Microsoft also emphasised how the Microsoft and Citrix Partnership is stronger than ever with Citrix providing a unified experience between Azure hosted WVD and On-Premise published apps/ desktops.

Speaking with public and private sector organisations after our presentation it became apparent that most companies are excited by Microsoft’s recent FSLogix acquisition and WVD announcements. It was also interesting to learn how so many organisations find it challenging to prioritise which Cloud services to focus their attention on first; Office 365, Azure VDI, or Cloud datacentre transformation. I think this is the area where Citrix Cloud services can add real value, allowing customers to decouple Line of Business applications from their critical path and deliver them as published applications from anywhere, often mitigating the “Proximity to Data” challenge.

Microsoft Ignite | London


After spending a couple of days at Microsoft Ignite these are some of my key points of note.

  1. Windows Virtual Desktop (WVD)
    • Microsoft’s recent WVD announcements makes VDI a cost effective option for SME aswell as large enterprises
    • WVD combined with Azure AD Conditional Access could offer an effective solution to provide external suppliers access to a secure desktop from outside your organisation removing the cost of additional physical devices
    • WVD is due to be available through Public Preview next month and made Generally Available in the Summer
    • WVD can be used to publish applications and/or desktops
    • Windows Server only supports Win32 and Office perpetual apps, whereas WVD will support Office 365 ProPlus and UWP apps
    • There will be two modes of connecting to a WVD:
      • Microsoft Remote Desktop Client
      • HTML5 Browser
    • WVD is licensed on a subscription basis and so will not require RDS CALs!
  2. Intune
    • OOBE Profile enhancements
      • Computer Name templates now allow you to configure devices to use %serialNumber% as the computername, instead of random names
    • New security features will provide the ability to ensure only auto pilot enrolled devices can be registered in Intune
    • Office 365
      • A new Office App Suite (for Office Pro Plus) deployment options have been introduced further simplifying Office deployment
      • A new set of servicing options for Office 365 Pro Plus (Insider and Monthly)
    • New features to be introduced in the Windows 10 v1903 release
      • Windows Auto Pilot “White Glove”
        • A process where the device is fully configured in readiness for the End User logon
        • The device will complete the full device setup – install user/ device assigned apps, configure settings and user account setup (user assignment)
      • Cortana voiceover will be disabled by default in OOBE
      • Self-updating Auto Pilot
        • The AutoPilot client will be updated at OOBE without requiring the Device image/OS to be updated to the next version of Windows
    • Dependency / Sequential Deployment
      • Application Dependency capabilities will be introduced into Intune this Summer
      • Sequential application and configuration deployment will be introduced through Intune towards the end of the year
  3. Identity and Access Management
    • Information Protection
      • Now integrated into the Security and Compliance Centre
      • Unified Labelling (still in preview) will allow organisations to configure Information Protection Policies using on labels to identify sensitive data types (e.g. National Insurance Number) which can be automatically identified in documents and will prompt the user to save the document (or send emails) with a pre-defined protective marking (Natively in Office ProPlus)
      • An AIP Scanner function can be used to scan all existing documents and either audit or enforce Information Protection policies
    • Email protection policies can be configured to enforce mail encryption and prevent mail forwarding
  4. Microsoft Teams
    • Files can now be shared (and restricted to) users within a Teams channel
    • Transcription Services – Caption Recording
      • In addition a new search feature will be introduced to allow channel users to search for words/ topics captured
    • Share content from a partner device, i.e. The MS Teams App running on an iPhone can be used to share video content from your phone whilst you are logged into Teams on the phone and desktop
    • New RBAC Roles introduced
    • Integration with LoB Apps that can be added to the Teams Store

Citrix Silver Partner

I am pleased to announce that Pontec is now a Citrix Silver Partner Solution Advisor.