No matter the umbrella a solution is placed under- IoT, visual communications, or embedded, endpoints are driving more use cases in the real world while also generating and processing ever increasing amounts of information. Generating data shouldn’t be the end goal, the insights and action generated is key to driving value. While traditionally, this data may be uploaded and processed in cloud based infrastructure, Edge Computing changes this pattern in key ways by performing latency sensitive and data intensive computation local to the source of data to drive additional capabilities while containing cloud infrastructure costs.
Several common types of solutions can benefit from Edge Computing. Video analytics is an example of a workload that can cost prohibitive to use in cloud driven infrastructure from a bandwidth and resources perspective. Not sending constant video frames to cloud infrastructure greatly reduces the necessary cloud infrastructure to support the workload. Moving video analytics to an edge computing device also unlocks additional capabilities by lowering latency, including customizing messages to the audience and providing attribution in Digital Out of Home (DOOH) communication applications.
Other data driven, real-time and response applications that can show significant benefit from edge computing: • Container application platform • Content caching • Rapid device provisioning and restoration
Now Micro has built a number of solutions on our existing Visual Data Device (VDD) and Edge Cluster platforms: • ImageSync – A high performance and secure file synchronization and system imaging/provisioning solution • Edge Cluster – A compact, high performance platform for containerized applications
We consider these solutions only the beginning of the possibilities of Edge Computing. There are numerous application specific workloads that can benefit from low latency and high performance computing on-premise. We look forward to working with integrators, ISVs and end customers to help design and build these future looking solutions.
For further Information • To view our full range of IoT/Digital Signage devices: https://nowmicroplayers.com • High performance Visual Data Device specification computing appliances – https://nowmicroplayers.com/Solutions/VisualDataDevice • Our new container optimized container workload device: https://nowmicroplayers.com/Embedded/Product/DMPN-7i3-i5-i7-Cluster
Even before the events of early 2020, many organizations and much of the workforce were realizing the benefits of telecommuting. With a changing world, even the most die hard “butts in your seat” workplace cultures have had to adapt. For some, trusting their flock to work efficiently and productively with little oversight can be a source of anxiety. While the shift to working remotely may take some getting used to for everyone, a net positive in productivity is usually the result.
So, your staff is no longer right outside your office doors and the conversations in the break room are no longer there to give you insight. How do you measure your staff productivity? Luckily, Microsoft M365 Usage analytics allow us to pull data from Teams, Outlook, OneDrive, SharePoint, Yammer and more into a sortable, consumable report.
Prerequisites
Licensing
To install the M365 Usage Analytics app, you will need at least 1 Power BI Pro License. If you would like to demo the app, you can sign up for a free Power BI Pro trial here.
If the report is shared with additional users, they will also need a Power BI Pro License to view the report.
Identities
All the sorting done by the M365 Usage Analytics app is done by Azure AD user object attributes. It is recommended that you make sure the following attributes are populated and current.
Company
Department
Country
State
City
Tenant ID
To connect your organizations data, you will need your Tennant’s ID. The tenant ID can be easily obtained from the overview page in Azure Active Directory. Directions to obtain your tenant id are included in this post.
Enable Power BI Reporting For Your Tenant
In order for Power BI to access your organizational data, you must enable Power BI reporting with-in your Tenant.
Enabling Power BI Reporting
The link below will bring you to the Services and Add-ins configuration page with in the O365 Admin Portal.
Click on “Reports”, select the option to “Make report data available to Microsoft 365 usage analytics for Power BI” and click “Save Changes”
Selecting the option for “Display anonymous identifiers instead of user, group, or sites names in all reports” will obscure user identifiable data in the reports. This reporting option will still allow you to discern organizational trends without specific user data.
The app automatically creates its own workspace upon installation. For this reason we can begin by clicking “My Workspace” and then “Get” under “Discover Content >> My Organization”.
The easiest way to find the app is to search for “usage” in the search bar. Once you have found the Microsoft 365 Usage Analytics app, click “Get in now”.
The next screen allows you to review the app’s privacy policy, and terms of service as well as some additional info about the app. Once you are satisfied, click install.
After waiting for Power BI to Install the app, click the apps icon.
The next Screen gives three options. You can populate the app with sample data before connecting to your organization’s analytics, explore the workspace created along with the app or connect your organizations data. If your comfortable pulling in your organizational data, click “Connect” under “Connect your data”
For Power BI to find you data, you will need to input you Tenant ID. Instructions on finding your tenant ID can be found above. Enter the Tenant ID in the field and click “Next”
The next field allows you to select the privacy level for data received from you Tennant. You can find additional information on each privacy level here. Once you have determined the appropriate privacy level, change the “Authentication method” to “OAuth2” and click “Sign In”
Scheduling Refreshes
By default, the dataset create does a one time pull. To see updated data each day or week, you will need to configure the refresh scheduler. You can also configure alerting on refresh failures. When the app was installed, a new workspace was created to house the report and dataset. To access the refresh settings, we will first find and access the workspace.
Click on “Workspaces” on the left had blade and select the “Microsoft 365 Usage Analytics” workspace.
Click on “Datasets” with in the workplace ribbon and expand the ellipses under “Actions”. From the drop-down menu, select “Settings”
Expand “Schedule Refresh”. Make sure the radio button for “Keep your data up to date” is turned on. Configure your preferred refresh interval (Daily or Weekly). You can add additional times if you would prefer multiple refreshes per day. If you wish to alert on failed refreshes, you can configure the notification settings. Click apply when finished.
Viewing the Report
From the workspace dashboard, select “Reports” from the ribbon and click “Microsoft 365 Usage Analytics”.
You know have all your data in a prebuilt report for consumption.
Sharing the Report
If you wish the share the report with others, from the “Reports” page, click “Share” in the upper right-hand corner.
Note: Any user the report is shared with will need a Power BI Pro license to view the report
From the share dialogue, you have the option to add multiple recipients and dictate whether those recipients can share the report. Deselect the “Allow recipients to build new content…” radio button if you do not wish recipients to have access to the underlying dataset.
Summary
Obviously, there is a lot more to cover with the Microsoft 365 Usage Analytics app and Power BI. I hope to cover manipulating the dataset and building customized reports in a future blog post. Thank you for reading!
As technology continues to improve and the workplace continues to evolve, remote workers have become more common. Effectively supporting these remote workers means re-evaluating legacy remote access solutions. This post will look at Microsoft’s current remote access solution, Always On VPN.
Always On VPN is a Microsoft remote access solution that is built into Windows 10. Microsoft has positioned Always On VPN as the replacement for their older remote access solution (DirectAccess).
When planning a deployment of Always On VPN, keep in mind that it is a solution for users or devices that need remote access to local resources on a corporate network. Users with access to cloud resources, and devices managed by cloud-enabled tools may not require a VPN connection.
How Does Always On VPN Work?
Always On VPN is a solution that allows a client to automatically establish a VPN connection without any user interaction. The technology that makes this possible is the VPNv2 CSP node, which is built into Windows 10. This CSP (configuration service provider) allows the built-in Windows 10 VPN client to be configured using an MDM solution (Intune), or PowerShell.
The server side of a typical Always On VPN deployment requires at least one VPN server and one authentication (RADIUS) server. A common solution is to use Windows Server with the Routing and Remote Access role installed for the VPN server, and Windows Server with the Network Policy Server role installed for the RADIUS server. However, these servers do not need to be Microsoft servers. Third party solutions or appliances can be used. Additionally, a certificate authority is required to issue certificates to the servers and clients. The certificates will be used to authenticate the VPN connection.
The Windows 10 VPN client can be configured to connect a user authenticated tunnel or a device authenticated tunnel. Both types of tunnels can be connected simultaneously if required.
User Tunnel
The User Tunnel is established when a user logs into a computer. This type of tunnel is ideal for granting access to file shares or applications.
Here is a high-level overview of the connection process for a Always On VPN user tunnel.
The VPN client sends a connection request to the external IP address of the VPN server
The edge firewall passes the connection request to the external interface of the VPN server
The VPN server passes the connection request to the RADIUS server. The connection request leaves via the internal interface of the VPN server and passes through the internal firewall
The RADIUS server receives and authenticates the connection request
The RADIUS server returns an accept or deny response to the VPN server
The VPN server allows or denies the connection request based on the response from the RADIUS server
Device Tunnel
The Device Tunnelis established as soon as a computer is powered on and connected to the internet. A user does not need to be logged into a computer for a device tunnel to connect. This type of tunnel is ideal for granting access to Active Directory or other management servers like Configuration Manager.
Here is a high-level overview of the connection process for a Always On VPN device tunnel.
The VPN client sends a connection request to the external IP address of the VPN server
The edge firewall passes the connection request to the external interface of the VPN server
The VPN server validates the computer authentication certificate of the client and allows or denies the connection request
Notice that the device tunnel does not use RADIUS for authentication. The VPN server preforms the authentication. This prevents device tunnels from taking advantage of more advanced Always On VPN features like conditional access and multi-factor authentication. For more guidance on when to utilize device tunnels refer to this post.
VPN Protocols
Always On VPN utilizes familiar VPN infrastructure, which means that it can also utilize familiar VPN protocols. There are two main protocols that make the most sense to use when working with Always On VPN.
IKEv2
Internet Key Exchange version 2 (IKEv2) has good security and good performance. Its ability to automatically re-connect after a short interruption gives it good reliability as well. The primary concern with using IKEv2 is that communication happens on UDP 500 and UDP 4500. This makes it more likely that the connection will be blocked by firewalls.
Note that when using a Always On VPN device tunnel, IKEv2 is the only supported protocol.
SSTP
Secure Socket Tunneling Protocol (SSTP) also has good security, and good performance. The main benefit of using SSTP is that communication happens on TCP 443, so it is very unlikely that it will be blocked anywhere. The downsides to SSTP are that it is not quite as secure as IKEv2, and it does not handle connection interruptions as well.
ProfileXML
As I mentioned earlier, Always On VPN utilizes the built-in Windows 10 VPN client. This client is configured using the VPNv2 CSP node. Configuring the settings in the VPNv2 CSP node can be accomplished using an XML file. Once the XML file is created, it can be deployed to systems through Intune or through Configuration Manager using PowerShell. For more information on the XML configuration and deployment, see the Microsoft Documentation.
Additional Reading
This post was a high-level look at the technology behind Always On VPN. For a detailed guide on creating a basic Always On VPN deployment, refer to the Microsoft Documentation. I would also recommend reading Richard Hicks’s blog. Additionally, Now Micro will be hosting a Tech Connect webinar on Always On VPN next month (May 2020). More details can be found on our Events Page.
Office 365 ProPlus Device-based Subscription for Education provides administrators an experience that mirrors the user-based model, but with ease of management and access to the desktop Office 365 desktop apps. You can assign the device-based subscription to any device within the institution’s organization, including, but not limited to open access, lab or library devices providing consistent user experience.
This post is the second part of a two-part series on configuring and deploying the Microsoft Local Administrator Password Solution (LAPS). The first post covered the steps needed to configure Active Directory to support LAPS. That post can be found here . This post will cover the steps needed to enable the LAPS functionally on devices. Continue reading “Configuring LAPS (Part 2)- Configuring and Deploying Group Policy”
Why is Local Administrator Password Management Needed?
The question of how to deal with users having administrative rights on computers or other network resources is one that has many different answers and has evolved over time. While the scenarios around network and domain administrative access may be more complex, the local administrative rights scenario should be very similar for almost everyone.
Have you ever had a deployment or maybe a security change that happened with no one noticing? Maybe you’re working with a team and someone accidentally deployed to the wrong collection. We all have busy schedules, it’s not easy stay on top of changes or deployments in Configuration Manager. Therefore, we need to take advantage of the built-in status system. This post will walk you through creating a status filter rule that sends an email whenever a security setting is created, modified, or deleted in ConfigMgr. Continue reading “Email Notification for Security Changes in ConfigMgr”
Now Micro, Inc, Named CRN® Triple Crown Award Winner
Fourth Annual Award Program Recognizes Standout Solution Providers
St Paul, MN, October 2, 2017 – Now Micro, Inc, today announced that CRN®, a brand of The Channel Company, has honored Now Micro, Inc with its esteemed 2017 Triple Crown Award. Forty North American solution providers had the necessary revenue, growth and technical expertise to be recognized on three of CRN’s pre-eminent solution provider lists, earning them the Triple Crown Award this year. Continue reading “Now Micro, Inc, Named CRN® Triple Crown Award Winner”
