I had a moment to catch up with a friend of mine, Adam, who is an IT director for a DC-based global trade association. Adam and I go way back — so far back that I was present when we turned off a small IBM mainframe in favor of a Novell LAN back in 1995. Those were the days.: that machine had 16 MB RAM and 7.5 GB of disk. My watch has more than that.
Adam has been working remotely for the past 18 months, and actually had to manage to move his office to a new location and plan for the eventual return to the new place.
He told me that “working in the office is so 2019, it is time to start thinking of the future and assume that many people won’t be in their offices full-time. Why do you have to use a domain controller and a VPN when you should be preparing for a virtual environment, whether or not you actually need one?” Good questions.
He used the pandemic as an opportunity to throw some gas on technology changes that he wanted to make happen. “Only instead of taking five years, we managed to do this in a little over a year. The pandemic was a great accelerant to adopting new cloud-based technologies.”
His core IT stack is Microsoft-based, including five critical technologies: Teams, Azure AD, Defender ATP, Intune and Autopilot.
Early on, the focus was on Teams Chat and Video Conferencing as well as migrating an old fashioned file server to Teams/SharePoint. Before the pandemic, Adam was begging staff to abandon audio-conferencing and switch to Teams for internal and external scheduled calls. Then in March 2020 the association had its first remote all-hands meeting via Teams. Over 50 staff joined the call and it went flawlessly. After that first call Teams adoption soared.
Adam then switched his focus to move the association’s endpoints to Azure Active Directory. In the future, Autopilot, for example, will make it easier to drop ship a new computer and have it onboarded without anyone from IT actually laying their hands on it. Think of it as touchless installation. “The potential is that we can deliver most of our apps without ever seeing the PC.” Remember when IT used disk imaging tools to set up new PCs? That has gone the way of those IBM mainframes.
“Before the pandemic, we did patch management of our endpoints based on the machine being in our office, where they could physically talk to the WSUS server. All of a sudden, that premise-based connection was severed. In the future, we hope to decommission our on-premises Domain Controllers and run all IT infrastructure in Azure AD. The only server left will be a NAS with 8TB of video, audio and photos. It is just too much to put into the cloud at this time.”
Migrating from Active Directory to Azure AD isn’t simple, and their MSP, DelCor, is helping with the back-end transition. Adam and his staff are touching each endpoint themselves. The goal is to make it easier to manage their endpoints, whether they are in an office or dispersed in the homes of staff worldwide. “Companies that still have their AD controllers in a closet someplace should put migrating to a cloud based directory system, whether Azure AD or some other flavor, on their roadmap.”
For an MFA security solution, his MSP insisted on using Duo’s MFA. “It made their jobs – and mine – much easier, and much more secure.”
As Adam’s team migrates users to Azure AD and Defender ATP, the IT Team is getting better visibility into the threat assessment of each endpoint. “IT directors are in a war, and we have to be continually improving our infrastructure and security footprint. Let’s face it, the most dangerous virus is the one you don’t know about that has been living on your network for months.”
Adam is using the paid Defender ATP license and replacing his Trend Micro AV installation, so he can get a single management screen to see which of his users’ PCs are in need of security updates. “Gone are the days of Windows 10 being stuck in the 2019 release.”
Adam is just a microcosm of the sea changes that IT is going through these days. Whether you are returning to your office or have adopted some hybrid solution, you might want to take a look at what you can to manage more remote workers.
Being one of the folks with hands-on experience with the Windows 11 early beta, and having perused all of the Windows 11 trust features, I have to ask what the effect of Windows 11 mandated trusted environment will be for Adam and other IT directors?
Going a little farther back, in 1991, I migrated a law firm of over 100 attorneys from a closed network for dedicated word processors for secretaries only to full networked PC-based with Windows and the Office Suite. All staff, including attorneys, had PC’s. We trained all the staff on PC’s and implemented in 6 months.
But one of the bigger changes was the accounting computer. It used to take over 12 hours to run billing every Friday night. The computer took up a small office. The new computer was not much bigger than a PC, but it running the accounting software. The first time we ran the week-end billing, it finished in 30 minutes.
An IT manager friend of mine says: We discussed Azure AD today in the context of business continuity and I learned we might want to keep some on premises domain controllers to act as an IDP when the cloud services is down. Apparently we would have to re-establish ADFS for that. I said to my team, “keep it in mind for 2022”.