Author: Adam Fowler

Microsoft Edge has an Identity Problem

Right now, it appears that Microsoft Edge is trying to be everything to everyone – which sounds good, until you look at what it could turn into. For enterprise and business, it’s a constantly updated browser that receives frequent Security Baseline recommendations to keep the browser’s settings in line with Microsoft deem as best practise – just like Windows 10/11 and Office apps.

There’s even a ‘Super Duper Secure Mode‘ (which I’m surprised the Microsoft Marketing team approved the name of) which promotes using the browser in the most secure way possible.

Microsoft also provide a fairly open roadmap of upcoming features, and looking for feedback on new items. Check out this list of feedback provided to Microsoft, how long it’s been on their list for, and the status.

The browser itself supports profiles that sign into Azure AD accounts (amongst others) and sync profile data securely to the tenant that account lives in – which can include browser history, favorites, and cached passwords. I’m highlighting here how much trust is put into what Microsoft holds on their business users.

This is the Microsoft I’m a fan of. It’s also why we have openly found out about a new feature currently in canary and dev builds called ‘Buy now, pay later‘. And, it’s also why I’m so disappointed to see this feature, as it flies in the face of what it seems Microsoft is trying to achieve with this trusted, natively embedded in the OS, browser. You can see the angry comments on the TechCommunity post above.

I’d already tweeted my disappointment:

Which lead to a journalist asking for my views for this article:

https://portswigger.net/daily-swig/microsoft-pushes-ahead-with-controversial-buy-now-pay-later-feature-for-edge-browser

I’ll try not to repeat what I wrote there, but it sets a precedent of a slippery slope on where the browser ends and third party features start. Microsoft who have become one of the more ‘woke‘ (which I use as a compliment, not an insult) IT companies, should they really be encouraging ‘buy now, pay later‘ to encourage people borrowing money to buy things online?

What I’m really hoping to see is the retraction of this feature, and it’s why I say Microsoft Edge has an identity problem. It can’t be both a consumer and a business/enterprise solution at the same time, if this is the path Microsoft is taking aspects of the browser down. Do we need to have a consumer SKU and an enterprise SKU of the browser? Different installers?

For the particular feature in question, there doesn’t appear to be a way to turn it off specifically. You CAN turn off ‘Save and fill payment info’ which I expect would disable the Zip pay option, but that’s a handy feature you’re removing from users.

Having Candy Crush baked into Windows 10 Home is questionable, but in Windows 10 Enterprise it’s ridiculous (which thankfully it isn’t). However, it’s in Windows 10 Pro

Am I being too harsh? So many online stores have the Zip pay option on their own store, along with Paypal payment plan options, so does it matter if Edge does it natively too? In my personal opinion it still does matter, because it’s a line that shouldn’t be crossed at all; advertising and the promotion of third party services for profit, native to the trusted browser. If the desktop wallpaper in Windows 10 was changing to promote anything outside of Microsoft services, people would be outraged.

I also expect Microsoft has a reasonable agreement lined up with Zip, which would make reversing this decision harder (or costlier), which will mean they won’t give it up quickly. Historically we have seen Microsoft change direction based on waves of negative feedback – which is awesome – but I’m really unsure if that will be enough this time.

Microsoft needs to decide what Microsoft Edge is. Is it a trusted platform, or is it a vehicle to increase revenue directly through partnerships, making money off the user? If it’s both, then it needs to have a high level switch to allow users and companies to turn off the money making side – especially when we’re already paying for the OS, and the browser is bundled with that.

Edit: I believe this feature will only turn up if you’re signed into the browser’s profile with a Microsoft account – so less of an impact on business users, but the general points still stand. I’ve seen this profile detection behaviour recently, where advertising fo the Microsoft Start app only popped up when I was logged in with a consumer profile, potentially triggered by one of Microsoft’s home pages – having the same home page in an AAD account profile didn’t show:

Visio for the web is out!

Microsoft Mechanics (YouTube) has made me aware that Visio for the web was now available. Check out the above video for a great overview on what this is, but I’ll break down my findings so far:

Visio for the web is ‘free’ as long as you have a business license of any sort. The full version of Visio is still available, and there’s a list of feature comparisons between the two here. As the name suggests, Visio for the web is purely a web based version of Visio, but isn’t just a viewer – it allows creating and editing of Visio files. You can download the results as an actual Visio file, or PDF/Image file.

Opening Visio up to to all users in an environment is a big change. Historically, it was limited to an expensive license, so staff who had basic occasional needs would often miss out on using Visio – either by trying to do diagrams in Microsoft Word (which is a horrible experience!), finding a 3rd party solution, or just not doing it.

Although Visio for the web has hit ‘General availability’, as per the advisory below, it is currently rolling out to tenants and is planned to be completed by January 2022:

How do you know if it’s in your tenant? Either see if you have the Visio app in your list of apps:

No Visio
Yes Visio

Or, just try and go to Visio for the web on the URL https://www.office.com/launch/visio?auth=2 and see if you can create a ‘New blank drawing’

My experience was that although the Visio for the web page loaded, I couldn’t create a New blank drawing in a tenant that didn’t have Visio for the web enabled yet:

No license for Visio for the web

Adding a Visio Tab into Microsoft Teams: The app will probably be allowed by default in the Microsoft Teams admin center, you check check directly on this link https://admin.teams.microsoft.com/policies/manage-apps/com.microsoft.teamspace.tab.file.staticviewer.visio/

However, the client side experience was a bit more confusing. On the tenant that didn’t have Visio for the web option available yet, I could add a tab for Visio and pick a file (not that I had any). However, on the tenant that had Visio for the web had the option on the web based version of Microsoft Teams, but not the Teams client. This was on preview version 1.4.00.29480 (64-bit) (and I checked for updates), but a ‘standard’ version of Teams in the same tenant, different user, had the Visio option. Your results may vary!

In the Microsoft Mechanics video, they pointed out that using Visio as a pseudo whiteboard due to it’s sharing capabilities was a really good point. It adds to some of the solutions the product can solve – a virtual whiteboard that may be much easier to use, rather than trying to draw squares, circles and lines with a mouse.

There is a ‘Beginner tutorial for Visio’ content that covers “Visio on the web” is not actually “Visio for the web” as far as I can tell after going through some of the instructions that don’t work. There’s also other references to ‘Visio for the web’ such as this one https://techcommunity.microsoft.com/t5/visio-blog/we-heard-you-diagramming-is-even-easier-in-visio-for-the-web/ba-p/1670427 , so hopefully some of the naming gets cleared up.

There doesn’t really seem to be any content that I could find, to share with end users on Visio for the web basics. If you find something, please share!

Upgrading a drive in a Synology NAS

I’m running out of space. My Synology DiskStation DS1621xs+ (originally provided by Synology, thank you!) is at 89% full. Rather than waiting until it actually runs out, I decided it was time to upgrade one of the drives.

Because I’m running SHR RAID, I can have different sized disks. All my disks in the unit are shucked from Western Digital (WD) or Seagate external enclosures – because it’s cheaper to do that than buy disks outright. This time I’ve bought an 18TB WD drive, which takes about two minutes to remove from it’s case. (Note that before removing, I always test the drive to make sure it’s not DOA. WD and Seagate should still honour the warranty anyway if a drive fails later, and I’ve done this on a shucked WD drive before successfully).

Synology have an article on what to do to replace a disk with a larger one, which is worth reading for other considerations around the process: https://kb.synology.com/en-us/DSM/help/DSM/StorageManager/storage_pool_expand_replace_disk?version=6

This NAS supports hot swapping the disks, so I don’t need to do any prep or power it down – just make sure you have a backup in case it all goes wrong (which you should have anyway if you care about the data).

Here’s a quick video of the drive swapover:

On the Synolgoy itself – Before the upgrade:

10TB drive has been taken out, Synology starts beeping in a concerning way due to being in a degraded state:

New drive inserted:

Using the Action > Repair option to start the rebuild

Then comes the waiting game for the repair, which took about two days to complete:

Note that adding a single 18TB disk is wasting some of the space. If you look at their RAID calculator (which right now goes up to 16TB only but will still show the problem) before taking out the 10TB in bay 6:

Swapping the 10TB to a 16TB only gives 2TB more available space, and 4TB unused, because it hasn’t got available capacity anywhere to mirror all the space the 18TB disk had:

However, if we drop out another 10TB for another 16TB, we see the available space jump up to 60TB and no unsued space. This will be my plan, order another 18TB drive to shuck which should take me all the way up to 62TB available space.

For home use, I really like the Synology Hybrid Raid (SHR) because it provides actual redundancy, as well as easy expansion. I don’t have to commit to buying a bunch of drives at once of all the exact same size, and can gradually increase if and when I need more space. The process of upgrading a disk is so easy too that it’s not an inconvenience when upgrade time comes around.

Microsoft Teams – Routing calls to unassigned numbers

A new feature has turned up today in Microsoft Teams – the long awaited ability to route unassigned numbers. This was available in Skype for Business On-premises, and is great for misdials or when someone departs the firm, their calls can be sent to someone else, such as reception. There’s no ongoing work or maintenance required either, once a number is unassigned, it can be picked up by these rules.

The documentation is light at the moment and it’s in preview, but it does work. Note that I’ll cover the call redirect option, but there’s also an option to redirect calls to a pre-recorded message in WAV format.

First, make sure your MicrosoftTeams PowerShell module is at least 2.5.1. The latest live version at the time of writing is 2.6.0 so you don’t need to worry about preview module versions – just the PowerShell command:

Update-Module Microsoft Teams

will update. You can check the version afterwards with this command:

Get-Module MicrosoftTeams | Format-Table Name,Version

Once your MicrosoftTeams module is up to date, and if you’re redirecting the call to a user, auto attendant or calling group, you’ll first need to get the ObjectID. Here’s Microsoft’s example for a resource account:

$RAObjectId = (Get-CsOnlineApplicationInstance -Identity aa@contoso.com).ObjectId

However, if you’re redirecting to a normal user account, use this command instead:

$UserObjectId = (Get-CsOnlineUser -Identity user@contoso.com).ObjectId

Once you have the $UserObjectID value set, it’s time to create the Unassigned Number Treatment. The possible options for this command are documented here and again here’s an example:

New-CsTeamsUnassignedNumberTreatment -Identity Unassigned1 -Pattern "^\+618xxxxxx\d{2}$" -TargetType User -Target $UserObjectId -TreatmentPriority 2

I’ll break down a few of these values.

Identity: This needs to be a unique value for the treatment and can be a descriptive name.

Pattern: This is where you define the number pattern. In my example above, I’m wanting the number to match what I’ve defined up to the last two digits, which can be anything.

TargetType: This needs to be defined as User, ResourceAccount or Announcement for the Target.

Target: This is the ObjectID from the first command.

TreatmentPriority: This needs to be a unique number for each treatment, and has an order preference in case of overlap in rules. I’m using 2 above purely because it’s the second one, and have no plans on overlapping rules.

Once the New-CsTeamsUnassignedNumberTreatment command has completed, it won’t apply immediately – in my testing it took roughly 15 minutes.

I’m really glad this feature is now available – and I expect others have also been waiting for it to be available, or weren’t aware it was even an option.

Ubiquiti UniFi U6-LR

Ubiquiti sent me two of their newly released Unifi Access Point WiFi 6 Long-Range (U6-LR) units – long range access points that support the Wi-Fi 6 standard. I’ve been using the setup Ubiquit sent me about a year ago which included a Unifi Access Point nanoHD (UAP-nanoHD). I was going to start by changing that over to one of these newer units to see how it went.

First, the unboxing. I don’t bother about this too much usually when reviewing hardware, but there’s a fair bit of attention to detail here. A mounting guide for the screw holes that includes a tiny spirit level, the detailed hole explanations on the plate, and the hardware kit – an assortment of screws and brackets that come in a nice sleeved foam holder, so you don’t inevitably drop something when you would normally find these in a plastic bag to rip open.

The size difference of the Access Point nanoHD vs Access Point WiFi 6 Long-Range is substantial (and is a bit over 3x as heavy):

Comparing the specs between the two:

NanoHD:

  • Four-Stream 802.11ac Wave 2 Technology
  • Simultaneous Dual-Band Radios
  • Supports 200+ Concurrent Users
  • 5 GHz Band 4×4 Multi-User MIMO with Radio Rate of 1.733 Gbps
  • 2.4 GHz Band 2×2 MIMO with Radio Rate of 300 Mbps
  • Powered by Gigabit 802.3af PoE

U6-LR:

  • 1.3 GHz dual-core processor (now upgraded to support full-duplex 1 Gbps TCP/IP performance)
  • Four-stream high-efficiency Wi-Fi 6 technology
  • 5 GHz band 4×4 MU-MIMO and OFDMA with radio rate of 2.4 Gbps
  • 2.4 GHz band 4×4 MIMO with radio rate of 600 Mbps
  • Powered with 802.3at PoE (PoE injector not included)

Both units at the time of writing are the same price of $179US. Beyond the Wi-Fi 6 functionality on the U6-LR, the radio rates are higher and denser on it too. It’s worth noting the U6-LR has a the updated PoE requirement (also known as PoE+) and does not come with a PoE injector; if you’re already using a PoE+ switch like I am, this isn’t an issue. Otherwise, order a US$12 PoE Injector with the 802.3at standard

Swapping over the units was incredibly easy – I hadn’t mounted the NanoHD since moving, and may end up mounting this one once I’ve been using it for a bit and know I’m happy with it.

When I say it was easy; after swapping the network cable over, I logged onto the UniFi Dream Machine (UDM) web interface, went to the network devices page, and clicked ‘Adopt device’ that popped up. About a minute passed, and the device was now under control:

There was an update available, which upgraded the device from 5.43.15.12477 to 5.60.9.12980. I decided to add the second U6-LR on, but this time it would take over the Wi-Fi duties of the UDM; I adopted it into the UDM, then went into the WiFi settings for both the 2.4ghz and 5ghz networks, created a new AP Group, and ticked all but the UDM and applied (I have separate WiFi network names for the different bands due to an issue with a 2.4ghz only device that wouldn’t work when both bands were used on the same name).

Once I had done all this and let the connections settle down, the experience across each wireless AP was 92% or better. My Samsung Galaxy S21 shows a little ‘6’ next to the WiFi symbol.

I’ll take a few days living with this to see if there’s any issues that pop up, or if I notice any improvements (one sore point was a Chromecast that would dip in video quality now and then).

See the source image

It’s been going very well. No dropouts or hiccups of any sort, and I’m noticing on my mobile that I stay on 4 bars around the house rather than dropping to 3 in some areas – which makes sense now being on a long range access point.

Also I found this video also looking at the UniFi 6 LR which has some extra info and visuals: