Welcome to episode 328 of the Microsoft Cloud IT Pro podcast recorded live on March 31st, 2023. This is a show about Microsoft 365 and Asher from the perspective of it pros and end users where we discuss a topic or recent news and how it relates to you.
We kick off this week with a few updates to Microsoft 365 around the deprecation of remote PowerShell or R P s for exchange online, some changes to how you'll get to Azure AD in the Microsoft 365 admin center and how you can enable the new Microsoft Teams client for your users. And then Scott educates us all on strategies to make sure you are getting notified of service retirements and deprecations for Azure. You're getting fancy. Yeah, I. Know we. Got more stuff underneath our names.
every week. I like to change it up for you. You do. It's always a surprise and if everybody wants to see all the stuff Scott's adding under our names, go watch the videos on YouTube because there you go. We've been doing that and Scott, I have been embedding them as well in our blog post.
So if you're subscribed to the RSS feeder, I even noticed the link does show up in the show notes in different pod catchers where there's like a video header now and then there's a link to the video on YouTube if you actually want to see us discussing topics and all of our hand waving and flailing and all of that. This stuff. I'm a big hand talker. Uh, and so yeah.
I am too. Maybe I don't. Yeah, I feel like I do too when I forget because we're looking at each other and sometimes when I'm talking I talk with my hands and I'm like, wait a minute, people on the podcast can't always see my hands. . Well now they can if they go to YouTube easy enough or if they want to see us goof around in real time, they can also come over and join us on Discord, ms cloud it pro.com/membership and ooh, look at that. I put a plugin, let's go ahead and.
We had a party here the other week too. We had like eight people and then the last two weeks there's been nobody . That's up and down. Anyway, come join. Us. It's okay, we, we shall power through. So I've got some things I wanna talk to you about this week. I think you've brought a a bunch to me the last couple weeks between loop and listener questions and all that kind of stuff. So it is time for me to get up on my soapbox. But first maybe a couple news things before we get too.
Deep in. Yes. And it is not gonna be loop related cuz I have a whole bunch more thoughts but I'm tired of talking about loop . So news things, I saw this one the other day Scott, and I don't believe we talked about it but I think it's one that people should absolutely be aware of in that there is a bunch of exchange power shell deprecation stuff going on.
So September of 2022, so end of last year they made the rest based exchange online PowerShell V3 module available and this is exchange online management for those of you that are installing it, which I think V3 is just an upgrade of the V1 and the v2 but there are also people still using the new PS session. So it's essentially a new remote PowerShell session to exchange online. That was the original way to write PowerShell.
But the new PS session, the exchange online PowerShell version one, version two are all being deprecated. Essentially they're turning off remote power shelf for exchange online. The V1 deprecation will be completed by January of 2023. Uh, that was already coming gone. V2 deprecation will be completed by July of 2023. So that one is still coming up. The remote PowerShell session R P S protocol will be deprecated in June of 2023.
So June 1st, 2023, they're gonna start blocking those remote PowerShell session connections. They're gonna block R P s for all tenants by July 1st, 2023. So after that, if you're using any of these older modules or the new PS session, it's going to break.
So if you have old exchange online PowerShell scripts that you created, old Azure Automation Runbooks, whatever you may have created years ago that's still using new PS session or servers that you just don't go in and update the exchange modules on , you're gonna want to go do that before July of this year. Yes. So there's a couple blog posts out there about this as well. I'll put both a link to the old one and the new one in show notes just so folks can kind of follow along from the initial
announcement. And then what changed a little bit coming over to the new one. A really good thing here that I see is having a little bit of empathy for customers in, in the way this one's going down. Not only in like the way they announced it, hey let's give a little bit of notice but one of the design goals is for this new module, well it's not running under remote power shell like it's not using r P s in the background.
The intent is to have full compatibility with the existing set of capabilities in the current commandlets. So the current modules and kind of the whole underlying set of commandlets that are there. So I think that's all really good cuz you're not gonna lose functionality and you potentially just have to swap protocols which makes it a little bit easier for you. So from a login flow perspective things are gonna change the way you connect and
disconnect. But you know under the seams it's really, hey I was connecting to a remote PowerShell endpoint and now I'm connecting to a REST API and either way I'm just getting a bear token back and then I'm working with APIs after that. Yeah so this is not nearly as drastic or as much of a cognitive load as like the switch from the Azure AD PowerShell to graph PowerShell. . No from that. Perspective like command let's all stay the same.
Orders of magnitude different. Yeah. Yeah. Much more feature parody. It's just make sure you're not using that remote PowerShell session and make sure that your modules are upgraded.
Yes. Another thing to keep in mind with this one is I know sometimes updating scripts is like trivial work that just gets on the backlog and then it gets bumped down over time because more important things come up and you gotta do the new thing, roll out the new initiative, whatever it is, there is that kind of target date right of hey let's get this done by September and you're gonna wanna be done by the end of September, 2023.
Cuz there's no exceptions to go ahead and say hey extend it and give me RPS and my tenancy longer. Yeah, they have that on the timeline too on this newer blog post of once you hit that September there's no opt out, there's no reen enablement of anything, it's you're cut off. Yes. Completely. So entirely. Is a consideration for folks that are out there.
Yes. So you said this isn't jarring but there is something else that was a little jarring that you mentioned and I noticed the other day and it, it didn't jar me as much cuz I've done this but have you gone in recently and clicked on Azure AD in a Microsoft 365 admin center? I. Haven't but to be honest I sometimes forget that Microsoft 365 exists like in the admin center because I don't do it day to day anymore. I'm, I live in Azure day to day right. And it's a different world for me.
So sometimes when I read about things like this I'm like huh, they're doing what to the what? Like they can't do that. So yes, the Azure 80 admin center, I did go and look when I saw the articles popping up about it cuz I completely missed the message center post about it as well is moving to the intra admin center. So you're going from the Azure AD admin center to the Microsoft Azure to the No, the Microsoft intra to the intra and admin admin center.
So so now you have Azure active directory basically as a set of pages and tabs kind of under intra and that whole experience, which makes sense like it's been there for a while, it's been in, it's been in both so why bifurcate it and have customers go to two places? You know the first time I saw it I was like they're doing what to what and they're getting rid of the Azure ad admin center and they're making all of us use intra like even Azure customers and that's not what's happening.
It's the Azure ad admin center that was in the M 365 admin center and that view of it is collapsing into intra formally. Yeah, you sent this article over to me and kinda like you, I kind of seen this, I kind of read it but I've been intra enough, I didn't think about it a whole lot and I even went through the experience the other day and I was kinda like one of those huh, okay. I think something is different.
Here. It was about, yeah and if you go look at like I just popped open my admin center so I just went to admin.microsoft.com and if you hover over Azure active directory in your list of admin centers, it is now pointing to intra.microsoft.com and then a whole bunch of query parameters and everything after that.
Yeah to your point, that's the only place that's actually changing is it's not that Azure ad or the Azure admin center is getting replaced by intra it's that the link in the Microsoft 365 admin center is going someplace different now if you go to aad.portal.azure.com you still go to Azure Active directory. If you go to portal.azure.com and search for Azure Active directory and go there, you'll still go to your standard Azure active directory. It'll be interesting.
I am curious if they actually change those over time and it does become intra for everything everywhere because really all intra is as it's slightly different navigation to get around all the stuff you can get to already in Azure active directory, just the menus are organized differently but then they have added in like the permission management stuff, the cloud knocks that we've talked about before. They added in a menu for the new verified ID stuff.
But I think from my perspective, like they could legitimately replace all of Azure ID d links, navigation to it, all of that with entra and everybody would probably be able to get along just fine, should. Be able to. I think this one's more like fyi, you know if you don't go into the admin center every day you could have a little bit of who moved my cheese and it's not just who moved my cheese, it's who moved renamed my cheese along the way.
I started out as a one nice block of Swiss or whatever over here and uh, I turned into a nice Parmesano uh, over on the other side. So yeah, stuff moves, stuff changes, you have to keep up with it.
The whole change fatigue thing is real. So uh, you know, hopefully you're not surprised if you do see it or do run into it but you know, certainly if you have like internal wikis or like support articles that your teams use or things like that, say you're like a managed service provider or csp, something like that. Like you might wanna go update those and you know, prep people and say hey stuff's changing again. Yeah.
Well and it's only the navigation which I think kind of makes me laugh cuz if you go click through all the different menus, oh yeah on the right, it's literally the old Azure ad. It's all the old Azure ad pages loading up in the I frame or in the frame or whatever that construct is to the right. It's only the navigation that has a new look and feel and it's really so they
could add in those coverable other extra things. So like you said, it's a shock if you don't go in, it's a little bit of a surprise of where everything go, but once you figure out where everything is, you're fine. It's still Azure ad from a settings configuration, all of that perspective. It's just your navigation. You gotta go refigure out. Easy enough to do you know, what else is changing and what you should play around with while you're in the admin center.
The color of my hair, oh that's not the admin center though. I'm trying to keep up with you Scott . Good luck. I've been this way for 30 plus years. So teams, so I know you're not a big Windows user, but you might have some customers who use Windows and there's like one or two customers out there that do have Windows Estates that use Microsoft Teams. So there's a new client for teams that's coming. It's built on a different set of technologies.
So rather than being built on Electron and carrying some of the overhead that came with that, it's built on web U2 and it's just a, a little bit of a different underlying technology stack. So you can think of it still as like a web wrapper , like, I mean that's, that's what it's been for a long time. Yep. But because it's using WebView two, the performance overhead is much, much lower. Like on the order of, you could see like a 50% improvement in CPU consumption.
And I don't know if folks have ever like felt like Teams isn't the most performant client that exists out there, but if, if that's you and you're in that stack, like you might really want to take a look at the new preview client. Like is it worlds better? Like eh, I mean I would argue like if they went native Native they could probably get like really good, right? Like like be closer to the metal. But that's not a choice that anybody's taking. So you gotta take what you can get so it is better.
So the new client is a feature, it just becomes a little toggle for your end users. In the teams client itself it's, it's just a little button it says try the new teams and you can kind of turn it on or off and you need the ability to turn it on or off as a user because there's some things that still don't work in the new client and are being transitioned over. But that list is like growing smaller by the day just as they roll out new
versions. But to do all of this, you need to go into the teams admin center and there's a setting in there under your team's update management policies for use new teams client and then you can go ahead and select users and groups in your organization who are going to get access to that toggle
and be able to play with things. So yeah, if you're heavily dependent on teams, it's something that you're going to want to think about probably participating in this kind of preview ish experience, especially if your primary clients are Windows. Like there's tangible benefits for your users if all they need is the set of features that are in the, in the new client. Yeah and this is much if you want a comparison, remember I don't do they still have this for Outlook?
They did something very similar to this when they were working through some of the upgrades even to the Outlook client where there's always that little toggle. So you can easily flip back and forth between the two experiences I have seen, I've kind of been keeping an eye on it. Like you said, I'm on a Mac, this is only Windows right now for this new teams clients. So I have played with it a little bit.
I do have some Windows VMs that I have it on that it's pulled up on so that I can play with it a little bit. The tiles turn on and like you said, there are some nice features on it. It does seem like there are some long awaited features that are coming with the new teams, particularly around multi tendencies and some client switching stuff.
Like you said, better performance. From what I've seen it, what I have seen it is, is still by no means not taking a bunch of resources , but it is taking far less resources than it used to. Like instead of when gig it's taking like 500 megs. I will say on my work PC I've gone from a hundred percent CPU consumption like solidly anytime I'm in teams and I have Outlook open to 99% CPU consumption.
So like things are getting a lot better cuz I can actually like click between my teams window and Outlook. Now , uh, it, it is a quality of life thing. The other thing that I'll put in the show notes is a link over to the docs for this. So over on learn microsoft.com, there's a great little article over there on the new client itself. It kind of breaks down what's new in teams, what platforms this is available on, which is really just Windows and that's about it.
And your mileage is going to be much better if you go ahead and roll with Windows 11 over Windows 10 or some of the older variations of it that might exist over there. It's not available in all the clouds yet. So if you're an EDU customer, I don't believe it's out in gcc. There are restrictions that are there not available for VDI clients, not available for Mac clients either, like you mentioned. So, uh, couple rough edges. Oh uh, also not on web , which is kind of an interesting one.
All those things will kind of get burned down over time as it all gets fixed up and gets ready to go. Like I said, if it works for you, I highly recommend trying it out because it is a smoother experience. Yeah, so I was just trying to look through to see if there was a good list of what is and is not there. In that docs article that I linked to, there's a table in there, there's a heading with the table, what features are changing and what's different and known issues.
So like there are some behavioral changes here like toast notifications, change colors, like all right, great. Like who cares? The way you add added document library to an app as a tab and channels changes a little bit. Like all this stuff is easy enough to get along with. There are some presence issues going on right now. One of the big ones that I noticed is, and it's not so much a presence thing, it's more a notification thing.
So you know how you can go into your team's client and you can say, Hey, use my native OS notifications and and you can do that today on, on Windows, Mac and everywhere. Well in the new client it's respecting things like do not disturb mode now because it's respecting d and d and Windows. If you enable d and d, you never see like the little window pop up in the corner that says, you know,
oh this meeting started . So I'm actually, I, I didn't realize how dependent on that little window popping up was. Cuz sometimes you might have a meeting that starts at like five after and somebody hops in there at one after and you're like, well why don't we just get started early? Like I'll go hop in. Right? Or sometimes you have a meeting that starts at five after and it still hasn't started seven minutes later and you're like, well I don't need to hop in yet,
right? I've, I've got extra time so I'm not gonna be the first one in there and I missed that window dearly like it's forcing me to turn off d and d and Windows, which I don't like to do either cuz then it's notification bombardment. So I'm, I'm trying to find a, a little bit of a happy mediums there. The other awkward one is some of the meeting stuff. So you'll definitely wanna like look through like what are the issues in meetings just to make sure that you don't use any of those features.
So for example, like there's a bunch of presentation modes in teams. Things like you can do side by side, you can do the new cameo view and all that. That only works in the old client, it doesn't work in the new client yet. So if you've gotten really used to those, you might have to hop back to the old client. The cool thing is it's just a toggle in the team's client. So you're just going into the header and you're just turning it on or off.
It does have to restart the client when it does that, but it's not a big deal. So the way I've been treating it is like I run in the new teams client all the time unless I know I need something in the old teams client and I'll, I'll flip back automatically or in the case of things where you're trying to join maybe like a webinar or something like that, this doesn't work yet, the client prompts you and it says hey I can't do this and this client, do you want me to return you to the old one?
And you just returned to the old one. Got. It. Yeah, I was looking through and I found some of these and the one about the multiple accounts that is in the support documentation is you can't actually sign into two different or multiple, not just two different multiple worker school accounts without having to open a bunch of browser profiles. That's the one I want on the Mac.
Like hopefully I don't have to wait too long to get this on the Mac because frankly I am tired of the headache that I have with teams and multiple windows and all of that. Some other ones that I saw that kind of jumped out to me as third party apps are not working yet. Yes. So if you're using some third party apps tabs, that one could be a big deal for you.
Or if you're doing a bunch of stuff with calling advanced calling features, call queues, voice enabled channels, reverse number lookups contacts and speed dials, boss delegation or shared line appearance. So Scott, this is why you're not getting my calls anymore because I can no longer delegate my calls to you. . It's like a bank error in my favor. Yeah, exactly. Those are some of the things. I think those are the bigger ones. So those are actually just on support.microsoft.com.
We can link to that in the show notes too that they called out directly in the support article versus the learn documentation, which. I think the learn ones a little more. Is learned exhaustive. . Yes. Uh, the learn one's more exhaustive. One more that I will call out just cuz we're kind of calling out rough edges based on experience with it that I ran into. And this is covered in the learn docs as well. It's all the way down at the bottom of the article.
It's under other areas like things that might be in other areas. Sure. If you are a user and you have more than one tenant on your account, so you are assigned into your primary tenant plus maybe some guest tenants, if you sign out of your accounts and then you come back and you join a meeting, if you sign out of any one of those tenants and you come back and join a meeting, it won't sign in with your primary tenant by default.
So it's kind of like playing just random Russian roulette with what account it's going, what tenancy it's going to kind of land you in. And it gets a little weird cuz all of a sudden like you're a B2B guest in another tenant and you're like, oh wait, I'm in the wrong thing. That doesn't impact just joining meetings. It also impacts the files tab experience .
So there's a nice little air message that shows up in the files tab that says like, Hey, make sure you're actually seeing files from the team you think you wanted to see because we might have accidentally shown you files from another tenant that you're signed into and you had access to a team over there. Like whoa, okay I gotta watch out for that one. . Yeah, that one would get me. I just looked,
I'm a guest in 17 different tenants and teams. So that would be, and again for me, some of it's different clients. It hasn't hit me yet, I've only ever seen my tenant but I've like, I've seen the error messages and the warnings inside the teams client. So I, so I call it out from like that perspective, like I don't actually switch tenants a whole lot and I don't think I have in, in the last, you know, little bit since the new client was made broadly available.
So maybe that's why I haven't been impacted by it. But uh, definitely something to keep in mind if you are a single user and you have your kind of primary tenant that you're in day-to-day and maybe you swap over to other tenants as well. Interesting. Yeah, I would definitely wanna be careful of that. I don't necessarily wanna join client meetings from another client's tenant or something bizarre like that. Uh, probably not the best look.
No, I'm hoping notifications across all those guests get better too. Like most of my guest tenants all have little red triangles by them because there's something going on. Yeah, I have my fingers crossed that there will be some stuff fixed and upcoming over the course of the next little bit. Do you feel overwhelmed by trying to manage your Office 365 environment? Are you facing unexpected issues that disrupt your company's productivity?
Intelligent is here to help much like you take your car to the mechanic that has specialized knowledge on how to best keep your car running Intelligent helps you with your Microsoft cloud environment because that's their expertise. Intelligent keeps up with the latest updates in the Microsoft cloud to help keep your business running smoothly and ahead of the curve.
Whether you are a small organization with just a few users up to an organization of several thousand employees, they want to partner with you to implement an administer your Microsoft cloud technology, visit them at intelligent.com/podcast. That's I N T E L L I G I N k.com/podcast for more information or to schedule a 30 minute call to get started with them today. Remember intelligent focuses on the Microsoft cloud so you can focus on your business. What else do we have.
Scott? I think that's like new stuff I got. I got one more thing I want to talk about for a couple minutes if you want to hang out for a few more. Sure. I've got a few more minutes. I just have documentation to write and I don't like writing documents so distract me, . Will do. So deprecation of services in the cloud and kind of how you get notified about those deprecations.
So like earlier we were talking about how maybe Azure AD admin within the Microsoft 365 experience has a little bit of like that who moved my cheese component to it. You as a customer get notified about that through things like the Microsoft 365 admin center and the message center within it and and all that good stuff on the Azure side of the fence. There's a deprecation process there as well or a retirement process for services or components functionality within Azure.
And the way those communications happens, unfortunately sometimes varies based on like what the component, what it is. Is it, you know, say something like, uh, an open source framework hosted in GitHub and not really service, it's not a service you're shutting down but maybe it's like a an an S STK or a framework or something like that and like, like how you as a customer get notified about all that stuff. So I recently retired a service,
not a service and one of our SDKs for storage. So, uh, okay. I recently announced the retirement of our P H P S STK and it was an interesting exercise for me to see where things fall apart for customers on how they receive our notifications based on how they've configured themselves in Azure. So one of the very first things that happens is when a service is retired is you as a customer should get an email look out that like, hey we see you're using this.
Like if we have the telemetry on it and we have the capability to inform you, like we're, we're totally gonna do that kind of thing. And I'm noticing more and more, and it's not necessarily like a misconfiguration on the customer's part but I do think it's a little bit of like lack of awareness of the way things work is the way we send those notifications is they have to be sent to subscriptions so you know,
you have to pick somebody in the subscription to send it to. So quite often, often with an Azure subscription you can have lots of owners in there and maybe not every owner is actually impactful to that thing. So what we try and do is we try and notify admins and COAD admins for subscriptions which are, I think they're older kind of carryover properties from the old ASM days but they still totally exist on the Azure side of the fence.
So what happens is, is lots of enterprise customers, I'd be willing to bet like tons of MSPs and CSPs and things do this as well cuz it's 100% the right thing to do is they automate subscription creation and they don't set the admin or the COAD admin for their subscription to be real people. They're like some type of automation account or like a service principles, something like that. If I'm putting you to sleep just let me know. No I did not. Sleep last night and and I I to.
Bring you back tried. Yeah wake me. Up. So you have this kind of, you get into this world where as a customer the thing that you do is you don't want a human to be the admin or the COAD admin for your subscription. And I think that's the right take on it, right? Like, like you shouldn't want that to be a single human. You'd want it to be a uh, service principle or some type of admin account, like an elevated break glass kind of thing to, to get in and work with your subscriptions.
But those are where the emails go like for these things. So quite often your admin accounts don't have mailboxes associated with them, especially these non-person admin accounts that are associated with like a service principle and it has to be an account, it can't be just random email address, anything like that. Like it's the actual email address that's associated with with that a e D object.
So it's this weird like chicken and egg thing and I was trying to think about you know, how customers can potentially mitigate some of of that and make sure that they always get to email notification. Like what if you do, you have to think about maybe standing up a mailbox and like, hey if I have 10 subscriptions in Azure, sorry, like that account now gets a mailbox that's associated with it and it comes through, do I have to try and do something funky?
Like could I catch the incoming message with the transport rule and see like before it even gets to the mailbox, like go ahead and and redirect it over someplace else and have it land there because it's, I think it's a ton of just cognitive burden as a customer to say like oh hey go follow the tech community blog for your service. Go follow Azure updates, go follow you know azure.com and the blog over there. Go follow some account on Twitter or Mastodon or wherever it happens to be.
Like the way that you as a customer can 100% be informed of when a service is retiring without having to go read a blog is make sure that you have valid routable email addresses on your admins and COAD admins for your Azure subscriptions. Right. Like I was just kind of thinking through this cuz I've seen the emails, like I've gotten a bunch of emails recently about run as accounts getting deprecated in Azure automation and it's because I use them.
Run as accounts. There was one for Azure web apps today. Yep. Yes. These things come out like all the time. Right. And and I regularly have customers tell me like I didn't get the notification and I see it a lot just in places like tech community and you know, comments from customers there like people just don't see them because they're not configured to get them and they didn't know it. Yeah Right. Like I don't think it's the customer's fault. . Yes.
Sorry side topic Scott you dropped out a discord sometime recently. Oh did I? Yeah there you go. You came back. Oh okay. But yeah, I blame you. I'm with you. Like I was thinking through all of this as you were kind of talking about it in terms of could I get like an RSS feed or watch blog post and all of that. But you're right,
there's so many services in Azure. I mean it's hundreds, it's I'm guessing well over six or 700 now and if I'm not using them I don't want to have to sort through all these deprecation updates for things I don't care about. If I'm not using run ass accounts in Azure automation, I don't need to know about them and I don't wanna have to keep track of what I'm using, what I'm not using and I see a deprecation announcement and go look for it and
there's nothing in Azure. I was trying to think too, like the message center, office 365 message center, there's a lot of announcements that come through there but I do know they make at least in some cases in effort to only put messages in the message center for things they're detecting that you're using like when they got rid of, as they were getting rid of some of the uh,
legacy MFA active sync stuff. Yep. People would get messages in the message center based on what Microsoft detected in terms of their endpoints connecting to these legacy active sync SMTP endpoints, basic authentication, that type of stuff. But there's nothing like that in Azure. Is there where it's a message center of just here's messages related to only the services that we're detecting you're using? Well. You do get those messages as well.
So the same emails that go out for things like a retirement notice based on telemetry, uhhuh, , uh, they also land as service health notifications. So you do get like a portal toast for them. You should see those. But again, I don't think most customers know to monitor that or they haven't made it part of like their daily regimen to go in and and set up alerting based on those service health notifications.
Or do they have a user in the tendency that's not the admin in the COAD admin that have the light right level of rights to go in there and see all that, right? Like like have they restricted things so much where they say like, oh I don't have subscription owners. I always have somebody running at a lower scope. Like there's a very real possibility that nobody ever sees that stuff.
So like in an ideal world you'd be able to have your service account be your subscription service administrator, your COAD admin, whatever you need. Like those shouldn't need to be people but you would have them with ratable email addresses that at the very least you could take that email address, you could use that email address to like forward that email someplace else and get it out in your support org cuz you knew it was coming.
And then yeah you should do all the other healthy things like you should be checking service health including service health notifications, all the kind of portal toast notifications, things that come out of these automated systems. But if you're not doing that or you're not going into Azure Advisor, if somebody chooses to spin up like an Azure advisor recommendation or something like it's just very easy to miss.
And there's one consistent way that like I know of based on my experience to get everything and it's to have a routable email address for at least one of those two accounts. Got it. So that's the recommendation writeable email on your admin, COAD admin and forward it maybe to a group mailbox or distribution list or something that all of your, cuz I would also argue that it shouldn't just be a couple of people. Like you almost want that to be some type of feed.
Maybe you could even do like if you're using teams have it posted as a message in teams. Mm-hmm because you really would want all of your devs, admins, everybody that touches Azure from that management perspective to be able to see these because you don't always realize what somebody else may or may not be using as they were building a particular application or architecting some new service. This should be widely distributed amongst your IT team.
Yes. Another thing that I just thought of here, so have you ever gone into the Azure portal and when you sign into the Azure portal it pops up a little box and it says hey do we have the right email address for you? Yes. Like can we, I believe. I've seen that. Can we send you marketing notifications like hey do we have your right email. Address? See that's probably why I ignore it because it's usually marketing. but it doesn't it so it doesn't matter.
Like I've also had customers that go in and say hey I updated that email address cuz it said to update it so I did. It's like yeah you only updated that email address for marketing communications and this is a service notification so we're never gonna use whatever that email address that you put there, we're always going to use the email address effectively like the primary SMTP address out of Azure ad.
So you gotta make sure like it has an email address associated with it, it's roundtable, there's a mailbox there and you know there's some way to take that message from the robot and get it out in front of the human. Got. It. Interesting. Definitely something, again, I don't always think about this either. Again telling clients I need to make sure to remember to tell clients but all of my Azure subscriptions, it's just my account that's the owner on them because I am a smaller org. There's.
A difference, I I think this is it too is lots of us think about Azure in the arm terms cuz it's been so in like ingrained into our heads about like what are, what is Azure rback and what's an owner, what's a contributor, all those kinds of things. There're these legacy classic subscription administrator roles and when I say classic I mean like as M Azure service management. Right? Like I remember those. So do these get sent to those they don't get sent,
do they get sent to owners too or is it only that? No classic legacy, they. Only get sent to the service admin and the service coad admin which are both valid things in ARM as well. So even though classic has gone and deprecated and those APIs have been around for a while and you know customers are still potentially transitioning services away, those things all still exist. So for every Azure subscription you can have one service administrator and you can have up to 200 COAD admins.
So ideally what you'd really want is that one service admin, which is gonna be the person who created the account, which if like say you're like an enterprise customer and you're automating a, a subscription creation, like there's a very good chance that it is a service account or something like that. Like that is the thing that you want to uh, want to have ramped up and ready to go and configured the right way.
It was one of those crazy like throwback learning things for me cuz I remember from my consulting days and, and just being out there like in the field with customers, like it was a best practice not to have people doing these things and it still
is, right? Like it's a, but you gotta think about like what are the downstream impacts of not having that there and like to me this is a really like tangible downstream impact in that you don't get things like retirement notices automatically, which could be impactful to you, especially for retirements that are like fast tracked. Like you know, not all retirements happen in three years, sometimes they happen in a year. Yeah. So I just put a link to this in the Discord chat too.
So this is if you're in a subscription and you go into your access control, your I Am you have, and people do tend to live in these first few tabs, the check access, the role assignments and the roles, but there is that last tab here and it's that classic administrators, right? And that's where I go and I see like, yep, I'm a service administrator, I'm a co administrator and even if I go click add, it's adding that co administrator not adding a role
assignment in order to get these notifications. Correct. Yes. So , please, please, please, like if you're an Azure customer and you're listening to this, like go do the needful and and figure it out and if anybody has any better ideas, I'd love to hear them as well. I would love to like really make this better for all customers. Like I can totally see how it's a painful thing and I
don't like the customer pain piece of it, right? Like I'd be in a way, if I was a. Customer, how do they use the emails? So as a customer and as we're thinking through this, how do these emails get generated? Like could you have, just kind of thinking off the cuff here, some type of rest endpoint or web hook that gets pushed similar to how you would push out these emails. And again, that's probably coming from some email marketing or from Office 365 wherever they're sent from.
But some type of endpoint that you could potentially connect something like Logic apps or Power Automate to or. Sure. Your service health notifications, right? Like that's, that's your, that's your path to go down. You just have to figure out how to filter out the noise over there because service health notifications are really like service health, right?
Like I have a virtual machine and that virtual machine disc had a blip or the machine itself had a blip, like that's a service health notification. But there's also this class of notifications, it's like, hey we noticed you're using SKU X, Y Z of this VM series and that's deprecated so you need to get off it within the next, you know, N years kind of thing, right?
Like if that pushed out to some endpoint the way service health does, but it's much more of that fine tuned to this is what you're using or. Well you would just pull service health. I th I think you could do that. It's a matter of like how much do you have to build, like what's the lower hanging fruit for you? Is it to align and license a mailbox for an administrator or is it to go build and maintain a logic app over time that can do all that
for you? It's the whole kind of like, you know, it, it boils down to like build versus buy. Like is it cheaper for me to just go buy a mailbox with maybe like an E one license or something on it, spend a couple months, a couple bucks a month and just be done with it. You know, I just wipe my hands and and it's okay. You just need, need a service in Azure. Something kinda like a template for logic apps that you can go deploy this template.
It just automatically points at that looks for deprecations you set up where you want 'em delivered to teams or email or something like that. Something that's outside of those co administrators and service administrators where it's just a point and click set this up and set where I want 'em delivered. To. It's not always an easy problem to solve though, cuz you don't want to introduce noise like un needlessly, right? Like if a subscription has 200 owners in it, that's awesome.
All those 200 owners probably don't need to know about like, hey this one esoteric service over here going away. But the admins do because theoretically the admins would know what's going on in the subscriptions and who to reach out to, right? And who to talk to. Like you've also gotta balance like am I setting the right expectation with folks along the way? Like you don't want to introduce like fear, uncertainty and doubt, right? Like let's keep the FUD to, to a minimum.
So I do think it's a weird kind of fine line thing and I can understand why it is just initially an email to like, hey let's start with like the cream of the crop, you know, the service admin and the COAD admin and then over time let's disseminate it out in other places like service health notifications. Yep, let's do the post on Azure updates. All those kinds of things.
Let's have ongoing communications and on ongoing mechanisms to try and make sure that, you know, we're making customers aware of. This. There's gotta be an ISV out there that wants to go build this. Like some interface where you can subscribe to service health. You're an is sv, come on. Yeah. But I don't have time Plus there's a developer that wants to come build this for me and we can figure out how to charge for it.
But something that would like let the end user go in and subscribe of, these are the services I wanna see, this is what I, the announcements I wanna see. Whether it's a blip level, like I think of the whole logging thing. Do you wanna see informational versus errors versus warnings versus deprecations? And this is how I as a user want to get 'em me, Ben, I want to go look at these services, these type of announcements and I want it delivered as a teams chat or I want it
delivered as an email or I want it delivered to some other endpoint. It'd. Be a nifty feature to have. would endorse if it. Existed. All right. Developer that wants to build it and Scott, well you probably can't market it. You're Microsoft, I'll market it. , the podcast will market it. . It wasn't my idea. All right, sounds good. Well with that Scott, I'm gonna go write some documentation. All. Right. Well nothing better to do on a Friday evening than write a document.
Absolutely. All right, well, uh, I will let you go as always. Thank you. And we'll chat again next week. All right, thank you. If you enjoyed the podcast, go leave us a five star rating in iTunes. It helps to get the word out so more IT pros can learn about Office 365 and Azure. If you have any questions you want us to address on the show or feedback about the show, feel free to reach out via our website, Twitter, or Facebook. Thanks again for listening and have a great day.