Enterprise in the cloud

   Back in the days when we had SCCM, we could easily setup phased deployments. In a cloud native world these controls are missing, but  we can create phased deployments based (dynamic) groups.  In this blog post I will show you how to set it up and use it. Groups First of we need to create groups that contains the devices for each phase. You can of course fill those groups manually, but in larger environments Dynamic Groups will be a better option. We will use the first character of the DeviceId in our dynamic query to select the devices per group.  Keep in mind that the DeviceId is containing hexadecimal characters, so that means 16 options (0 till F) per character. How big you want to make the groups is up to you, but I have chosen for a group for each first character, so 16 groups. With 16 group you have around 6.25% of your devices per group. Of course this is a bit depending on the size of the environment, for 60K+ clients environment the distribution look...

  Why are we using Autopilot group tag? Do we need group tags?  Two valid questions which I will discuss in this blog post. So, why do we use group tags? The short answer, to add the device to the correct group! The long answer As we are in over 40 countries and might even have multiple entities in those countries, we have around 90 legal entities with their own local support teams, and so we need to be able to distinguish the devices per entity. Next, we have different device types for different use cases, we call them worker types. We currently have the standard device, engineering device, shared device, virtual device and kiosk device. User can have multiple devices which have different worker types. So, that is the second requirement. Other requirements are to separate laptops, desktops and virtual devices. And yes, we could use filters instead, but they were not available 4 years ago. And finally, the need to mark devices as pre-production and to be able to see which glob...

Recently I was asked again; “Why do you pre-provision devices?” I, or actually we, got that question several times last year. Also, in conversations with Microsoft this question pops up regularly. So, why do we pre-provision (aka. White Glove) devices? There are two main reasons to do this: Security Employee Experience And in addition, of course, the costs. Security Looking at security, by pre-provisioning devices we make sure we block things like Shift-F10, the Recovery Command prompt, etc. and to have the security policies applied before we hand the device over to the employee. Employee Experience Pre-provisioning devices will limit the time the employee needs to enroll the device to around 15 mins, with all applications installed on the device when the employee gets the desktop. As part of the pre-provisioning process, we make sure: The drivers and firmware are updated to the latest version before pre-provisioning. All core applications are installed as part of pre-provisioning....

My goal for this year is to share my experiences in moving the workplaces of our enterprise to the cloud with a broader audience. I will create a series of blogs on different topics this year. But let’s start with an introduction as this is my first blog ever. I am currently employed by ING, the largest Dutch Bank with around 60.000 employees and offices in over 40 countries worldwide. I have been working for ING for 8 years (of which 4 as external). Before I joined ING I was, this century, employed by Wortell, Siemens (Atos) and the Ceasar Group, as either Technical Specialist or (Technical) Project Manager. Mainly working on infrastructure and workplace projects. My career in IT started over 3 decades ago as an IT engineer at a small company building and selling personal computers, where I did everything from purchase to support. Back then I did beta testing of Microsoft DOS 4.01, but also installed Novell and Banyan Vines networks. In the years that followed I got certified as an IT...