Category Archives: Office 365

Content related to Office 365 in all its glory

Creating Exchange dynamic distribution groups with custom attributes

You learn something new every day… I guess that means I’m ahead of schedule for the day.

A coworker asked if there was a way to use PowerShell to create a dynamic distribution group using one of the AD customAttributeX values. I didn’t know the answer offhand (since I create new distribution groups about every 5 years), but a little binging turned up the documentation for New-DynamicDistributionGroup. Turns out that the ConditionalCustomAttributeN parameters will do what he wanted:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -ConditionalCustomAttribute6 "PeopleToInclude"

It turns out that wasn’t what he really wanted– he wanted to create a dynamic DG to include objects where the custom attribute value was not set to a particular value. The ConditionalXXX switches can’t do that, so he had to use a RecipientFilter instead:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -RecipientFilter {ExtensionCustomAttribute6 -ne "PeopleToExclude"}...

1 Comment

Filed under Office 365, UC&C

Office 365 Exposed, episode 5

I hear you now: “Wait! You and Tony record new episodes quarterly! In California! Why are you posting a new episode already?”

Because Microsoft Ignite, that’s why! We were able to steal away to the very nicely equipped Podcast Center at Ignite to talk about some of the big announcements, rumors, and news around Office 365. (Thanks to Julian for the audio production btw.) Hear about changes to Office 365 groups, a new name for a controversial features, and what Atlanta has given the world.

Leave a comment

Filed under Office 365, Podcasts

Office 365 Exposed, Episode 4

Another trip to California for Tony and me means another episode of Office 365 Exposed! This time, we talked about Microsoft Ignite, Office 365 Groups, why the Saints are my favorite football team, and a host of other topics. (OK, I admit it. We did not actually talk about the Saints. Maybe next episode. I did sneak in a plug for the College Football Hall of Fame though.)

 

Leave a comment

Filed under Office 365, Podcasts, UC&C

Office 365 Exposed, episode 3

I recently had the opportunity to sit down with Tony at ENow World Headquarters (OK, it’s just a regular office, but that sounds better) to talk about the state of the Office 365 world. In this episode, we talked about the latest bit of ill behavior from Microsoft Learning, the best paths to take to gain practical Office 365 knowledge, and what to expect from the upcoming Microsoft Ignite and IT/DevConnections shows. Enjoy!

 

2 Comments

Filed under Office 365, Podcasts

Nifty new auto-vacation feature for Outlook on the Web

This is a great example of Microsoft bringing useful innovation to end users by deploying new features in Office 365:

Outlook on the web now makes it easier to clear your calendar and automatically decline meetings before you head out for some time away from the office. When you set an automatic reply in Outlook on the web, Outlook will offer to do the following on your behalf:

  • Block your calendar so people know you’re away.
  • Clear existing meetings on your calendar by declining/canceling them.
  • Automatically send a response to incoming invitations while you’re away.

Of course, Outlook and Exchange have long had the ability to automatically send an out-of-office (or “OOF”, from “out of facility“) message when you specify the dates when you’ll be away. These new features extend the traditional OOF behavior by adding some business logic to the OOF process– after all, when you’re out of the office, it is logical to assume that you won’t be accepting appointments during that time, and that you want new invitations to be automatically declined. (There are exceptions, of course, which is why you can turn this business logic off.) I’m not in love with the fact that this feature requires you to set your  works in Outlook on the web, but I’m hopeful that it will make it into other versions of Outlook at some point.

Apart from the specifics of this individual feature, it’s really encouraging to see the Outlook team invest in innovation like this. Given the large feature gap between Outlook on the web and Gmail (the only real enterprise competitor to Exchange/Outlook) it would be easy for the Outlook team to coast. Part of the ethos of building software at cloud speed involves iterating rapidly, and that in turn means sometimes you build something that turns out to get a lukewarm reception because it’s not as useful as first thought. (Tony argues that this is the case for Outlook’s support for likes and @ mentions.) However, sometimes you build something that turns out to be really nifty, and I think this feature is a good example– I look forward to seeing it roll out more broadly.

(for another time: I know not every tenant admin will want this feature turned on for their users without prior notice or permission, and Microsoft has a lot of room to improve the way they deliver features so that administrators can control user access to them.)

 

Leave a comment

Filed under General Stuff, Office 365, UC&C

Office 365 Exposed ep 02

It’s the offseason for Office 365, at least sort of– with no conferences until the fall, Tony and I had to take the opportunity of meetings at ENow to record this episode of Office 365 Exposed. Topics we covered included Delve Analytics, the contentious topic of mailbox anchoring, a bit about Skype for Business Online’s telephony features, and frequent mentions of Yammer for those of you who like to enjoy our podcast with a beverage in hand.

1 Comment

Filed under Office 365, Podcasts, UC&C

Office 365 Pro Plus licensing change?

Microsoft has a really complex infrastructure for deploying new features into Office 365. This deployment process, internally known as “flighting,” involves rolling out code changes across a huge base of servers— by some estimates, more than 600,000 worldwide— spread across dozens of data centers all around the world. This poses an interesting challenge. Flighting has to be automated because of the scale necessary, but with an automated tool that works at high scale, you can make a quickly replicated mistake. Think of it like shooting yourself in the foot with a machine gun.

Recently one of my customers notified me that they had noticed a change in their tenant: each user with an E3 or E4 license was now showing a possible total of 10 product activations for Office 365 Pro Plus. The limit had previously always been 5, meaning each user may install Pro Plus on up to five PCs and Macs. The release of Office applications for Windows 10, iOS, and Android devices changed things slightly; you were allowed to install on 5 PCs/Macs plus 5 tablets or mobile devices. At various times I’ve been told that the limit was 10 (5 PC + 5 devices) and 15 (5 PC + 5 tablet + 5 phone), but in any event, the user interface in the Office 365 management tools has always reported per-user activation as N installed copies out of a maximum of 5.

Immediately upon hearing this, I checked my tenants. Sure enough, now my tenant users were showing a maximum of 10 installs.

I followed up with some local Microsoft folks and was told that they were told by Office 365 support that this was a mistake, whether in flighting or configuration I’m not sure. However, two-plus days later, tenants are still showing 10 activations. I took the below screenshot a few minutes before writing this post; it shows 4 activated Pro Plus installations, with 6 more available.

10 license

I’m going to reach out directly to the O365 team to ask whether this is: a) a temporary mistake that will be reversed b) a policy change that hasn’t been officially announced or c) a restatement of the 5 PC/Mac + 5 device policy that was already in place. I’ll report back what I find out. 

Leave a comment

Filed under Office 365, UC&C

Operational maturity and Exchange

Over at my work blog, I have a post that tackles an important issue: how do you reliably design and operate Exchange if you don’t happen to have a large team of Exchange rock stars on staff? (Short answer: hire me. Longer answer: read the post to find out). Bonus: the post contains a picture of Ross Smith IV Yoda.

Leave a comment

Filed under Office 365, UC&C

Setting the record straight on Microsoft and subpoenas

This week I had the opportunity to present a session called “Cloud Best Practices” at the Alabama Digital Government Summit. I had a great time— it was fascinating to see how many different agencies in our state are putting advanced IT to work to save money and get more done for the taxpayer. However, there was one blemish on the experience that I wanted to polish away, so to speak.

Part of my talk concerned the fact that no matter where you live, your local government has lawful means to get your data: they can subpoena you, or your cloud provider, to get it. There’s nothing that you can do about it. It’s a feature, not a bug, of modern legal systems. I often talk about this in the context of people’s fears that the NSA, GCHQ, or whomever will snag their data, by lawful or unlawful means. Here’s the slide I put up:

NewImage

I don’t think these are controversial assertions. However, at this point in my talk, Stuart McKee (chief technical officer for state and local government at Microsoft) flatly asserted that Microsoft does not comply with government subpoenas for customer data; I believe he used the word “never”. He went on to say that Microsoft has a pattern of resisting subpoena requests and that this “has gotten [them] into some trouble.” He concluded by saying that Microsoft’s standard action is to tell governments that they must subpoena the data owner, not the service provider.

I believe these assertions to be largely untrue, and certainly misleading. (I’ll leave aside the insulting manner in which Stuart asserted that I was wrong— after all, I am certainly wrong sometimes and generally appreciate when people point it out.) I want to set the record straight to the extent that I can.

First, Microsoft absolutely does comply with lawful subpoenas for customer data. This page at Microsoft’s web site summarizes their responses to lawful legal demands for customer information (both information about customers and information belonging to customers) across a broad variety of jurisdictions, from Argentina to Venezuela. To assert otherwise is ludicrous.

Second, Microsoft has a pattern of complying with these lawful subpoenas, not refusing them. When Stuart said that Microsoft is “in trouble” for refusing a subpoena, I suspect that he’s referring to Microsoft vs United States, where the issue at hand is that Microsoft was served a search warrant for data stored in a Microsoft data center hosted in Ireland. The data are stored there because the customer is located outside the US. Microsoft moved to have the warrant vacated, and when that failed, asked the cognizant district court to vacate it. The district court upheld the original warrant; Microsoft refused to comply and was held in contempt. Now this particular case is working its way through the US federal court system.

Let me be clear: I applaud Microsoft for standing up and resisting the overreach in the original warrant— there doesn’t seem to be (at least not to my layman’s understanding) a right of the US government, at any level, to subpoena data belonging to a non-US person or organization if it’s stored outside the US, even if it’s held in a cloud service operated by a US person or organization. The brief Microsoft filed likens this to a German court ordering seizure of letters stored in a safe deposit box in a US branch of a German bank. Having said all that, claiming that this kind of resistance is routine is overblown. It isn’t. If Microsoft were refusing subpoenas left and right, the numbers I mentioned above would look very much different.

Third, Microsoft’s policy is indeed to try to redirect access requests whenever possible. The Office 365 privacy page has this to say:

We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact Microsoft with a request for Customer Data, we will attempt to redirect the third party to request the data directly from you. As part of that process, we may provide your contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.

In other words, Microsoft will try to redirect subpoenas from themselves to the data owner, where they are allowed by law to do so, and if they can’t, they will notify you, if allowed by law to do so. This is the only one of Stuart’s claims that I think is inarguable.

Finally, Microsoft proactively cooperates with law enforcement. The Microsoft Digital Crimes Unit newsroom contains press releases touting Microsoft’s cooperation with law enforcement agencies around the world (here’s just one example). This cooperation and disclosure extends to Microsoft proactively notifying law enforcement agencies when their PhotoDNA service identifies child porn images in customer’s private OneDrive data. I support their right to do this (it’s covered very clearly in the terms of service for Microsoft cloud services), and I believe it’s the right thing to do— but to claim that Microsoft never discloses customer data to law enforcement agencies while they are voluntarily doing so is both untrue and misleading.

Everyone’s interests are best served when everyone understands the specifics of the legal interaction between local and national governments and cloud service providers in various jurisdictions. This is a really new area of law in many respects, so it’s understandable that some things may not be clear, or even defined yet, but I wanted to correct what I view as dangerously misleading misinformation in this specific instance.

The bottom line: no matter what cloud service you choose, be sure you understand the policies that your cloud provider uses to determine the conditions under which they’ll cough up your data.

2 Comments

Filed under Office 365, Security, UC&C

Fixing “Cannot find registrar pool” error for sipfed.online.lync.com

I was recently setting up hybrid Lync Skype for Business for a customer. This is more properly known as “split-domain” configuration because you share a single SIP namespace across both the on-premises and cloud portions of the infrastructure.

If you’re not familiar with the process, it goes like this:

  1. Set up AD FS or whatever other identity federation solution you like.
  2. Configure the service to allow federation.
  3. Configure the on-premises Lync/SfB servers to allow federation.
  4. Turn on federation.
  5. Enable your tenant for split-domain operations with Set-CsTenantFederationConfiguration.
  6. Start moving users.

Adam Jacobs’ summary is worth reading if you haven’t seen this before, but even without reading it, it seems straightforward enough, right? I found that when I got to step 6 I got a vexing error: “Cannot find Registrar pool. Verify that ‘sipfed.online.lync.com’ is a valid registrar pool.”
sipfederr

I was 100% sure that the registrar pool name was correct and that it existed, so why couldn’t the Move-CsUser cmdlet find it? I spent some fruitless time binging for a solution (note: this is not the same as “binging on beer” or “binging on carbs before my race”); the few hits I found all suggested ensuring that you’d connected to the service with Import-PSSession, which is, as suggestions go, right up there with “make sure it’s plugged in.”

After some experimentation, I finally figured out that step 3 above hadn’t been performed completely; when I ran Get-CsHostingProvider, the EnableSharedAddressSpace and HostsOcsUsers parameters were both set to “false”. I reset them (and the AutodiscoverUrl parameter, also required), and that solved the problem. It’s not clear to me why anyone at Microsoft thought “cannot find registrar pool” would be an appropriate error for this condition; there are distinct error messages for most other problems that might occur (such as trying to move users to the wrong pool) but not here.

Perhaps this breadcrumb will help some future admin who gets the error, or maybe Microsoft will fix it…

6 Comments

Filed under Office 365, UC&C

Fixing SharePoint Online OneNote “something went wrong” errors

I recently ran into a problem with a SharePoint Online site that had previously been created on BPOS and moved around through various iterations of Office 365. None of the site users had ever used the OneNote notebook associated with the site, but the link was present in the side navigation bar. When I tried to access it, I got the infamous “sorry, but something went wrong” error page. (For another day: discuss the Fisher-Price-ization of service error messages; the low information content doesn’t scare end users but makes it impossible to troubleshoot problems.)

A little binging turned up a plausible solution: “SharePoint 2013 OneNote Notebook something went wrong error“. I was a little leery of turning off the feature for fear that it wouldn’t turn back on. However, I took the plunge. After disabling the feature and re-enabling it, I was able to open the OneNote Online notebook, but I wasn’t able to use the “open in OneNote” link until I added some content in OneNote Online. All’s well that ends well. This may not be the only solution for this problem, but it has a 100% success rate for me so far.

1 Comment

Filed under Office 365, UC&C

Preparing for Ignite

I’m heads-down working on my materials for the upcoming Microsoft Ignite conference. This year, I have three sessions:

  • MVPs Unplugged: Real-World Microsoft Exchange Server Designs and Deployments. This is a panel with Jeff Guillet, Nic Blank, and Sigi Jagott, so I am really looking forward to it. I love panels in general, and my co-presenters are incredibly knowledgeable about the ins and outs of large and small Exchange deployments.
  • Exchange Online Archiving: Notes from the Field. Archiving is one of those topics that isn’t interesting to everyone— but for people who are interested, they tend to be very interested. In this session, I’ll be talking about various aspects of EOA, including what it is, how it works, and how to efficiently move to it.
  • Servicing Microsoft Exchange Server: Update Your Knowledge: this is a joint effort between me and Microsoft’s Brent Alinger. As you may know, he is Mr. Exchange Servicing. I’m really excited to have the chance to be onstage with him. He has some very interesting (dare I say “provocative”) things to say. I consistently find that people misunderstand (or maybe under-understand) how Exchange servicing works and why Microsoft does things the way they do, and I think this session will help shine a brilliant beam of knowledge down from the mothership.

As always, Microsoft has deployed a whole behind-the-scenes infrastructure for managing all this stuff; this year, the system allows attendees to register their session preferences, and we see projected attendee numbers in the speaker portal. When I check these sessions in the speaker portal, all 3 of them are shown as having more enrollees than the currently booked rooms can support— that’s an excellent sign.

Of course, I have to point out that the session schedule is still not 100% set in stone, and sessions may change both times and locations. That’s a good thing, as right now my EOA session is up against Julia White’s keynote, generating the following exchange:

Google ChromeScreenSnapz013

(Just for the record, Julia, you are more than welcome in my sessions, and I promise to come up with better jokes before you arrive!)

In addition to our assigned sessions, Microsoft has asked each speaker to conduct peer review of other presentations. In addition to the sessions I’m presenting, I’m peer-reviewing sessions on Clutter, Office 365 Groups, and SharePoint enterprise search (pretty sure this last assignment was an accident). We’re also all supposed to man the show floor Office 365 booth, plus there are various side events to plan and RSVP for. In particular, if you haven’t yet requested an invitation to the Scheduled Maintenance party, you’d better act quickly; I hear it will introduce a new level of awesomeness.

Apart from my sessions, the only logistical item I have to complete is to book my flights; until the session schedule is finalized, I can’t. While I’d much prefer to fly myself, Microsoft only covers commercial airfare for speakers. I might fly myself anyway, though!

The workload is ramping up quickly as we get closer to the event, but it should pay off with some excellent sessions. I’m looking forward to Ignite– drop by and say hello if you’re there!

Leave a comment

Filed under Office 365, UC&C

License usage reporting in Office 365, part 2

If you’ve been wondering where part 2 of my series on reporting in Office 365 was, wonder no more; it just went live this morning.

Leave a comment

Filed under Office 365, UC&C

Microsoft rolls out Clutter admin improvements

Back in November, I wrote about my early experience with the Office 365 Clutter feature. I’ve been using it on and off– mostly off, due to a rare bug that surfaced because my mailbox is actually hosted on a portion of the Office 365 cloud that descends from the old Exchange Labs “friends and family” tenant. The bug kept Clutter from correctly moving clutter messages automatically; once it was fixed things returned to normal after I re-enabled the Clutter feature, and I’ve been happily using it since.

One of the big advantages of Office 365 is that the service team can develop and release new features much faster than they can for on-premises services. Sure enough, Microsoft today announced three new features for Clutter.

The biggest of these is the ability to create transport rules that flag messages, or senders, as exempt from Clutter processing. This is exactly the same thing as specifying safe senders for message hygiene filtering, although the implementation is a little different. You’ll create a transport rule that has the conditions and exceptions you want, but with an action that adds a header value of “ClutterBypassedByTransportRuleOverride: TRUE”, as described here. I have not personally had even a single false positive from Clutter since I’ve been testing it, and I haven’t seen any complaints about false positive problems from other users, MVPs, or customers. Having said that, Microsoft was smart to include a way to exempt certain messages from processing, as this will soothe some users and tenant administrators who are worried about the potential to have important messages be misdirected.

Second, the Clutter folder can now be managed by retention policies. This is an eminently logical thing to do, and it nicely highlights the flexibility of Exchange’s messaging records management system.

Rounding out the trio, you now have a very limited ability to customize the message that users see when they enable Clutter for their mailboxes: you can change the display name that the notification appears to be from, and you’ll soon be abe to change the logo. Frankly, this is weak sauce; there’s no way to customize the text of the notification, add custom URLs to it, or otherwise modify it in a useful way. Long-time Exchange administrators will recognize a familiar pattern exemplified by customizable delivery status notifications (DSNs), quota warning messages, and MailTips in previous versions of Exchange: first Microsoft delivered a useful feature with no customization capability, then they enabled limited customization, then (after prolonged complaining from customers) they broadened the range of things that could be customized. Let’s hope that pattern holds here.

There’s still one weak spot in the Clutter feature set: it still requires individual users to opt in (or out). While it’s true that users would likely be alarmed by the sudden forceful application or removal of the Clutter feature from their mailboxes, it’s also true that Office 365 as a whole needs to provide better controls for administrators to regulate which service features users have access to. I am hopeful that we’ll see better admin controls (and reporting) for this feature in the future.

While these improvements aren’t necessarily earth-shaking, they do add some welcome utility to what is already a valuable feature. Clutter is a great example of a feature that can make a measurable positive difference in users’ satisfaction with the service, and I look forward to more improvements in the feature.

1 Comment

Filed under Office 365, UC&C

License usage reporting in Office 365, part 1

On this blog, I write about whatever interests me. To the chagrin of some folks, this often includes aviation, fitness, and various complaints, but hey.. it could be worse. I save the really inane stuff for Twitter.

Besides the content I post here, though, I also blog at the Summit 7 Systems blog collective. Right now I’m publishing a series on reporting in Office 365. The first part of the series, on license usage reporting, is here, and the second part will be published shortly. In general, when I post content there that might be of interest to readers here, I’ll cross-post it with a short post like this one.

3 Comments

Filed under Office 365, UC&C