tag line

moving school IT to the cloud with service not servers

Friday, 17 February 2017

Microsoft as a Service

Is it possible to run a school with Microsoft technologies without managing any servers at all ?

We're not just talking about on-premise servers but ANY servers, including those concealed in offsite datacenters or running on an IaaS platform like Microsoft Azure.  A true Microsoft ‘serverless school’ has no domain controllers, no Hyper-V farms, no Remote Desktop, no SCCM, no ADFS, no servers for imaging, patching, antivirus or backup. In fact no servers at all. 

Can it be done ?



Last year the answer was ‘maybe’ but it’s clear that the message now coming out of Redmond is ‘definitely’ and reading between the lines it might be the template for the future.

In terms of the functions mentioned above everything can now be replaced by a “Software as a Service” solution provided by Microsoft and of course with SaaS there are no servers to manage.

Active Directory (AD) is the easiest one to replace because Microsoft has been running a cloud service for years now. It’s called Azure Active Directory (AAD) and every tenant of Office365 already runs an instance of this service. Extending ADD using Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy any domain controllers at all.

At the moment this strategy has a licencing cost that few schools could absorb but that's easily solved because all new Windows 10 devices have the ability to link to AAD directly rather than to traditional AD using a process called Azure AD join. Once enrolled the management of these devices is through  InTune rather than group policy or SCCM as Microsoft moved to adopt an MDM approach in order to capture a wider range of platform types.

Patching and the security of the Windows10 devices will be managed directly by Microsoft through the new feature update service while the servers… of course there are no servers. Microsoft Office client apps will use a new facility ominously called “modern authentication” which uses the SAML federation service in AAD to provide a Single-Sign-On experience.

None of this is very new but two announcements have raised the stakes.

Microsoft recently launched Intune for Education, a version of the device management service that’s specifically aimed for schools. The emphasis is on ease of use and contains a policy set tailored for education which defines some useful predefined functions such as online testing. Apps are drawn directly from the Windows Store and admins will be able to control which apps students and teachers can see and install. Included in the bundle is School Data Sync a tool that channels data from a selection of common Student Information System into WAAD to provision online classrooms and teacher/student accounts.

When placed alongside Office365 for Education, which features all the standard Microsoft productivity tools as well as OneNote and Microsoft Classroom it’s clear that this strategy is pitched directly at countering the cloud centric approach of Google's G Suite for Education.

The second move was the announcement of a simplified version of Windows 10 that's designed to run Microsoft’s Universal apps from the Windows Store and is rumoured to be free for vendors to install. This is pitched to challenge the success that Chromebooks have enjoyed in the education space and clearly validates the cloud first approach.


The Roadmap for Education,
As a complete solution you are unlikely to see this setup running a school in the near future and it might be that Microsoft is just throwing sand around to buy enough time to reorganise the delivery model and licencing plans.

Whatever the situation the point is this;

The future for IT does not require servers and now both Microsoft and Google are painting the same picture.

From the Microsoft viewpoint this strategy is a difficult sell to education. The model is so radically different from the one they have been licensing, supporting and deploying in schools for over thirty years, the pitch could easily be coming from another company. Just sorting out the licensing will be a massive chore although they have have already made a start on that.

How much of the current on-premise investment can be carried forward into the brave new world of “Microsoft as a Service” is debatable and while the IT team are heaving servers and Windows 7 clients into the dumpster they just might just decide to look at G Suite for Education rather than wait for Microsoft's offering to mature because it's now clear that both are offering the same vision of the future.

From Google's perspective having Microsoft challenging them in so many areas is a move that shouldn't be underestimated.  Redmond may not be the first to the party but they always seem to leave with the girl!