Master & Cmd-R

Migrating to Office 365: The Good, The Bad, and The Ugly

Last night marked the launch of a new Cloud / Office 365 user group hosted by the team at Long View Systems – I had the pleasure of being the inaugural speaker, and we ended up having a great discussion around the various migration strategies available when moving email into Exchange Online.

It was awesome getting feedback from the folks that were at the meeting, and we had enough field experience in the room to be able to share our war stories, and talk about the good, bad, and ugly parts that make up the move into Microsoft’s cloud.

Hope you enjoy the show! 😀

Force ADFS Database Sync

This’ll be a quick one – I ran into an issue last night where my secondary ADFS servers were not updating their database settings from the primary, and hadn’t updated in over 10 days. This was causing problems, as I had made some changes to ADFS to configure Yammer SSO, and the correct claims rules weren’t being applied if users hit the wrong server.

I checked the Poll Duration in PowerShell, and found that it was set to the standard 300 seconds (5 minutes), and not some insanely long interval:


I tried changing to a shorter poll interval by using the following command:

Set-AdfsSyncProperties -PollDuration 10

This drops the poll duration down to 10 seconds, so you’d think that it would update pretty quickly. Sadly, if a server is already not syncing at 5 minute intervals, setting a shorter sync still doesn’t change anything.

After looking around the web, I couldn’t find any options to force a database sync either through PowerShell, or through the GUI. Thankfully, the resolution to the problem is actually quite simple – just restart the ADFS services, and this will force the database to resync immediately.

Since I was already in PowerShell, I restarted the service using the following command:

Restart-Service adfssrv

You can, of course, just restart the service through services.msc – but I like using PowerShell whenever I can, so there you go!

OneDrive now Supports Syncing Shared Folders

In a surprise move (to me, at least), Microsoft has enabled a feature in OneDrive that allows you to add a folder that has been shared with you into your OneDrive folder hierarchy. I’m not sure when this got enabled, but I only just noticed it, and man, am I excited to see this feature go live!

In my opinion, this is one thing that has been sorely lacking from OneDrive, and I’m so happy to see the OneDrive team continue to add great new features like this.

To add a folder to your OneDrive library, simply navigate to your Shared items, select the folder you want to add, and then click on Add to my OneDrive. This option only appears for folders, and doesn’t show up for individual files.


 

A popup notifies you that you’re going to be adding a shared folder to your OneDrive, and you will now be able to sync it with the rest of your library – so awesome!

Click Add folder, and then hang tight for a few seconds while it gets added to your library.

Voila! The folder is now available from within your OneDrive in the browser, can be synced down to your various PCs, Macs, and mobile devices!


 

Now, I know what you’re thinking… “Dropbox has been doing this forever” – well, you’re right. I’m not saying this feature is brand new, and not seen anywhere else – I’m just excited to see Microsoft make this change to make OneDrive, and its sharing features much more user friendly. This feature has been the top of my wish list since forever, and I’m glad to see it finally show up.

Good job, Microsoft – can’t wait to see what’s next for the OneDrive for Business client!

Yammer user blocking

By default, any user can create an account on Yammer using their work email address and get added to your company network. Most of the time, this is just what you want – however, if you’re in a Proof of Concept, you need a way to control the size of the group who has Yammer access in order to perform your testing in a controlled manner.

Before a user can be blocked, their account needs to be deactivated in Yammer. If you export a list of users from within Yammer, all deactivated users show up as soft_delete. Active users simply show up as active. If the user hasn’t logged into Yammer at all, their account won’t show up in the list of users, but I’ll cover blocking these users below.

Deactivating Current Users:

This can be done one at a time, by typing their name into the search field on the Yammer Admin page, under Remove users:


Select the user to be deactivated, and the action you want to take, and then click Submit.


Once a user has been deactivated, they can be reactivated by simply clicking Reactivate beside their name in the list.


Deactivating Users through Bulk Update

You can also use the Bulk Update tool in Yammer to perform the following actions: create a new user, update an existing user, as well as suspend or delete a user.


The Bulk Update tool cannot be used to block or unblock users – this must be done manually through the Yammer Admin page, under Block Users.

Blocking Users in Yammer

Blocking users prevents them from creating an account on your Yammer network – this is why an active user can’t be blocked, only accounts that haven’t been activated for Yammer, or have already been deleted from within Yammer.

To block a user, simply copy paste their email address into the Block Users field – either one email address per line, or comma separated. This field doesn’t allow you to import a csv file of users, but a csv file can be used to copy/paste the required addresses into the field. Once you have the email address(es) in the field, click Block.

2016-05-05_11-18-02

When a blocked user attempts to log into Yammer directly through www.yammer.com, or by clicking on the Yammer icon in Office 365, they’ll be redirected to the following error page:


Unblocking Users in Yammer

To unblock users in Yammer, simply find their name in the list and click Unblock.


An unblocked user is immediately able to log into Yammer as normal:


As you can imagine, this process is far from ideal – it’s not that bad if you only have a few users to deactivate / block, but what if you had to do this for an organization with thousands of users? That would be incredibly painful to manage – and enabling / disabling access in the future involves scrolling through pages of blocked users to unblock them one at a time.

I really only recommend using this process for smaller networks – if you are planning on implementing Yammer, or have done so in a larger environment, Yammer Single Sign On allows you to allow / deny access based on AD security group. This is much easier to manage, and allows you to control the roll-out, rather than having to let everyone access it right away, and clean up the mess that comes out of that approach.

OneNote: Better than ever, and now even more free




OneNote is easily my most favorite productivity application ever – and most definitely the one application I can’t live without! I’ve been using it since Office 2007, and I continue to love it all the way through to 2013 – even when I was using a Mac exclusively for a while, I couldn’t find anything to replace it, so kept coming back to the PC so I could have my sweet, sweet OneNote back… mind you, OneNote is available on the Mac now, but since I’m running Windows 10, that’s not really the point.


Microsoft continues to knock it out of the park where OneNote is concerned – they’ve made it free, it’s available on just about everything now, and as of today, they’ve made the free version EVEN BETTER!


More details are available here, but this is the gist of what they’ve added:

  • Password protected sections—Add a password to protect sensitive information.
  • Page history—Easily see or go back to prior versions of a page.
  • Audio and video recording—Take notes while recording, and easily jump to the relevant section later.
  • Audio search—Search for a word in a voice or video recording.
  • Embedded files—Insert Office documents or other files directly in your notebook.

By far and large, password protecting sections (or otherwise known as How to Hide Your Christmas List from Your Wife & Kids), and page history are my favorite of these features added today, since they are the ones I use the most.

As always, OneNote connects to your OneDrive account to sync on every possible device that you can run it on – making it one of the first applications I install on any new device I own.

If you’ve never used it before, it’s time to find out what you’re missing – I promise, once you give it a try, you’ll never go back to having stacks of Word documents all over the place!

New Microsoft Azure portal

The new Microsoft Azure portal was announced today at Build 2014, and I immediately headed over to check it out at https://portal.azure.com. I love it! The home page is clean and nicely laid out, very similar to the Windows Start page with live tiles that dynamically update, and give you different options when you click on them:

040314 2125 NewMicrosof1 New Microsoft Azure portal

 

Clicking on the links on the left open up more features and functions:

040314 2125 NewMicrosof2 New Microsoft Azure portal

 

As you drill down, more dashboards and functions open up along the right, allowing you to view the status of your Azure properties:

040314 2125 NewMicrosof3 New Microsoft Azure portal

 

Clicking on the Gallery (bottom left on the home page) allows you to browse all of the available options and quickly provision them. Since the portal is still in preview, you have to return to the existing Azure portal to actually provision a new server or service, but it’s a great indicator of what is coming.

040314 2125 NewMicrosof4 New Microsoft Azure portal

 

This guy is my favorite so far icon biggrin New Microsoft Azure portal

040314 2125 NewMicrosof5 New Microsoft Azure portal

I’m loving these changes – I’m a big fan of software and user interfaces that are clean and beautiful, and the new Azure portal definitely is both of these.

Alongside of these announcements, changes to the Windows 8.1 interface are in the works – the start page continues to get better and better, and I’m going to be hitting that download as soon as it’s available on April 8th.

It’s a good day to be a fanboy! icon biggrin New Microsoft Azure portal
+Jeremy Dahl

OneNote Double Rainbow

Microsoft announced a few days ago that my beloved OneNote has finally, finally been released on the Mac platform! On top of that, it’s now freely available to everyone, regardless of whether or not they have Office installed on their computer!

To me, this news is the equivalent of seeing a double rainbow – OneNote has always been the program that I couldn’t live without, and I have tried many equivalent programs on the Mac, but nothing matches the functionality and ease of use as this amazing program. Microsoft made a step in the right direction when they made the web version, and it has only grown in functionality since then. OneNote in a browser doesn’t’ always do it for me, though, so I’m incredibly happy to have it as a program that can be installed natively.

And finally, they’ve also provided a cloud API for use with the OneNote service – the only one I’ve experimented with so far is IFTT (If this, then that) to send any screenshots I take on my phone directly to OneNote. I actually do this quite frequently if I’m trying to document something from my phone for a blog post, or even just for general documentation. I’m looking forward to seeing what other cool features come out now that people have access to this API…

Great job, Microsoft!

To recap:

  1. OneNote for Mac is available for the first time and for free. With this, OneNote is now available on all the platforms you care about: PC, Mac, Windows tablets, Windows Phone, iPad, iPhone, Android and the Web. And they’re always in sync.
  2. OneNote is now free everywhere including the Windows PC desktop and Mac version because we want everyone to be able to use it. Premium features are available to paid customers.
  3. The OneNote service now provides a cloud API enabling any application to connect to it. This makes it easier than ever to capture ideas, information and inspirations from more applications and more places straight into OneNote, including:

From <http://blogs.office.com/2014/03/17/onenote-now-on-mac-free-everywhere-and-service-powered/>

+Jeremy Dahl

How Windows Azure Heals Itself

Great discussion with Mark Russinovich about how Windows Azure heals itself when it’s sick – this is the magic of Infrastructure as a service (IaaS): it all happens behind the scenes, and you usually don’t even know that it’s happened!

022114_2243_HowWindowsA1.png

(click on the image to be redirected to the WindowsAzure.com for the video)

Delegated Access & Sent items

Keeping sent items in the correct mailbox is a common problem for Exchange users who have delegated access to a shared mailbox, or even Send As permissions on another user’s mailbox. Thankfully, there is a solution to this problem, and it works the same whether your Exchange is on premise, or in Office 365.

The Problem?

Any email that a user sends ends up in their own sent items, and not the sent items of the shared or delegated mailbox. This makes it hard to share a mailbox, as you are forever wondering whether an email has been replied to, and you don’t have the conversation history to go back to – very frustrating!

The Solution:

Note that for this to work, Outlook must be in cached mode – if your email is in online (or non-cached) mode, this fix won’t work.

For Outlook 2013:

Edit the following key in your registry:

HKEY_CURRENT_USERSoftwareMicrosoftOffice15.0OutlookPreferences

Create a new DWORD Value:

 



Name it DelegateSentItemsStyle and set its value to 1.



This fix will also work with older versions of Office, just use the key appropriate to your version below:

For Outlook 2010:

HKEY_CURRENT_USERSoftwareMicrosoftOffice14.0OutlookPreferences

For Outlook 2007:

HKEY_CURRENT_USERSoftwareMicrosoftOffice12.0OutlookPreferences

For Outlook 2003:

HKEY_CURRENT_USERSoftwareMicrosoftOffice11.0OutlookPreferences

Also, if you’re in Exchange 2010, you can set this setting in PowerShell, so that it will take effect not only in Outlook, but in OWA as well. Check this link for more information, but you basically use the cmdlet Set-MailboxSentItemsConfiguration to specify where email is saved once it has been sent. I’m not sure why they removed this from Exchange 2013, because it would be nice to have this globally applied, and not just on a per machine basis, but there you have it… hope this helps someone!

Use PowerShell to find email aliases

Something I run into all the time is trying to figure out who is holding a specific email address or alias – it can get pretty easy to lose track of aliases, as they don’t show up in your list of users either in the admin center, or in the Exchange Control Panel.

I found this great PowerShell command from the Office 365 Community Forums that allows you to generate a list of all email addresses tied to the mailboxes in your tenancy – here it is:

Get-Mailbox | Select-Object DisplayName,@{Name=”EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_ -LIKE “SMTP:*”}}} | Sort | Export-Csv C:\email-aliases.csv

** Note that this script runs against mailboxes, so it will show you the addresses for shared and resource mailboxes, but it won’t tell you what email addresses are used for your distribution groups.

And here is how you run it:

Open PowerShell – the Windows Azure Active Directory Module is required for managing any Office 365 tenancies, so make sure you have it installed:


Log on to your Exchange Control Panel: I’ve found that when trying to manage a tenancy that you have delegated administration rights to, it’s still easiest to log on as the tenant admin (or at least a global admin account), rather than trying to use your delegated account – trying to make the connection jump from your credentials to a client’s never seems to work well for me.

Authenticate: $LiveCred = Get-Credential

102713_1934_UsePowerShe2

Connect to ECP:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection


And then initiate your remote session:

$importresults = Import-PSSession $Session

Once it connects, you can run your script to generate your list of email aliases:

Get-Mailbox | Select-Object DisplayName,@{Name=”EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_ -LIKE “SMTP:*”}}} | Sort | Export-Csv C:\email-aliases.csv

 

** Update **

If you have more than 1000 users, you’ll need to include the “ResultSize Unlimited” switch to your command, like so:

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName,@{Name=”EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_ -LIKE “SMTP:*”}}} | Sort | Export-Csv C:\email-aliases.csv

You might want to change the path that you’re saving to, depending on how your system is configured – if you don’t have permission to write to the root of your C:, then just change your path to c:\users\yourusername\desktop\email-aliases.csv

Disconnect your session – when you’re finished, either run the following command, or just close your PowerShell Window – the session will time out and end after a while, but it’s always best practice to close the door when you leave:

Remove-PSSession $Session

That’s it – enjoy!