John Policelli's Blog

Covering Identity and Access Solutions, Unified Communications, Collaboration, and Infrastructure

Security Compliance Manager (SCM) 2.5 Beta Released

Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. SCM provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Product baselines are based on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.

 

According to a post on the Ask the Directory Services Team Blog, SCM 2.5 includes several new features, such as:

  • Integration with the System Center 2012 IT GRC Process Pack for Service Manager-Beta: Product baseline configurations are integrated into the IT GRC Process Pack to provide oversight and reporting of your compliance activities.
  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
  • Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
  • Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.
  • NEW baselines include:
    • Exchange Server 2007 SP3 Security Baseline
    • Exchange Server 2010 SP2 Security Baseline
  • Updated client product baselines include:
    • Windows 7 SP1 Security Compliance Baseline
    • Windows Vista SP2 Security Compliance Baseline
    • Windows XP SP3 Security Compliance Baseline
    • Office 2010 SP1 Security Baseline
    • Internet Explorer 8 Security Compliance Baseline

SCM 2.5 Beta can be found on Microsoft Connect.

Comparison of how Availability is Calculated in Microsoft Office 365 and Google Apps

The Why Microsoft blog has an interesting article that details the difference in how availability is calculated in Microsoft Office 365 and Google Apps. The article focuses on seven important criteria in considering cloud service availability, and compares how each is calculated in Microsoft Office 365 and Google Apps. The seven criteria include: 

  1. Percentage of users affected by an issue  
  2. Which customers are used in calculating availability  
  3. Services reflected in the availability calculation  
  4. Number of cloud services covered by the Service Level Agreement  
  5. Number of cloud service outages across a range of providers  
  6. Amount of resources the provider invests in delivery  
  7. Amount and timing of customer remedy for any lost productivity  

In my opinion, the calculations used for Google Apps Availability are heavily skewed in Google’s favor, rather than valuing the customer. 
 
 
The article can be read here.

Exchange 2010 SP2 Multi-Tenant Scale Guidance Released

Microsoft has released a document that contains high-level guidance for properly scaling and deploying a multi-tenant Microsoft Exchange Server 2010 Service Pack 2 solution. It includes details of testing performed in Microsoft labs to validate the scalability of the product and suggests methods that can be used during the design and deployment process to mitigate potential risks associated with such solutions.

The document can be downloaded here.

Lync 2010 Mobility and Mobile Clients

Anyone following Lync should know by now that Microsoft (finally) released a Lync 2010 client for Windows Phone today. Microsoft also officially announced that Lync 2010 clients for iPhone, iPad, Android, and Nokia Symbian have been submitted for approval to their respective app stores. Availability can be tracked here. 

The Lync 2010 mobile clients combine instant messaging, conferencing, and calling features in a single application that’s both familiar to Lync users and optimized for mobile productivity.

The Lync 2010 clients can be used to connect to on-premise deployments of Lync Server 2010 or Lync Online in Office 365, both of which require some configuration before mobile clients can connect.

To allow mobile clients to connect to Lync Online in Office 365, you will need to add a DNS CNAME entry for Lync mobile devices, which is covered here.

To allow mobile clients to connect to an on-premise deployment of Lync Server 2010, you will need to install cumulative update for Lync Server 2010: November 2011, and then enable Mobility, which is covered here.

Exchange Server 2010 SP2 Released

As you may have heard already, today Microsoft released Service Pack 2 (SP2) for Exchange Server 2010. SP2 includes the following changes:

  • Hybrid Configuration Wizard
  • Address Book Policies
  • Cross-Site Silent Redirection for Outlook Web App
  • Mini Version of Outlook Web App
  • Mailbox Replication Service
  • Mailbox Auto-Mapping
  • Multi-Valued Custom Attributes
  • Litigation Hold

Exchange Server 2010 SP2 also includes fixes for known issues, including those included in:

  • Update Rollup 6 for Exchange Server 2010 Service Pack 1
  • Update Rollup 5 for Exchange Server 2010 Service Pack 1
  • Update Rollup 4 for Exchange Server 2010 Service Pack 1
  • Update Rollup 3 for Exchange Server 2010 Service Pack 1
  • Update Rollup 2 for Exchange Server 2010 Service Pack 1
  • Update Rollup 1 for Exchange Server 2010 Service Pack 1

Here are some links to additional information relating to Exchange Server 2010 SP2:

Everything you need to know about Remote Desktop Licensing

Remote Desktop Licensing (Terminal Services Licensing) is one of those things that is not well understood, and there hasn’t been a lot of quality documentation on it…until recently. The Directory Services team at Microsoft has written a good article that should answer all the questions you’ll ever have on Remote Desktop Licensing, such as: 

  • The different types of CALs and how they work
  • License Server Discovery and how it works
  • How the Grace Period really works
  • Installing or Migrating CALs
  • Lots more useful stuff

The article can be found here.

New Features Announced for Office 365

Today Microsoft announced new features for Office 365, in addition to the addition of 22 markets for Office 365 availability. Some of the key new features include: 
 

  • Support for SharePoint Business Connectivity Services - Businesses can now connect critical line-of-business applications, such as CRM or SAP software, in a familiar SharePoint interface.
  • Windows Phone 7.5 Support - End users can access and update documents in SharePoint Online from anywhere using their Windows Phone.
  • Self-Serve Password Reset - IT Admins gain easier security resets with our a Password Reset Tool.
  • Lync for Mac - Mac users continue to gain features including full Lync client for instant messaging chats, and presence information in Office applications.  They can now also host voice and video conferences with just like their PC based counterparts.
  • Office Web App Preview in Outlook Web Access (OWA) – Users can now display Office document attachments in Outlook Web Access for easier on the go edit and review.

The full list of new features can be found here.

Forefront Identity Manager 2010 R2 Release Candidate Released

Forefront Identity Manager (FIM) 2010 R2 release candidate is available for download from Microsoft Connect. This release candidate includes new and updated features for FIM 2010 R2:

  • Historical reporting using integration to the System Center Service Manager data warehouse
  • Web-based Self-Service Password Reset
  • Scale and performance improvements
  • Outlook 2010 support for the FIM add-ins and extensions and SharePoint® 2010 support for the FIM Portal

In particular, this release candidate introduces numerous functional improvements, including:

  • New authentication gates for self-service password reset
  • Additional reports
  • Extensible Connectivity Management Agent 2

For complete information, see the Release Notes and feature-specific documents.

If you have already joined the FIM 2010 Community Evaluation Program or downloaded the beta, you can obtain FIM 2010 R2 RC from the FIM 2010 Connect web site. The downloads link is in the left column.

To join the program and download the software, click here. Once you answer the survey questions, the Connect site will auto-approve your access.

Office 365 Release Notes

I stumbled across a post on the Office 365 Technical Blog, which points to the Release Notes for Office 365. As the post author put it:
 

Created when the product is released to the public or updated, release notes capture issues that couldn’t be resolved before the product was released. It’s like late-breaking news: You won’t find this information anywhere else, folks!

 
The Release Notes for Office 365 do contain useful information, and are worth a read for anyone who is moving to, or has moved to, Office 365. 
 

There are two separate Release Notes for Office 365:

 

DIY Troubleshooting Support Tool for Office 365 Released

Microsoft has released a DIY Troubleshooting Support Tool for Office 365. The DIY Troubleshooter offers a refined set of options to guide you to a resolution as quickly and painlessly as possible. The Troubleshooter pinpoints key technical support issues and provides immediate solutions without the need to post questions to the community or submit a support request ticket. The tool’s cool and modern interface conveniently displays hundreds of possible help and support assets (i.e. Help topics, KB articles, videos, wikis, blog posts) from within the Office 365 suite. As you move through a list of troubleshooting options, the tool dynamically displays funneled-down content to lead you towards the answers you need. The DYI Troubleshooter is available for Office 365 for professionals and small businesses and for Office 365 for enterprises and can be found here.

Explanation of Service Availability in Office 365

Kumar Venkateswar, a senior product manager on the Office 365 Technical Product Management team, explains Service Availability in Office 365 in a post on the Office 365 Technical Blog. His post covers the availability features that distinguish Office 365 from on-premises systems that are based on Exchange 2010 Server, SharePoint 2010 Server, and Lync 2010 Server. Office 365 provides these high availability features:

Continue reading

Sneak Peek: Using the Active Directory Administrative Center to Restore Deleted AD Objects in Windows Server 8

Active Directory Domain Services (AD DS) in Windows Server 8 includes several management enhancements. One of which, is the ability to use the Active Directory Administrative Center to restore objects in the Recycle Bin. What follows is a sneak peak at using the Active Directory Administrative Center in the Developer Preview of Windows Server 8 to restore objects that reside in the Recycle Bin.

Continue reading

Sneak Peek: Installing Active Directory Domain Services on the Developer Preview of Windows Server 8

As you may already know, Microsoft released a Developer Preview for Windows Server 8. Although the Developer Preview is not feature complete, there are several changes and new features. In terms of Active Directory Domain Services (AD DS), the way in which AD DS is installed has also changed (for the better). Some examples of the changes to the installation include:

  • Ability to remotely install the AD DS role (as with all other roles) on multiple servers from a single Server Manager session.
  • DCPROMO is now integrated into Server Manager.

What follows is a step-by-step guide to installing AD DS using the Developer Preview of Windows Server 8.

Continue reading

Office Web App Integration with Outlook Web App in Exchange Online

Microsoft has introduced an update to OWA in Exchange Online that now integrates the Office Web Apps into the attachment previewing experience for Word, Excel, and PowerPoint files. Along with continued PDF support, this means Exchange Online users get high-fidelity previews of Office documents on the web, in exactly the same format they were created.

Click on the “Open as web page” link you see next to Office document attachments to start using this feature in Exchange Online today.

Open beta of BlackBerry Business Cloud Services for Microsoft Office 365

RIM has launched an open beta of BlackBerry® Business Cloud Services for Microsoft Office 365 – a new RIM-hosted cloud-based service for businesses to extend Microsoft Exchange Online to BlackBerry® smartphones and self-manage their BlackBerry deployments in the cloud. You can see RIM’s press release here.

BlackBerry® Business Cloud Services for Microsoft Office 365 is available at no additional cost to current enterprise subscribers of the Office 365 suite or standalone Exchange Online. The service works with BlackBerry smartphones on business or consumer data plans. The service offers BlackBerry access to Microsoft Exchange Online email, calendar, and contacts. And IT administrators can provision, manage, and secure their organization’s BlackBerry phones from a convenient web-based console.

Microsoft Office 365 customers can sign up for the BlackBerry Business Cloud Services beta at www.blackberry.com/beta/businesscloud.

The Total Economic Impact of Microsoft Office 365

Microsoft commissioned Forrester Consulting to examine the total economic impact and potential return on investment (ROI) that SMBs may realize by deploying Office 365, consisting of Office Professional Plus (as a subscription), Exchange Online (with Forefront Online Protection for Exchange), SharePoint Online, and Lync Online.

Office 365 delivered an ROI of 321% with a payback period of 2 months for the composite midsize organization. Office 365 improves productivity, provides IT peace of mind, and reduces TCO compared to a similar on premises implementation.

The full TEI study can be found here.