 Benar, Microsoft Azure. Thank you so much for joining us today. I'm Susan Hope Bard, the Training and Education Manager here at TechSoup. We do strive to provide you with relevant webinars and presentations so that you can better serve your nonprofit and library missions. So we want to thank you in advance for joining us and also answering our survey questions at the end of the event so we can better understand your organization's needs. First things, we're going to talk to you a little bit about using ReadyTalk to make sure everyone's comfortable using the webinar platform. In the lower left-hand corner is a chat box. The chat box is for you to chat in any problems you're having. If you can't hear, you're having visual difficulties or any challenges you have technically, go ahead and chat in that you're having those problems, and we have our amazing Becky on the back end that will help you. And also, you can chat in all of your questions. Throughout this presentation, we want you to feel free to chat in your questions. Please know we won't address them immediately. What will happen is we will queue those up for answering during our Q&A sessions, and Sam will be stopping periodically to answer questions. If you lose your Internet connection, you can always reconnect using the link in your registration or one of the reminder emails you've received. If you're hearing an echo or having any other issues with audio, you can dial in using the toll-free line listed in your registration email. We are recording this presentation. We will produce an archive this recording on TechSoup's webinar page in about a week. This is where we share all of our recordings and announce our upcoming webinars, and you can check that out at www.techsoup.org slash community slash events dash webinars. You can also view recorded webinars and videos on our YouTube channel, and that's at www.youtube.com slash TechSoup video. In a few days, you will receive an email with this presentation, this PowerPoint, and a link to the recording along with any resources that we share today. If you're following along with Twitter, you can tweet us at TechSoup or using hashtag TS webinars. I'd like to talk a little bit about our presenter today. We are very fortunate to have Sam Chenkin with us. He is the Director of Technology Services for Tech Impact, and that's a Philadelphia-based nonprofit that provides technology support and cloud services for folks like you, nonprofits, charities, and NGOs all around the world. Sam has worked with nonprofits for his entire career, and his passion is designing and implementing technology rooted in context, so ensuring that it's meeting the real-world goals and challenges of the organizations he supports. Although his background is technical, his goal is to make complex ideas accessible and actionable for folks like you, nonprofit organizations. Also helping on the back end is Becky Wiegand, our webinar manager, and she'll be assisting with the chat. I'm going to talk to you a little bit about TechSoup, and then I'll be turning it over to Sam. TechSoup is headquartered in San Francisco, California, and we'd love to know where you're joining us from today. So take a minute to test out the chat box and shoot us a quick chat about what city and state you're from, or what country you're joining us from. We are a 501C3 nonprofit, like many of you joining us today. And what we do is we work to empower organizations around the world to help you get the latest tools, skills, and resources to help you achieve your mission. And you could see from the map we serve almost every country in the world. We've helped organizations get more than $5.2 billion in technology products and grants to NGOs around the world. And these tech products and grants come from more than 100 generous corporate and foundation partners. Oh, I see people are joining us from all over the U.S., New Jersey, Colorado, Texas. Welcome everyone. Fabulous. All right. Well, without further ado, I am going to turn this over to Sam and Sam, the floor is yours. Hello everyone. Thanks for coming. So today we're going to talk about Microsoft Azure for nonprofits. I say Azure. Some people call it Azure. I talk to the Azure team or the Azure team and they say it both ways. So I think there's no right answer here so we can get that out of the way. I work for an organization called Tech Impact. We are a nonprofit, a 501c3 organization, and our mission is to empower communities and nonprofits to better use technology to serve our world. We provide a lot of different services to the nonprofit community all at cost, managed services, a lot of data and strategy services including around Azure. And this is the end of my marketing material. So if there is anything we can help you out with, please feel free to reach out. But everything here is going to be useful just for your organization. So this is me. You already heard my surprisingly long bio. I've never heard it read out loud before. But I am Director of Technology Services here at Tech Impact and I am helping us build a new Azure strategy. So this is all new stuff for the nonprofit community. And it's a lot that we're still finding out about what's effective and what's not effective. So hopefully during this presentation you will get to learn some of those new lessons. Today we are going to start by talking about the Azure offer. And then we are going to explain what the heck Azure actually is since I think that is really the biggest barrier that we have here. And then we are going to talk about using Azure in a few different specific contexts. Active Directory to replace your servers for disaster recovery, and as a development platform. And I am going to try and relate all of this back to use cases to sort of some fictional and some real organizations and how they might or actually are using Azure. So let's start by talking about the offer. So Microsoft announced this about three weeks ago at the Ignite conference. It's a really big deal. It's a recurring $5,000 a year credit for Azure. So pretty much anything you can get in the Azure portal will count against this $5,000. Now after that $5,000 is used, you pay the standard rate. So it's $5,000 a year. That's what you get. After that $5,000 you pay whatever the going rate is for that particular service. There are a few caveats to be aware of. There's some limited data center availability so it's not available for every data center. I have found that if you contact Microsoft they will turn on additional data centers for you. So if you have an issue when we first signed up we only saw US, West, and Japan. So we contacted Support and they got a bunch of other data centers activated for us, but it is still limited. It can't be combined with a SLA or an EA. I don't know if that applies to any of you here. Those are specific kinds of licensing agreements for very, very big organizations. And if you have one of those you can't combine that with this $5,000 offer. And it can't be used for third-party services that might require paying licensing fees to other groups like Veeam. Veeam Backup is a common issue. So that particular item is not supported as part of the grant. But other than that anything that's in is available to you. So to get the offer you're just going to go and you're going to sign up on the Flansfree's product donation page and you're going to use your TechSoup verification token to log in. And when you do that you've probably already done this for Office 365 but now you can do it for Azure as well. It will then prompt you to log into your Azure account or to create a new one if you want to apply the credit. If you don't already have an Azure account that you know of I would encourage you to first log into the Office 365 portal assuming you're using Office 365 and click the Azure AD link in the admin center on the left-hand side because you do actually already have an Azure AD account in Azure account if you're using Office 365 and you're going to want to link it to the same organization. And so when you do that you're going to apply the credit. It's going to create a new subscription for you and that subscription includes that $5,000 credit. And then you need to link any services you have to that subscription. So if that's your only subscription any time you create a new service it's going to get reapplied to that particular subscription. If you have multiple subscriptions you might have to change which subscription is being used. So if you already have one and you do this then you're going to have to change which subscription any new service you're adding is on. And you can do that just by editing the service itself within Azure. Okay, so that's what I have about getting the actual donation. We're going to move on to what is Azure. But before we do that do we have any questions, Susan? We do. We've got a couple of questions. And I think some of these are about the $5,000 credit in terms of how far will that go. And I'm not sure if you're going to be addressing the pricing of everything, but someone has a question. For a small organization how far would $5,000 go towards what might be needed for them? Got it. Yeah, I can absolutely answer that question. So the $5,000 credit is going to be good for if you're doing virtual infrastructure which we'll talk about two servers or so will be covered with that $5,000 and it will go a long, long way if you're using other services. We'll talk a little bit more about that as we get into what to do with Azure. Great. Thanks. One more. This is specific. Walter asks about is it available for disaster recovery in New York? Yeah, so all the US-based data centers are available. And so you can certainly use it for disaster recovery. We'll talk about what disaster recovery actually looks like in Azure later in this presentation. The data center selection itself is that you want to pick a data center kind of close to you. There's not really much of a ramification for using US West versus US East unless you're doing very specific kinds of things that are latency sensitive. But it does actually make a difference if you're an international nonprofit you might want to pick a data center that's in your country particularly for Germany and China where there are specific laws about data needing to stay in that country. And in Germany and China there are special data centers that aren't owned by Microsoft that meet those particular requirements. Great. Thanks. Okay. So let's continue and let's talk about what Azure actually is. And we're going to talk about this in terms of what the kinds of clouds are and then we're going to map that to Azure Office 365. So the big things we're going to talk about here are infrastructure as a service, platform as a service, and software as a service. These are the kinds of clouds sort of technologies that are out there. And I think it's important to understand the differences in order to understand the appropriate path for your organization because some of these different approaches cost more or are difficult to manage. So we want to make sure you know what you're getting yourself into. Just to put this into a little bit of context, Office 365 is what we call a SaaS or a software as a service solution. It's available directly to end users out of the box. It's useful for your organization. For Azure, Azure provides infrastructure as a service and platform as a service tool. And you can see here that some problems can be solved with either approach. So I can host my files by signing up for SharePoint and moving my files to SharePoint. That's a software as a service solution. Or I can keep my files in a Windows 2012 server that's running in Azure on a cloud server. That's an infrastructure as a service solution. So there's a lot of different ways to approach each problem. Office 365 is software as a service. Azure is infrastructure and platform as a service. So we touched briefly on software as a service. These are tools that were built from the ground up to be accessible in the cloud. They're usually licensed per user. You're already using all these things, Facebook, YouTube. These are all software as a service tools, usually accessible in a web browser. Infrastructure as a service is really what I think most people think of when they think of Azure. When you think of Azure you're probably thinking cloud servers. I want a server running in the cloud. And you can use it for that. These are rough building blocks that IT administrators can use to build the backend infrastructure for nonprofits. So the most part, these are the same tools you already have access to, but they're in the cloud instead of on your local machine. And they have names like cloud server or cloud network, cloud desktop. You recognize these things. We're just sticking cloud at the beginning. Now infrastructure as a service tools are pretty expensive. There's still a lot of dedicated resources that are involved in providing a cloud server. It's not as multi-tenant as Office 365 is. So it's not always going to get your dollar to stretch the furthest. But often you can forklift what you have right now and just move it into infrastructure as a service. And we'll talk about what that looks like. Platform as a service on the other hand are building blocks primarily intended for developers. So these are technical tools that developers are using to build applications. So when I say Azure SQL, that's platform as a service. Or Azure Web Services, that's platform as a service. Azure Biz Talk, platform as a service. These are tools that really aren't useful to consumers and they're not even useful to IT administrators. They're useful to developers who are building what they want to build. And in this presentation we're going to talk about how to address infrastructure as a service and platform as a service in Azure, and what maybe would be useful within that for your organization. So I do want to start with a bit of a warning here. I want to make sure that not everyone jumps directly to using Azure. It's not the right solution for every nonprofit. It's expensive often. A lot of organizations would need, if they wanted to stick everything in Azure it would be more expensive than it needs to be. And it's also technically complicated and it may not be the low-hanging fruit. It may not be the easy way to approach your problem. So I really want to encourage you before you take a look at Azure, make sure that you've already implemented Office 365 or Google Apps if that's your preferred platform, but some kind of cloud-based productivity tool. Make sure you've tackled that before you move on to Azure. Much easier to do that. It's going to have a much bigger impact. And then for anything before you move it to Azure, make sure you've really looked at a software as a service solution. So before you move your 15-year-old access database to Azure, look in the market and see if there's something that might meet your needs that's actually web-based and wouldn't require you to set up a cloud search. So just keep that in mind. When you move to Azure you're still going to be managing things. So just because it's not on-premise doesn't mean that you're not going to continue to manage a server and all the rest. So you really want to make sure that you're prepared for that long-term commitment. So these are the four sort of use cases we're going to talk about today for using Azure. We're going to talk about using it as a modern authentication environment. We're going to talk about it for hosting something that doesn't fit into the software as a service bucket, either because it's too old or it doesn't really work over an Internet connection. We're going to talk about backing up and extending your on-premise infrastructure. So this is business continuity and disaster recovery backup. And then we'll talk about building applications from scratch in the cloud. Okay, so before we jump into authentication with Azure, Susan, are there any other questions we should stop for? Susan, perhaps we can answer this question. It's a more technical question about the credit and how it shows up when people are selecting the apps. Within Azure, they're wanting to know where they would see that. So whenever you add a new item, so a new virtual server or a new storage account or a new BizTalk service, whatever it is, there's actually a dropdown there for the subscription. And it will show all the active subscriptions that you have. And you can actually go back and edit anything else and change that subscription. Now there are some things that you're not going to see a subscription on because they're built differently. The big one for that is Azure Active Directory. Azure Active Directory is not built in the same way. Got it. Thank you. One more quick question. And this is about Office 365. And Greg has Office 365 and they signed up for the $5,000 offer. Can we talk a little more about linking the Azure? They have with Office 365 and making that connect. What a beautiful segue. Okay, so let's talk about Azure Active Directory. So Azure Active Directory is a back-end authentication. It's something called a cloud-based identity. And if you were already using Office 365, you were already using Azure Active Directory. So you already have users and passwords that are being stored in Azure Active Directory. This is all included. By default you have an Azure Active Directory basic license. That's what's included. Now Azure Active Directory does allow you to do more than just manage Office 365. We can connect third-party apps to Azure Active Directory. We can also, if we're using Windows 10, we can log into our computers using our Office 365 username and password, something called Azure Cloud Join. But Azure Active Directory is not the same thing as on-premise Active Directory. And I'm really sorry. I didn't make the decision to name everything the same thing. This is something that Microsoft really likes to do. But Azure Active Directory is not the same thing as Active Directory. So Active Directory is something that runs on a server, right? Windows Server 2008-2012. You use Active Directory users and computers and sites and services to manage it. You can join your computers to a domain and you can do group policy. On those machines you can control very specific minute settings on those machines through group policy. And Azure Active Directory isn't that. Azure Active Directory is a native cloud service. It lets you integrate cloud-based applications which I'll talk about in a minute for authentication. And it also lets you manage Office 365 and you can do some limited device management which I'll talk about as well. If you have on-premise Active Directory you can synchronize that with Azure Active Directory using a tool called Azure AD Connect in which case your username and passwords will be the same in both environments. But the two do kind of stand alone. Now if you want to manage third-party applications with Azure Active Directory you can certainly do that. There's a standard called SAML, S-A-M-L that's used to authenticate that. So for instance we use Salesforce internally and when I log into Salesforce I get redirected to the Azure AD login page and then I put in my username and password and then it lets me into Salesforce. And if I'm already logged in to Office 365 then I'm already logged into Salesforce and it doesn't ask me to log in as well at all. Most applications support SAML. It's pretty standard these days so it's a great way to reduce the number of user names and passwords that you're using. And this can actually be done even with the free Azure Active Directory solution. You can also use Azure to manage your devices. There is a license that you actually purchased through the Office 365 portal called Enterprise Mobility Suite. And the Enterprise Mobility Suite includes Cloud Intune which can be used to manage your devices. So this gives you very limited control. It's not the same as group policy. Again there's a difference between those two things but it does let you make sure that devices are encrypted. It lets you make sure that you have Windows updates running, etc. And you can even set up conditional access so that users can't access Office 365 if they're not on a device that has an encrypted hard drive or has a strong password policy, etc. So this is all what's possible with Azure Active Directory authentication with Azure. So let's talk about a particular use case. This is a made up organization. So this organization is called In the Woods for Good. They don't have any full-time staff. Their staff are all over the country. And they use QuickBooks, CampBrain, and Email along with a few other web-based tools. So they're using Office 365 for Email and Files I am. And they're also using it for voice over IP phones that's something you can do now with Skype for Business. You can dial out to normal phone lines with an E5 plan. And they're also using the Directive Directory to manage their devices, to make sure that that camper privileged information is on encrypted devices and it's not being emailed around unsafely. And also to give them a single sign-on to QuickBooks and to some other applications that they're using. So they don't have to remember 12 different user names and passwords. Okay, so maybe we'll pause here, Susan. We're going to move on next to talking about replacing servers with Azure. Are there questions specifically about Azure Active Directory and authentication? I think we have a couple of questions about specific things in Azure and for the youth. I think we can hold those until the next section. So let's talk about using Azure to replace our servers. This is what most people think about when they think about using a cloud-based server. So we take Azure. We have this data center that Microsoft is running. And we spin up a virtual machine, a virtual server, Azure Running Server 2008 or Server 2012. You have full administrative access to that machine. It's got a start menu. You can install roles and all the rest. It doesn't really know that it's running in the cloud. It just thinks it's a normal server. And then we can set up a VPN connection between your office and the Azure cloud so that you can actually see the server. And you can remote desktop into the internal IP address of that server. And all of your client applications can access that server directly. So this is really what we think about. The problem with this is that the VPN solution usually doesn't work. And the reason for that is that most tools aren't designed to work over an internet connection, over a VPN connection. So if you've ever tried to use QuickBooks or Petri over a VPN, you know, it's not designed to work on a latency-heavy kind of connection. The other problem is that it's pretty expensive. So that $5,000 a year credit will get you about two servers and a VPN. That's what it's going to cover. A very low-powered VM, like 2GB of RAM and a 20GB hard drive is going to start at about $100 a month. So that adds up pretty quickly. That's not really enough to do much. So this is often not the direction to go, but sometimes it is useful. So let's talk a little bit about when to use it and when not to use it. So Active Directory and anything that runs in a web browser are going to work great using this VPN kind of setup within your server. So if I want an Active Directory server, so this is not your Active Directory which is limited. This is full Active Directory. I can do that by spinning up a virtual machine in the cloud, installing Active Directory, setting up a VPN connection to it. And my computers will authenticate it against it just fine. Works really, really well. So no issues there. And then anything that I have in a web browser will work fine as well, Dynamics, CRM, CV, Sugars, CRM, websites, etc. That will work great in this kind of scenario. Peach Tree, QuickBooks, Access Databases, anything that's a client server model where you have some kind of client application that's running on your machine connecting back up to the cloud tends to be pretty temperamental with this kind of solution. Now there is a workaround which is to use a terminal server which we'll talk about in a moment. So if your application fits into a category of not working over a VPN, then you have a couple of options. One is to redesign your application to take advantage of platform as a service tool. So you could rewrite your Access Database to actually run in the cloud, to be native in the cloud. We'll talk about that later. You could also find a software as a service alternative. So these days there is a cloud-based, web-based database for just about every kind of nonprofit that's out there that will probably meet your needs and cost a lot less than moving to Azure. So that's the place we recommend starting. But if that's not an option, you can use a cloud terminal server. That works like this. We have our Azure Virtual Network with a server in it. And then over the Internet we're using our remote desktop client. And it's built into Windows. You can download it from Mac. And I'm connecting to that terminal server. When I'm using a terminal server it actually looks like I'm logged on to my local computer in that I have a start menu and all the rest, but all of that is running in the cloud. So when I click on the start menu, I'm not actually doing anything on my local computer. I'm telling the cloud server that I just clicked my start menu. The cloud server sends back a picture of the screen with that start menu open. And then I just work in it normally, but I'm connecting to a cloud-based server. That works pretty well. There's also a technology called Remote App. I don't recommend that any of you use this, but you're going to see it and wonder why I didn't talk about it. Remote App is kind of like a managed terminal server, but there's a lot of overhead involved, and it's pretty expensive. There's a minimum number of seats, and there's a complicated management. We have to build images and roll them out. It's quite complicated. So I wouldn't recommend that you move forward with Remote App. So if this is something that you want to do, I would stick to the terminal server solution for right now. So let's talk a little bit about Tech Impact. So this is my organization. We're 50 people. We have four sites, and a lot of mobile users. We have a remote management and monitoring tool. We use Salesforce for just about everything, QuickBooks Online. We have a super cute office dog here. I'll show you. This is Peanut. This is my coworker, Linda's dog. This is in the office. Not quite enough. So we use Office 365 for email, files, and chat. We use Azure Active Directory to manage our mobile applications, and single-site on, so that's how I log into Salesforce, and Expensify, and my RMM tool. We actually use multi-factor authentication. So when I log in, I have to approve the request on my phone or with a text message in order to get into Office 365 as a security measure. And then I use a terminal server for QuickBooks. So I have a server in the cloud in Azure that easily runs under that $5,000 a year cost. And that has QuickBooks installed, and then we remote desktop into it, and that's where I access QuickBooks. Because we use QuickBooks Online, it doesn't have enough functionality for us. We have multiple people in multiple offices, and so that's where we keep it. We also have a web server in the cloud that we're using to host our remote management and monitoring tool. So we're using Azure Infrastructure as a Service pretty extensively. Okay, so we're going to talk next about Azure for Disaster Recovery. Any questions before we continue? Yeah, I'd like to – we had a couple of questions from Alexander about Azure and processing data. And I think we chatted a little bit about this before we get started, but the recommendation they're asking for is, would Azure be a good choice for processing Excel data? Okay, so I would say that if you are trying to use Excel for something that doesn't really work well on a local computer, you're probably not using Excel for something that was designed to do. And that throwing resources at it is probably not the most effective thing. There are a lot of better tools for complex data manipulation, including Power BI that's available as part of Office 365, that's a Business Intelligence tool, or potentially SQL Analytics and Reporting Services. And if you're using an access database for that, it might make sense to keep the data in a SQL database and use more sophisticated reporting tools. All that being said, if you really wanted to just throw a lot of extra processing power at it, you could create a terminal server with a lot of RAM and CPU power and install Excel and run your calculations there. It's just going to be an expensive way to solve a problem. It's kind of using, I don't know, like using a potato but a really big potato to hit a nail. How's that for an analogy? Thank you. That was a great analogy. Thanks. One more quick question. We've had two questions about mobile device management and Azure. Could you talk a little bit about that? Sure. So inside of Azure, there's a feature called Intune. And Intune is Microsoft's MDM mobile device management platform. Intune lets you do a few different things. But really it's not designed to give you full control over the machine. It's designed to make sure that all of your devices are compliant with any kind of security needs you have. So let's talk about my organization. I have a Windows 10 desktop. And my Windows 10, we don't have an Active Directory server. We don't use group policy. So what we have is we have cloud-joined devices. So my Windows 10 machine is joined to the cloud. I log in with my Office 365 username and password. When I do the cloud join, my device is enrolled into Intune. And when it's enrolled into Intune, it applies a configuration policy to my machine. And that configuration policy makes sure that my computer is encrypted, that my hardware is encrypted, that I have a strong password policy set, that I'm using a PIN code to verify my identity when I log in. And a few other features like I've got Windows updates set up and I'm using Windows Defender for my antivirus. Once that configuration policy is applied, I can view in the Intune portal all of the devices that are connected to my Office 365 instance. And I can tell which ones are in compliance and which ones are not in compliance. So that's a nice feature. The other thing I could do, which we don't do, I could turn on conditional access, which basically says unless my device is enrolled or the device doesn't have to be enrolled but users have to manually set up their devices to meet certain security requirements. So unless the device is encrypted and has Windows updates enabled and all the rest, then the computer is not allowed to access Office 365. So I can go to the SharePoint website maybe but I can't download any files and I can't edit anything and anything other than a web browser. And I can't use Outlook but I can use Outlook Web Access. So that's a pretty new feature. The conditional access piece is supported in Windows and conditional access in Mac OS X is coming soon. The compliance policies is supported in Android and iOS and Mac OS X and Windows devices. And I think we can move on to the next section and hold the – there's just a couple more questions I think are appropriate for your next section. So let's talk about Azure for disaster recovery. This is a little bit of a technical kind of section so just bear with me here because you will get back to interesting stuff in a minute. So there were three main approaches to disaster recovery. None of this is specific to Azure at all. It's just important to understand. There's data level replication. So what that means is that I have an application and that application is designed to be redundant. SQL is a frequent way of doing this. So I have a SQL server and then I have a second SQL server that is on all the time and I'm using a technology in SQL called Always On and it's replicating data. So whenever I enter a new row into my table in one SQL server it then pushes that row to be updated in my other server. And they're both up and running at the same time. When I use this I have an RTO, a return time objective, of a few minutes to a few hours. I can get up and running very quickly after something happens. Sometimes it can be almost instantaneous depending on how it's set up. The next option is to do something called VM level replication where I am – everything is running as a virtual server and I'm making a copy of my virtual server somewhere. It's in the cloud or it's in another site. And so if something happens I can bring up that virtual server in the other location but I've got to reconfigure a lot of stuff. It's going to take me somewhere between a few hours and a few days to get back up and running. And then I have backup which is what people often think of when they think of disaster recovery. And backup takes a very, very long time to recover from. So we have organizations who get crypto lockers sometimes. And when they do that it can take a week or more to get back up and running because you have to restore all the data which takes a long time. And then you have to reconfigure the permissions and all the rest. It can be really a pain. So backup has an RTO of at least a few days. So in Azure you can handle this in a couple of different ways. The backup piece is really easy and it's really cheap. So the cost in Azure for backup is $25 per device plus around $25 per terabyte of data. And if I'm running Server 2008 or Server 2012 or Windows 8 or Windows 10 I can install or just use the out-of-the-box backup technology and I can do backups to Azure up to 3 times a day. And it's going to backup all of my data. I can even do image level backups to Azure. And it's basically free. So $25 a server plus 25 terabytes a month it's going to take a long time before you hit that $5,000 cap. So this is a nice option. It's going to take a really long time to recover if you need to get your data back so keep that in mind. Moving up the complexity I can use something called site recovery in Azure to do VM level replication. So if I have a VMware server or Hyper-V server I can copy those virtual machines up to the cloud. And when I do that I'm going to pay like a $10 fee per server per month and then I'm going to pay for the storage. There's that $25 per terabyte storage fee. But I'm not going to actually pay for the processing power of those virtual machines unless something happens that I need to bring that machine back up. So if I have a Hyper-V or a VMware server I can do relatively frequent full backups of those virtual machines move them up to the cloud and then I can just start them up when I need to see what something happens. And as long as I already have a VPN configuration up and running I can probably get things operating again, maybe a little bit slowly because it's in the cloud instead of on-premise, but I can get things working again in a few hours. So that can be a really good option. It's very, very cost effective. Data level replication is more complicated. Because it's happening within the application itself your cloud server needs to be on all the time. So if you want to do data level replication with Azure you're going to need to have a server running in the cloud that you're paying for all the time and for the data. And then that backup is usually happening constantly or every few minutes depending on the technology. This is really pretty easy to do for Active Directory. You can just set up an Active Directory controller in the cloud. You can do it with SQL Always On where SQL is replicating data to another SQL server that's built into Microsoft SQL pretty straightforward. And you can do it with files as well using a technology called directory file synchronization which is built into Windows Server. So those three things are very easy to do this kind of replication with. Other things might take more work and you might have to talk to a software vendor about that. So let's take a look at another case study. This is a made up organization called Baby Steps. I made all these icons. I want to get credit for that. So it's a very large currenatal support organization. Hundreds of staff. This is a big organization. And they have a lot of mandated tools that they have to use. And they have an HMIS like really expensive to keep that in the cloud because there's three front-end servers and a bunch of back-end data servers. It would be thousands of dollars a month to run that all the time in the cloud. They teach you accounting. So for that organization they're using Office 365, Active Directory. They're using Site Recovery for that on-premise HMIS system. So basically they decided that if something happens on-premise they need to be able to get back up and running very quickly in the cloud. So every 15 minutes they're replicating their virtual machines to the cloud. And what that means is that they can get back up and running probably within an hour or two if something happens on-premise. And I would point out that they've actually tested this and it didn't work. And so they had to do it again and it still didn't work. And then they figured it out and they documented the process. So make sure you do that. These disaster recovery plans are useless if you're not testing them. And then they're also using a virtual machine as a cloud domain controller for all the sites. They have a bunch of different sites. They don't want to have a server at each place just for domain control. So they have a cloud-based domain controller and that domain controller is running Azure Active Directory sync as well to sync to Azure Active Directory. Okay, so that's what I've got for disaster recovery. I want to talk about building software with Azure. But perhaps we'll take a moment for some questions. Great. Thank you, Sam. We do have a couple questions and I also want to thank everyone for chatting in their questions. And for some of you, I know that as you're learning this information and as you're acclimating some of this new vocabulary as I am, don't be afraid to ask your questions. Sam's happy to answer them. And I really want to give a shout out for the people that are saying that they're not really sure if you've answered the question yet that they still want to ask. So there's about three questions I'd like to address. The first is from someone in Canada and they're looking to have a national database to be accessible by all of the staff across Canada. And they were going to use Access because they use Office 365. Do you know if more than one person can access a database at the same time through Azure? Great. That's a really good question. So what I will say is you could potentially create a terminal server in the cloud that had Microsoft Access running on it. And then your users could all launch Access and be in that database at the same time. But I also want to say that this is a really good example of how Azure can actually be detrimental to nonprofit organizations. Because in some ways it allows you to do things that just really aren't a good idea. It's not the right way to do it. So Microsoft Access, and I will probably get hate mail for saying this, is not a good solution for databases for nonprofits. It runs on a local machine. The reporting capabilities are not really very good. It's difficult to manage and to maintain an Access database. And so what I would really strongly recommend that you do is look for a cloud-based database, a web-based database that's going to do everything you want to do. It will be less expensive, both in the short term and the long term than using an Access database. And it will be much easier to access because you don't need to log into a terminal server or anything like that. You can just go to a website. And if you need any help finding a cloud-based database, you can contact us or you can use Google. But I would really encourage you to try and find a software as a service solution. And that goes back to what I said at the beginning of this presentation. Before you use Azure for anything, see if there's a native software as a service, a native web-based built from the ground up to be a cloud-accessible solution for whatever it is you're trying to do. I hope that answered the question. Thank you. Another question is, would Azure's backup solutions be HIPAA compliant? Yes, so Azure is HIPAA compliant. Microsoft will sign a business association agreement, although I think it's called something different now. And there's a specific list of all the services that are included. Anything that's in Azure can be HIPAA compliant. You need to make sure you're using it in a HIPAA compliant way. If you back up to Azure, but everything is accessible by anyone in the organization, then you're not HIPAA compliant. But the tools themselves are HIPAA compliant. Great. And one more question. How secure is the data that is backed up in the data center using Azure? I mean, what I would recommend you do is you go to the Microsoft Trust Center, and it tells you all the standards that they comply with. The government is now keeping data in Azure, so I would say there aren't a lot of safer places. I mean, I'm sure it's similar to the Amazon data centers and all the rest, but there's biometric authentication, and they're doing intrusion detection and prevention, and they've got all these security teams. I mean, it's a lot better than what you're going to have on-premise. I want to answer one other question that I see here. Could a small 20-person organization without a server switch to using Azure AD in the cloud as a server? I think that's a really important question because I think that really highlights the direction that Microsoft is going. Yes. So if you don't have a domain controller, or even if you do have a domain controller, but you have a small number of users, and you're mostly looking to do centralized login, so everyone's logging into each computer with the same username and password, or rather I can take my username and password and log into a different computer with it. And maybe I want to make sure that the devices are secure, but I don't need to control what the desktop background is and how long the screen timeout is, those very detail-oriented things that group policy is required for. You can manage your environment just with Azure AD. So for small organizations, you no longer need Active Directory. You can just use Azure AD. I think that's a really, really important point to make. So let's go ahead, let's continue, and let's talk about building software with Azure. So this is a bunch of stuff. These are a bunch of developer building blocks in Azure. Things like databases and web hosting. Without having a server, I can actually create a website. I certainly need to program the website from scratch, but I can host it in Azure very inexpensively. Rather than needing a server that I then install IAS on and all the rest, I just have a server. Low balancing, and then there's crazy things like there's APIs for motion detection where you send the API a picture of someone's face, and it tells you there's a machine learning algorithm and it says whether or not that person is happy or sad or excited or whatever. There's machine learning. There's Internet of Things processing where you can send a million events a second and it'll log all that in a database and I'd actually do something with it after the fact. None of this is even a little bit useful for you, but it can be very useful for developers to build applications. So for a long time I always said development is a dirty word. Don't do software development as a nonprofit. And I think this goes back to me being really anti-Microsoft access database. When you write code you're going to have to support it forever. You're going to have to always be writing code. You are not going to write code better than someone who really knows what they're doing. It's not a core competency for nonprofits to write software. So I really, really always tell organizations to find something out of the box that meets your needs. And then within that application, customize it. Basically any software as a service database if I'm using Donor Perfect Online or Salesforce or whatever, I can add fields and objects and customize it to meet my needs. But it's point and click customization. I don't have to write code. So you really want to find a software as a service solution whenever you can. But these days I'm changing my tone a little bit. And here's why. I think that technology can be a force for good and change in the world. It can actually help the direct service work that you're doing. But people who are software developers probably don't really understand the problems that you're facing and the problems that your constituents are facing as well as you do. They're not going to really be writing software that solves those problems. So there might be room here for nonprofit organizations like yourselves to really understand the problems that your constituencies are facing to write software to solve specific problems. So we're talking about using software to address your constituents' needs. So just to go back to my previous warning, don't program anything that's an operational tool. So if you need an internal database to track your donors or your service delivery or whatever it is, don't write it from scratch. Use something out of the box or build it on Salesforce. Also please do not program a website. You don't need to program a website. You can first of all, most organizations use like Weebly or Squarespace or whatever. And then if that doesn't work for you, you can build something in WordPress or Drupal and find a WordPress or Drupal hosting company who will keep it updated and manage it for you. So please don't write a website. But you might want to write a custom application to change how you interact with your constituents. And you might also want to build really complicated data engines. So I'm working with a nonprofit right now. They do interventions in schools and they track who they are mentoring and the ways in which they are mentoring and each interaction with that student. And they also recently got access to the school's data system so that they can pull out attendance and grade information for the students that they are working with. And we are actually helping them combine that information in the cloud into a database so that they can see, they can line up the impacts, the interventions they are doing with the outcomes for those students and understand what's working and what's not working. There's no out of the box application to do that. But through some development it's possible. So if you're going to write this stuff, Azure can help. And Azure can help because it provides building blocks rather than forcing you to do everything from scratch. So common things like I want my users to be able to log in. Well I could spend 20 hours writing a login system or I could use an authentication service in Azure to do that for me. Or I need a database. Well I could install a server on-premise, install Azure SQL, and then put a server there and then I'm going to create a second one for redundancy in another location. I mean that's a lot of work. Or I could spin up an Azure SQL instance that does all of that for me. So it can make it easier to build these things. So let's take a quick look at another one of these case studies. So this is Connectedots, another made-up organization. So Connectedots is four full-time staff. It's small. And they put volunteers on the ground very quickly after a disaster. And within 48 hours of that disaster they're going to create a database of local organizations providing services. And they want to make that database accessible to the community. So they built an application that uses two Azure technologies, Azure Bot Framework and Azure SQL. So basically they enter into the Azure SQL database a list of all of these local organizations and people. So Sally on Front Street has a ton of pillows and you can get a pillow from Sally. And this food pantry has 12 beds and maybe you can find a place to sleep there. And they put all this information in this Azure SQL database. And then they've written this thing using this Azure Bot Framework which is an easy way to make interactive. This is a real thing. As a developer I can make an interactive chatbot so that I can text the chatbot or I can go to a website and type into the chatbot questions. And it will actually go into my Azure SQL database and try to answer the questions. So I can text the chatbot. Hey, do you know where I can get some pillows? And the chatbot figures out that it's a question about pillows, looks in the SQL database to find that particular resource and then can send back information. And then if the chatbot can't figure it out it can escalate to one of the volunteers on the ground who can answer through a web portal or through their cell phone. So building an application like this would have required like several PhD computer science developers and several years worth of time previously. But now we can connect these out-of-the-box tools. A developer with moderate skill can glue these things together rather than having to write everything from scratch. I know that that's technical. It's beyond what most organizations are going to be able to do right now but I think it's important to realize the potential of some of these technologies. So let's talk about what to actually do if you're interested in Azure. So I want to stress you should start by creating a list of your services. So anything that you're running on-premise just create a list of all those different things and then you want to map that list against what's out there. So if it's Azure Active Directory, if it's Azure Infrastructure Service, whatever it is, that's fine. But try to find some kind of out-of-the-box tool. So if I have an access database to track my donors, well maybe I should look at a cloud-based donor management system. Or if I have a case management system, let's look at a cloud-based case management system before we go to Azure. The first steps that many organizations will do is to implement your AD and set up a VPN. That's like a very simple straightforward thing. And then sign up for that $5,000 trial and play around. This is a great opportunity for you to try some things without needing to go to your board of directors and get approval for a major expense. So get started, create the trial, and start to learn some of these skills. A bunch of information here that's my email address, Linda, who manages a lot of our education initiatives. If you have a question about our services you can reach after her. And then a ton of links that you'll get with the slides on some next steps, how to learn about Azure. Okay, and any last questions? Sure, thanks, Sam. We do have a couple more questions before we wrap this up. So the first is about the subscription. Is EMS included in the Enterprise 3 subscription? EMS is not, it's an add-on. It's that $1.65 per month user add-on. Let's see. The other question is, does Azure Backup Recovery consist of image backups of the server as well? You can do image backups using Azure Backup and Recovery. Great. And let's see, one more. Can public schools apply for Azure trial and credit? Public schools fall under a different classification. If you're eligible for Office 365 with the non-profit offer, then you're eligible for Azure. And there's other eligibility, other eligible areas are coming soon. Okay, great. And this is a question, I hope I've understood the question. Do we have the ability to provide our current Microsoft Office 365 in the TechSoup program with all the new features that are available, Microsoft Flow, Stream, and others? I don't know about Stream, but Microsoft Flow I assume is like Power Apps and Flow and SharePoint. This is really more of an Office 365 question. I can tell you that the ProPlus Office that you can get from TechSoup is more or less identical to the version of Microsoft Office that you can rent from Microsoft through Office 365. The one that you purchase from TechSoup doesn't get updates quite as frequently, but it does get all the new features. So they're more or less equivalent. All right, got it. And I think we are going to, one more question. I think there's one more question here from someone who runs an application on their own Azure server. Do we need to back it up for disaster recovery? Yes, you absolutely need to back up Azure. You can back it up in a couple of different ways. You can actually use Azure Backup to back up your Azure server. If you do that, you want to make sure that the backup location is in a different data center than yours, your server. So you just out of an out of a caution, you can do that. The other thing you can do is you can use a third-party backup tool to back that up. So we have put books in our terminal server, and I do do Azure Backup, but I also do QuickBooks, or I also do Mozi Pro. So I use Mozi Pro to back up our accounting data just to a totally separate system where I know it's safe and where I'm not going to accidentally delete something because I'm playing around in the portal. That's a good question. Thank you. And someone did have a question about where to get more information on Azure for beginners. And I know we've got all of those links in the PowerPoint which we will send out. We did attach the PowerPoint to the reminder email that went out an hour before the event, but we will also include all of those links, this PowerPoint, and a link to the recording of this event for everyone that will be sent out in a couple of days. So I want to reassure everyone that if you didn't get all of the information the first time because it was pretty, there was a lot of information in this presentation. And I know I need to watch it at least nine times. So don't worry. You'll be able to watch this again, and you'll also be able to email Sam or Tech Impact if you have additional questions. So I do want to start to close out. There was a lot of information shared, and just identify one thing you learned in today's webinar, or one thing you're going to try to implement. And as you're doing that, I'm going to go through a couple of things that are new to TechSoup. We do have a new online training platform, our TechSoup courses. And we encourage you to go there. You can access lots of training. There's some Tech Training courses, and there's also a series of Tech Planning courses that just launched in our online training portal. And we have some upcoming webinars and events. We have a webinar tomorrow for libraries, Broadband Planning for Libraries. Enough is never enough. Next week you should join us for our Tableau webinar. That's about data visualization. And next Wednesday we have a technology planning for nonprofits introduction where we are going to have Idealware, and their Tech Planning course highlighted and explain to you how you can assess, and then develop a Tech plan for your nonprofit. And then we also have next week what Microsoft Cloud Services can do for your nonprofit. So the next few weeks are pretty busy here at TechSoup, and we invite you to join us and learn more. We also want to thank you for your time today. We know the most valuable thing you have is your time. You're busy. You work in nonprofits and libraries, so thank you. A huge ginormous thank you to Sam. Sam, thank you so much for this really informative and very complex presentation. I know that folks will be able to use this moving forward, and I hope they do connect with you to ask any other specific questions. Becky, thank you so much on the back end for doing all of the tech support and answering questions. You have been amazing. Thank you very much. And a quick reminder, I know a lot of you are jumping off right now. There will be a survey that pops up. I do want to encourage you to take the survey. This is a way TechSoup and Tech Impact can get better, and continue to provide you with the content you need. So take the time maybe 60 seconds to do that survey so we can keep doing this, and get better at doing it. So thank you everyone. Have a great rest of your week, and thanks to ReadyTalk for sponsoring our webinars. Bye-bye.