Covid-19 and Security Theatre

I was walking through the casino at Binion’s on Fremont Street, Las Vegas last weekend, and I couldn’t help think about an old friend.

Dana Epp, one of the smartest people I know, and an IT security expert, introduced me to the term Security Theatre. I don’t remember how many years ago that was, but every time I see it, I think of him.

We are trying to prevent the continuing spread of the virus that has been more devastating to the global economy than anything I can point to in the past century. The fact that Las Vegas opened when it did is pretty amazing… it probably jumped the gun, and as we are seeing a tremendous spike in cases in states that have opened, Las Vegas will likely contribute to that… not in Nevada itself, as the vast majority of people walking around Las Vegas are from somewhere else.

There are plenty of measures in place around Vegas that are meant to control the spread of the virus… or at least give us the appearance of controlling the spread. All of the casino games are limited – three at a blackjack table instead of six, for example. All of the buffers are closed, which frankly was beneficial to me in more ways than the spread of the virus.

Sign in the casino at Binion’s

As a cigar smoker, I appreciate that they are giving me the opportunity to smoke my cigar at the tables and slot machines. As a logical person with a basic understanding of high school science, this absolutely baffles me. Have you ever walked through an area where people are smoking and smelled the smoke? Well if you can smell their smoke, you can catch their virus.

I remember joking back in March – before the pandemic, when the world was just becoming aware – that cigar smoking kills the virus. It was said as a joke, and I did not then (nor do I now) believe there is any scientific truth to the statement. I said it to a few people, and always laughed when I did. It was not until I was with someone in Havana that I realized that people will believe anything… as long as it fits their narrative.

Sitting at the hotel Nacional with some friends, one asked me for a cigar. ‘But you don’t smoke cigars??’ His reply astounded me. ‘No, but there are a lot of people here, and I don’t want to catch the virus.’ I nearly fell off my chair.

There are many basic principles to not catching (or transmitting) the virus. They are the same principles for not submitting the flu or the common cold. Wash your hands (with soap and warm water). Don’t shake hands. Do not breathe on people or breathe in their breath. The best ways? Stay home… and when you cannot stay home, wear a mask. If you want to learn more; listen to scientists, not politicians, IT professionals, or cigar sommeliers.

…And do you remember that point to wear a mask when you cannot stay home? Look up, it was near the end of the last paragraph. Yeah, right there. Wearing a mask does not mean part-time. When you are in public, wear your mask ALWAYS. You may need to drink… I get it, necessities of life and all that rot, especially in the desert where it is 117 degrees outside. However, smoking is NOT a necessity of life. Do not pull your mask down to smoke, no matter how good your cigar is. If you are outside it is one thing (although truly still not recommended). In a casino where there isn’t a window anywhere to be found, you are sharing every breath with everyone else in there… and the fact that some of the hotels and casinos take your temperatures when you walk in means nothing… asymptotic carriers will not have a fever.

Las Vegas is open, but the measures in place to prevent the spread of the virus are a joke. What do they care? All of the locals know to wear their masks religiously, and all of the gamblers are going home after the weekend to spread the virus in their own state.

I smoked cigars in Vegas; I smoked with my buddy Kelly on his patio, and I smoked walking outside. As for the casinos… I played, but I kept my mask on, thank you very much.

I may have lost some money, but I am still virus-free.

Office Client Connections: Are you covered?

office-365-logo-100047935-largeWhen Microsoft introduced Office 365, subscribers stopped worrying about new versions.  As long as you were a subscriber, your monthly updates would deliver the newest versions of the client applications, and not just monthly patches.  It certainly made life simpler.  Still a lot of people prefer to purchase software, and not subscribe to it.  That is perfectly valid, and Microsoft continues to offer that option.

Where it gets a bit tricky is when customers who purchase the software do so once, and then ride that purchased application suite forever.  Microsoft will, at a certain point, stop supporting older versions.  While there are some critics who would say this is a money grab – just a cheap way of getting people to buy the software again, I definitely disagree with that. 

There is a tipping point in the lifecycle of a piece of software when it becomes more expensive to support than it is worth.  In the 1960s and 1970s, IBM guaranteed that they would support their mainframe computers for seven years.  Those were multi-million dollar systems that  companies were investing in, not a $500 piece of software.  When an application is new – especially an application like Microsoft Office, with over one billion users worldwide – the company has to support it.  They look for vulnerabilities, they create patches, they fix bugs.  They continue to do this for the lifecycle of the application.  For Microsoft Windows the lifecycle is much longer than the application, which is often only 3-4 years.  They include these costs when establishing the price of the suite.

When the vast majority of customers have upgraded to a newer version, it would still cost a lot of money to continue to support older technology… and fewer people will benefit from it.  If the company has promised to provide support for a certain number of years, then despite the fewer customers benefiting, they will still do it.

microsoft365-enterprise-adminstrator-expert-600x600The End of Life date for Microsoft Office 2013 was February, 2017.  There are still plenty of users out there using the older suite, and why not?  It still does everything they needed it to do, right?  They may not have all of the bells and whistles offered in Microsoft Office 2019, but they figure that good enough is always good enough.  Those who understand these things will also have weighed the importance of security patches, and they made the decision (conscious or otherwise) to trust that the majority of security flaws will have been found and patched in the four years of lifecycle.

Now here’s where it might get tricky for some… most of the applications in the Microsoft Office suite can easily live in a bubble.  While I love that Microsoft Office Word and Excel now allow me to open, edit, and save documents directly to my OneDrive for Business, a lot of people still store their documents and spreadsheets on their local hard drives, so the external access features do not appeal to them.  However, a tool like Microsoft Office Outlook is meant to work with external servers.  It’s entire raison d’être is to retrieve information from and send information to external servers.  Even though the Outlook client has not been supported in nearly 3.5 years, it is still able to communicate with the online servers.  Why?  Because Microsoft has a different lifecycle policy for servers than it does for applications.

Microsoft is a very large organization, and it does not turn on a dime.  Likewise, it does not expect its clients to do so either.  As such, when they reminded us in an e-mail this morning that “…Office 2013 clients’ connections to commercial Office 365 services will not be supported after October 13, 2020” they were not telling us “Hey guys, we know it is only three months away, but on October 13 you won’t be able to use your Office 2013 clients with our servers anymore.”  What they were saying was this: “We told you on April 20, 2017 (three and a half years in advance) that on October 13 of this year, you would no longer be able to use the Office 2013 clients with our servers anymore.” (See article)

To be clear, Microsoft is not saying that if you have an on-premise Exchange Server that you will not be able to use the Office 2013 client anymore.  This is about their Office 365 online services, which they are modernizing, and for which maintaining support of the legacy applications would cause an undue burden to them.  As such, in that article posted in April, 2017, Microsoft stated that: “Starting October 13, 2020, it will be necessary to have Office 365 ProPlus or Office perpetual in mainstream support to connect to Office 365 services.”  They will no longer be supporting connections from older application versions that are no longer in mainstream support.

Is that reasonable?  That depends on your point of view.  From Microsoft’s perspective, it is reasonable to say that they do not want to provide back-end support for applications that they are no longer supporting on the front-end.  From the end user’s point of view, it is reasonable to say that ‘Hey, I bought this application from you, and should be able to use it forever.’  Unfortunately, the end user is wrong in one thing.  You never buy software from Microsoft… you license it.  You have the right to install it on your computer, and I suppose if you want to configure Outlook as an SMTP or IMAP client (look them up if you do not know) then you can still use it that way… but in 2017 Microsoft told you that effective October, 2020 you will no longer be able to establish an Outlook Client connection to their servers.

Life moves forward, and so do computers… in fact, computers move forward much faster than most other facets of life.  If you question Microsoft’s decisions in this, I would point out that IBM lost the PC race (to Compaq, HP, Toshiba, and other compatible manufacturers… not to Apple) because they tried to maintain that seven year lifecycle promise in the era of $3000 PCs like they did in the era of multi-million dollar mainframes.  They insisted on maintaining compatibility across all of their software and PCs with the 8-bit Intel 8088 processor… so while Compaq et al went forward with building newer PCs on the 16-bit Intel 80286 processor, IBM stood their ground.  They partnered with a software company to develop an operating environment on the 8088 that would modernize the world… except the limitations of the 8-bit CPU held that program back, so that software partner, while continuing to work with IBM on OS/2 in Tampa and Armonk, spun off another team to build a similar operating environment that would take advantage of the 16-bit bus of the 80286.  The company in question was… Microsoft.  The operating environment they built back in New Mexico? Microsoft Windows.  The result?  A tremendous dive in the value of Big Blue, and Microsoft is now one of the most successful companies in the world.

Microsoft had a front-row seat to why it is important to move forward.  With all that on the table, asking them to hold back for a $500 piece of software you purchased seven years ago is no longer in the same ballpark as reasonable. 

So, if you are one of the customers (and there are probably millions) still using Microsoft Office Outlook 2013, and you are using it to connect to your Office 365 mail server, know that your days are numbered, and in just under three months your connections will stop working. 

Do you have to go out and buy a new package, or worse… subscribe to the Office 365 client?  Not necessarily.  While I certainly prefer working that way, I also know that a lot of people would rather not spend the monthly fees.  If you already have the Office 365 mail account, then you also have access to Outlook Web Access… you can connect to it from your web browser (https://outlook.office.com/mail/inbox) and have all of the functionality… minus the offline client.

Goodbye Microsoft Store.

In 2009 Microsoft started opening retail locations, hoping to compete with the Apple Store.  Over the past eleven years, and especially while I was still a Microsoft MVP and living in the Greater Toronto Area, I did a lot of work with the stores in Toronto and Mississauga, and wrote many articles about experiences at the other stores.  I was one of the hosts and subject matter experts at the grand opening of both of those GTA locations, and made a lot of lasting friendships while helping out there.  I cannot count how many lectures I delivered in their audience experience rooms.

Microsoft Store

While the launch parties were hugely successful and well-attended, the truth was that I have never visited a store that I considered to be overly busy.  While the Apple Store in the same mall (and often just a few doors down) would be jammed with customers, the Microsoft Stores were never cursed with such problems.  Sure, there were often people waiting for help with a service tech (who were always extremely competent), there was never a time when people had to wait in line to purchase products.

It is hard to believe that it has been more than seven years since I purchased the first commercially available Surface Pro at the Microsoft Store in Yorkdale… there had been a midnight launch event planned for the night before at the store in New York City, but that was cancelled due to a blizzard, and so as a Technical Evangelist with Microsoft Canada, when I walked into the store at 7:30am the morning they went on sale, I had the distinction of purchasing the first one in the world… partly thanks to a very friendly store manager (Alison), and my buddy CF who made it happen.  Of course, part of the deal was recording an unboxing video in the store for my blog and YouTube channel.

Thanks to a number of Microsoft Store managers and employees, over the years I have upgraded from the Surface Pro to the SP2, SP3, and finally the Surface Pro 4 (my current device).  I have purchased devices for my sons, (now ex-)wife, mother-in-law, friends, clients, and more.  All from the Microsoft Store.  Sometimes in Toronto or Mississauga, sometimes other locations (Redmond, Washington and Chicago, Illinois stick out, but there were others).  While I am no longer affiliated in any way with Microsoft (save for myriad certifications and my MCT), it was a great relationship while it lasted.

Friday afternoon Microsoft announced that they have decided to exit the retail space.  My understanding is that this was in the works for next year anyways, but was moved forward because of the Covid-19 pandemic.  They will keep four stores open (Redmond Campus, New York City (Fifth Avenue), London (Oxford Circus), and Sydney, Australia (Westfield Sydney).  However, they have also announced that these locations will be converted to ‘Experience Centres,’ and will not sell products.

While this is terribly disappointing to those of us who were always fond of the stores despite their ineffectiveness, it is not at all surprising.  It is nice to know that Microsoft will not be laying off any of the retail employees, who have been working diligently to provide support to customers remotely during this pandemic. 

“We deliberately built teams with unique backgrounds and skills that could serve customers from anywhere. The evolution of our workforce ensured we could continue to serve customers of all sizes when they needed us most, working remotely these last months.  Speaking over 120 languages, their diversity reflects the many communities we serve. Our commitment to growing and developing careers from this talent pool is stronger than ever.”

– David Porter, Microsoft Corporate Vice President

For years I have known that Microsoft has never had one single business unit or product that it relied on entirely, so this will likely not affect the company.  Knowing that the employees’ jobs are safe, I feel better about this decision.  Still and all, it is somewhat sad.

Sharing is Caring… but don’t touch the merchandise!

Raise your hand if you still think that the only way to share a document is to e-mail it as an attachment?  Those days are fortunately long gone; Microsoft 365 offers you the ability to share a link to a document that you have stored on your OneDrive for Business.  It offers a few real advantages over the legacy way of doing things… you know, remember when your Internet Service Provider (or e-mail service) would block files larger than one megabyte from being sent across e-mail?  Those limits have increased dramatically over time, but they are still there… and even if they were not, there are storage limits.

Okay, so you have a document that you want to share.  If you navigate your OneDrive documents in a web-browser or with Windows Explorer, it doesn’t matter.  You find the file, right-click it and click Share.

image

Now before you just send it to anyone, remember that you might not want anyone else to make changes to your document.  While they are likely recoverable, you don’t want the hassle.  So I am going to make some changes on the window that pops up.  By default, you will see Anyone with the link can edit >… click on that, and you will see the following options:

image

Wow… there are some great things I can do here.  You will notice the option for People in Garvis Family with the link… that is because my Microsoft 365 organization name is Garvis Family.  If you work for Bank of Montreal, it would read People in Bank of Montreal with the link.  Yes, Microsoft 365 will know if you are authenticated from the same company.

You can allow editing… or not.  You can set an expiration date, which means that nobody (with the link) can open the file after that.  You can set a password, so even if someone does have the link, they need to enter the password to see it.  And lastly (at the bottom) you can Block download.  Sure, let people see the file online… but they cannot copy it to their computer.

Once you click Apply, you are back at the original window.  You can either enter the e-mail addresses of people you want to share it with, or you can click Copy link or Outlook.  If you click the first, it will give you a link that you can send by e-mail, Teams, Skype, or any other chat program.  If you click Outlook, it will create a new email from your Outlook client that you can send. 

It is that simple… it is the difference between showing someone a file on your computer versus having to print it out and sending it to them.  It saves tremendous resources, and allows you to keep control of your files.  By the way, this is not limited to Microsoft Office files… only to files you store in your OneDrive, which means it can be photographs or anything.

For companies where information security and integrity are key, there are ways to secure it further.  For most of us, the built-in functionality should be enough.

Now go forth and share!

Azure Administrator

A little over a year ago I spent two days sitting at a Starbucks in Atwater Village preparing for what turned out to be one of the easier exams I have taken over the years.  I earned my first one-star badge from Microsoft (Microsoft Certified: Azure Fundamentals).  I did not do much to follow it up, as I was not working in Azure.  I honestly took the exam so that I could teach the course internally at the company where I was working at the time.

Now that I am once again independent, and especially as we are all essentially working from home, I am hoping to deliver more training.  There is not as much of a market for Windows Server trainers as there once was, and while I have my Microsoft Office 365 certifications, those do not seem to be flying off the shelf either. 

azure-administrator-associateWhat does seem to be hot is Microsoft Azure.  I have been working with that technology for a few years now, so when I put my mind to it I was able to sit the exam yesterday afternoon and pass AZ-103.  (There is also an AZ-104 which has the same credentials, but the exam for it is still in the beta stages.)

For bragging rights, it is the 57th official certification exam I have passed… which does not hold a candle to some friends and colleagues who are in the high hundreds.  Still and all, I beam with pride every time I earn a new cert.

Interesting trivial facts of my certifications journey:

  • First certification attempted: 70-215 Windows 2000 Server (December, 2001)
  • First certification passed: 70-210 Windows 2000 Professional (March, 2003)
  • Years since 2001 during which I did not take a cert exam: 1 (2013)
  • Greatest streak of consecutive passes: 9 (current!)
  • Worst streak of failures: Sorry, I do not discuss or disclose my failures.  I will say that I have probably failed more exams than most IT Pros have taken.
  • Most exams in a single day: 4 (January 23, 2014)
  • Most exams passed in a single day: 3 (May 3, 2011)
  • Most exams taken in a calendar year: 12 (2008). (I took 11 in a year twice – 2010 & 2012)

Yes, I was bored this afternoon after the exam, and I decided to write a fluff piece!  With that said, Microsoft Azure is an extremely important technology, and if you are considering it, let’s discuss a training plan for your team!

Microsoft 365: Know Your Plan

While it has been true for some time, during the Covid-19 pandemic, when quarantines, lockdowns, and shelter in place are forcing the vast majority of information workers to work remotely, and when video conferencing is ubiquitous, Microsoft wants everyone using Microsoft Teams.

Question: True or False: Every Microsoft 365 plan that is business- or enterprise-focused includes a license for Microsoft Teams.

Answer: FALSE

I was out for a stroll a few days ago when a friend of mine messaged me and asked the following question:

Hey man, how well do you know M365 licensing? Any knowledge on the deets for M365 Apps for Enterprise? I’ve got someone who is stuck in a license spiral about teams.

I answered that I was reasonably sure that all enterprise SKUs of Microsoft 365 did, but that I would check.  A quick review of the plans proved that I was wrong.  My friend is likely not the first to make that mistake.  When I log on to my Microsoft 365 tenant and click on Purchase Services, the following blurb is written at the top:

Microsoft 365 combines Office 365, Windows 10, and Enterprise Mobility + Security together for your organization. Today’s modern workspace allows people to meet, collaborate, and stay connected across boundaries. Microsoft 365 supports teamwork, connecting services like Microsoft Teams, SharePoint, and Yammer and providing a hub for collaboration. (https://admin.microsoft.com/Adminportal/Home#/catalog)

You see it right there, don’t you?  It is right in the blurb.  “…connecting services like Microsoft Teams…

imageIf I were the responsible for purchasing Microsoft Office licenses for a team of information workers, which I have been as recently as a couple of months ago, I would look at this and say “Hey! I used to be able to buy Microsoft Office Pro Plus for my employees who did not need all of the on-line collaborative tools, so why can’t I do that anymore?” Well the answer is simple: You can… they (Microsoft) just don’t go out of their way to tell you about it.

I spent many years living in a Microsoft bubble.  I used (and consulted and taught) Microsoft Windows (client and server), Microsoft Office, Microsoft virtualization, Microsoft <fill-in-the-blank>.  Of course I knew about competing products, but the goal of my knowledge, especially when I was representing Microsoft, was to know them so that I could help customers move off them onto Microsoft platforms.  However, and despite the true wishes of the Microsoft Corporation, many people and organizations choose to not use Microsoft technologies… or at least, not use them exclusively.

Microsoft has great anti-malware tools… and yet most organizations use Symantec, McAfee, Kaspersky, or myriad others for the task.

Microsoft has great management solutions… and yet many organizations eschew them in favour of third-party tools.

And more directly on-point:

Microsoft has great collaboration tools.  Office 365 includes great e-mail, calendaring, web portal, chat, and video conferencing tools… and so much more.  And yet, many organizations opt to use G-Suite, WebEx or Zoom, and others.

And so, when I click on Add Account in my Microsoft Office Outlook client, I will get to the following screen:

image

Of course, four of these options are for Microsoft back-end products.  Microsoft 365, Exchange, older versions of Exchange, and even the free Outlook.com are all options.  However, so is Google.  And, because there are other mail servers and services that are less ubiquitous that might require manual configuration, there are still the options for the old standards, Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP).

So yes, Microsoft hopes you buy the full package, which not only includes all of the client applications (by the way, all of the Microsoft 365 SKUs will include the on-line applications (accessed via web browser), but there are SKUs – such as Microsoft 365 Business Basic – that do not include the client (locally installable) applications.

microsoft365-enterprise-adminstrator-expert-600x600Before you place your order, make sure that the option you choose includes all of the features that you need.  There are many options that you can choose from, and certainly they do not make it easy for the lay person to follow.  That is why there are Microsoft Certified Professionals to help.  For this particular task, my friend knew that I was a Microsoft 365 Certified Enterprise Administrator (Expert), which means that while I do not necessarily know all of the options off the top of my head, I certainly know where (and how) to find the answer.

I hope this helps you better understand why Teams – a very popular product that Microsoft wants everyone using – is not available with all M365 bundles.  Good luck finding the right one for you!

<irony>…and now if you will excuse me, I have a Zoom meeting to join.</irony>

The Inefficiencies of Legacy Thinking

Until recently, I was working at a company that was in the process of migrating their datacenters into the cloud.  Their policies, written many years ago, stated that information had to go through their corporate firewalls.  During the Covid-19 outbreak that saw 95% of the workforce working from home, this was nevertheless interpreted to include corporate e-mail (which was stored in the Office 365 cloud) and video-conferencing (hosted through Zoom, WebEx, and other cloud providers).  This caused tremendous latency and led to poor transmissions.  When I asked why we were forcing our users to route their WebEx and Zoom traffic through a corporate (on-premises) virtual private network (VPN), I was told simply that: “Because the Corporate IT Security Policy requires it.”  Based on that, I wrote the following article.  It was not published at the time, but a couple of the co-workers I shared it with did take up the cause to have the policy changed. –MDG

I used to live in a part of Glendale, California called Adam’s Hill… thusly named because yes, we were on a hill.  If you are at all familiar with the topology of the Los Angeles area, you know that there are several hills and mountains to it; when I looked out from my patio (which was essentially the top of Adam’s Hill), I could see in the distance – maybe five miles away – the next hill.  Traffic in Los Angeles can be extreme, so it is likely that for me to get to the next hill, through all of the side-streets and with all of the traffic and streetlights, it would take me an hour… which is to say, I would get there at a rate of about five miles per hour.

RoadImagine I needed to get to the next hill on a daily basis, and I had all the money in the world… I decide to build a highway overpass that reaches from the bottom of my driveway right to my destination on the other hill.  At a reasonable clip of seventy-five miles per hour, I have now cut my trip from one hour to four minutes… at a tremendous cost, but for whatever reason I thought it was worth it.

The federal government sees me working on this project and determines that I cannot just build a road straight through, but I would have to build inspection booths at either end to make sure of whatever they want to make sure of.  They determine that each inspection – source and destination – will take five minutes.  Okay, my initial one-hour drive what had initially dropped to four minutes is now up to fourteen minutes.  This is a little frustrating, but it is still a tremendous savings.

The state government gets involved, and they determine that every highway must be patrolled by California Highway Patrol, and because the road is only thirty feet wide, they are imposing a maximum speed limit of fifty-five miles per hour.  I am, of course, a law-abiding citizen, so I will never exceed the speed limit.  Okay, what could have been a four-minute trip is now a fifteen-and-a-half-minute trip.  This is getting a bit silly…

The municipal governments look at my road and determine that my road goes through several residential neighbourhoods, and because of that, both to protect our children and to limit noise pollution, they have decided I need to install speed bumps that will limit my car’s ability to exceed ten miles per hour.  Now what would optimally have been a four-minute trip has now expanded to a forty-minute trip.

There are two ways to look at this:

  1. 40 minutes, down from 60 minutes, represents a 33% time saving; every work week I will have saved 100 minutes in commuting.
  2. With the tremendous amount of investment dedicated to this project – including time, manpower, cost of materials, cost of labour, permits, and such – we could have expected as much as a 90% time saving, and the mere 33% saving is paltry indeed.

So, where did our project go wrong… if at all?

A traffic jam on the 5 freeway heading south in Orange County California.It is easy to say that all of the levels of government had valid points to make about the road.  They have, after all, been building and managing roads for many years.  However, if this is a new style of road, using completely new technologies and accepting only the most modern cars, is it still true that all of the legacy rules that were important in the past should still apply to our road?

If we are building a solution using new technologies, rather than standing our ground firmly stating that the rules (and technologies) we have always implemented should be equally implemented here, would it not make sense to reevaluate each of these?  This is not to say that all of our old rules and technologies should immediately be discarded… but is it not worth reviewing to see if they are still relevant to modern infrastructure? 

As an example, do municipal speed limits that protect pedestrians matter on a road that is inaccessible to pedestrians?  If the noise created is undetectable to anyone who is not at the same level as the road, is it important to manage it?

I ask these questions because we, as the IT Professionals managing our organizations, have for many years done an outstanding job of protecting our datacenters.  However, in an era where the datacenter is becoming less relevant, and where cloud tools have modern tools that can protect them, should we not look at these, rather than focus on what worked well in the past?

As did most of us, I grew up in the datacenter.  It was not always easy, but I have learned to let go of a lot of what was, in favour of what is now.  Can we keep these questions in mind as we continue to migrate our company into the cloud?

If Anyone Could Do It…

There is an old saying: Those who can, do… those who can’t, teach.  We will get back to that in a bit.

I work in an industry where ongoing training is a part of life.  If I had rested on my laurels when I got my first few senior certifications, I would be searching the Help Wanted ads looking for a job as a Windows 2000 Server administrator.  And so, over the years I have attended countless training sessions, as well as self-study, in myriad technologies and versions of said technologies.  It is because of this ongoing learning that a prestigious company in the U.S. decided that I was worth speaking with, and why they brought me to California from the Great White North.

public-speaking2In over twenty years in the IT field, I have had some wonderful trainers… and I have had some duds as well.  When I decided to become a trainer myself, I spent countless hours practicing and preparing to deliver the content that others would hopefully use to advance their own careers.  While I doubt I was ever the smartest person in any room when I was teaching, I did my level best to make sure I knew as much about the material I was delivering as was possible.

I came of age in the industry just about the time that Microsoft got serious about eliminating the ‘Paper Certifications,’ which essentially meant that it would no longer be easy to just read a book in order to pass an exam… you would not only need to study, you would need to have hands-on experience.  I heard the stories of course, and I wanted to make sure that my students never looked at me and said: “It looks like he’s never touched the product, he just read the book.”  That was one of my worst fears.  Second to that was the clause in many training contracts that stated that if I did not get a minimum score on my instructor evaluations, the company would not have to pay me.  When you are living hand to mouth, that is a scary thought.

I came into training almost by accident, and I have a man named Rory to thank for it.  He came to Montreal to speak at an event that I was hosting for the Montreal IT Professionals Community.  After the event we went for drinks at Hurley’s Irish Pub where he made the suggestion.  In August of 2006 I was approved, and embarked upon a journey that would take me to five continents and scores of countries to share my knowledge.  That I became a trainer may have been an accident; that I was good at it was not.

After my bar mitzvah and some extremely uncomfortable Public Speaking assignments in high school, the first time I delivered any sort of training to a group of people was in the military… as squad leader and then platoon leader, I delivered numerous types of training and intelligence reports to groups of people from five to fifty in size.  I never thought of that as public speaking, but I suppose it was.  That is why, when the security company I was working for after the army needed to get people certified as trainers by the provincial government, I was able to honestly list among my accomplishments these various training sessions.  The first time I was asked by the company to deliver a three-day training session to new agents I was scared… but because I was a last-minute replacement to stand in for a sick instructor, I did not have a lot of time to worry about it.  At the end of the session I breathed a huge sigh of relief… and probably walked into the office the next morning with a big s^#t-eating grin on my face.  There is a true sense of pride when one has delivered a class, and received top evaluations.

How is it that I was able to do so well my first time out?  Simple… it was not my first time out.  Yes, I had the army… that was good training after a fashion, but I had something else: After the army, I spent two years trying to be a stand-up comic and an actor.  If you think delivering technical training might be tough, whether it be in the field of security or of computers, then let me tell you… it is child’s play compared to standing in front of a group of (usually drunk) strangers who have paid for you to make them laugh.  That, ladies and gentlemen, is called trial by fire.

I have a confession to make.  I was never a very good actor, and I was never a very good stand-up comic.  People who have never tried it say all the time “I’d make a great stand-up comic… I am so much funnier than those guys!” do not realize that there is a difference between in a group of friends funny – in a conversation, for example – and standing up in front of an audience with five to ten minutes of prepared material that you wrote funny.  Oh by the way, before you decide that you are going to try to cheat and do it with someone else’s material, remember that in the day and age of the Internet, there is a very strong chance that someone in your audience has already heard it.

You have read through your material, you think it is hilarious.  Now stand up there in front of the crowd when they disagree, and are staring at you like you just served them with a summons for jury duty.  I might have come across more uncomfortable situations in my career… but not many of them.

public-speaking1It may sound weird that it is (or can be) easier to deliver a five-day technical training class to a group of IT professionals than it is to stand in front of an audience who are all out to have a good time for ten minutes.  What you have to remember is that the five day class is based heavily on slides, scripts, and technical demonstrations (that were usually provided by someone else), interspersed with hands-on labs that the attendees are doing in between.  The truth is that the IT professionals want to learn, and you have the resources to deliver that learning.  They chose you, or at least they chose the training centre that hired you.  They need what you have to offer.  They are going to listen to you because they likely need what you are teaching them to perform their jobs or to advance their careers.  The audience at a bar chose the bar, but you are competing with television, movies, the Internet, Netflix, concerts or the radio, theatre, and myriad other forms of entertainment that they could have chosen, and if you are wasting their relaxation time then you are going to hear about it.

You may be asking yourself by now: “Why do I bring this up? What possible connection does stand-up comedy have to technical training?  The answer is simple… and not.  Technical training and stand-up comedy are two forms of public speaking… and if you cannot do the latter, you won’t be much good at the former.  Yes, the professionals attending a technical class may need to be there, but as a technical trainer, I have a number of extremely important jobs:

  1. Impart my knowledge on the attendees; and
  2. Keep my attendees’ attention for the duration of the class, whether that is one hour or one week.

It is likely that every IT professional has sat through a boring presentation in their career.  That could range from a simple fifteen minute session, a boring lunch-and-learn, to the five day class with the worst of tortures… a boring presenter.  Too many people believe that to be a good teacher, the most important thing is to be a subject matter expert… and admittedly that is truly important.  However, an expert without the requisite communication skills, whose voice drones on in a boring monotone, who reads the slides to the audience and who might occasionally take a short break for questions, may not be a punishment worse than death… but it could easily be considered cruel and unusual punishment under the Geneva Convention.  The responsibility of a trainer is not only to impart knowledge, it is ensure their audience is interested, engaged, and hanging on their every word.  It may not be the only reason so many people seem to prefer self-learning to classroom learning… but it is certainly a big one.

In the classic British Broadcasting Corporation radio serial Hitchhiker’s Guide to the Galaxy, the world was introduced to a form of torture called Vogon Poetry.  Vogon Poetry is said to be the third worst poetry in the galaxy, behind only the Azgoths of Kria, and Paul Neil Milne Jennings of Essex, UK.  In the radio serial, as well as in later books, movies, and television series, the Vogon captain (Prosthetnic Vogon Jeltz) has the heroes bound from head to foot while he recites his poem “Oh Freddled Gruntbuggly.”  They were then given the choice between being hurled into outer space to die a painful death… or telling the reader how good the poem is.  While they eventually do compliment the poetry, you can tell that it was a very difficult decision indeed.**

Sitting through a class with a boring presenter can be as mind-numbingly painful as Vogon Poetry.

I do not know if anyone has ever actually died from it, but there is a popular term in the industry: Death by PowerPoint.  How many people have sat through a training class of such a boring trainer that they have considered faking illness or gnawing off their own leg to escape?  We have all been there, and it is the duty of the presenter to keep us engaged, interested, and yes… entertained.

I began this article with the adage that “Those who can, do… those who can’t, teach.”  It is of the utmost importance that technical trainers be true subject matter experts, thus disproving this adage.  However they must also have in their toolbox a series of other skills and tools that will help them in their jobs:

  • A good speaker’s voice.  It is vital that one knows how to use their voice, and is aware of it at all times.  They cannot drone on in a monotone and expect their students to stay awake.
  • A good attitude.  Even the least aware attendee will see the difference between a trainer who wants to be there, and one who does not.  If the presenter does not want to be there, the students will not either.
  • A willingness and ability to answer questions.  A good class is more of a conversation than a soliloquy.  The trainer must not only take questions as they come, they must also invite and encourage them.
  • The ability to be wrong… or unsure.  The most important lesson I ever learned as a trainer was how to say “I don’t know.”  The second (though equally important) most important lesson was to follow that statement with “…but I will find out for you.”  This lets students know that you are human; it also lets them know that you are not just spewing information at them, but that you really understand it, and are willing to grow.  It is also important for students to trust that you are not making the answers up… I have seen that, and it is never pretty.
  • Clean and neat appearance.  If I am proof of anything, it is that you do not have to be slim and good-looking to be a successful trainer.  However, and without exception, I have always made sure to be shaved, showered, and dressed appropriately for my classes… including one week-long session in Malaysia where I had to bring two shirts to class every day because it was scorching hot and deathly humid, and neither the air conditioning nor the ventilation was doing their job.
  • Preparedness.  We have all seen images of the absent-minded professor.  What did he have that we do not?  Tenure.  A good trainer must be ready for class at the beginning of class.  Check that… thirty minutes before the beginning of class.
  • Stories.  When a trainer reads the slides and goes through the demos, it can be clear that he knows what he or she is doing… but if there is one lesson we all need to remember it is that there is a big difference between book knowledge and real-world knowledge.  When a trainer says “When we did this at my client, these were some of the issues we encountered, and these gotchas are things you might come across” it shows that they did not just read the book… they’ve lived it.
  • A willingness to make mistakes, and to make light of it.  The Demo G-ds are always watching, and it has happened to every one of us that we are demonstrating something we have done a thousand times, and it just all goes wrong in front of the class.  Keep your cool, and try to work out what is going on… make a joke of it. “Wow, that’s what happens when I put on the wrong socks in the morning”” or “I really wish I had listened to that fortune cookie!”  You will figure it out… as long as you stay composed.

There are probably thirty more tools and skills I should mention… but you get the picture.  Getting up in front of a technical audience is not easy, and it is something you should prepare for.  It is something that takes great pains to try to do… and years to get right.

So why is it then that so many companies feel that the right place to cut corners is on trainers?  Why is it that organizations, rather than looking outside and bringing in professional trainers who not only know the material but also know how to present it, would rather entrust the job for internal training to one of their internal IT professionals?  I have seen both of the following examples:

  • A company has decided to adopt a new technology; rather than hiring an outside trainer (or sending their people out for training), they approach one of their people who have worked with similar technologies – often just a generation or two removed from the new, but not always – and ask them to learn it before the rest of the group.  Once the professional has done so, they are delegated the task of training the rest of the team, often through a series of articles or lunch-and-learn sessions, but occasionally by way of full day (or week) training.
  • A company has an employee with a particular expertise that they feel would benefit others in the company.  They have that employee, who often does not have any background in training or public speaking, deliver training on a particular subject, but do not offer them any soft-skills training.

I did not do extensive research for this article, but as I prepared to write it, I typed the words “Worst Fears List” into Google.  Two of the top four sources that were returned above the fold listed ‘fear of public speaking’ as #2 (link) and ‘social phobia (fear of public speaking) and agoraphobia (fear of open spaces)’ as #3 (link).  A third site listed ‘fear of public speaking’ as #13 (link)… listing fear of spiders, snakes, heights, open spaces, dogs, and thunderstorms higher.  Sorry public speaking, you’ll have to do better next time.

So: if public speaking is one of the top fears that most people have, why would companies not only expect most people to do it without any prior training, but to do it so well that the attendees (their other employees) would see it as a real benefit to their job?  Isn’t that like telling someone who joins the army on Tuesday to jump out of an airplane while facing enemy fire by Saturday?  “Hey Fred, I know you don’t like snakes, but here’s a python… get chummy with it!”  Fears should be understood, and throwing kids into the deep end of the pool is no longer an acceptable way of teaching them how to swim.  (If you are my age or older, that is likely how you  learned it… but we were also spanked and sent to our rooms without supper).

There is, however, a happy medium… something between hiring outsiders, and having unprepared insiders deliver the training.  Public speaking can be taught.  The ability to deliver engaging and effective training can be learned.  It is not only a question of helping the individual overcome their fears, it is about doing that… and giving them the skills training to know how to do it… and then helping them with practice exercises so that when the time finally comes for them to deliver the class, they will know what they are doing.  Even with all of this preparation, most new trainers will stumble… but that is why Major League Baseball has the minor leagues, and why medical schools have pre-med.

How would we do this?  Simple… hire an expert to teach it.  It is great that companies offer technical training to their employees… but if they really want to help them succeed in the world, and especially if they want those employees to be able to effectively deliver technical training, then offering public speaking classes – soft skills training – would be a good place to start.  If your company does not have the budget to do that, you could look into public classes like Toastmasters… but they seldom offer technical trainer training.

Teaching, like any other skill or vocation, needs to be learned.  However, being thrown into the deep end can thwart a career.  There are two similar adages that could apply, depending on one’s personality type:

“If at first you don’t succeed, try try again.”

Some people will give it a shot, fail, and they will try again.  They will get back onto the horse, lessons learned, and do it better the next time… and the time after that, and so on…

“If at first you don’t succeed, skydiving is not for you.”

Other people will try it and fail… and never again get up in front of an audience to speak… not a technical training session, not to deliver a toast at their best friend’s wedding.  They will realize how justified their fears were, and they are never going near it again.  That might be too bad, because you never know how good someone could be until you give them the encouragement and the tools to keep getting better.  If you don’t believe me, ask my first wife, who divorced me because she decided I would never make a living as a computer consultant.

“If you think experts are expensive… try hiring amateurs.”

This is another quote that I love… outside trainers cost more money, but they are usually worth every penny.  Your staff learn what they need to learn, and nobody walks away discouraged because of a bad trainer… including the bad trainer.

Not everyone has it in them to be a good technical trainer.  It is hard, it is demanding, and it can be scary.  Those, by the way, are three reasons I am not a cardiothoracic surgeon (although there are myriad other reasons as well).  Like that sort of surgery, many will try, and even with the proper training and preparation, many will fail.  Public speaking is a top fear for a reason.  However, if you do think you might want to give it a shot, I have plenty of advice to give… but start by writing five minutes worth of jokes, and then signing up for Open Mic Night at your local comedy club.

** If you have not read Hitchhiker’s Guide to the Galaxy, shame on you! Correct that immediately.  Do not pass Go, do not collect $200.

A Clean Windows Installation…

It happens twice every year… Microsoft releases a new version of Windows 10.  For most people, the new version will be installed for them automatically by whatever method they use for patch management… either Windows Update, or any of myriad enterprise deployment tools their organization uses to manage desktop operating systems.

Unfortunately, due to a Windows update limitation that I have never quite understood, for me it means that I will be redeploying my operating system from scratch twice per year.

While Windows works fine when installed on a USB key, you cannot do a major OS upgrade to it.  So, if you have Windows 10 Enterprise version 1903 (Spring 2019) on a USB key, despite newer versions being released (Autumn 2019 and Spring 2020), the USB installation would remain on v1903.

spyrus-wspFor the last couple of years, because I use a number of different hardware platforms, I have been maintaining a USB key installation of Windows (formerly known as Windows to Go) as my primary personal system.  I run it off a Spyrus Worksafe Pro 128GB, and I have never had an issue with it.  I love the portability of it, in addition to the speed, security, and reliability.  What I do not love is that if I want to stay current, I have to reinstall Windows every six months… from scratch.

I have to admit, the process of reinstalling Windows every six month (along with all of my applications) is a pain in the rear.  It is time consuming, and if I am not careful, it is easy to forget something.  Yes, all of my data is in the cloud… but there is always the possibility that things can get missed; you know, files on the desktop, whatever.

The process is a pain, but it is also cathartic.  It gives me the opportunity to start with a clean slate.  Older application versions will be removed, and the newer ones deployed in its place.  Applications I might have needed for a contract do not have to be reinstalled.  What was old is new again.  It truly feels like a spring cleaning of my desktop environment.

With modern technologies such as Windows Autopilot there are some great tools to make the process easier.  I don’t mind spending a bit of time refreshing the environment.  A couple of hours later, and things are as good as new.  Windows to Go may be gone, but mobile Windows is still the way I am going.  So if we cannot do major updates on Windows USB installations, I’ll go through it.  I’m just glad it’s not more often than every six months!

I Have The Power!

A couple of weeks ago I posted an article about how I love my ChargeTech Portable Power Outlet (See article).  I guess someone at the company found the article online and they reached out to me, asking for my address.  “We appreciate you as a long-time customer and we want to send you something.” Hey, I am always happy to get new toys!

The box arrived yesterday, and it truly was a very nice little goody box.  A couple of the items were things I have had before (two of them were left behind or lost when I moved from Canada to California), but there was one new item that got me excited… the Chargetech 20K USB-C Wireless Battery Pack.

IMG_1140While it is easy to see this device as a baby brother to the Portable Power Outlet, there are several differences that make this a completely different animal. On the one hand, it is smaller and more convenient (it would fit into a back pocket); on the other hand, it is USB only, and does not have the three-prong plug that the PPO has.  As a bonus, it also has the offer to wirelessly charge any device that supports NFC charging (iPhone 8 and later, Samsung S10 and later).

The Powerpack feels pretty heavy in the hand, especially when compared to some competitive devices.  While it does weigh in at 416g (1lb), that is not really heavy… especially when we take into account the Lithium Polymer battery with a 20,000 mAh capacity.  The dimensions are 6.4” x 3” x 1”, which makes it the same length and width as my iPhone X, only about three times thicker.

The Powerpack does come with a USB-C cable to charge the device, although you will need to plug that into something… either a computer or a wall outlet will do.  If you are lucky enough to have the ChargeTech Universal Phone Charger Squid 4 (one of the devices they sent me that was lost in the move) then that will easily stand in to charge the Powerpack.  Otherwise any device that charges a standard USB device will work.  You can actually charge from one of two inputs – the USB-C, and the USB-A (Micro connector).

There are three ways to charge from this device…

  • USB-A;
  • USB-C; and
  • Wirelessly

While the device is a simple one, it is also very powerful… since I sat down to start writing, my iPhone X has gone from 47% to 72% charge (wirelessly).  That is quick enough for me… I’ve only been writing for twenty minutes (there were interruptions).

The best benefit of the Powerpack over the PPO?  The price tag.  For the lesser PPO (27k mAh) sells for $199 (although is on sale for $159).  The more powerful Wireless Battery Pack (27k mAh) sells for $39.99, with the lighter 10K selling for $29.99.  In other words… if you do not need the 3-prong outlet, you can save a lot of money with this device.

I expect I will be getting a lot of use out of this little device… it means I can save my PPO to charge my laptop and this will take care of my phones and tablets.

Thanks again, ChargeTech!

No Power? What to do…?

As many people do, I have two separate smartphones… one for myself, and one for corporate use. I am contracted to a large bank, and we take IT security seriously. There is no cross-pollination between the two worlds… my personal device has whatever I want on it, but my other device is all business.

I am a Cloud and Systems Architect with the bank, which means that during the day I have some pretty solid responsibilities, but my nights are my own. As such, when I leave the office at 5pm (or thereabouts) my work phone is mostly silent. Now that we are all working from home, that means the work device gets plugged in to charge in my home office, to be ignored until the following morning.

My morning routine consists of several constants. I walk the dog, I make a cup of coffee and check my personal cell phone while enjoying my java, either at the dining room table, or on beautiful mornings like this one, on my patio. However, before that, I grab my work phone… I want to be sure that there are no fires to put out, no last-minute early meetings, and so on. If you work in the field (or early any field for that matter where you don’t punch a clock) you know exactly what I mean. My corporate device battery will be fully charged, so if anything pops up during my ‘me-time’ I can get right on it.

This morning I grabbed the phone from the office and noticed it had not charged. In fact, the battery was at 1%… which usually means ‘press three buttons and watch me die!’

Crud.

I could, had I been willing, change my patio plans to the dining room… but why waste the opportunity to enjoy G-D’s beautiful creations? I wanted to enjoy my java overlooking the city. Unfortunately, I might not be able to enjoy it for long, considering I would have to Chargé my phone indoors.

ChargeTech to the rescue!

I have had my ChargeTech Portable Power Bank for nearly four years (I first wrote of it here), and have used it for so many reasons and in so many places (from the beaches of Cuba for my iPad to outdoor patios the world over for my laptop). It really comes in handy, being able to charge all of my USB or other battery-powered devices wherever I am.  Just last week I was in Havana, and the power in my neighbourhood went out (as is apt to happen in Havana from time to time).  Rather than concern myself, I brought my ChargeTech PPO with me to the café down the street, and I was able to charge both my phone and my iPad while enjoying a lovely coffee (prepared over fire). 

It was a beautiful day to sit on my patio and enjoy my coffee with a view, and I was not going to let a dead battery get in the way of that. In the time it took me to write this article (about 16 minutes) my iPhone’s battery charged to 58%… more than enough to make it through the entire day, let alone a cup of coffee.

For more information about ChargeTech devices, visit www.chargetech.com and tell them I sent you! They are currently having a sale on their 27,000 and 54,000 mAh power packs, which should help ease the pain a bit during our quarantines and lock-downs.

The End of An Era… Again.

MCSE(rgb)Around 2005-2006, when I was running the Montreal IT Professionals Community, Microsoft announced that due to a lawsuit from the Quebec Order of Engineers, Microsoft would be eliminating the Microsoft Certified Systems Engineer (MCSE) designation in the province of Quebec.  As a community leader I rallied against that; my position was that it would create unfair competitive disadvantages to our IT Pros who would not be able to compete with outsiders who did have the credential.  My position was (and remains) that if Microsoft and Microsoft Learning are going to award credentials, they had to be a uniform set of credentials around the world.  Two professionals with the same skillset who have passed the same exams should have the same titles, whether they live in Montreal, Los Angeles, or Uganda.  The New Big Blue reexamined their position, and shortly after making that decision they announced that they would indeed eliminate the MCSE program around the globe.  MCITP(rgb)_1324_1314_1315_539Thus, with the release of Windows Vista and then Windows Server 2008 (along with the SQL and other technologies at the time), Microsoft Learning introduced the Microsoft Certified IT Professionals (MCITP) certifications for job-based certifications… along with the Microsoft Certified Technology Specialist (MCTS) credentials for task-based certifications.

It essentially took one generation of technology for Microsoft to revert to the old acronyms… from Windows 7 and Windows Server 2012 onward, MCSA now stood for Microsoft Certified Solutions Associate, and MCSE stood for Microsoft Certified Solutions Expert.  Why nobody at Microsoft Learning a few years earlier thought to replace the word Engineer (the offending word in the MCSE title) with another word that began with E still escapes me, but there it was.  MCSE was back.

microsoft365-enterprise-adminstrator-expert-600x600This morning, Microsoft Learning announced that once again, the MCSE (and MCSA) credentials are going away… and for those of us who have pursued any of the new, ‘modern’ certifications, it was easy to see that this was just a matter of time (see article).  According to this blog post published today by Alex Payne, GM, Global Technical Learning at Microsoft Worldwide Learning, “…all remaining exams associated with Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Solutions Expert (MCSE) will retire on June 30, 2020.”

The blog goes on to say that only the exams are retiring, and that the credentials themselves will remain active for two years after that;  this means that on July 1, 2020 all MCSA, MCSE, and MCSD (Microsoft Certified Solutions Developer) credentials on your Microsoft Certified Professional (MCP) Transcript will be moved to the “Inactive” section.

I earned my first MCSA credential on  May 27, 2005, and have held various MCSA and MCSE credentials for nearly fifteen years.  When they were taken away the first time I was upset.  Today, while I am also upset, I guess I understand.  Microsoft Learning is evolving, and their credentials are too.

With that said, universities have done a great job of evolving over the last few hundred years, and yet they still offer Baccalaureate programs, as well as Masters, PhDs, and Doctorates.  Are these the same today as they were a hundred years ago?  Of course not.  They have been able to keep the title while evolving the skills required to achieve it.

Of course, Microsoft Learning is not a university, and a certification is not a degree.  However, for those of us in the trenches… as well as for those myriad customers who often rely on a set of credentials to know what skill set they need to hire, it might behoove MSL to once and for all standardize their nomenclature, rather than ‘evolving’ every few years.  If they did that though, what would I have written about today?

Portable Security: A walking Fortress

In January, 2018 I wrote a couple of articles about the Aegis Secure Key 3z Flash Drive from Apricorn Inc.  At the time, I was extremely interested in its use as a Windows To Go (WTG) device, and in fact it tested very well for that task.  The fact that Microsoft has announced they have deprecated the feature (although it is still present as of Windows 10 v1909) does not take away from the fact that I gave the device a big thumbs up then, and I still give it a big thumbs up.

Aegis Fortress L3So when I was contacted by someone at Apricorn a couple of months ago to see if I wanted to test any other devices of theirs, I jumped at the opportunity.  They sent me the Aegis Fortress L3 – USB 3.1 / 3.2 Portable Drive, an ultra-rugged, super fast drive with hardware-based 256-bit AES XTS encryption. 

I have several external hard drives – from Seagate, Western Digital, and one branded HP.  They all serve their own purposes… and I have always relied on BitLocker to Go drive-level encryption to protect the contents.  I have larger factor (desktop) devices, as well as smaller, pocket-sized devices (3.5” disks vs. 2.5” disks).  Some are as small as 256GB, others as large as 4TB. 

All of these drives serve their purpose, and I have relied on them for those purposes for years.  However, and until now, they all have a couple of things in common: they are not secure (until I enable BitLocker), and they are all relatively fragile.  Don’t get me wrong… if you have one standing on its side and it falls over you should have nothing to worry about… but if it were to fall off your desk, you might be concerned about damage to the device.

The Aegis Fortress L3 eliminates those concerns.  The hardware encryption protects my data from being compromised if the device is stolen; yes, a thief would be able to re-format the drive and use it himself (as long as he had access to the Aegis Configurator tool), but they would not be able to access my data, which is what I really need to be protected.

The device is secured in an aircraft-grade aluminum alloy enclosure, which is then sealed closed with tamper resistant / evident uni-directional breakaway security fasteners which are driven and cemented in place with hardened epoxy.  If you don’t know what that all means, then let’s make it simple: you cannot take it apart and then put it back together again without someone knowing about it. 

As for ‘what happens if I drop it?’ the answer is:  The HDD models have a non-operating shock resistance up to 650G for 1ms, and 300G for 2ms if operating.  The SSD models feature 1500G/0.5ms | Virtually shock and vibration resistant.  That sounds pretty impressive as well, although I would still sooner not drop a hard drive to test its durability… not if I wanted to keep using the drive, anyways.

The drive has one thing that none of my other drives has… the keypad.  The hardware encryption requires a person to physically enter the code in order to use the device.  Otherwise it is useless.  If you are concerned about a brute-force attack, it is easy to configure a limit – enter the wrong PIN four times, and your drive is wiped forever.  The membrane-style keypad is rated to IP66 against water, dust and grit penetration, which means it can endure a lot of hardship.  While the drive is not waterproof, you can spill a cup of coffee on it without frying the keypad.  I do not recommend trying this… if for no other reason, one should never waste a perfectly good cup of coffee.

While the web site claims the drive is software-free, I am not sure that is really true; I needed the (included) Apricorn Configurator tool to configure the PINs, including the Administrator PIN, User PINs, and Recovery PINs.  I was also able to create a Self-Destruct PIN, which if entered would immediately wipe the drive.  I used the tool to configure the drive as Read/Write (although Read-Only is an option as well).  For extra security, you can configure Auto-Lock timeouts, so that if your drive is unused for a certain amount of time, it automatically locks. 

There are several sizes and configurations to choose from, with HDDs ranging from 500GB-5TB, and Solid-State Drives (SSDs) ranging from 500GB to 16TB.  My test unit is the 500GB SSD, and it is blazing fast… as long as you do not plug it into a legacy USB 2.0 port, which I did initially. 

The interface on the device is a Micro-B female connector, and included in the box were two 1’ cables (USB and USB-C).  They both allow for Super Speed 3.1 3.2 Type A and C.  As I discovered initially, the Type A connector allows backward connectivity with USB 2.0 and 1.1.  The data transfer rate is up to 5 Gbps (depending on your system port), and the device is powered 100% by the bus.  It has an 8MB buffer, with an average seek time of 12ms.  The weight depends on the configuration, ranging from 7.6oz for the <=4TB SSDs to 13.7oz for the >=4TB HDD models.

If you are worried that the included cables may be too short, rest assured that they are industry-standard, and I successfully tested the drive with 6’ cables that I had.  They also include a carrying case for the device, which will protect it from scratching the seemingly bullet-proof outer case.  It is a nice touch though, and I will use it when I travel.

While I run almost 100% Windows in my life, the drives are OS-agnostic, and work just as well with Mac and Linux.  Another advantage to the physical encryption that beats my BitLocker to Go solutions hands-down.  It eliminates my having to go scrounging for an unencrypted drive every time I want to transfer files to my girlfriend’s laptop. 

There are several approvals and certifications (FCC, CE | FIPS 140-2 Level 3 Pending), and even though some of them are listed on the product page as ‘Pending’, I suspect this may be someone neglecting to update a marketing sheet, as some of them are listed ‘Pending 3Q 2019.’  That just means that if you are in an industry that requires these levels, you should speak to someone at Apricorn before going forward.

While the Aegis Fortress L3 is more costly than an off-the-shelf drive, you certainly get what you pay for.  These are not drives that grandma will buy to back up her family snaps; if you require built-in encryption on a rugged device, the price tag is worth every penny… and those pennies are currently listed from:

500GB HDD: $239
500GB SSD (as tested for this article): $359.
5TB HDD: $499
16TB SSD: $9,999

(There are several other configurations available… these are the minimum and maximum sizes.  For more up to date pricing of specific configurations, visit the Product Page, or contact the company directly at (800) 458-5448.)

There is no question in my mind that I give this product a big thumbs up.  It performs brilliantly, it looks great, and I am happy to recommending it to you for all of your local and portable secure-storage needs.

Office 365 Distribution List Question

Hey Mitch! Do you know if we can add a couple hundred users to a distribution list instead of adding them one by one?

One of my help desk techs was asked to create several distribution lists with several hundred users, and they do not want to have to scroll through the user list to click each user one by one.  Of course there is a solution… PowerShell!  It is pretty easy to do…

Firstly, you need to create a .csv file.  Let’s call it DGroups.csv.  Create the following headers: Alias,DistributionGroup.  It should look like this:

Alias,DistributionGroup
Mitch.Garvis,O365-Admins
Fred.Kippels,O365-Admins
Fred.Kippels,HelpDesk-Managers
John.Frinks,HelpDesk-Managers
John.Frinks,Softball-Players
Mitch.Garvis,Softball-Players

Once you have that, open a PowerShell console, and connect to your Office 365 instance.  Make sure you have the credentials to add users to the groups listed in the file.  Now, run the following cmdlet:

Import-Csv “C:\DLAdd.csv” | ForEach-Object { Add-DistributionGroupMember -Identity $_.DistributionGroup -Member $_.Alias -BypassSecurityGroupManagerCheck }

That should be it… You should have your users added to the group.  Have fun!