02 Nov

New MDM capabilities coming to Office 365

Microsoft recently annoinced new Mobile Device Management (MDM) capabilities will be coming to Office 365′ including:

  • Help secure and manage corporate resources — Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.
  • Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.
  • Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.
  • Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.
  • Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.

These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices.

The announcement can be found here

02 Nov

Free Office 365 Performance Management Course

Microsoft published a new course on Office 365 Performance Management at the Microsoft Virtual Academy, which contains 11 modules across planning and troubleshooting areas including:

  1. Office 365 Performance Management Course Introduction
  2. Office 365 Datacenters and Network
  3. Planning for Office 365 Internet Capacity – Exchange Online
  4. Planning for Office 365 Internet Capacity – Lync Online
  5. Planning for Office 365 Internet Capacity – SharePoint Online
  6. The Baselining Model for Internet Capacity Planning
  7. Best Practices & Real Customer Projects Planning Internet Capacity
  8. Planning for Office 365 Firewalls Whitelisting
  9. Performance Troubleshooting Process and Tools Used
  10. Performance Troubleshooting Tests
  11. Troubleshooting SharePoint Online Customizations
The course can be found here
22 Sep

Azure Active Directory Integration Feature Comparison

With Microsoft’s recent release of Azure Active Directory Sync (AAD Sync), there are now three options for synchronizing your directory with Azure Active Directory, including:

  • Azure Active Directory Synchronization Tool (DirSync)
  • Azure Active Directory Synchronization Services (AAD Sync)
  • Forefront Identity Manager 2010 R2 (FIM)

The release of AAD Sync is significant for organizations that have multiple forests / multiple Exchange Organizations and want to leverage a single Tenant. At present, AAD Sync will likely replace DirSync. However, there are feature differences between the tools, as well as DirSync features that are not supported in AAD Sync (specifically – Password Hash Sync) yet.

For a complete comparison of features between the Azure Active Directory Integration options, go here.

20 Sep

Group-based License Management comes to Azure AD and EMS

You can now assign a security group and Azure AD will automatically assign licenses to all the members of the group. If a user is subsequently added to, or removed from the group, a license will be automatically assigned or removed as appropriate. 

You can use groups you synchronize from on-premises AD or manage in Azure AD. Pairing this up with Azure AD premium Self-Service Group Management you can easily delegate license assignment to the appropriate decision makers. You can be assured that problems like license conflicts and missing location data are automatically sorted out.

For more information, refer to this post

20 Sep

Azure Active Directory Basic Released

Microsoft released Azure Active Directory (AAD) Basic last week. AAD Basic bridges a gap between Azure AD (Free) and Azure AD Premium. It is geared towards the needs of employees that are deskless, who typically do not have an office or corporate PC. Microsoft views retail store employees, baristas, and bank tellers (and other similar roles), as those that fit this profile. Most of these employees were never even represented in the organizations on-premises Active Directory as they didn’t use a PC or access corporate applications. AAD Basic provides essential features like company branding, group-based application access and self-service password reset.

For a complete comparison of features between AAD Free, AAD Basic, and AAD Premium, go here.

Note, AAD Basic is available for purchase through the volume-licensing channel.

20 Sep

Azure Active Directory Synchronization Services Released

Microsoft released Azure Active Directory Synchronization Services (AAD Sync) last week. AAD Sync is a replacement for DirSync, and comes with some welcome new features such as multi-forest support. Finally, we now have the ability to connect a single tenant to multiple Active Directory forests.Here’s a list of the new functionality introduced by AAD Sync:

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises

Some of the features coming to AAD Sync include:

  • Extended attributes
  • Write-back of users, devices and groups
  • Support for non-AD directories.

AAD Sync can be downloaded here.

26 Jun

Azure Tenant Deletion

Microsoft recently reenabled the ability for customers to delete Azure tenants. This was possible in the early days of Office 365 but later disabled until more safeguards were imolemented to prevent the accidental deletion of tenants. To delete a directory in Azure, the following conditions must be met:

  • The only user in the directory is the global administrator who will delete the directory. Any other users must be deleted before the directory can be deleted. If users are synchronized from on-premises, then sync will need to be turned off, and the users must be deleted in the cloud directory by using the Management Portal or the Azure module for Windows PowerShell. There is no requirement to delete groups or contacts, such as contacts added from the Office 365 Admin Center.
  • There can be no applications in the directory. Any applications must be deleted before the directory can be deleted. Note: It is not possible to delete a directory if an application has been added from the Azure AD Application Gallery, even if that application is subsequently deleted. We are working to remove this limitation.
  • There can be no subscriptions for any Microsoft Online Services such as Microsoft Azure, Office 365, or Azure AD Premium associated with the directory. For example, if a default directory was created for you in Azure, you cannot delete this directory if your Azure subscription still relies on this directory for authentication. Similarly, you cannot delete a directory if another user has associated a subscription with it. To associate your subscription with a different directory, click Settings -> Subscriptions -> Edit Directory. For more information about Azure subscriptions, see How Azure subscriptions are associated with Azure AD.
  • No Multi-Factor Authentication providers can be linked to the directory.
06 Jun

Understanding Azure Active Directory

With the popularity of Office 365, and it’s use of Azure Active Directory (AD), I get a fair amount of questions pertaining to Azure AD. I thought I’d put together a post that provides an overview of Azure Active Directory, what it is, and what it isn’t.

Azure AD is used to manage access to Microsoft cloud applications, such as Azure and Office 365, as well as non-Microsoft Software as a Service (SaaS) applications. Azure AD is separate from your on-premises AD; it is not a replacement.

You can synchronize your on-premises AD with Azure AD so that user attributes and passwords are consistent between the two directories. Effectively, users can use the same credentials to access on-premises resources and cloud-based resources.

Azure AD can be used to provide a single sign-on experience across Microsoft cloud applications, such as Azure and Office 365, and non-Microsoft SaaS applications. Users can leverage a personalized web-based Access Panel to launch cloud applications.

Azure AD supports the use of Azure Multi-Factor Authentication, and additional offering from Microsoft, which supports the use of mobile apps, phone calls and text messages.

Beyond the above features, Microsoft has a premium version of Azure AD – called Azure AD Premium. The additional features available in Azure AD Premium include:

  • Self-service password reset
  • Self-Service Group Management
  • Group-based provisioning and access management to SaaS applications
  • Company branding
  • Advanced Security Reports and Alerts
  • Usage Reports
  • Enterprise scale SLA
  • In addition, Azure Multi-Factor Authentication for cloud and on-premises applications is included with Azure AD Premium. Azure AD Premium also grants you entitlements to Forefront Identity Manager Server and CALs.

    There are some limitations with the free version of Azure AD that do not apply to Azure AD Premium. Specifically:

  • Maximum of 500,000 objects in free Azure AD; no object limit in Azure AD Premium.
  • Up to 10 apps per user can reside in the Access Panel portal for SSO-based user access to SaaS; no app limit in Azure AD Premium.
  • For a full comparison of features between the free Azure AD and Azure AD Premium, see http://msdn.microsoft.com/library/azure/dn532272.aspx

    29 Apr

    Exchange, Lync, SharePoint, and Office 365 Guided walkthroughs

    Here is a consolidated list of guided walkthroughs for Exchange, Lync, SharePoint, and Office 365. Guided walkthroughs fall into one of two categories “troubleshooter” and “how-to”. A “troubleshooter” guided walkthrough helps you diagnose and resolve issues in your environment. A “how-to” guided walkthrough contains step-by-step information to help you perform a task, such as setting up a particular aspect of your environment.

    The consolidated list can be found here.

    29 Apr

    Microsoft Adds more storage for OneDrive for Business and helps with data migration

    Microsoft announced enhancements to OneDrive for Business, which are focused on data. Specifically:

      – Increased storage from 25GB to 1TB per user.
      – All Office 365 ProPlus customers will get 1TB of OneDrive for Business storage per user as part of their Office 365 ProPlus subscription.
      – They’ll help organizations migrate data from their existing solutions to OneDrive for Business

    More details can be read here.

    22 Apr

    Azure AD Sync – Replacement for DirSync

    Microsoft has released a preview of the new Azure AD (AAD) Sync. AAD Sync is a newly created “one sync service to rule them all”. In the first preview, Microsoft is focusing on the demand from large clients – enabling synchronization from multi-forest Windows Server AD Deployments. Within the next 6-8 months AAD Sync will replace DirSync, likely at no additional charge to Azure AD, Office 365, and Microsoft customers. Future versions of AAD Sync will expand on the capabilities of DirSync (support for combinations of directories and the ability or remap and swizzle on-premises attributes). Additionally, AAD Sync will enable Azure AD Premium customers to do things like self service group management. 

    The AAD Sync Preview allows you to:

    • Onboard your multi-forest Active Directory deployment to AAD
    • Advanced provisioning, mapping and filtering rules for objects and attributes, including support for syncing a very minimal set of user attributes (only 7!)
    • Configuring multiple on-premises Exchange organizations to map to a single AAD tenant
    17 Apr

    Exchange Server Deployment Assistant Updated

    Microsoft has updated the Exchange Server Deployment Assistant, which is a free web-based tool that helps you deploy Exchange 2013 or Exchange 2010 in your on-premises organization, configure a hybrid deployment between your on-premises organization and Office 365, or migrate completely to Office 365. The updated to the Exchange Server Deployment Assistant include: 

    • Support for the Exchange 2013 Edge Transport server role in all on-premises and hybrid deployment scenarios
    • Support for the new, automated process for requesting an Exchange 2013 or Exchange 2010 Hybrid Edition product key
    16 Apr

    Microsoft White Paper: Technical Considerations for Choosing Cloud-Based Productivity Solutions

    Microsoft released a white paper that provides technical considerations for choosing Office 365, questions you should ask other cloud hosting providers before choosing their services, and challenges some customers might face when choosing Google as their cloud productivity services provider. It’s definitely worth a read. The white paper can be found here

    03 Apr

    MVP Again for 2014

    I found out this week that I was awarded the Microsoft Most Valuable Professional (MVP) designation for 2014. This is the 7th year that I have been designated as a Microsoft MVP in the Directory Services expertise.

    03 Apr

    Azure Active Directory Premium Released

    Azure Active Directory Premium is now Generally Available. Azure Active Directory Premium is a service targeted at large enterprises and is available through volume licensing and/or an enterprise agreement. It is also available as part of Microsoft’s new Enterprise Mobility Suite (EMS) which includes Intune and Azure RMS as well.

    Azure Active Directory Premium provides the following:

    • Application access management for users and groups
    • Self-Service password reset
    • Self-Service group management
    • Multi-Factor authentication
    • Customized company branding
    • Rich security monitoring, analytics, alerts and reporting
    01 Apr

    OneDrive for Business now available as a Standalone Service

    Microsoft has made OneDrive for Business available as a standalone service. From Microsoft: 

    The new OneDrive for Business standalone plan is available via two promotional deals over the next six months, starting today, April 1st, through September 2014. *
    Here are the pricing details for the standalone plan:

    – Introductory promotional pricing: $2.50 per user per month (a 50% discount on standard pricing, $5 per user per month).*
    – For customers with Office with Software Assurance (SA) or Office 365 ProPlus: $1.50 per user per month.

    OneDrive for Business comes with most Office 365 and SharePoint Online plans at no additional cost. Customers who are already using Office 365 and OneDrive for Business today do not need to do anything – just keep loving it.

    26 Mar

    Microsoft’s Cloud Infrastructure

    The data centers that house Microsoft’s cloud infrastructure has been a conversation point with several clients lately. I’ve heard for years that these data centers are massive and sophisticated, but I had never seen any real facts. 

    I stumbled across the Microsoft Datacenters site, which surpringly has a quite a bit of information on Microsoft’s cloud infrastructure.

    The Microsoft Cloud Infrastrucute Datacenters and Network Fact Sheet, which was published this month, has some good information to understand the scale:

    Microsoft’s cloud infrastructure by the numbers

    • 1989: The year Microsoft opened its first datacenter on its Redmond, Wash., campus.
    • 1 billion customers, 20 million businesses: The number of customers and businesses in more than 89 countries that use the Microsoft cloud.
    • 90: The number of marketplaces that our cloud services are available in today.
    • 200-plus: The number of online services delivered by Microsoft’s datacenters 24x7x365. (including Bing, MSN, Outlook.com, Office 365, OneDrive, Sky Xbox Live and the Windows Azure platform)
    • $15 billion-plus: Microsoft’s investment in building our huge cloud infrastructure.
    • 1 million-plus: The number of servers hosted in our datacenters.
    • 2.5 billion-plus: Our infrastructure storage capacity in megabytes.

    The How Microsoft Designs it’s Cloud-Scale Servers speaks to the design differences between cloud infrastructure server hardware and traditional IT servers. This paper goes on to describe Microsoft’s cloud server architecture (the “containers” or modular high-density chassis you may have heard of). There are some interesting performance results shared in this paper:

    The servers built against this design are currently in production in Microsoft datacenters and are yielding significant advantages over the traditional enterprise servers they replace:

    • Up to 40% cost savings and 15% power efficiency benefits vs. traditional enterprise servers
    • Up to 50% improvement in deployment and service times
    • Up to 75% improvement in operational agility vs. traditional enterprise servers
    • Expected to save 10,000 tons of metal and 1,100 miles of cable per one million servers

    If you want a view of how Microsoft ensures reliability and availability, and maintains processes for incident management, service support, security and compliance, and change management, check out the Cloud Operations Excellemce & Reliability paper.

    The Securing the Microsoft Cloud paper covers how Microsoft addresses the challenges of providing a trustworthy infrastructure for cloud services, reviews their risk-based information security and related privacy controls, and describes the compliance framework followed. 

    12 Mar

    Lync 2013 Total Economic Impact (TEI)

    Microsoft commissioned a Forrester Consulting Lync 2013 Total Economic Impact (TEI) study, which was published last month. No surprises here, there are benefits to deploying Lync 2013 including the potential for significant cost reductions. However, the extent to which these benefits can be realized depend heavily on the existing solution in place and the organization’s business and technical requirements. 

    The Lync 2013 TEI can be downloaded here.  

    Additionally, the Lync Team Blog has a good post that goes into some more detail on the business value of Lync, which can be found here

    28 Feb

    Private Cloud Virtualization and Storage Diagrams

    Microsoft has released Windows Server 2012 R2 Private Cloud Virtualization and Storage diagrams, which provide a visual reference for understanding key private cloud storage and virtualization technologies in Windows Server 2012 R2. The list of available diagrams include:

    • Windows Server 2012 R2 Private Cloud Virtualization and Storage Poster
    • Hyper-V and Failover Clustering Mini Poster
    • Scale-Out and SMB Mini Poster
    • Storage Spaces and Deduplication Mini Poster
    • Understanding Storage Architecture Mini Poster
    • Virtual Hard Disk and Cluster Shared Volumes Mini Poster
    • Virtual Hard Disk Sharing Mini Poster

    The diagrams can be downloaded here.

    27 Feb

    Lync 2013 Technical Diagrams

    The Lync Server TechNet Library has been updated with technical diagrams available for Lync Server 2013. These include:

    Lync Server 2013 On-Premises Architectures

    Poster provides architectural guidance for planning and deployment. The poster contains information about common components of Lync Server, terminology used when planning a deployment, new features, server roles, and an installation overview. In addition the poster contains example architectures for increasing high availability and disaster recovery as well as small, medium, and large sample topologies.

    Lync Call Quality Methodology

    Poster describing Lync system troubleshooting, especially for issues affecting enterprise voice quality.

    Key Health Indicators

    Poster describing server troubleshooting metrics both for basic server health and for a given server’s role in the Lync implementation.

    Lync 2013 Platform Options

    This poster describes the available platform options for Lync 2013 to BDMs and architects  Customers can choose from Lync Online with Office 365, Hybrid Lync, Lync Server on-premises and Hosted Lync. The poster includes details of each architectural option, including the most ideal scenarios for each, the license requirements and IT Pro responsibilities.

    Microsoft Lync Server 2013 Protocol Workloads

    Download this poster to understand the capabilities and requirements of Lync 2013, Lync Phone, Lync Web App, Lync for Mac, and Lync Mobile w. See how Lync Server workloads facilitate communication across an organization.

    The technical posters can be downloaded here

    20 Feb

    Hierarchical Address Book Functionality Added to Office 365

    The hierarchical address book (HAB) is a feature that enables end users to browse for recipients in their Exchange organization using an organizational hierarchy. Until now, HAB was only available in Microsoft Exchange Server 2013 and not Office 365. HAB can be customized to map to an organization’s specific business structure. Effectively, you can use HAB to provide users with the ability to find internal recipients more efficiently. 

    More information on HAB, including how to configure it, can be found here

    Copyright John Policelli