Master & Cmd-R

MVP 2018-2019!

What used to be my annual New Year’s Day obsession has now moved to July 1st:

The Microsoft MVP community is an incredible bunch of folks who are both really smart and genuinely love sharing their knowledge with the broader community. It’s definitely an honor for me to be renewed once again, and I’m looking forward to another amazing year in Office 365!

Microsoft Flow: Tweet New Posts from WordPress

While looking for a new plugin to post to Twitter whenever I publish a new blog post, I decided to give Microsoft Flow a try – here’s what the process looks like:

Log in to Flow (or create a free account) – you can search the gallery of templates if you like,

or just click on my flows and then create from blank to get started.

Start by adding a trigger – here we just search for WordPress, but you can add a number and variety of triggers:

Next, sign in to your WordPress account:

Once signed in, click Approve to allow Power Apps to connect to your WordPress sites – you can see from the screenshot below that if you have multiple sites, this will allow Power Apps to access them all.

Next, click on New step, and add a new action:

Now we’re going to post to Twitter, so search for Twitter, then select the Twitter – Post a tweet action.

Next, sign in to Twitter to create a new connection:

Then authorize Power Apps to post on your behalf:

I chose the options to post the Title and the URL of the post along with the New Post: text, but you can choose from a number of options for adding dynamic content – another cool idea would be to post your Like or Comment count once a post has received a certain number of either metric.

Save your flow, and you’re good to go!


It looks like there’s quite a few options available for creating your own custom flows and apps Microsoft Flow – I look forward to seeing what other cool things I can come up with! 😉

Happy New Year, one and all!!


** Edit: Looks like you can’t use URL in the Media section – only actual video or image files, so I changed the Tweet text to “New Post: Title – URL

Skype for Business: Hide Stage

This drove me crazy for a while, because I couldn’t find the option to hide the stage in a Skype for Business conversation once I no longer wanted to see what someone was presenting on their screen – might not happen very often, but it happened enough to want to hunt it down, and it’s not as intuitive as I’d think it would be. Honestly, I expected the option to be a bit more straightforward, like maybe at the top of the screen right beside Request Control? I’d even settle for it being behind the ellipse (…) on the bottom right, but no…

To hide the stage, click the sharing button, then Hide Stage:

Hide Skype for Business Presentation Stage

Hide Skype for Business Presentation Stage

Simple, right? Just as simple as clicking File – Open – Import in Outlook 2010 to actually export a file!

Sigh… hope this helps someone else who’s been wondering where that dang “hide stage” button is!

How and when Clutter is enabled

This question has been bugging me since Clutter was launched, and I was happy to find this thread on the IT Pro Network that answered it. Clutter is one of those features that I take for granted now, but it’s definitely a question that comes up during migrations when users are starting to see it, and some aren’t (yet).

“Let me clarify the issue here:

Clutter is a learning system. It requires to have a certain lower limit of messages in the mailbox to confidently learn about a user’s behavior before Clutter is auto enabled for a mailbox.

For newly created mailboxes and mailboxes that are migrated from On-Prem to the cloud, we need the following requirements to be satisfied:

1) At least 1000 messages delivered to the mailbox after creation (or migration to the cloud).

2) User needs to have logged into the mailbox once after creation (or migration to the cloud).

After the above two criteria are satisfied, Clutter is auto enabled for that mailbox within 24 hours.”

From <>

Restoring Outlook Categories

Similar to Autocomplete settings, Outlook Categories are saved in a Stream_CategoryList_1_guid.dat file. The GUID is random, and looks something like this:

In order to restore Outlook Categories when creating a new profile, you can use the same approach required for restoring Autocomplete files. Basically, rename the old categories .dat file to match the DAT file associated with your new profile.

Here’s what my categories looked like before creating a new profile:

And here is the generic categories that Outlook comes with:

Not only am I missing my custom categories which prevents me from setting the categories I want on all my new emails, I’m also missing the categorization of my old emails – not an ideal scenario at all!

In this case, the category files might be the same size, so use your last modified date to give you an idea of which one you need to bring forward.

In order to import this Category list, make a copy of the one that you want to import, and then rename it to match the default one created by Outlook:

As you can see from the screenshot, I rename the default one to old, and then copy the name of the file to my clipboard. Rename your copy to match this (making sure that the file extension is still is .dat at the end), and voila!

Categories are back in place, and all is well with the world!

Update (July 2017): Going Deeper

After Kevin commented below on having multiple DAT files to try and sort through, I thought I’d take a look to see if there was a better way of figuring out which file holds your categories – trial and error is fine when there’s only a couple of files, but if you have a whole bunch, this gets annoying quickly. I had never tried opening these files in Notepad before, but essentially they’re just XML files, and so you can definitely open them up and find which files have your categories in them.

If I checked my current categories in Outlook, I can see I was actually missing these categories – I uninstalled and re-installed Office, and they ended up getting lost… perfect time to dig in and find my own fix!

So I opened both DAT files in Notepad ++ (if you don’t have it installed, you should – it’s amazing), and found my active file by finding the one that only had the MVP category:

I copy/pasted the lines that I wanted into my active DAT file – always make sure you keep the XML syntax intact – I noticed that my current category colour for MVP was “7”, or blue, which conflicted with my “Stratiform” category. I tried messing around a bit, changing the colour to orange, and replacing the orange line, but it wouldn’t stick when I saved the file:

So all I did from there was open the file back up again, undo my changes (love, love, love Notepad ++), and removed the orange line entirely, and added my MVP category back at the bottom, and all was well with the world again:


I’m sure smarter folks than I could tell me what specifically is happening in those XML files, and whether or not the order actually affects things – all I know is that my categories are back, and I’m in business again! 😀


Distribution Groups, Naming Policies and You!

Office 365 Groups: Next Gen Distribution Lists?

Lately Microsoft has been putting a lot of focus on Office 365 groups as an ad hoc, user driven collaboration platform. These Office 365 Groups are also used for Microsoft Planner, as each Office 365 Group creates a plan, and every time a user creates a new plan a group is spun up in the background to handle all the collaboration and messaging pieces. Even going into the Exchange Online Portal and creating a new distribution groups will create an Office 365 Group by default – you need to select the option to create a regular distribution list instead.

These groups perform the job they were designed for quite admirably, and I’m a big fan of the user experience and control – however, where I feel these Groups are lacking is in the admin controls. To date, there is no way to export that mailbox data if you need to archive or delete the group, which makes it a pretty big gap in management (in my opinion at least).

Self Service: A Two-Edged Sword

One of the big selling features of these groups is that users can create their own groups – either in Outlook 2016 or Outlook on the Web. Now, this feature is great for allowing users some of the control that IT typically owns, and allowing them to quickly get some collaboration going – the downside is that it’s harder for IT to control and manage, and your directory can quickly become messy with groups users are creating to just test things out, or play around with the features. Thankfully, Microsoft has recently added the capability for users to delete groups that they own (something that was missing when groups where introduced).

Group Naming Policy

In order to keep a reign on the chaos of users creating and deleting groups, admins can implement a group naming policy in EAC, which will help to at least standardize the group naming structure, and highlight a few keywords that you want to keep off the naming roster.

To configure your naming policy, log into the Exchange online portal (, navigate to recipients – groups, and then click on the three dots to open up the context menu.

Click on Configure group naming policy:

Your first option is a prefix, which can be either an Attribute or Text:

One idea would be to prefix these user-created groups with an identifier, like “O365-“, but you can obviously make this whatever you want.

And then again, you can add suffix(es) if you want – again, you can use whatever you want, but an idea would be to use the city attribute of the user creating the group:

This policy will apply to all user created groups, whether created in Outlook or OWA – groups created from the admin portal will bypass this setting.

The Problem with Synced Groups

Oddly enough however, groups created through PowerShell or DirSync will still end up with this naming policy applied. This can become a problem, because a distribution group created on premise might be named “My New Group”, while the synced group will be named “O365-My New Group-Vancouver” (or whatever your policy is).

Here’s how you get around that problem:

<p>&lt;# .SYNOPSIS Script to create distribution groups and bypass the Exchange Online group naming policy. .PARAMETER GroupName This parameter is required - if spaces are required in the Group name, make sure to put the name in quotes. .NOTES File Name : create-DistributionGroup.ps1 Author : Jeremy Dahl ( .EXAMPLE .\create-DistributionGroup.ps1 -GroupName MyGroup Creates a group named &quot;MyGroup&quot;, with a primary SMTP address of .EXAMPLE .\create-DistributionGroup.ps1 -GroupName &quot;My Group&quot; Creates a group named &quot;My Group&quot;, with a primary SMTP address of #&gt;</p>
<p>param (<br />
    [Parameter(Mandatory=$true,ValueFromPipeline=$false)]<br />
    [string] $GroupName = &quot;&quot;<br />
<p>$smtpDomain=&quot;; # Change this field to match your smtp domain<br />
$exchangeServer=&quot;ExchangeServer&quot; # Input your on premise Exchange Server here<br />
$aadConnectServer=&quot;AADConnectServer&quot; # Input your AAD Connect Server here<br />
$GroupOU=&quot;OU=Managed Groups,DC=mydomain,DC=com&quot; # Pick an OU for your groups to be created into - can be moved once the group is synced up.</p>
<p>$exchangeURI=&quot;http://$exchangeServer/PowerShell/&quot;<br />
$primarySMTP = $GroupName + $smtpDomain</p>
<p># -- Connect to Office 365 -- #<br />
$credential = Get-Credential<br />
Connect-MsolService -Credential $credential<br />
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $credential -Authentication Basic -AllowRedirection<br />
$importresults = Import-PSSession $ExchangeSession -AllowClobber</p>
<p>&lt;# -- Create Group in Exchange Online -- #&gt;<br />
New-DistributionGroup -Name $GroupName -DisplayName $GroupName -PrimarySmtpAddress $primarySMTP -IgnoreNamingPolicy<br />
Remove-PSSession $ExchangeSession</p>
<p>&lt;# -- Create a local Exchange session and import session for use -- #&gt;<br />
$LocalSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exchangeURI -Authentication Kerberos<br />
Import-PSSession $LocalSession -AllowClobber</p>
<p>&lt;# -- Create Group On Premise -- #&gt;<br />
New-DistributionGroup -Name $GroupName -OrganizationalUnit $GroupOU</p>
<p>&lt;# -- Get Credentials and run AADSync remotely -- #&gt;<br />
$adCreds=Get-Credential<br />
Invoke-Command -ComputerName $aadConnectServer -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} -Credential $adCreds<br />
Write-Host &quot;Initiated Azure AD Sync - Delta&quot; -ForegroundColor Green</p>

Download the script: 

This script can be run on premise, and only requires the Group Name as a parameter. It then connects to Exchange Online and creates the group, ignoring the naming policy. From there, it connects to Exchange on premise, and creates the same group, using the same group name. Once AAD Sync runs, it matches the group together, and treats it as a single group going forward.


Once the groups have synced up, I’ve confirmed that you can add members to it from on premise as normal, and even delete it on premise (removing it from the cloud as well) if necessary.

That’s it – problem solved!

Testing Office Message Encryption (OME)

Here is what the end to end experience looks like while using Office Message Encryption (OME).

First, a transport rule was created that encrypted any email between my Office 365 account and my Gmail account.

Secondly, create an email in OWA or Outlook and send it to the target address. The client (in this case, Gmail), receives the following email in their inbox:

Opening the email presents the user with the following message and the encrypted email attachment:

If the attachment is clicked on (opened without saving), this is what the user will see:

Note that mobile devices are prompted to install the OME viewer, which will simplify the process going forward.

Saving and opening the attachment, gives you the following experience:

If you chose the option to sign in, you’ll be prompted to sign in with a Microsoft Account, and it must be the same email address as the one the message was sent to. If a Microsoft Account doesn’t exist, the user is prompted to either create one, or use a one-time passcode:

I really like the flexibility provided by this option, as I can see not everyone wanting to create a new account for an encrypted email.

The user then enters their passcode, along with the option to remain logged in if at a trusted computer:

Since I selected the option that this is a private computer, my security token remains cached for 12 hours, and I don’t get prompted to request another code the next time I get an encrypted message.

Once this is done, the user is able to open the email and either reply, forward, or print – note that since this enables only encryption, these options are still available. If we want to restrict the ability to perform these functions, that would be achieved through Azure RMS policies.

Here’s what it looks like when a user replies from within the encryption window. Note that this email thread continues to be encrypted both ways for as long as it’s active.

Upon return, the original sender of the message gets the following prompt:

Clicking sign in takes you to this page – since we’re back on the corporate side now, the user would want to sign in with their Organizational account:

And now the message is decrypted and ready for viewing.

Now, if you routinely receive email from this person (or company), you can choose to have it decrypted once it arrives in your Exchange organization in order to decrease the steps the end users have to take.

To do this, create a new transport rule following the same steps to encrypt the email, except this time choose the option to remove Office Message Encryption. Give some time for the rules to take effect, and you should see the replies coming back automatically decrypted.

Add a Delegate in Skype for Business

Note that this option will only work for clients that have Enterprise Voice enabled – specifically, this option is only available in on premise deployments of Skype for Business, as the Exchange Delegates don’t get synced into Skype for Business Online. I’ve tested against a cloud only Skype for Business client, and there is no option to assign someone else as a delegate on your account.

Hopefully the new features announced recently will bring this functionality to Office 365 users, but that is still a ways away (unless you live in the US). With that out of the way, if you have Skype or Lync with Enterprise Voice on premise, here’s how you add a delegate to schedule Skype meetings for you:

In order to allow a delegate to schedule Skype meetings for you in Outlook, they need to be added as a delegate in Skype for Business/Lync first – in order to do this, click on your call forwarding settings in the bottom of your Skype client, and then select Call Forwarding Settings:

Note that if you don’t see the phone icon, or the call forwarding settings icon in Skype, then you don’t have Enterprise Voice enabled, and won’t be able to configure these options – sorry!


Under Call Forwarding, click on Edit my delegate members:


Then click Add:


Choose the person you want to add as a delegate, and then click OK:


Make sure to uncheck the box under Receive Calls, otherwise your delegate(s) will start receiving your incoming calls as well.


If you do want your delegates to be able to answer your calls, you can leave that option checked, and then specify below how quickly you want the call to ring through for them:

Click OK, and you’re done – your delegate can now create Skype meetings on your calendar for you!

Happy MVP Renewal Day!

I’ve been waiting excitedly for January 1st to come around to see if I got renewed for another year as an Office 365 MVP, and I’m very happy and honored to have received the email letting me know I was still a part of this amazing group of individuals and incredibly smart people! 2014 has been a great year for me, and I’m looking forward to another awesome year with Office 365 and all the cool stuff that it entails – see you there!

Microsoft Virtual Academy

The Microsoft Virtual Academy has been a major pillar in my growth as an IT professional – I’ve used the courses on it for learning new topics, prepping for exams, and (my favorite)… “I have to deliver this technology that I know nothing about, what do I do now?!”

If you’ve never taken advantage of the wealth of knowledge available on pretty much any Microsoft technology that exists (that might be an exaggeration – if so, it’s only a slight one 🙂 ), here’s a few of the courses I’ve needed / taken recently, or have queued up to do next:

Server Virtualization with Windows Server Hyper-V and System Center – love me some Hyper-V! Lots of companies have typically been VMWare shops, but Hyper-V is gaining ground rapidly. Along with Server 2012 R2 and the options for failing over workloads into Azure, this is a valuable skillset to gain.

Windows 8.1 Deployment Jump Start – I’ve been finding myself doing more and more MDT deployments recently, and in fact I’m working on an MDT 2013 project right now. Great stuff in this course, and good real world knowledge.

Microsoft Azure Iaas Deep Dive Jump Start – I just completed the #levelupAzure Azure IaaS for IT Professionals on Channel 9 (amazing course run by Rick Claus – @RicksterCDN), so this one will be next for me, I think.

Office 365 ProPlus Deployment for IT Pros – If there’s Office 365 knowledge to be gotten, I want it! This one is in my queue.

Expanding Office 365 with Enterprise Mobility Suite – Awesome course by Simon May (@simonster) – I used this one to help prepare for an EMS engagement.

System Center 2012 R2 Configuration Manager & Windows Intune – This was part two of my prep for deploying EMS with Intune and Config Manager, again – great stuff.

Those are just a few of my favorites – what’s next for you? If you haven’t been to the MVA site before, go ahead and sign up and start learning!