For anyone interested in the current state of things in Switzerland, there is this handy map of which Swiss municipalities are dependent on Microsoft/the US right now: https://mxmap.ch/
Think about integrating calendars, corporate contacts (from AD), handling RSVP replies said mx server receives and updating the calendar server, securely deal with modern auth (+ legacy krb5 auth, yuk). It's a huge hassle and everything except Exchange only handles 80% of this.
Modern expectations now want: web clients (OWA), todo lists, integrated storage (SP/OneDrive), and push notifications to any phone from any vendor.
So yeah, the only on prem solution is still Exchange.
I don't think these things are as important as you think.
RSVP for example. Nobody read or cares who and what people reply. In the last 4 companies I worked for (including one in Switzerland), nobody cared if I accepted or confirmed my attendance to the meeting and would try to call me/force me into a meeting even when my status showed I was on another shsring my screen. And nobody seems to respond nowadays nor check calendars for availability and avoiding conflicts.
But what about push notifications to mobile? I'm not aware of anything that handles this as well as Exchange ActiveSync. it's reasonable that you get an email within sub 1 minute latency, not 15 min polling.
The IMAP protocol has an IMAP IDLE extension for that purpose.
But is that use case really common in practice? With chat tools people don't tend to use email for instant messaging (well, appart from deltachat users, which can be a solution too!) and my experience is that it doesn't even work like that / that well for office 365 users. I am regularly told on teams that an email has been sent to me (same org and same region) yet it still takes more than a couple of minutes to have it visible on my desktop outlook client.
if you dont mind asking, what dont you like about kerberos? I personally like it quite with certs / hardware token
to be honest, most things you list can be setup with some research. The only one I am not sure about is integrated storage, but then I am also not entirely sure what that even is supposed to mean exactly
The user experience between a phone, tablet and computer should be symbiotic. Krb is not a first class thing in the mobile world. So users now hav great Krb experience with Outlook.exe but are typing passwords into Safari at owa.example.com (anywhere you type an AD password that isn't lsass or ADFS is really not good posture)
So, passwords are bad and the password is a key component of krb. Moving away from passwords is a step in the right direction eg OIDC.
right given the product names I assume you are on windows. with kerberos people shouldnt have to type their passwords into apps at all, and if you use pkinit there are no passwords at all?
i give you the mobile part, I dont know how well it is supported - iOS claims to have support though, and android through third parties I believe. Never tried that. Its just that I personally have a preference for auth methods that dont require opening a browser for desktop apps
> This comes as a surprise, as Microsoft 365 was recently installed on some 54,000 administration workstations
Not really surprising. The people Microsoft wined and dined for the contract are not the same people who agree with Thomas Süssli about reducing the dependency. I look forward to seeing them succeed!
I have switched my small swiss business (10 people) to linux (servers and desktops) and away from microsoft around 2020. I am extemely happy about the choice. Theres small friction here and there with clients that rely on certain software, but its usually minimal and can be fixed. Some people here talk about how people need excel and how important it was, I have personally never seen that in practice here with any client or company I worked for in the past, but maybe it just went past me. It has not been an issue for me in the past 6 years.
Doesn't everyone? ads, microsoft account required, undefeatable telemetry, and all wrapped up in dark patterns and bad user interfaces (perennial microsoft).
I bet they haven't thought about Typescript, VSCode, Github, Linkedin, .NET, npm/node, or the contributions done to Linux kernel, Rust and Python that probably would also require security reviews.
Also most of the key contributors to FOSS alternatives are sponsored by US companies as well.
Which is the problem this ongoing geopolitics crysis. Decision makers only think about the superficial parts and not the whole extent of the dependency problem.
I feel like this general story “x European country wants to reduce dependency on Microsoft” comes up at least once a year.
How do they usually turn out? I have heard Germany/France/? switching to LibreOffice or Linux for some government sector, but I suspect they quietly switch back.
93 comments
Think about integrating calendars, corporate contacts (from AD), handling RSVP replies said mx server receives and updating the calendar server, securely deal with modern auth (+ legacy krb5 auth, yuk). It's a huge hassle and everything except Exchange only handles 80% of this.
Modern expectations now want: web clients (OWA), todo lists, integrated storage (SP/OneDrive), and push notifications to any phone from any vendor.
So yeah, the only on prem solution is still Exchange.
RSVP for example. Nobody read or cares who and what people reply. In the last 4 companies I worked for (including one in Switzerland), nobody cared if I accepted or confirmed my attendance to the meeting and would try to call me/force me into a meeting even when my status showed I was on another shsring my screen. And nobody seems to respond nowadays nor check calendars for availability and avoiding conflicts.
But is that use case really common in practice? With chat tools people don't tend to use email for instant messaging (well, appart from deltachat users, which can be a solution too!) and my experience is that it doesn't even work like that / that well for office 365 users. I am regularly told on teams that an email has been sent to me (same org and same region) yet it still takes more than a couple of minutes to have it visible on my desktop outlook client.
to be honest, most things you list can be setup with some research. The only one I am not sure about is integrated storage, but then I am also not entirely sure what that even is supposed to mean exactly
So, passwords are bad and the password is a key component of krb. Moving away from passwords is a step in the right direction eg OIDC.
i give you the mobile part, I dont know how well it is supported - iOS claims to have support though, and android through third parties I believe. Never tried that. Its just that I personally have a preference for auth methods that dont require opening a browser for desktop apps
> This comes as a surprise, as Microsoft 365 was recently installed on some 54,000 administration workstations
Not really surprising. The people Microsoft wined and dined for the contract are not the same people who agree with Thomas Süssli about reducing the dependency. I look forward to seeing them succeed!
EDIT: Not affiliated, I just want it to already be the standard
I root for it, but it will be difficult.
I bet they haven't thought about Typescript, VSCode, Github, Linkedin, .NET, npm/node, or the contributions done to Linux kernel, Rust and Python that probably would also require security reviews.
Also most of the key contributors to FOSS alternatives are sponsored by US companies as well.
Which is the problem this ongoing geopolitics crysis. Decision makers only think about the superficial parts and not the whole extent of the dependency problem.
How do they usually turn out? I have heard Germany/France/? switching to LibreOffice or Linux for some government sector, but I suspect they quietly switch back.