Category Archives: microsoft

microsoft, software development, visual studio, windows

Visual Studio goes online, kind-of

Microsoft held its official launch for Visual Studio 2013 today, at an event in New York, although the product itself has been available since mid-October. VP Soma Somasegar nevertheless made some new announcements, in particular the availability in preview of an online Visual Studio editor, codenamed Monaco. “Developers will now be able to edit their sites directly from the web, from any modern browser, on any device,” said Somasegar on his blog.

Monaco is not intended as a replacement for the desktop IDE. Instead, it parallels what Microsoft has done with Office, which is to provide a cut-down online editor for occasional use. Monaco currently targets only web applications running on Azure, Microsoft’s public cloud platform. The technology is not altogether new, since it is built on the same base as “Napa”, the online editor for Office 365 applications.

image

At the launch, Monaco was demonstrated by Erich Gamma, of Design Patterns and Eclipse fame, who says he uses it for real work. He assured us that it is built on web standards and compatible with iOS and Android tablets as well as desktop browsers.

Online editing with Monaco is only one part of what Microsoft now calls Visual Studio Online. The product also includes a hosted version of Team Foundation Server, offering source code control, collaboration tools, and an online build service. These features were already available as part of Team Foundation Service, which is now replaced by Visual Studio Online. If you are happy with the cut-down Visual Studio Express, or already have Visual Studio, then subscription is free for teams of up to five users, with additional users costing $10 per user/month for an introductory period, and rising to $20 per user/month.

Microsoft is also offering Visual Studio Online Professional, which bundling desktop Visual Studio Professional with these online services, for teams of up to 10 users, at $22.50 per user/month rising to $45.00 per user/month. This follows the same model which Adobe adopted for its Creative Cloud, where you get cloud services bundle with tools that run on the desktop.

Pay even more and you can get Visual Studio Online Advanced, which oddly does not include the Professional IDE, but supports unlimited users and has additional reporting and collaboration features, for $30 rising to $60 per user/month.

When does the introductory offer expire? It’s until further notice – 30 days’ notice will be provided before it ends. Confusing.

Somasegar also announced the preview of a new online service called Application Insights. This service analyses and monitors data from .NET or Java applications running on Windows Server or Windows Azure, and .NET applications on Windows Phone 8, reporting on availability, performance and usage.

Another new service is Elastic Load Test (not to be confused with Amazon’s Elastic Compute Cloud), which simulates multiple concurrent users for testing the performance and behaviour of an application under stress. This requires the expensive Visual Studio Ultimate with MSDN subscription, and offers 15,000 virtual user minutes per month, with additional virtual user minutes at $.001 each.

Finally, he announced a partnership with Xamarin to enable development for iOS and Android in C# and Visual Studio, extending the existing Portable Class Libraries so that non-visual code can be shared across different Windows platforms as well as the new mobile target platforms.

I spoke to Xamarin’s Nat Friedman about this and wrote it up on the Register here.

Microsoft’s strategy here is to persuade existing Windows developers, familiar with C#, Visual Studio, and both desktop and ASP.NET applications, to stick with Microsoft’s platform as they migrate towards cloud and mobile. In this context, the heart of Microsoft’s platform is Windows Azure and Office 365, which is why the company can tolerate iOS or Android clients.

The company will also hope that a proliferation of apps which integrate and extend SharePoint online will help drive subscriptions to Office 365.

The latest Visual Studio includes a new Cloud Business App project type, which is an app that sits on Windows Azure and integrates with SharePoint in Office 365. Coding in Visual Studio and deploying to Azure, both for Cloud Business apps and ordinary web applications, is now an easy process, reducing friction for developers deploying to Azure.

More information on Visual Studio Online is here.

cloud computing, microsoft, windows

Users report SkyDrive issues: sync failures, Microsoft Account problems

1 Comment

SkyDrive, Microsoft’s cloud storage service, is critical to the company’s strategic direction for Windows. It is the means by which content and settings are kept in synch across different Windows machines; or more precisely, user accounts across different Windows machines.

Content in SkyDrive is accessible via any web browser, and there are clients for Windows and for various mobile devices. Office Web Apps are also built-in so you can create and edit documents in the cloud.

In principle it is an excellent service, but since the release of Windows 8.1 a few problems have emerged. Specifically:

Some users report problems synching. Check out this thread which begins with users of the 8.1 preview but continues through to the release. The main issue mentioned is that synchronisation simply fails for some users, but others report duplicate documents created with names like somedoc-mypc.xls and somedoc-mylaptop.xls, where “mypc” and “mylaptop” are the names of computers used with the service. Working out which document is the most current can be tricky.

I have encountered this myself, even on some occasions with a document created and edited solely on one machine. Somehow SkyDrive manages to think there is a conflict.

Another problems is unnecessary network traffic. Here is an example of some of these issues:

My brand new shiny Surface Pro 2 was set to have the documents available offline and everything else online only.  The sync has stalled just like everyone else reports in this thread.  I changed the folder to "online only" and the sync claimed to complete.  I then changed the folder back to "available offline" and it proceeded to redownload thousands of files, finally stalling again with a little more than 200 left.  The Metro app says that the files have completed yet they are still in the pending queue.

Many users express what seems to me a valid complaint, that Windows 8.1 gives you less information and control than was in Windows 8.0.

Some users dislike being tied to a Microsoft account. SkyDrive is a consumer service, and you can only use it with a Microsoft account (MSA) – a descendant of what was once called Passport. In Windows 8 and earlier, which had standalone SkyDrive clients, that was not too bad. You can sign into SkyDrive just as you would into Dropbox or any cloud service. In Windows 8.1 though, SkyDrive is baked into the operating system, which means that you have to sign in centrally to a Microsoft account.

There are several reasons users struggle with this, including privacy concerns, inconvenience if you have more than one SkyDrive account you want to use, and complications when you have a corporate login to a Windows domain as well as SkyDrive:

When I login with my domain account and connect my MSA to it, Skydrive still won’t sync, it keeps creating "Skydrive" folders in the user directory each time it tries to start. I can’t find anything in the logs to help.

If I instead login with the MSA account to the computer it will sync.

SkyDrive is a free service and Microsoft has good reason to encourage users to sign in with one of its accounts, which gives access to the Windows Store, Xbox Music and other services. I can see why users object, but also why Microsoft wants to encourage users to sign in.

It is harder to understand why the service does not work reliably. The impression I get is that this is more to do with the client, especially in Windows 8.1, than with the cloud service; but it is hard to be sure.

How extensive are the problems? Again, it is hard to get firm data. I find it works reasonably well for me, though I get the duplicate file problem as well as regular issues saving Office documents. The notorious Office Upload Center reports a problem and you have to re-open the document in Office and save to resolve it.

microsoft, security, windows

Ransomware like CryptoLocker is a game changer in the malware wars – and not in a good way

The rapid spread of CryptoLocker, an example of a malware category known as ransomware, is upping the stakes in the cyber security wars. I think it is a game changer.

Ransomware is malware that steals your data by encrypting it, and then demands a ransom to decrypt it. The latest breed of ransomware uses strong encryption, and the key to decrypt it is only held by the criminals. I have not heard of any successful decryption without paying the ransom.

Why a game changer? The first reason is that the consequences of infection are more severe than was the case with most previous attacks. Previously, your infected machine might send out spam and cause you problems by getting your genuine email blacklisted as well. Or you might have passwords to online accounts stolen, leading to fraudulent transactions where in most cases you can recover the cost from your bank. Or your machine might have to be be wiped and applications reinstalled, which can be expensive if you need professional help as well as inconvenient when you have many applications to reinstall.

Malware like CryptoLocker is different. If the infection succeeds in encrypting data for which you do not have a usable backup, it gives you a difficult decision. Pay up, thus financing the criminals and perhaps making yourself a more attractive future target, or do not pay, and suffer the loss of whatever value that data has to you or your business.

That value may well exceed the ransom amount, which suggests that the rational thing to do in these circumstances is to pay up. That is risky though, not only because of the long-term consequences but also because there is no guarantee that it will work, or that the cost will not escalate. You are dealing with criminals after all.

Some people are paying. For example:

We paid as our client did not have new enough backups of the files. It encrypted 90,000 files in 5 hours, silently and then announced itself.

For reference, we researched this for 15 hours straight before paying and it really was the last resort.

Since this type of attack is highly profitable, it seems likely that we will see increasing frequency and variety of attacks, until the industry figures out the best way to counter the threat.

The best defence, of course, is not to get infected. The second best defence is to have a reliable disconnected backup. In general, data on servers or in the cloud is more likely to be protected, because it is more likely to be backed up or have a file history so you can revert to an earlier version; but bear in mind that malware executes with the same rights as the user, so in principle if you have the rights to modify data then the malware does as well.

Synchronisation services, now popular with applications like Dropbox and SkyDrive, can work against you if your encrypted documents are dutifully encrypted across all your devices.

Here are my immediate questions:

  • What is the most effective way to prevent infection? We are confronted with the failure of anti-virus products to protect effectively against new and rapidly mutating threats.
  • How much safer is a Mac? How much safer is Linux?
  • How much safer is Windows RT (a lot)
  • How much safer is an iOS or Android tablet?
  • What action, if any, should system administrators take now to protect their users?
  • What will Microsoft do to protect its users?

It would not surprise me if this kind of threat drives the industry more towards locked-own operating systems, whether Windows RT, iOS or Android, to the extent that a full operating system like OS X or Windows x86 is only used by those who specifically require it.

For more information about CryptoLocker see for example:

Sophos: Destructive malware CryptoLocker on the loose

cloud computing, microsoft, windows

Microsoft proves resilience with bumper quarter, but is not yet a devices and services business

Microsoft delivered record revenue of $18.53 billion in the quarter ended September 30th 2013 – which might come as a surprise if you have been focusing on the companies failings in tablets and smartphones versus Apple and Android, the steep decline in PC sales, and its small market share in search versus Google, but less so if you have been watching the advance of products like Office 365, Windows Azure, SQL Server and Windows Server, all of which have been making good progress.

In its report, the company says the Windows OEM revenue declined 7% (reflecting PC malaise) but Surface revenue grew to $400 million. Search advertising revenue grew 47% reflecting some degree of success for Bing.

SQL Server “grew double digits”, as did “Lync, SharePoint and Exchange.”

Commercial cloud revenue grew 103%, though bear in mind that Microsoft is not telling us the absolute figures; you can easily grow fast if you start from a small number.

Microsoft has changed the way it segments its revenue, making it difficult to track, especially with large sums of money ($1.6 billion) reported as “Commercial Other”. Here is how the new segments look:

Quarter ending September 30th 2013 vs quarter ending September 30th 2012, $millions

Segment Revenue Change Profit Change
Devices and Consumer Licensing 4343 -335 3925 -178
Devices and Consumer Hardware 1485 +401 206 -242
Devices and Consumer Other 1635 +235 352 -10
Commercial Licensing 9594 +645 8801 +618
Commercial Other 1603 +355 275 +170

Now, how to make sense of this? The segment changes are detailed here (Word document). In summary:

Devices and Consumer Licensing: non-volume and non-subscription licensing of Windows, Office, Windows Phone, and “ related patent licensing; and certain other patent licensing revenue” – all those Android royalties?

Devices and Consumer Hardware: the Xbox 360, Xbox Live subscriptions, Surface, and Microsoft PC accessories.

Devices and Consumer Other: Resale, including Windows Store, Xbox Live transactions (other than subscriptions), Windows Phone Marketplace; search advertising; display advertising; Office 365 Home Premium subscriptions; Microsoft Studios (games), retail stores.

Commercial Licensing: server products, including Windows Server, Microsoft SQL Server, Visual Studio, System Center, and Windows Embedded; volume licensing of Windows, Office, Exchange, SharePoint, and Lync; Microsoft Dynamics business solutions, excluding Dynamics CRM Online; Skype.

Commercial Other: Enterprise Services, including support and consulting; Office 365 (excluding Office 365 Home Premium), other Microsoft Office online offerings, and Dynamics CRM Online; Windows Azure.

From this you can see that despite 103% growth, Azure and Office 365 remain relatively small, many times exceeded by the on-premise software licensing which is mainly in “Commercial Licensing”. However Microsoft is reporting a contribution to profits from this segment, though with smaller margins than from software licensing.

Simple addition also tells us that consumer revenue ($7,463 million) is less than business revenue ($11,197 million).

Overall it is obvious that Microsoft is not yet a “devices and services” company even if it has set that as its goal. Most of its revenue comes from traditional software licensing. Can it ever make that transition without shrinking in the process? A good question, and despite excellent figures, one that will ensure Microsoft’s future remains the subject of intense debate.

microsoft, windows

Upgrading Hyper-V Server 2012 to 2012 R2: minor hassles

I have a couple of servers running Hyper-V Server, the free version of Microsoft’s hypervisor.

Hyper-V Server R2 is now available with some nice improvements. I tried an in-place upgrade. You do this by running setup from within a running instance of the server. This did not work when going from 2008 to 2012, but I am glad to report that it does work for 2012 to 2012 R2:

image

You will need to make sure that all the VMs are shut down before you run the upgrade. Otherwise you get a message and the upgrade fails:

image

In my case the upgrade was smooth and not too lengthy. However I was warned that because I use a pass-through drive in one VM, that this might cause a problem. It did, and the VM failed to start after the upgrade:

image

The fix was trivial: remove the pass-through drive and then add it back. After that the VM started.

Then I hit another problem. Although my VMs had started, they had no network connectivity, even after I upgraded the integration components. These VMs run Server 2008 R2, in case that makes a difference (I doubt it). The virtual switch still showed in Hyper-V settings but no traffic passed through to the VMs.

I tried two solutions. Removing the NIC from the VM and re-adding it made no difference (and this is also a poor solution since you then have to reconfigure the NIC in the VM). However deleting the virtual switch and replacing it with a new one of the same name and configuration was successful. The virtual NICs then have to be reconnected to the new virtual switch, but this is painless.

The UI for the new version looks exactly the same as before. However the Windows version number has changed from 6.2.9200 to 6.3.9600, so you can verify that the OS really was upgraded:

image

Is it better to avoid in-place upgrades? A clean upgrade is safer, if you do not mind exporting and re-importing the VMs, or moving them all to another host, before the upgrade. On the other hand, with the upgrade cycle now faster than before, in-place upgrade makes sense as a way of keeping pace with little pain.

development, microsoft, professional, visual studio, windows

Visual Studio 2013 is released. What’s new?

Microsoft released Visual Studio 2013 yesterday:

VS 2013 can be installed side by side with previous versions of Visual Studio or, if you have a VS 2013 pre-release, it can be installed straight over  top of the pre-release.

I installed over the top of the pre-release and I’m happy to say that this worked without incident. This is how it should be.

image

Oddly, the launch of Visual Studio 2013 is not until November 13th, proving that in Microsoft’s world products can “launch” before, at or after general release.

So what’s new in Visual Studio 2013? Tracking Visual Studio is difficult, because many important features show up as updates and add-ons. After all, at heart Visual Studio is just a shell or platform in which development sit. The Visual Studio LightSwitch HTML client, for example, which made LightSwitch into a strong tool for rapid application development of mobile web apps, appeared as part of Visual Studio 2012 Update 2. Now in Visual Studio 2013 we have LightSwitch support for Cloud Business Apps, though the new project type is shown under Office/SharePoint rather than under LightSwitch:

image

A Cloud Business App is an add-on for SharePoint typically running on Office 365. In the new model SharePoint apps do not really run on SharePoint, but are web apps that integrate with SharePoint. This is great in an Office 365 context, since you can write a web app that is accessible through the Office 365 site and which is aware of the logged-on user; in other words, it uses Azure Active Directory automatically. There’s more on the subject here.

What else is new? Here are some highlights:

  • Better ISO C/C++ compliance in Visual C++
  • Upgraded F# with language tweaks and improved performance
  • .NET Framework 4.5.1 with minor enhancements
  • Support for new Windows 8.1 controls and APIs in Windows Store apps – these are extensive.
  • “Just my code” debugging for C++ and JavaScript, and Edit and Continue for 64-bit .NET apps
  • Graphics diagnostics for apps running remotely
  • Sign into Visual Studio with a Microsoft account. Microsoft pulls developers further into its cloud platform.
  • Windows Azure Mobile Services – build a back end for an app running on Windows, Windows Phone, iOS, Android or web

Does that amount to much? Compared to the changes between Visual Studio 2010 and 2012, no. That is a good thing, since what we have is a refinement of what was already a capable tool, rather than something which gives developers a headache learning new ways to work.

microsoft, professional

Windows 8.1: now good enough that it is ready for general use

1 Comment

Windows 8.1 is now released and you can upgrade for free from Windows 8.0.

image

What is significant about Windows 8.1? This is something I have thought long and hard about. The problem with reviewing Windows 8/8.1 is all to do with its dual personality. You can review the details of the tablet or Metro or Windows Store side, but while these are interesting in their own way, the fact is that most users are in the desktop most of the time, so how much does it matter? Alternatively, you can review the desktop experience but frankly it’s hardly any different in Windows 8.1 than in Windows 8, and not that different in Windows 8 than in Windows 7 if you overcome the hump of “hey, where is my Start menu?”

image

Let’s divide this then into two strands. One is the progress of Windows towards being a tablet OS, a Bring Your Own Device, a cloud-centric operating system, secure, apps installed from a curated store or corporate portal. This is the future Microsoft has in mind, and there is some progress. You can see this in refinements to the new UI, the Start menu/screen becoming more like Windows Phone where you pin your favourites to the main part and find the rest in an “all apps” view, and new business-oriented management features which work in concert with Server 2012 R2 and System Center R2, including Workplace Join, Work Folders, InTune device management, Information Rights Management, and the ability to set up a company portal.

Windows 8.1, together with the server updates, adds a lot in this area; and while in my opinion it is not yet fully baked, you can see the pieces coming together and I think it will get there.

The second strand though is about the general user? This is where all the noise is. Microsoft managed to alienate a large part of its core user base with Windows 8.0, accelerating (ironically) the decline of PC sales (though they would have declined to some degree anyway).

I cannot in honesty say that Windows 8.1 is usable for, say, a desktop keyboard and mouse user where Windows 8.0 is not, because even Windows 8.0 works fine with keyboard and mouse if you take the trouble to learn how to use it (and it is not that much trouble).

I can say though that Windows 8.1 does much more to help users over that hump. The restored Start button is the thing that represents that shift, returned by user demand, even if it is not the Start menu of old. I use it all the time, though mostly with right-click for quick access to the admin menu and shutdown option.

Things like the new Help and Tips app also make life better for new users.

My view is that Windows 8.1 is easy enough for Windows 7 users that you could reasonably upgrade one of those “just let me get on with my work (or play)” users without too much stress. This was not the case with Windows 8.0.

I think those users should upgrade too, where possible. Windows 8 and 8.1 are real upgrades, even for desktop users. Things I would miss if I had to go back to 7 include faster boot, improved file copy dialog, improved task manager, and slightly better performance overall.

The two strands begin to come together if you go out and get a tablet. Even if you use the desktop most of the time, with keyboard and touch control or mouse, you find yourself dipping into the Modern UI some of the time, for web browsing or mail or Twitter at the times when you are using your tablet as a tablet and a keyboard would get in the way.

It is worth mentioning that most of the new wave of Windows 8 tablets are not hybrids with twist keyboards. Some are conventional laptops or ultrabooks of course, but there are also tablets with removable or optional keyboards, a better approach that lets you use Windows 8.1 as designed.

Does that make Windows 8.1 a huge success for Microsoft? It’s doubtful. I took a light-hearted look at attitudes to Windows 8 here and it was a way of explaining that for a lot of users Windows 8 just is not on their wish-list, no matter how good it may be.

The best outcome now is that Windows 8.1 starts to gain traction in business and among consumers, driving a stronger app ecosystem, and gradually greater use of the tablet side. Then the point comes where Windows and Windows Phone merge to the point where there is a single development platform, and the third ecosystem that former Nokia CEO Stephen Elop used to talk about becomes a reality.

I can see this happening, particularly in business where Office 365 is taking off, presuming Microsoft manages to makes Windows devices the best partners for its cloud services while still supporting others.

On the other hand, the idea that a resurgent Windows will beat off iPads and Androids and become a mainstream tablet for consumers is fanciful. Microsoft is too late, the usability still is not there, the app ecosystem is too far behind, and prices versus Android are too high.

All speculation; but if you are a Windows user, you should not hesitate to upgrade to Windows 8.1.

microsoft, windows

Usability: Microsoft’s big weakness

4 Comments

The iPhone, or maybe the iPod, was the beginning of the era of usability. Make something nice to use, reasoned Apple, and users will come flocking.

After the iPhone came the iPad; and then Android which while lacking the polish of iOS, mostly has the same characteristics of appliance rather than computer in its user interface.

What about Microsoft? It has learned to some extent. Windows Phone is a user-friendly operating system. The touch interface in Windows 8, although a shock to existing Windows users, shows obvious effort towards usability and sometimes succeeds. Navigating the weather app, for example, is a pleasure.

There are times though when Microsoft seems to have learned nothing. Take the new SkyDrive integration in Windows 8.1 for example. It is foundational in Microsoft’s effort to wrest Windows into being a cloud-centric operating system, where you could lose your device, buy a new one, log in, and find all your stuff. I’ve posted about its progress here.

But then you are on a train, say, with a poor internet connection, and you double-click a file in SkyDrive that has not been downloaded to your PC. This is the dialog you see (at least, it is the one I just saw):

image

There is so much wrong with this dialog that I don’t know where to start. But I will have a go.

First, I doubt the error is really unexpected. If my internet connection is poor, problems downloading stuff from SkyDrive are expected, not unexpected. You would think that the client could figure out, “It looks like I have a poor connection to SkyDrive” and inform the user accordingly.

Second, the error number. The dialog invites me to search for help using this number; however to do so I would have to copy it manually as it is unselectable. The number of course is in hexadecimal, so there is a high chance of copying an O instead of a zero as the difference is not obvious other than to programmers. Nor is it clear where I should search. Should I bang the number into Bing and hope for the best? Such searches can be fruitful, but they can also go badly wrong when you hit sites that tell you to download their utility to clean your registry, or some such nonsense.

Third, there is space for a human-understandable description of the error, but it is says “No error description available”. Lazy programming somewhere. Maybe in a code base the size of Windows it is too much to expect helpful messages for every error but this is not something users should normally see.

Fourth, there are three choices: Try Again, Skip and Cancel. Bearing in mind that I double-clicked only one document, what is the difference between Skip and Cancel?

Fifth, there is a More details button but it is disabled. Why, if no more details are available, does this More details button appear at all? Though I’d suggest that Error 0x80040A41 is a great candidate for “More details” rather than being something non-technical users are expected to make sense of.

What should happen? First, SkyDrive and/or its client should work better. This is a critical feature; but users are complaining (yes, I found this by searching for the error code) and it seems that problems persist in Windows 8.1 RTM. Microsoft has been working on file sync for decades, yet upstarts like Dropbox work more smoothly.

Second, when bad things happen, I am all in favour of plain English. I don’t see any reason ever to confront users with error numbers in hex. Put it in a technical details option by all means. In this particular case, why not something like, “Windows is having problems downloading from SkyDrive. You may have a poor internet connection; please try again later, and if the problem persists, contact support.”

Getting this right is not easy; but for as long as ordinary users see this kind of dialog in day to day use of Windows, the flight to iPad and Android will continue.

Update: the error fixed itself when I found a better connection

microsoft

Getting up and running with Workplace Join

A key part of Microsoft’s strategy for supporting tablets and smartphones in the enterprise is Workplace Join, which lets devices register with Active Directory:

When you join your personal device to your workplace, it becomes a known device and will provide seamless second factor authentication and single-sign-on to workplace resources and applications. When a device is Workplace-Joined, attributes of the device can be retrieved from the directory to drive conditional access for the purposes of authorizing issuance of security tokens for applications.

Devices currently supported are Windows 8.1 (RT or x86) and Apple iOS, with Android in preparation. It is a kind of lite version of domain join, enabling single sign-on but not group policy (centralised control of device settings). In order to control device settings, you can use ActiveSync (limited but includes password requirements and remote wipe) or device management through the cloud-based InTune.

I set myself the task of implementing Workplace Join on my test network, mainly using the guide here. It was somewhat arduous. Here are a few points to note.

Workplace Join is also called Device Registration and is a feature of Active Directory in Windows Server 2012 R2. It depends on Active Directory Federation Services (ADFS).

I wasted some time juggling with certificates and Service Principal Names (SPNs). On my test network I have Active Directory, Certificate Server and ADFS on the same virtual machine, which is not recommended. Here are some things to note.

You need a Server Authentication certificate which includes a Subject Name and two Subject Alternative Names, one of which is enterpriseregistration.yourdomain.com In order to get this out of Certificate Server I ended up copying and modifying a template to allow this additional data to be entered when the certificate is requested. I did not need to purchase any certificates; it all works as long as the Enterprise CA (Certification Authority) certificate is trusted by the device.

IIS will need this certificate as the default web site must accept secure connections to enterpriseregistration.yourdomain.com.

I got into difficulty when configuring ADFS. Initially I used the same name for the Federation Service Name as the computer name. This in turn caused a conflict with the registration of an SPN for the ADFS service account, probably because I have too much installed on one box. SPNs are used by Kerberos for secure communications and each SPN must be unique. The solution was to remove ADFS and re-install, using a different Federation Service Name. Then I modified DNS so that all three names – computer name, Federation Service Name, and enterpriseregistration – resolve to the same box.

I have not published my ADFS to the internet so mine is only an intranet solution for now.

Once all this was resolved I was able to run the PowerShell scripts to enable the Device Registration Service, and to check Enable device authentication in ADFS:

image

Of course my first efforts at actually using Workplace Join on a device (I used Surface RT and Surface Pro) failed with a generic error.

image

Confirm you are using the correct sign-in info, and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.

The first thing to check is that your device can access the device registration service over HTTPs. Open a browser and go to this URL:

https://enterpriseregistration.[yourdomain.com]/EnrollmentServer/Contract?api-version=1.0

If this does not resolve, or returns a certificate error, you need to fix this before registration will work. Possible reasons:

  • Your device does not trust the certificate
  • IIS has the wrong certificate
  • A necessary service is not running on the server (check ADFS and the Device Registration Service as well as IIS)
  • The device cannot access the Certificate Revocation List for your domain

There is also an event log for workplace join, buried in the Applications and Services section, even on Windows RT.

Once fixed, I was successful and saw my devices show up in Active Directory under Registered Devices.

image

microsoft, mobile, windows

Windows 8.1 and cloud-centric computing

If your iPad breaks or gets stolen, it’s bad but not that bad. The chances are that there is no data on the iPad that is not copied elsewhere, especially if you let Apple’s iCloud do its default thing and copy everything you create. Get a new iPad, sign in, and you can carry on where you left off; the apps are there, the data is there too, even if you do not actually have a backup of the device itself.

Google’s Chromebook goes even further in this direction. When you sign into the device you sign into Google and all your data is there.

This kind of freedom from worry about losing apps or data stored on the device seems to be Microsoft’s goal with Windows as well, though it is more difficult because historically applications have complex local installs, sometimes protected by activation tied to the PC itself, and data is stored locally in your user folders – Documents, Pictures, Music and so on – or in some cases elsewhere, depending on how well behaved the application is. In order to defend against data loss if the PC is lost or damaged, you have to keep regular backups, or make a conscious effort not to store data locally.

Windows 8.1 includes a significant change. It is optional, but the default is that documents save to SkyDrive (note that the name will change soon) by default.

image

This is in addition to synchronisation of settings, passwords and application data. Again, SkyDrive is where this data gets stored. You can see and control what is synchronised in Charms – PC Settings – SkyDrive -  Sync Settings:

image

The list is extensive and includes web browser favourites (provided you use Internet Explorer) and “settings and purchases” within apps. Note that apps in this context means new-style Windows Store apps, not desktop applications. Separately, there is a Camera Roll setting that syncs images and optionally videos from the Camera Roll folder in your  Pictures folder.

How close then is Window 8.1 to a cloud-centric experience, where you could thrown your machine in the bin, buy another one, sign in and carry on where you left off?

It is getting there, but in practice there are plenty of snags and oddities. The big one is desktop apps, of course, which do not participate in this synchronisation other than via SkyDrive if you save documents there. You will have to reinstall the applications as well as reconfigure them. That said, certain desktop applications now have a subscription model. Two big examples are Microsoft Office, if you buy via an Office 365 subscription, and Adobe’s Creative Cloud which includes Photoshop, Dreamweaver, Audition and so on. Using cloud-aware applications such as these helps, but it is not seamless. For example, in Office 2013 I have to reconfigure the Quick Access Toolbar and copy my custom templates manually to a new machine.

New-style apps do roam to a new machine and you can now use them on up to 81 different machines, which should be enough for anyone. Note though that your apps, which are listed when you sign into a new machine with a Microsoft account , are not actually installed until you run them for the first time. Not a problem is you are on the internet, but worth knowing before you catch that flight. In the following example, only two of the apps are actually installed:

image

Microsoft takes a similar approach with SkyDrive documents. The feature called SkyDrive “smart files”, described here, means that documents are by default only available online. I can see this catching people out, especially with pictures, for which a thumbnail shows even when the actual picture has not yet been downloaded. Here are some pictures I took at Microsoft Build in June; they are on SkyDrive but although they look as if they are on my PC a message in the status bar says “Available online only.”

image

A nice feature in terms of seamlessly connecting to cloud storage without filling your local hard drive (or often, small SSD drive), provided you understand it. Of course, you can mark a file or folder to be available offline if you choose, in which case it is downloaded.

Some things are confusing. If you have a domain-joined machine then passwords do not sync, which makes sense for security, but also raises the question of what all this consumer SkyDrive stuff is doing on a domain-joined machine anyway? Of course there are other ways of doing something similar in domain environments:

  • Settings determined by Group Policy
  • Default document location set to corporate shared folder
  • Roaming profiles

The odd thing though is that you can link a Microsoft account (SkyDrive, App Store account) to a domain account and you then end up with a mixture of consumer and corporate features which work in different ways. It would be tempting simply to block the use of Microsoft accounts completely – which you can do with group policy – especially if you are concerned about sensitive corporate documents arriving on consumer cloud services and mobile devices through the magic of sync.

It is also confusing that Office 365 users cannot use SharePoint in Office 365 to sync settings.

I also feel that the user interface in Windows 8.1 needs some work in this area. Here are some things I find odd:

Applications like Paint and Notepad use a principle of “default to where you last saved.” This means that even if you set SkyDrive as the default document location, if you save once to the documents or pictures folder on the PC, it will default to that local destination next time you use it.

Since both SkyDrive and the local PC have a folder called Documents, it would be easy not to notice.

Office 2013 is even more confusing. I have Office 365, so when I hit save in Word I get offered Office 365 SharePoint, SkyDrive, “Other web locations” which includes an on-premise SharePoint, and Computer. Oddly, if I hit Computer, the default location is SkyDrive:

image 

Much of this confusion is a legacy problem as Microsoft attempts to transition Windows to become a cloud-centric OS, but it could be better done. I would suggest clear naming to help users know whether a save location is local or cloud. Most of all, I would like to see consistency between consumer and corporate deployments so that a domain-joined PC can have the same options that work in the same way, except that data is stored to a corporate location.