A synopsis of my first Microsoft (MVP) Summit

Last week I attended my first Microsoft Most Valuable Professional (MVP) Summit. Compared to a lot of the conferences I’ve been to over the years this was tiny with just over 2000 attendees. The difference however is that every attendee is an expert in their field (associated with at least one Microsoft technology) and they come from over 80 countries. It is the most diverse mix of attendees for the number of participants.

The event is also not the typical tech type conference that provides you details on current trends, public road maps and guidance on how to implement or migrate technology. Instead it is a look behind the development curtain and almost full transparent dialogue with the product and engineering teams determining and building the future for each technology stream. It also isn’t held at a sterile function center. It’s held on site at Microsoft’s headquarters in Redmond, Washington. Everywhere you look you can find nuggets of Microsoft’s history. Nightly activities are predominantly centered around Bellevue (a short distance from Redmond).

Hotmail500px

My MVP is associated with Identity & Access. Internally at Microsoft they refer to the small number of us in that category an Identity MVP’s. I spent the week in deep technical sessions around Identity and Access Management getting insights for the short, medium and longer term plans for all things Identity & Access Management related and conversing with my peers. I can’t say more than that, as privilege for that level of insight is only possible through a strict and enforced NDA (Non Disclosure Agreement) between each MVP and Microsoft.

IMG_E6455-Small

I thoroughly enjoyed my first MVP Summit. I reconnected with a number of old colleagues and acquaintances and made a bunch of new connections both within Microsoft and the Identity MVP community. It has prepared me with vision of what’s coming that will be directly applicable to many of the longer term projects I’m currently designing. It definitely filled in the detail between the lines associated with recent Microsoft announcements in the Identity and Access Management space.

Want to become an MVP? Looking to know what it takes to be awarded with MVP status? Want a full rundown on the benefits? Checkout this three-part blog post starting here by Alan about the MVP program.

New Laptop time. What do I need and what did I buy?

I joined the IT Industry as a full-time career in January 1992. It’s now January 2018 and in June ’17 last year I bought my very first laptop. WTF? 26 years and you’ve never bought a laptop? Yep. For all of my career I’ve worked for IT integrators and have been supplied with the core equipment required to perform my role. Which obviously includes a laptop. I’ve had a myriad of them and have even performed the evaluation of them to recommend what to purchase for technical staff. From memory I’ve used for extended periods laptops for vendors such as Compaq, AST, HP, IBM ThinkPad, Dell, Microsoft (Surface RT/Pro), and Lenovo ThinkPads.

So when it came time to purchase my own and now that I and a lot of us are in the BYOD (Bring Your Own Desktop) cycle, and we’re in a highly IaaS/SaaS/PaaS world what do you buy? How do you work these days and what do you need from your daily interface into the world of an IT/Identity Professional? Here is the process I went through when evaluating my purchase last year.

What don’t I do anymore?

  • I don’t run virtual machines anymore on my laptop. I used to do that a lot, either for customer pre-sale demo’s or for development of solutions.
  • I don’t have all my documents located on my laptop anymore. They are in a cloud service and I can access them quickly when required which is pretty irregular. Everything I require regularly is sync’d.

What do I do?

  • I use the Microsoft Office 365 Suite along with Visio and Project. Between those and a browser, that is my regularly day.
  • For development I primarily have virtual machines in Azure with the environment(s) required. These replaced running VM’s on my laptop.

What did I want?

In essence what I considered mandatory were;

  1. Life of the unit needs to be 3yrs. 3yrs of fully functioning everyday use. Not 2 yrs. and limping along for the 3rd
    • This feed into decision points for Processor and RAM requirements. Keep in mind a number of laptops will have to remain the spec that you purchase them at. That is you cannot increase the amount of RAM, replace the battery, hard disk etc. Think you’ll need/require 16Gb of RAM, then you need to buy it with that now.
  2. The laptop and power supply must be slimline and light being that it gets lugged around everywhere and often counted against me for weight on carry-on airlines in Australia and New Zealand. As a sidenote I also wanted to downsize my daily work bag.
    • This feed into decision points for screen size laptop type. Convertibles, 2-in-1 etc.
  3. Budget
    1. Having not purchased a laptop recently (or ever) I didn’t really have a grasp on what you got for your $$$. Ideally I love to only spend $2000 and I figured I should be able to get something better than what I had that was reaching end of life.
      • I had been using a Lenovo X1 Carbon for the last 3yrs. It had an i5 Proc, 8Gb RAM, 160Gb HDD, touch screen and finger scanner. Ideally I just wanted to double all of that with its successor.
  4. Optional/Nice to have
    • Stylus, pencil pointing drawing thing. Not sure I’ll use it, but would consider it
    • 4/5G SIM port. As a consultant I’m always mobile. Having the SIM in the device would be great rather than having another unit in the bag each day as a mobile access point

What did I find?

I found out pretty quick, that when you hit the latest i7 Processor, 16Gb of RAM and 512Gb of HDD spec machines you are instantly in the AU$2500-AU$3000 territory.

Looking around at what I got for that and from manufacturers I’d had positive experiences with left me with a pretty short list:

  1. Lenovo X1 Carbon Gen5
    • This unit was available and had most of what I had on my list. The gap though was it wasn’t touch screen.
  2. Dell XPS
    • I’ve had positive and negative experiences with Dell over the years. A number of my colleagues are using the Dell XPS series of machines with varying degrees of reliability.
  3. Lenovo Yoga 910
    • A hybrid of tablet and laptop. I’m skeptical about the hinge, but research showed it had been around for some time and few colleagues had them. One colleague had recently had a hot beverage incident with this former laptop and had replaced it with a Yoga 910 and was loving it

910-Feature-Image-2.png

What did I get?

I purchased the Lenovo Yoga 910. I managed to get a deal on it in Platinum (silver over black) with the latest i7 Proc, 16Gb RAM and 1Tb of SSD. It had touch screen, finger scanner and with a deal and coupon actually hit my original thought estimates on pricing.

Did I get what I wanted/needed? Happy?

I wrote all the above when I originally made my purchase decision in June last year. Six months on, what are my thoughts?

This is a solid workhorse. It is light and is a great form factor. The finger scanner is quick and accurate, much more than the one from the X1 Carbon. It is fast and quiet. The 4k screen is fantastic. The coating on the screen leaves less of my finger prints on it too. Whilst I don’t regularly flip it over into tablet mode, I do when I’m commuting and not on crowded transport.

If there is one fault that I’d have to point out, it’s the battery life. I was dubious about the claimed battery life of 9+ hours and maybe I didn’t pay too close attention to the conditions under which that’d be realised. Essentially I’m getting around 4-5 hours battery life with normal use. That is still better than my old Lenovo X1 Carbon. I do see 9+ hours estimated, but that’s when all I’m doing is typing and it’s in flight mode. That’s not normal operation for me.

Another important item to keep in mind, is that the unit has two USB-C ports (one which you will normally have the power pack plugged into), and one USB 3.0 port. This means you need to think about the devices you normally plug into your laptop. External mouse (non-Bluetooth or wired), keyboard, docking station, monitor(s) etc. I use a Bluetooth headset and mouse, but often present at customers sites via VGA or HDMI. You have to buy USB-C to VGA/HDMI dongles to be able to continue to do that.

All in all, I’m very happy with it. I’d happily recommend the Yoga 910.

Checking and patching your Microsoft Windows computer for Meltdown and Spectre

Overview

A Google team named Project Zero in mid 2017 identified vulnerabilities with many Intel, AMD and ARM CPU’s that allow speculative pre-processing of code to be abused. Speculative pre-processing aids performance which is why it exists. However when used maliciously it would allow an attacker to use JavaScript in a webpage to access memory that could contain information present in a users environment such as key strokes, passwords and personal sensitive information.

A very good overview on the how (and a little of the why) is summarised in a series of tweets by Graham Sutherland here.

Mitigation/Patching

In the January Security updates Microsoft have provided updates to protect its operating systems (Windows 7 SP1 and later). More on this below. They have also provided a PowerShell Module to inspect and report on the status of a Windows operating system.

What you are going to need to do is patch your Windows Operating System and update your computers firmware (BIOS).

Using an Administrative PowerShell session on a Windows workstation with Windows Management Framework 5.x installed the following three lines will download and install the PowerShell module, import it and execute it to report on the status.

Install-Module SpeculationControl
Import-Module SpeculationControl
Get-SpeculationControlSettings

The output below shows that the operating system does not contain the updates for the vulnerability.

PowerShell Check.PNG

Obtaining the Windows Security Updates

Microsoft included updates for its operating systems (Windows 7 SP1 and newer) on January 3 2018 in the January update as shown below.  They can be obtained from the Microsoft Security Portal here. Search for CVE-2017-5715 to get the details.

Patch1.PNG

Go to the Microsoft Update Catalog to obtain the update individually.

The quickest and easiest though is to press your Windows Key, select the Gear (settings) icon, Update & Security, Windows Update.

Update & Security.PNG

Check status, install the updates, and restart your Windows computer.

Windows Update.PNG

Speculation Control Status

After installing the updates and restarting the computer we can run the check again. It now shows we are partially protected. Protected for Meltdown but partially protected for Spectre. A BIOS update is required to complete the mitigation for Spectre.

Rerun Powershell Check.PNG

For me I obtained the latest BIOS for my laptop from the manufacturers support website. If you are also on a Lenovo Yoga 910 that is here. However for me the latest Lenovo firmware doesn’t include updates for this vulnerability. And my particular model of laptop isn’t listed as being affected. I’ll keep checking to see if that changes.

Summary

In Microsoft environments your patching strategy will get you most of the way with the Microsoft January Security updates. BIOS updates to your fleet will take additional planning and effort to complete.