Lenovo Tech World Day 2

See my other posts on:
Lenovo Tech World Day 1
Lenovo Tech World Day 3
Lenovo Tech World Day 4
Lenovo Tech World Day 5 & 6

After having the best sleep I’ve had in a long time, in a rather classy hotel room at Shangri-La;

…. I headed down for a buffet breakfast. An abundance of new foods lead me to choose a bowl full of bite sized samplers, many of which I don’t know what they’re called or contain – but all were quite tasty:

After filling up, we loaded onto the bus to visit Lenovo Headquarters in Beijing. I had no idea what to expect inside, apart from visiting the ‘Future Center’ and seeing some products:

At the Lenovo HQ Enterance

We were ushered through to the Future Center after using the fingerprint driven lockers (which seems like a much better idea than the old PIN style lockers), we had two volunteers have their face scanned in for a lot of the facial recognition systems we were about to see.

Those people’s faces were used to unlock a rather impressive silver ball structure, causing some of the balls to change colour. The faces were then used to get past security gates, again showing now accurate and quick facial recognition can be with real world use cases.

After some impressive visual displays, we were taken into Lenovo’s vision of what AI tech at home could look like. Some of the concepts were:

In the lounge, having a system that would give recommendations driven by AI and machine learning from news, weather, holiday destinations, movie and TV selections and shopping to display to you what you want without needing to select it in the first place – e.g. sitting down in the evening after dinner usually means you want a movie selection, so it will display that information first.

In the bedroom, monitoring your sleep and keeping a perfectly climatised environment, along with opening the blinds in the morning for natural sunlight.

In the kitchen, interfaces which can guide you through a cooking process from beginning to end – knowing what food you have and ordering more if needed, telling you what ingredients to add and how exactly to do each step.

And in the garage (ok it’s car related but I’m keeping the ‘home’ theme going) a car that unlocks with an app rather than a key, and more importantly, is connected to a network that controls the entire road experience – from finding the best route based on traffic, to knowing when pedestrians are crossing the road from intersection cameras and reporting back to the car rather than expecting onboard cameras to see all risks.

None of this is mind-blowing in itself and in isolation, but together this all builds a picture of what our lives could be in the very near future. AI and machine learning are buzzwords constantly thrown around these days, but seeing and understanding how these high level concepts can be applied in particular situations, and Lenovo’s vision of how they see it working is worth understanding. Of course Lenovo is not the only company working towards these goals, but one of the messages that came across is that Lenovo is working hard to build relationships with other vendors to achieve those goals – Lenovo are trying to build upon their specialities, and partner with other companies who have different specialities that can come together for an all encompassing solution.

After the eye-opening Future Center experience, we then entered through the next several rooms containing Lenovo hardware. First up was several office desk setups including Ultrawide screens, stand-up and sit down desks, and artist peripherals.

Next we entered an area containing gaming devices – from a gaming computer in a Star Trek USS Enterprise NCC-1701 case, to a water cooled computer in a bubble known as ‘Winbot’. There were several Legion branded laptops and desktops too.

The Virtual Reality units Lenovo is involved in were also on display; Star Wars and Marvel AR headsets, the Lenovo Mirage, and the Oculus Rift.

Then we had a look at the mobile options – both Lenovo branded phones which aren’t globally available, and Motorola which are (and Lenovo now owns). Some of the other less known products were shown here too – like electronic door locks, robot vaccuums and air humidifiers.

We then saw some of my favorite product line devices – the ‘Think’ series. The Thinkvision P44w – a 43.4″ ultrawide monitor caught my eye first, as it’s on my ‘love to have’ list. The small ThinkPlus Mini 45w power adapters were also there, which really looks like a great travel accessory to replace the standard laptop power brick we’re all used to. Of course all the latest ThinkPads, Yogas and other Lenovo laptops were on display too, as well as the ThinkVision M14 – a portable USB-C monitor that can be a secondary monitor for your laptop or tablet/mobile phone.

The tour kept going, and if you can’t tell already, this was probably the main highlight of the entire trip and I wish we’d had more time there. The next area was more server focused, with again a bunch more hardware laid out to look at. This included an enclosed datacentre amongst server hardware:

Finally for the Future Center we were able to see some of Lenovo’s ideas in action – an area that showcased how their technology can and is being used in the real world. Focuses included a learning environment where students could be monitored to see if they were sitting/standing, reading/listening, happy/neutral etc – things a teacher does already, but can glance at a screen to quickly identify what the entire room is doing rather than relying on their own visual check of everyone. Lenovo also have their foot in the door for medical solutions, and 3D rendering/virtual reality/engineering. It was good to see where Lenovo had found use cases for the ideas they had.

Next up was the ‘Unmanned Store’ – an actual working store in Lenovo, that lets staff use facial recognition paired with reading NFC (I assume) chips attached to supermarket supplies, letting someone go into the store, load up on what they want, and self check-out the items. It worked a heck of a lot better than I’ve seen the local supermarkets trying to let customers self-service, and I even got someone to buy me a warm Ovaltine drink :)

Even more stuff! We then went over to the Lenovo Reliability Labs where we saw staff working away on several things – vibration tests, sound tests (and going into a room with next to no echo is a great way to unnerve yourself), radio wave interference tests, and environmental tests. The environmental tests are performed by putting a device into a large oven like system, and they showed what happened to a screen at 150oC.

After lunch, even more tech treats were in store for us. We spoke to a few Lenovo employees who were talking about the product lines they looked after, which included William (who owns over 300 different ThinkPads – world record holder!) who brought in some nostalgic and weird devices from the history of ThinkPads. We also had a hands on with the new Legion laptops, and the Yoga S940 amongst others.

If that wasn’t enough for one day, we then visited the Summer Palace, and had another great dinner which as always, was presented on a Lazy Susan as we politely fought for access to the plates we wanted the most.

Here’s what I tweeted for this day of the trip – click through to see a bunch of observations and photos:

Lenovo Tech World Day 1

See my other posts on:
Lenovo Tech World Day 2
Lenovo Tech World Day 3
Lenovo Tech World Day 4
Lenovo Tech World Day 5 & 6

About a month ago, I received the invitation to attend Lenovo Tech World in Beijing, China – fully sponsored by Lenovo for being a part of their Lenovo Insiders program. I jumped at the opportunity and thankfully was able to organise work, home and the visa requirements for getting into China in a short enough time to make the trip.

I’d never been to China before, so the prospect of both a completely new place to visit, plus being emersed in the latest technology from Lenovo was a double win to look forward to. The trip was planned for 5 days plus travelling, and included a mix of technology and sight-seeing. On the trip I learnt that this was part of Lenovo’s goal – to expose more of China to the rest of the world since it’s where they come from themselves.

Beyond having a very long 3 leg flight from Adelaide > Sydney > Hong Kong > Beijing and being very tired at the end of it, the journey was rather uneventful. Landing in China and getting past immigration wasn’t much of a hassle, and I even had a driver waiting holding up my name to take me to the accomodation we were staying at – the Shangri-La Hotel.

I expected more of a culture shock than what I actually experienced – beyond everything being written in Mandarin wherever I looked, I didn’t feel offput – just interested in seeing the differences of the world I’m used to in Australia compared to China. One lesson I learnt very quickly was about zebra crossings – cars just drive through them and unofficially seem to have right of way. An Australian could very easily get run over as we’re used to all cars stopping when crossing the road on a crosswalk!

After getting to the hotel, I was treated to an amazing lunch with Lenovo staff and journalists who were also attending Tech World. This was an example of all meals to come – vast amounts of options of premium food catering to all tastes. I’m generally not someone who takes photos of what they eat, but all the food was both greatly different to what I was used to, and visually appealing (for the most part!).

My first meal in China

Following lunch and after a much needed nap, I was awoken by the hotel room phone asking where I was. I’d slept a bit longer than planned, and in a half asleep daze rushed downstairs again to meet and have dinner with the other Lenovo Insiders who’d been invited also. In no particular order, here they all are – all very friendly and smart people:

Arthur H Walker, Vernon Chan, Onica Cupido and Lawrence Mann. I’ve linked to their Twitter accounts, but they’re present in different social media spaces too.

I also have to mention Yuszela from Lenovo who looks after us Insiders, who’s incredibly easy to work with and gets the best outcome for everyone involved. Although I’d been dealing with her for years, this was my first opportunity to meet her in real life too – icing on an already stunning cake of tech, people and environment that was making up this trip.

One of the intriguing parts of China that pretty much everyone’s heard of, is the Chinese Firewall – internet in China doesn’t allow many sites including Google, Twitter, Facebook and Instagram – so a lot of time was spent testing and trialing different VPN solutions so we were able to do what we’re here for; sharing the experience with others. There seems to be a cat and mouse game happening between commercial VPN providers and China in shutting down and getting around VPN blocking. In my limited experience it seems no one VPN solution is a silver bullet answer, so if you’re travelling to China and need guaranteed access to the entire public internet, make sure you have a few VPN options available.

I’m sure there’s a few things I’m forgetting about day 1, but I’ll use the excuse of being too tired to remember. The tech starts tomorrow with a visit to Lenovo HQ, so stay tuned for that!

The Current State of Edgium

Update 16th Jan 2020: The New Edge is now live! You can download from here” https://www.microsoft.com/en-us/edge?form=MO12GC&OCID=MO12GC and more details here: https://blogs.windows.com/windowsexperience/2020/01/15/new-year-new-browser-the-new-microsoft-edge-is-out-of-preview-and-now-available-for-download/

Original Article:

“Edgium” or ‘The next version of Microsoft Edge’ is Microsoft’s rebuild of the Microsoft Edge browser, built on the open-source Chromium platform. I recently decided to start using it and see the current state of Edgium (which I’ll call it that for the rest of this post for clarification’s sake).

Microsoft Edge was met with a lot of resistance when launched – and although there were reasonable claims about it being the fastest browser around, there were a lot of features lacking and sites that wouldn’t work with it.

Here’s why Microsoft decided to abandon Edge as it is. It’s interesting to note that on mobile devices, they were already using an open-source foundation from the start, and for the desktop version there’s a focus on making sure all web standards are adopted.

You can download Microsoft Edge Beta right now and install it in parallel with the old Edge – or you can install the build that replaces old Edge direct from Microsoft here (keep in mind you can’t uninstall from this). The Beta is good if you want to have a play around before committing.

The expirience I’ve had so far is rock solid. There are some ways where it loosk and feels like Chrome, and others where it’s more Edgey. The import options (for me at least) just worked – I could import everything from browser history, favorites and saved passwords and pick which Chrome profile I wanted to import it from.

At the Edgium end, I’ve then created multiple profiles and imported each relevant profile across to match the experience I was having on Chrome. Multiple profiles is great when you’re doing things in Microsoft 365 and have multiple accounts (user and admin) and different tenants to access.

Also, Edgium fully supports Chrome extensions. Old Edge did have extensions too, but very few. Edgium will prompt, asking if you want to allow 3rd party extensions, and then you add them just like you would in Chrome:

The settings area of Edgium in my opinion, is much better than Chrome:

Google Chrome Settings Page
Microsoft Edgium Settings Page

There’s also already Group Policy ADM/ADMX files ready to use which gives IT Administrators a lot of control over the browser, which is worth putting in place and going through before you even consider piloting Edgium.

For IT Admins, also check out the security baseline you should use, currently in draft form.

Edgium also has an Internet Explorer mode, so hopefully this can end up with Edgium replacing Chrome, Internet Explorer and Old Edge with a single browser – it might take a while of course, but for a company looking to control the user experience a bit more and not manage lots of browsers, it’s looking hopeful.

At the time of writing there’s no announced release date of Edgium, but it’s expected to completely replace Edge – so it’s worth getting used to it early. I’m sure there will be some changes between here and launch, but it should all be small changes.

Personally I’ve made the move from Chrome to Edge and haven’t hit an issue yet. Old Edge is on the way out, and overall this seems to be a positive decision for all involved. Let’s see how

Managing Unified Messaging Users in Exchange Online

error
The phone number you entered has already been registered by someone else.

This is the standard error you’ll see in the Exchange admin center when trying to enable Unified Messaging on an extension that already has it enabled.

When a user departs you’d expect that when you change the user mailbox to a shared mailbox and drop the licensing, Unified Messaging should go. However, in Exchange Online the mailbox will still be Unified Messaging (UM) enabled, and hang onto the extension it had.

You probably won’t even notice this until you go to enable UM on another mailbox using that same extension, which leads to the error at the top of this article.

The first challenge is to find the Shared Mailbox that is holding onto the extension. After connecting to Exchange Online in PowerShell, you can run this command:

get-ummailbox | select name, phonenumber | out-gridview

This will show a nice gridview of all your mailboxes and what UM extension they have. You can search/filter this view to find the cuplrit.

If you want to see which of your mailboxes are Shared and have UM enabled, run this command:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited -filter {umenabled -eq "true"}

Knowing this mailbox, you’d expect it should be easy to turn off UM. This wouldn’t be too much of a problem if you could just disable UM like you can on a normal mailbox, but in Exchange admin center this isn’t an option at all when it’s a shared mailbox.

Trying to disable UM via PowerShell with the ‘Disable-UMMailbox’ command also won’t work, as you’ll get a license error:

License validation error: the action 'Disable-UMMailbox', 'Identity', can't be performed on the user 'Test User'
 with license 'BPOS_S_Standard'.
     + CategoryInfo          : NotSpecified: (:) [Disable-UMMailbox], RuleValidationException
     + FullyQualifiedErrorId : [Server=SYXPR01MB1901,RequestId=dfc62192-8270-4a65-b582-c7f327d6e7e2,TimeStamp=15/10/201
    9 6:24:33 AM] [FailureCategory=Cmdlet-RuleValidationException] DDB44050,Microsoft.Exchange.Management.Tasks.UM.Dis
   ableUMMailbox
     + PSComputerName        : outlook.office365.com

To fix this, you could use the Exchange admin center GUI along with the Microsoft 365 Portal, but it’s easier to run all the steps required via PowerShell:

First apply a license to the shared mailbox account that includes Exchange Online. You can see what licenses are available to you with this PowerShell command used by the MsolService cmdlet:

 Get-MsolAccountSku

Then, apply a license with this command against the shared mailbox and the AccountSkuID from the previous command:

Set-MsolUserLicense -UserPrincipalName "UPN OF SHARED MAILBOX" -AddLicenses "tenant:licensename"

Once applied, you’ll then need to change the mailbox to a Regular mailbox rather than Shared:

Set-Mailbox "UPN OF SHARED MAILBOX" -Type Regular

After a while, Unified Messaging may drop off by itself if you allocated a license that doesn’t support it (such as Exchange Online Plan 1 or Exchange Online Kiosk, or you can force it off with this command:

Disable-UMMailbox -Identity  "UPN OF SHARED MAILBOX"

Finally you can now enable UM on that other mailbox that was getting the error on the extension being in use. Easily done via the Exchange admin center GUI.

Two last steps are then to reverse what you did – take the license away from the shared mailbox, and make it a shared mailbox again:

Set-MsolUserLicense -UserPrincipalName "UPN OF SHARED MAILBOX" -RemoveLicenses "tenant:licensename"

Set-Mailbox "UPN OF SHARED MAILBOX" -Type Shared

Blocking ActiveSync with Conditional Access

Microsoft has announced that they’re continuing the path away from Legacy Authentication, with the decommission of legacy auth to EWS on Exchange Online on October 13th 2020. Instead of waiting for that looming date, there’s a bunch of security reasons to only have Modern Authentication for Microsoft 365.

I’ve already written up on Protect Your Office 365 Accounts By Disabling Basic Authentication and Blocking Legacy Authentication – Conditional Access vs Authentication Policies – but when I migrated from Authentication Policies to Conditional Access, I didn’t realise ActiveSync wasn’t included as part of blocking Legacy Authentication, even though it connects without MFA.

The guide from Microsoft on how to block Legacy Authentication doesn’t actually mention ActiveSync, so it’s easy to miss like I initially did! You’ll need to block ActiveSync altogether as far as I know, as it doesn’t support MFA.

Although I still think Conditional Access is easier to manage than Authentication Policies, there is one caveat; even with an ActiveSync block in place via Conditional Access, too many attempts by a user will lock their account briefly. This might cause problems or require work to get those users to clean up whatever device is trying to log in. With an Authentication Policy I don’t believe this happens because it’s blocked earlier in the sign-in process – you won’t see logs, and the account can’t get locked.

There is of course, a checkbox around ActiveSync, and a way to block it using Conditional Access, but I had mixed results in blocking it successfully until I did it exactly this way:

Create a new Conditional Access Policy and set these options:

Users and groups > All Users
Cloud apps or actions > Select Apps > Office 365 Exchange Online
Conditions > Client apps > Tick both ‘Mobile apps and desktop clients’ + ‘Exchange ActiveSync Clients’
Grant > Block Access

In the Users and Groups section, you can narrow this down from ‘All Users’ for testing or for a gradual rollout.

The user experience is interesting on this one – they can still sort of authenticate, but instead of getting their emails, they will see a single email advising that their access has been blocked:

On top of this, you can use Azure AD to audit who might be using ActiveSync before you put any sort of block in place. As per usual, there’s a good Microsoft article on Discovering and blocking legacy authentication which can walk you through this, but in short:

Via the Azure Portal, go to Azure Active Directory > Users. Under Activity, go to Sign-ins. Click Add filters, and choose Client App > Tick the three ‘Exchange ActiveSync’ options and press ‘Apply’. You’ll see the last 7 days of sign in attempts using ActiveSync, which should give you an idea of how many users are using it, and who.

Blocking Legacy Authentication, plus blocking ActiveSync will give you a much more secure environment, protecting from account attacks.