Category Archives for "Inside IT"

Windows 7 and 8.1 moving to Monthly Rollups model

Microsoft is releasing monthly rollups for Windows 7 and 8.1.  This changes how updates are applied and should be a big improvement.  Read on for further details.

Windows 7 and Windows 8.1 Monthly Rollups

Microsoft announced major changes on how Windows 7 and 8.1 will be patched with software updates. This will bring them in line with Windows 10, now with cumulative monthly rollups. Rather than individual updates, all the recent updates will be packaged in a single update.

Microsoft explains this should simplify updating, make it more cohesive and improve reliability:

The new rollup model gives you fewer updates to manage, greater predictability, and higher quality updates.

Now with monthly rollups, all security and reliability updates will be released in a single update. So rather than lots of individual updates, there will be just a single update needed to patch a Windows 7.1/8.1 system with all the latest updates.  Monthly rollups will be cumulative, superseding the previous month’s rollup.  

Monthly Rollups - Better than Windows 7 SP2?

Back in May Microsoft released a one of "convenience rollup", as announced here - Simplifying updates for Windows 7 and 8.1. This included all Windows 7 SP1 updates up through April 2016 and at the time this was the closest many thought we would get to Windows 7 SP2.

Monthly Rollups simply Windows SP1 updates

With the new monthly rollups, this is set to improve further.  Over time Microsoft will add older patches to monthly rollups.  This will make it possible eventually to fully patch Windows 7 SP1 and 8.1 RTM just with the latest monthly rollup.

Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date.

These changes start in October 2016. There are other details worth checking out in the official announcement, including:

  • Security-only update - a leaner security-only update containing only that month's security patches will also available 
  • Individual patches will no longer be available
  • Rollups with multiple patches in a single update also applies to Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

Further simplifying servicing models for Windows 7 and Windows 8.1

Monthly Rollups - Common update servicing model

It's great to see Microsoft invest in Windows 7 and Windows 8.1 taking whats worked well with Windows 10.  If you have recently tried to patch a Windows 7 box, it just takes ages, so this is really welcome.  Let's face it Windows 7 will be around for quite some time yet! 

How to be an IT Professional

What makes a good IT Professional? What skills or qualities do you need to succeed and excel as IT Professional? I have been doing this for a while so I thought I'd put together what I think goes a long way in this industry.  

It's only a few thoughts.  I'm not putting myself forward as any sort of role model.  I hope though this could perhaps help someone.

Continue reading

Technical Debt – What lies beneath

Technical debt is the problem you might not realize you have but it's impacting the effectiveness of your business. It's the stuff that matters, just not enough to do something about straight away. In fact, it can almost indefinitely be put on the back burner.

Sooner or later though issues surface and you will have wished you hadn't let it fester. This is technical debt. I am going to help you recognize it and start doing something about it.

Read on for my in-depth take on technical debt and why it's so important to tackle.

Continue reading

Rise of Shadow IT – Is your IT Department irrelevant?

Is shadow IT making IT departments increasingly irrelevant? When users can source their own IT product or system independently, could it be said this is a symptom of IT departments that are out of touch or that is not providing the right services?

Let's delve in with some examples and my take on what a modern IT department should do to be more responsive, possibly avoiding some of these pitfalls in the first place. We will also check out what Microsoft Azure Cloud App Discovery can bring to the table.

How it starts

It can start innocently enough, when users start going directly to their preferred service, it could be Dropbox or Slack or some other killer app and then before you know it, your IT department is looking out of kilter.  It can be a slippery slope as IT departments can then become an afterthought, where your staff don't even think to consult when commissioning projects.

They might even send their own staff on IT training and employee a contractor even to get an IT system up and running, bypassing their IT department entirely. New staff as well may trigger this, who have their own preconceptions of what works well and with what they want to bring into a new job. 

Bypassing the IT department - Case Study 1

I am painting a worst case scenario admittedly but one I don't think is that uncommon in some ways.  I have seen it first hand, where there was a significant delay in implementing SharePoint Online.  

Pockets of staff started adopting SharePoint Online anyway in the meantime. Power users spread the technology and know-how, all with no support or sanction of the IT Department. It got to the point where outside of IT, managers were sending their staff to SharePoint training courses.

This did get caught in the end and redirected to an official project but it just shows you how staff will find a way if you're not meeting a need, they will go just work around it. 

"Does anyone know anything about a Rackspace server?" -  Case Study 2

Another example, around three months back, we got asked if we knew anything about a Rackspace server, which none of us did.  What transpired was someone in the organization had commissioned a hosted server to setup a WordPress website. This server was unknown to the responsible staff in the IT department who would as a matter, of course, secure and maintain systems.

This Rackspace server unsurprisingly left unmaintained instead was hacked and used to launch an attack against a third party.  The third party thought the hack originated from us. Rackspace actually were the ones to spot and notify us that one of "our" servers had been compromised.  A pretty poor situation I think we can agree.

Combating Shadow IT

You could call this rogue IT or as Microsoft tend to call it, shadow IT.  It's unapproved invariable unsanctioned IT services or products introduced into an organization.  Rather than be fearful of shadow IT, another tact is to embrace it and listen to what it's telling you and why people went elsewhere in the first place.

Here is my approach to shadow IT, it's meant to be a holistic systematic approach that puts the IT department in control of technology.




Be open to questions and thinking out of the box


Have a technology roadmap so everyone knows what to expect down the line


Be honest with staff explaining why particular decisions are made and why certain technology can't be approved


Give staff a way out when they go off track and help them to utilize the right tools


Help staff navigate and pick which is the right tool, one that works well for their particular needs.  Keep staff informed regularly with new developments .


​Recognize power users that are interested in technology , can endorse change and help with it's introduction across an organization


Have a IT department structure that cultivates innovation and allows IT staff to have the time to work in new ways and be at the forefront.

Of course there will be times when you can't entertain the requests at all, they will be so left-field, there just not going to fly.  Also in highly regulated fields, healthcare, finance etc., your hands may be tied to a large extent.  

Unearthing unmanaged cloud applications

Moving on to one tool that can help with managing one aspect of shadow IT, Microsoft have a tool, Azure Cloud App Discovery.  It can help unearth cloud applications in an organization.

​In modern enterprises, IT departments are often not aware of all the cloud applications that members of their organization use to do their work. It is easy to see why administrators would have concerns about unauthorized access to corporate data, possible data leakage and other security risks. This lack of awareness can make creating a plan for dealing with these security risks seem daunting.

Azure Cloud App Discovery uses an easy to deploy PC agent that reports back telemetry to Azure.  

Azure Cloud App Discovery

It doesn't take long as data is collected in a matter of hours, you get a nice easy to interpret Azure dashboard.  Very quickly you can identify applications you may have otherwise known were in use.  

Azure Cloud App Discovery

You can do a lot more than reporting, apps can be managed, brought into the fold, with enhanced security, single sign-on, support for Multi-factor Authentication,  integration with the Office 365 app launcher and more.


That was my insights into shadow IT, with first-hand experience of this and at least one tool that helps.  I'll have further posts on similar topics in the near future, look out for these if this is of interest.