Category Archives: Cloud/Hybrid/On premises

All about Office 365

New Microsoft datacenters in Germany officially announced

Published by:

Microsoft CEO, Satya Nadella, just announced in Berlin the new cloud strategy for Germany which includes two new Microsoft datacenters, one located in Frankfurt and the second located in Magdeburg. All major Microsoft Cloud services will be offered from the new facilities, including Azure, Office 365 and CRM Online. The new Microsoft datacenters in Germany will most probably go live in the second half of 2016.

The new Microsoft datacenters in Germany underline once more Microsoft’s commitment to data security and data privacy, making sure that all Microsoft cloud customers are able to meet their specific compliance and regulatory needs. The two datacenters are connected through a private network, so that the data flow is completely isolated from the internet.

Further, German and European customers will be able to choose between a global Microsoft cloud service and a local cloud service. If customers opt for the local cloud service, none of the data or metadata will be stored outside Europe. To make everything as transparent as possible, the German company T-Systems will act as a data trustee under German law. What this means is that T-Systems is the only one to decide who gets access to the data stored in the new datacenters and who doesn’t. This means that Microsoft itself won’t have any access to the data. Continue reading

About Exchange Online Archiving and Outlook client limitations

Published by:

Exchange Online Archiving seems to be a very popular service offered by Microsoft via Office 365 and it usually is a key factor for enterprise customers and small businesses to opt for their way to Exchange Online. Enterprise customers usually use Office 365 enterprise subscription, like E3, where Exchange Online Archiving is included by default, together with the Office 365 ProPlus desktop applications. Everything is very straightforward. However, small businesses usually work with the Office 365 Business Plans that don’t include Exchange Online Archiving by default, neither the Office ProPlus desktop applications and this may cause some headaches. That’s why I aim to clarify some important aspects around Exchange Online Archiving and Outlook client limitations.

First of all, if you are using an Office 365 business subscription (essentials, business, business premium), this doesn’t include Exchange Online Archiving. However, you can purchase it as additional service for your tenant for a fee around 3$/month/user. Still, there is another very BIG aspect you should take into consideration: Exchange Online Archiving is supported only with Office 365 ProPlus! With the Office 365 business plans you get the Office 365 Business desktop applications, and Exchange Online Archiving will not work with Outlook!  Continue reading

Exchange Hybrid deployment certificate requirements

Published by:

Exchange Online gains more and more momentum and Exchange hybrid deployments are already a pretty common scenario for a lot of IT organizations. Even if almost every aspect around an Exchange Hybrid deployment is well known by IT pros, there is still a point that seems to cause some difficulties: certificates. And since an Exchange hybrid deployment is not possible without a proper certificate configuration, I thought to clarify the most important aspects about certificates in such a scenario by answering 5 questions I often hear when working with IT administrators.

One of the top question I deal with almost every day is: “I have a self signed certificate configured for my Exchange Server deployment, issued by my Windows Server 2012 R2 Certification authority. Can I use this certificate for an Exchange Hybrid deployment?” The answer is NO! In order to create an Exchange Hybrid deployment, organizations need a certificates issued by a trusted and public certification authority. And the reason why is very simple. Certificates are meant to prove your organization’s identity so that users and other service providers (like Microsoft) can be sure that they engage with the organizations they wanted to engage and not with an attacker. Continue reading

Microsoft and Docker announce new innovations for Azure IaaS

Published by:

Around one year ago Microsoft and Docker started a great partnership meant to continuously innovate and bring new cool features to Azure IaaS that enable organizations around the world to build their next generation cross platform apps. Trying to enumerate all the new features brought to Microsoft Azure in partnership with Docker is not easy at all, but some of them include Windows Server Containers, Hyper-V Containers, Docker VM Extensions for Linux on Azure, Docker CLI support on Windows, Compose and Swarm support on Azure, Visual Studio Tooling for Docker.

These days at the the DockerCon North America Microsoft and Docker announced and demonstrated some new features and updates that take the partnership to a next step.  Continue reading

Fixes in Azure AD Sync Build 1.0.494.0501

Published by:

Azure AD Sync Build 1.0.494.0501 was released some time ago and in my opinion it brought a fix for a major problem I was seeing in a lot of cases and that is failing of password writeback with servicebus connectivity error.

I still see a lot of partners struggling with this type of error messages at their end customers and I advised all of them to install the new build. This solved this error in all of the cases.

However, be aware that Azure AD Sync build  1.0.494.0501 now requires the .Net Framework version 4.5.1 to be installed. So if you don’t have this .NET version currently installed on your server, you may want to install it before installing the new Azure AD Sync Build.  Continue reading

Moving documents between SharePoint libraries

Published by:

Last few weeks I came across a lot of SharePoint related questions and especially to document management in SharePoint and what happens when we move documents between libraries. One of the mains issues I heard about relate to document metadata, versions and DocumentID not beeing kept when a document is copied into another SharePoint library. So I thought to write down a few ideas on this topic that might be useful for SharePoint users.

First of all, I have to admit that this behavior is kind of expected since when we copy a document to another location, a new and fresh document is created. That’s why the copy will have fresh metadata, versions and a brand new DocumentID.  Continue reading

How to manage access to corporate Twitter accounts using Azure Active Directory

Published by:

Azure Active Directory is really great because it gives administrators in an organization the possibilities to centrally manage identities, authentication and authorization to all application that employees use for their day to day work. And you can do this also for services and applications Twitter, Facebook and other around 3000 further applications that support integration with Azure Active Directory. And this is very useful.

Let’s say that Jim is the IT Manager for a global PR agency. They have several teams, managing different customer accounts, including their social media presence. Security is very important and in order to avoid account hijacking it would be great if employees could access the Twitter accounts they manage without knowing the password for that specific Twitter account. The good news is that this is possible with Azure Active Directory.  Continue reading

What’s new in AD FS on Windows Server 2016

Published by:

Identity Federation is one of my favourite IT topics, maybe also because it is the foundation for any discussion about cyber security in a cloud-first world. And I am glad that Microsoft presented today at Ignite some cool new feature that will be included in the AD FS server role in Windows Server 2016, as well as some key improvements made to some great features already present in Windows Server 2012 R2. So let’s take a look at them!

The first great thing I noticed is the ability to authenticate users from LDAP v3 directories, such like AD LDS, Novell, OpenLDAP just to name few of them. This is because modern LDAP directories are modelled as a local claim provider (just like Active Directory is). This LDAP directories will show up as another Claims Provider in the home realm discovery for passive authentication. Login ID can be any attribute, but it has to be unique in the LDAP directory. For authentication to Office 365, the attribute chosen for authentication should be unique across al directories that are configured for authentication to Office 365. In other.  Continue reading

Some PowerShell magic with Office 365 licenses

Published by:

PowerShell is a great tool when we have to manage a lot of resources, because it enables automation. Most of you may be already aware that we can use PowerShell also with Office 365. So let’s see some PowerShell magic with Office 365 licenses.

These days one of my colleague had to deal with a very interesting scenario. A customer moved to Exchange Online and therefore assigned only Exchange Online licenses to the users that were synchronized from the local Active Directory. After the whole migration process was ended, the customer decided to also use the powerful features of SharepointOnline. So he wanted an automated option to assign to some users also the SharePoint Online licenses, without removing the Exchange Online license first. (Removing an Exchange Online license would disconnect the mailbox and put it into a soft deleted state. Assigning the license back would re-connect the mailbox, but in some cases this process causes some big problems).  Continue reading

Microsoft Ignite: Key announcements during the keynote

Published by:

The first ever Microsoft Ignite conference for IT professionals kicked off today in Chicago with a 3 hour long keynote. A lot of announcements were made during the keynote, so t might be difficult at times to keep track of all the great new feature, capabilities and products. So here is a list of 3 key announcements that were made during the Microsoft Ignite keynote.

1. Skype for Business broadcasting capabilities

Using this new capability, meeting organizers will be able to broadcast Skype meeting to an audience of up to 10.000 attendants. This feature will be very helpful  in scenarios like global department meetings and so on, when the presenter speaks to several thousands users at the same time. Skype for Business broadcasting capabilities were just announced today, so there weren’t any deeper technical insights on how this capability will work, but I can assume that companies may want to take advantage of this capability also when delivering online trainings and webinars.

Even though this is, in my opinion, the biggest Skype announcement, Gurdeep Singh Pall also announced other interesting stuff like pre-loaded meeting attachments and in-call co-authoring of Office documents.  Continue reading