New adventures – with TrueSec

Today is the first day of my new adventure. As of today, I´ve joined TrueSec Infrastructure and will be taking on the role as Principal Technical Architect. I will be focusing on Microsoft 365 and other technologies related to it.

Its really a dream come true, I still do remember my first user group that I attended many years ago. Johan Arwidmark was one of the speakers, and he and many of my new colleagues at TrueSec have in different ways been idols and people you always have been able to turn to.

That´s of course one of my goals as well, to become a trusted advisor for both customers and the community. I do see TrueSec as a great company that will enable me to achieve that. They will also be able to provide me with opportunities to work with some of the worlds most interesting and, in a good way, challenging companies and organizations.

From today, Ill be working globally and ill of course still be doing as many community activities as possible. In the coming months I´m speaking at Techdays Sweden, Microsoft Ignite, Experts Live Europe. Looking into the future I´m one of the featured speakers at Igel Disrupt EMEA in February.

Me, Alexander and Toni will continue the adventure we have set out on with Knee-Deep in Tech, that wont change. We will still aim to publish weekly podcasts, blogpost and be active on social media.

On top of that, I know that TrueSec have a few things planned for me – so stay tuned and reach out if there´s anything I can help you out with. You can reach me at Twitter, LinkedIn and of course via e-mail.

Speaking at Experts Live in Prague!

It´s a late announcement, but I´m happy to tell the world that I´ve been accepted to speak at Experts Live in Prague November 20-22!

It will be my first Experts Live, but from what I´ve already have experienced in terms of organization and how they´ve have handled me as a speaker – I´m VERY excited!

Ill be presenting a session on Windows Virtual Desktop and how it integrates and enhances (and gets enhanced) by Microsoft 365. A session I´ve presented a number of times and that always gets the attendees to think in new directions and understands how WVD is democratizing End-User Computing.

I´m of course happy that Alexander have been accepted as well and will present two sessions as well.

Other than that I´m of course looking forward to the keynote with Joey Snow and Rick Claus of Patch & Switch fame as well as sessions from Marius Skovli and Alexander Benoit among others! You can check out all the sessions in the session catalogue which you can find here:

https://www.expertslive.eu/sessions-catalog

But don’t forget what conferences are all about, its learning and connecting. Therefore it will be great fun to spend so much time socializing with all the speakers and attendees during the different networking events. So take the opportunity to reach out to me before or during the event. Perhaps we´ll even invite you to be a part of our Knee Deep in Tech podcast? 😀

Looking forward to seeing you in Prague!

A Swede went to Finland, spoke and learned

A couple of weeks ago now, I was focused on preparing for, and speaking at, Techdays in Helsinki, Finland. I was really happy to be accepted for the conference after Alexander spoke there last year and praised the arrangement. I was also very happy that Techdays choose to accept my session on Windows Virtual Desktop, since this is one of the topics I’m most passionate about and involved in currently.

I have presented this session previously, at Igel Disrupt, but this time I had another kind of audience. With more mixed backgrounds and focused more on “regular” client management. In the end, it turned out great!

I felt that I had a very good interaction with the audience and I’ve received a number of questions during and after the event. Also, the feedback has been amazing and I’m very glad and humbled by that.

So, why do I think that WVD is such a big deal? Well, I’ve said it before and to me the first and most obvious benefit is that this till democratize the, so called, EUC (End User Compute) landscape. The technologies out there today is usually pricey and fairly complicated to configure and maintain (and yes, that includes Windows Server RDS). They usually also require you to buy a number of licenses up front, or at least do the implementation as a project.

This have prevented some, especially smaller, organizations from going down this route, even though they would like to. This is made possible with WVD. You can scale DOWN to a 1 user on 1 VM if you like, and that’s fine. You don’t have any upfront cost, you can for your consumption (even thought it actually can be cheaper to buy reserved instance and pay for it upfront). It’s a very, in the simplest configuration, an easy solution with implement and manage.

You of course get all the benefits that any, or most, EUC solutions have today in terms connect-ability, security and mobility.

One of the feedback points I received both in Munich and in Helsinki were that I almost sound overly positive and don’t present the downsides of the service. For this, I’m sorry. Its actually not intentional and therefore I would like to point out a few downsides I currently see with the service (based on publicly available fact):

  1. Its great to run apps and desktops in the cloud, but you need to consider your apps first. This will be the showstopper for many organizations. If you have systems that required connectivity to your local datacenter as an example, its perhaps not great from a performance perspective to put the client in the cloud. You can of course see this as an opportunity as well – you are moving your stuff to the cloud, but consider that first.
  2. Second, authentication. Personally, I do feel that the current solution could be highly improved, but could require more cross product group work. The RDS cant sort this out by themselves, they need help from the Windows, AD and Azure AD among others. Ill dig deeper into this in time of the public preview.
  3. Since this is some kind of hybrid if we compare it to other solutions, we need to have tools that makes it easier to manage the service, especially the VMs. You don’t need to manage and maintain the actually underlying infrastructure – but you need to configure it, secure parts of it and manage your VMs. This will also require some cross PG work, and this (as well as security) is where I see that I personally can make a difference.

There are of course other downsides as well – and I’m really looking forward to getting more information of the final decision on licensing of the service. We’ll see.

This is however feedback I’m struggling with. I do get it, I do see it as important and I do want to be better at not just look at the good sides of it, but also (in blogs or when I’m speaking) give my audience a realistic picture. Again, I’m not trying to hide anything, its just a matter of me focusing on the amazing technology.

I’ve actually had this challenge before. In the beginning of Windows 10 I did a customer presentation on Windows 10 and why that would be the best OS for this customer. They found the presentation interesting, they saw the benefits but then they asked me a question: “So, what’s bad with Windows 10? There needs to be something, or else we wont be able to trust what you are saying.” I do get that feedback, especially now a few years later. So, moving forward ill do my best to present a more nuanced picture whatever I’m presenting on.

So, we’ll for sure have reasons to get back to WVD in coming blogposts, but for now Ill be focusing a lot of my “core” technologies which is especially Windows 10 and EMS.

Take care and remember to follow the blog and listen to the Knee Deep in Tech podcast. You can find us wherever you find pods including iTunes and Spotify.

Deploying and Managing Power BI using Microsoft Intune

This post is written on request by parts of the Power BI community. I’ve really enjoyed writing it, not because it’s a deep dive, because it isn’t. I’ve enjoyed writing it because this post will show what you can do with Intune and Windows 10, which will help another strong community to grow and make use of Microsoft 365.

So, this is the request:

How do we distribute Power BI to our users, how do we keep the clients up to date and should we choose the Store version of Power BI Desktop or the installed version?

There are a few requisites to what I’ll be showing below:

I do assume that the management and enrollment of these devices (Windows 10, iOS and Android) have been set up and are working. As well as the devices have already been enrolled (if needed).

I do expect the Power BI and Intune licenses have been assigned to the users.

The Windows devices need to be either Azure AD Joined or Hybrid Azure AD Joined.

Windows version needs to be Enterprise, Education, Business, Pro and 1607 or later.

Let’s get started!

Which version should you use – the app or the installed application?

Well, it depends on how you would like to manage it. First, the feature set in these apps are the same. You can do everything you expect to be able to do in both the app and the installed version of Power BI Desktop.

From a Windows, and a security, point of view the app (from the Microsoft Store) would be your primary choice. The reasons being that the app has been built in such a way that it will handle updates and upgrades of Windows just fine. It’s a highly secure architecture and it integrates very well with most of Microsoft’s (and others) management and security solutions.

To deploy the app, which ill show you how to do in a little while, you publish it from the Microsoft Store. That means that you don’t have to repackage it, and that it will keep itself up to date after you’ve installed it. You’ll also ensure that you always are deploying the latest release of Power BI.

The downsides on the other hand are mainly two:

  1. The bad thing about an app that updates itself, is that you don’t have control over the updates. You can’t control when a specific update is being released and installed on your machines.
  2. When you are using the app, it will automatically adapt its language to the language of the Windows 10 operating system its installed on. So, say at you have a Swedish Windows 10 Enterprise, then the app will be in Swedish as well. Which in some cases isn’t at all what we want.

On the other hand, with the installed app, which we from the start get in as an .MSI file you have to take care of your upgrades by yourself. You must repackage it, which is a simple process, but still something you need to do. This is also a fairly old, and not always streamlined way of installing applications. It’s a larger, even though small, security concern than the app and it demands more work from you as an administrator.

The flipside on the other hand is control. You control when the Power BI update gets installed on machines. Its much easier to pilot a new version to a select group of users and you can release in the pace you’d like.

You are also in control of which language Power BI will be installed in, and it doesn’t need to match the language of the operating system.

So, you are in most cases choosing between simplicity or control. Next, ill show you how to set up the distribution of both of these using Microsoft Intune and Microsoft Store for Business.

Distributing and installing Power BI using Microsoft Store for Business & Microsoft Intune

We’ll start in the Intune console, which you can find in the Azure portal (portal.azure.com). Search for Intune and when you’ve found it, navigate into the “Apps” section.

To the left you’ll see an option for Microsoft Store for Business and if this is the first time your organization is using it, we’ll have to set it up. To do this you’ll need Global Admin rights, so usually you would be required to ask on of your colleagues, but if you are “fortunate” enough to have these rights, go ahead.

Open the Business Store using the link and accept the EULA. Thereafter navigate to Manage\Settings\Distribute and activate Intune.

Next, it’s time to choose apps. In black ribbon at the top of the page, click “Shop for my organization” and search for Power BI. Once you’ve found it open it up and click “Get the app”. You’ll need to accept yet another EULA.

Now, I recommend that you add the app to your private store as well as distribute it with Intune. Therefore, next to the “Install” button you have a settings toggle (three dots) in here you can make the app available to everyone in the private part of Microsoft Store for Business.

For now, we are done in Microsoft Store for Business. Go back to the Intune portal and Save your settings for Microsoft Store for business. Refresh the page and you should now see a green checkmark and a text telling you that the connecting between Microsoft Store for Business and Intune has been configure.

In the apps list (you’ll find the link to it to the left in the portal) you should now see Power BI. Click on the line and then choose assignments. You have the possibilities to distribute it to both apps and users, in most cases you would like to distribute it to users.

When you choose to assign it, you’ll be asked to provide a group or a user. I would highly recommend using an Azure AD group for assignment.

In terms of how it will be installed, you can choose available or required. Required means that the app will be installed automatically on devices that the users you have assigned it to logs on to without any user interaction.

Available on the other hand publishes the app in the Company Portal, and the user can then self-service themselves to the app from the app.

Its up to you what service you would like to provide your users, and you can mix these two for different groups of users.

If you choose required, it will install as soon as the device have synchronized with Intune.

To deploy the Power BI app to Android or iOS you follow almost the same procedure. But you don’t, necessarily, need to configure the platforms specific stores.

You add an app using the “Add” button at the top of the Apps section. Choose your platform and search for Power BI. You’ll then assign it in the exact same way as you did with the Windows 10 apps.

Distributing and installing Power BI using Microsoft Intune and Win32-app deployment

To install the app, a few more steps are required from your side. You’ll first need to create a package that Intune can distribute for you.

To do this, download the Power BI desktop installation file and save it in a folder called “PowerBI”. Before continuing, create an empty folder named “PowerBIApp”. You can find the download here: https://powerbi.microsoft.com/en-us/desktop/

Interestingly enough if you choose the “Download” option you’ll actually be sent to the Store version, which points to which version Microsoft thinks that we should choose. So, to find the MSI file we need to choose the “Advanced Download Options”.

Download the Intune App Packaging tool from GitHub and extract the .ZIP file. https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool

Open a PowerShell prompt as administrator on your machine and run the Intune packaging tool.

You’ll be asked for three things by the packaging tool:

  1. The full path to the “PowerBI” folder where you saved the installation file, aka “Source Folder”. C:\Users\<Username>\Downloads\PowerBI as an example.
  2. The full path to the installation file, aka “Setup File”. C:\Users\<Username>\Downloads\PowerBI\PowerBI.msi as an example.
  3. The full path to the output folder where the package will be created, aka “Output Folder”. C:\Users\<Username>\Downloads\PowerBIApp as an example.

When you have entered this information, the tool will compress the package and the output will be in the form of a .intunewin file.

Now, its time to head back to Intune and add a new app. In the Client Apps section, select add and choose to add a “Windows app (Win32)”.

Select your newly created app package and upload it to Intune.

Next, you are required to enter a suitable name, description and Publisher. Ensure that you make it clear if this deployment is intended for 32-bit or 64-bit (if you are thinking about the 32-bit one, we need to have a discussion) and which language you are installing.

In this case, and usually when we base our package on an MSI-file the installation and uninstallation commands will populate by themselves. However, due to how the Power BI Desktop MSI file is designed we need to change the original command line to the following:

msiexec /I PBIDesktop_x64.msi ACCEPT_EULA=1

Intune will then add ” /qn ALLUSERS=1” to the command line to complete it.

In the next step you must configure which requirements that needs to be fulfilled for the installation to take place. We will only configure x64 and a later version of Windows 10, but you are also able to add requirements on disk space, RAM, number of CPUs and CPU speed if you’d like.

To ensure that the installation is successful, Intune requires you to specify a detection rule. The detection rule could be a file, a registry setting or anything else that will tell Intune that everything is as it should be. The good thing about using an MSI in this case is that the MSI will tattoo a unique value for that file to the MSI, a GUID, which we can use to verify the installation. You can use this by selecting to manually configure a detection rule and add an MSI rule. This will auto-populate for you.

We could, if we would like to add custom return codes as well as tags (often used for Role Based Access Control RBAC), but for this time we can leave them.

When you then press add the package will start the upload to Intune, encrypting it on the way. Once the upload is done, we will then open the app and assign it to our users.

We do this in the exact same way as we did with the app-version of Power BI. Select a group and choose how it should be installed. The user experience is however a bit different form the app.

After the assignment, it can take a while for the devices to retrieve the instructions to install the app, but after a while it will start to download and install without requiring the user to interact with in (in the case of a required deployment).

Done!

Managing Power BI with Microsoft Intune

So, you have deployed your new apps to your machines and the next update gets out. What do you do?

For the app from Microsoft Store for Business, you don’t need to do anything. This will handle the upgrades itself as soon as the new version is available.

For the Win32 app, you need to do some more hands on work. You’ll need to create a new package for the new version and create new a new app in Intune. Before deploying the new version, you need to remove the assignment of the previous version, because when the update is installed the GUID will change and therefore trigger a new installation of the old one and so on…

So, the steps in short:

  1. Create a new package for the new version and upload it as a new app to Intune.
  2. Remove the assignment of the old version. You could create a “Pilot” group and exclude that from the assignment as well, but that’s another story.
  3. Create a new assignment for the new version and let the MSI take care of the update itself.
  4. Done!

You could automate a lot of this with PowerShell, but that’s for another time

Wrap Up

As a wrap up, your first and most important choice is to choose how to install Power BI. What do you value most? Less work or more control? There is nothing that says that you couldn’t even combine these two, its just a matter of controlling the Azure AD groups. The users will be very confused to see two different Power BI apps on their machines.

Next, is this something you as the Power BI administrator should do, or do you have a client management team that could help you out? It depends of course, but this guide will help you to get started if you need (or want) to do it yourself.

If you have any questions regarding this, let me know and ill do my best to help you out!

Don’t forget to follow me on Twitter @Bindertech as well as the #KneeDeepinTech hashtag for more great Microsoft 365 content!

Want to listen to perhaps the most bizarre Microsoft focused podcast out there? Ensure to subscribe to Knee Deep in Tech on Spotify or where you usually find podcasts!