Category Archives: Office 365

Content related to Office 365 in all its glory

Nifty new auto-vacation feature for Outlook on the Web

This is a great example of Microsoft bringing useful innovation to end users by deploying new features in Office 365:

Outlook on the web now makes it easier to clear your calendar and automatically decline meetings before you head out for some time away from the office. When you set an automatic reply in Outlook on the web, Outlook will offer to do the following on your behalf:

  • Block your calendar so people know you’re away.
  • Clear existing meetings on your calendar by declining/canceling them.
  • Automatically send a response to incoming invitations while you’re away.

Of course, Outlook and Exchange have long had the ability to automatically send an out-of-office (or “OOF”, from “out of facility“) message when you specify the dates when you’ll be away. These new features extend the traditional OOF behavior by adding some business logic to the OOF process– after all, when you’re out of the office, it is logical to assume that you won’t be accepting appointments during that time, and that you want new invitations to be automatically declined. (There are exceptions, of course, which is why you can turn this business logic off.) I’m not in love with the fact that this feature requires you to set your  works in Outlook on the web, but I’m hopeful that it will make it into other versions of Outlook at some point.

Apart from the specifics of this individual feature, it’s really encouraging to see the Outlook team invest in innovation like this. Given the large feature gap between Outlook on the web and Gmail (the only real enterprise competitor to Exchange/Outlook) it would be easy for the Outlook team to coast. Part of the ethos of building software at cloud speed involves iterating rapidly, and that in turn means sometimes you build something that turns out to get a lukewarm reception because it’s not as useful as first thought. (Tony argues that this is the case for Outlook’s support for likes and @ mentions.) However, sometimes you build something that turns out to be really nifty, and I think this feature is a good example– I look forward to seeing it roll out more broadly.

(for another time: I know not every tenant admin will want this feature turned on for their users without prior notice or permission, and Microsoft has a lot of room to improve the way they deliver features so that administrators can control user access to them.)

 

Advertisements

Leave a comment

Filed under General Stuff, Office 365, UC&C

Office 365 Exposed ep 02

It’s the offseason for Office 365, at least sort of– with no conferences until the fall, Tony and I had to take the opportunity of meetings at ENow to record this episode of Office 365 Exposed. Topics we covered included Delve Analytics, the contentious topic of mailbox anchoring, a bit about Skype for Business Online’s telephony features, and frequent mentions of Yammer for those of you who like to enjoy our podcast with a beverage in hand.

1 Comment

Filed under Office 365, Podcasts, UC&C

Office 365 Pro Plus licensing change?

Microsoft has a really complex infrastructure for deploying new features into Office 365. This deployment process, internally known as “flighting,” involves rolling out code changes across a huge base of servers— by some estimates, more than 600,000 worldwide— spread across dozens of data centers all around the world. This poses an interesting challenge. Flighting has to be automated because of the scale necessary, but with an automated tool that works at high scale, you can make a quickly replicated mistake. Think of it like shooting yourself in the foot with a machine gun.

Recently one of my customers notified me that they had noticed a change in their tenant: each user with an E3 or E4 license was now showing a possible total of 10 product activations for Office 365 Pro Plus. The limit had previously always been 5, meaning each user may install Pro Plus on up to five PCs and Macs. The release of Office applications for Windows 10, iOS, and Android devices changed things slightly; you were allowed to install on 5 PCs/Macs plus 5 tablets or mobile devices. At various times I’ve been told that the limit was 10 (5 PC + 5 devices) and 15 (5 PC + 5 tablet + 5 phone), but in any event, the user interface in the Office 365 management tools has always reported per-user activation as N installed copies out of a maximum of 5.

Immediately upon hearing this, I checked my tenants. Sure enough, now my tenant users were showing a maximum of 10 installs.

I followed up with some local Microsoft folks and was told that they were told by Office 365 support that this was a mistake, whether in flighting or configuration I’m not sure. However, two-plus days later, tenants are still showing 10 activations. I took the below screenshot a few minutes before writing this post; it shows 4 activated Pro Plus installations, with 6 more available.

10 license

I’m going to reach out directly to the O365 team to ask whether this is: a) a temporary mistake that will be reversed b) a policy change that hasn’t been officially announced or c) a restatement of the 5 PC/Mac + 5 device policy that was already in place. I’ll report back what I find out. 

Leave a comment

Filed under Office 365, UC&C

Operational maturity and Exchange

Over at my work blog, I have a post that tackles an important issue: how do you reliably design and operate Exchange if you don’t happen to have a large team of Exchange rock stars on staff? (Short answer: hire me. Longer answer: read the post to find out). Bonus: the post contains a picture of Ross Smith IV Yoda.

Leave a comment

Filed under Office 365, UC&C

Setting the record straight on Microsoft and subpoenas

This week I had the opportunity to present a session called “Cloud Best Practices” at the Alabama Digital Government Summit. I had a great time— it was fascinating to see how many different agencies in our state are putting advanced IT to work to save money and get more done for the taxpayer. However, there was one blemish on the experience that I wanted to polish away, so to speak.

Part of my talk concerned the fact that no matter where you live, your local government has lawful means to get your data: they can subpoena you, or your cloud provider, to get it. There’s nothing that you can do about it. It’s a feature, not a bug, of modern legal systems. I often talk about this in the context of people’s fears that the NSA, GCHQ, or whomever will snag their data, by lawful or unlawful means. Here’s the slide I put up:

NewImage

I don’t think these are controversial assertions. However, at this point in my talk, Stuart McKee (chief technical officer for state and local government at Microsoft) flatly asserted that Microsoft does not comply with government subpoenas for customer data; I believe he used the word “never”. He went on to say that Microsoft has a pattern of resisting subpoena requests and that this “has gotten [them] into some trouble.” He concluded by saying that Microsoft’s standard action is to tell governments that they must subpoena the data owner, not the service provider.

I believe these assertions to be largely untrue, and certainly misleading. (I’ll leave aside the insulting manner in which Stuart asserted that I was wrong— after all, I am certainly wrong sometimes and generally appreciate when people point it out.) I want to set the record straight to the extent that I can.

First, Microsoft absolutely does comply with lawful subpoenas for customer data. This page at Microsoft’s web site summarizes their responses to lawful legal demands for customer information (both information about customers and information belonging to customers) across a broad variety of jurisdictions, from Argentina to Venezuela. To assert otherwise is ludicrous.

Second, Microsoft has a pattern of complying with these lawful subpoenas, not refusing them. When Stuart said that Microsoft is “in trouble” for refusing a subpoena, I suspect that he’s referring to Microsoft vs United States, where the issue at hand is that Microsoft was served a search warrant for data stored in a Microsoft data center hosted in Ireland. The data are stored there because the customer is located outside the US. Microsoft moved to have the warrant vacated, and when that failed, asked the cognizant district court to vacate it. The district court upheld the original warrant; Microsoft refused to comply and was held in contempt. Now this particular case is working its way through the US federal court system.

Let me be clear: I applaud Microsoft for standing up and resisting the overreach in the original warrant— there doesn’t seem to be (at least not to my layman’s understanding) a right of the US government, at any level, to subpoena data belonging to a non-US person or organization if it’s stored outside the US, even if it’s held in a cloud service operated by a US person or organization. The brief Microsoft filed likens this to a German court ordering seizure of letters stored in a safe deposit box in a US branch of a German bank. Having said all that, claiming that this kind of resistance is routine is overblown. It isn’t. If Microsoft were refusing subpoenas left and right, the numbers I mentioned above would look very much different.

Third, Microsoft’s policy is indeed to try to redirect access requests whenever possible. The Office 365 privacy page has this to say:

We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact Microsoft with a request for Customer Data, we will attempt to redirect the third party to request the data directly from you. As part of that process, we may provide your contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.

In other words, Microsoft will try to redirect subpoenas from themselves to the data owner, where they are allowed by law to do so, and if they can’t, they will notify you, if allowed by law to do so. This is the only one of Stuart’s claims that I think is inarguable.

Finally, Microsoft proactively cooperates with law enforcement. The Microsoft Digital Crimes Unit newsroom contains press releases touting Microsoft’s cooperation with law enforcement agencies around the world (here’s just one example). This cooperation and disclosure extends to Microsoft proactively notifying law enforcement agencies when their PhotoDNA service identifies child porn images in customer’s private OneDrive data. I support their right to do this (it’s covered very clearly in the terms of service for Microsoft cloud services), and I believe it’s the right thing to do— but to claim that Microsoft never discloses customer data to law enforcement agencies while they are voluntarily doing so is both untrue and misleading.

Everyone’s interests are best served when everyone understands the specifics of the legal interaction between local and national governments and cloud service providers in various jurisdictions. This is a really new area of law in many respects, so it’s understandable that some things may not be clear, or even defined yet, but I wanted to correct what I view as dangerously misleading misinformation in this specific instance.

The bottom line: no matter what cloud service you choose, be sure you understand the policies that your cloud provider uses to determine the conditions under which they’ll cough up your data.

2 Comments

Filed under Office 365, Security, UC&C

Fixing “Cannot find registrar pool” error for sipfed.online.lync.com

I was recently setting up hybrid Lync Skype for Business for a customer. This is more properly known as “split-domain” configuration because you share a single SIP namespace across both the on-premises and cloud portions of the infrastructure.

If you’re not familiar with the process, it goes like this:

  1. Set up AD FS or whatever other identity federation solution you like.
  2. Configure the service to allow federation.
  3. Configure the on-premises Lync/SfB servers to allow federation.
  4. Turn on federation.
  5. Enable your tenant for split-domain operations with Set-CsTenantFederationConfiguration.
  6. Start moving users.

Adam Jacobs’ summary is worth reading if you haven’t seen this before, but even without reading it, it seems straightforward enough, right? I found that when I got to step 6 I got a vexing error: “Cannot find Registrar pool. Verify that ‘sipfed.online.lync.com’ is a valid registrar pool.”
sipfederr

I was 100% sure that the registrar pool name was correct and that it existed, so why couldn’t the Move-CsUser cmdlet find it? I spent some fruitless time binging for a solution (note: this is not the same as “binging on beer” or “binging on carbs before my race”); the few hits I found all suggested ensuring that you’d connected to the service with Import-PSSession, which is, as suggestions go, right up there with “make sure it’s plugged in.”

After some experimentation, I finally figured out that step 3 above hadn’t been performed completely; when I ran Get-CsHostingProvider, the EnableSharedAddressSpace and HostsOcsUsers parameters were both set to “false”. I reset them (and the AutodiscoverUrl parameter, also required), and that solved the problem. It’s not clear to me why anyone at Microsoft thought “cannot find registrar pool” would be an appropriate error for this condition; there are distinct error messages for most other problems that might occur (such as trying to move users to the wrong pool) but not here.

Perhaps this breadcrumb will help some future admin who gets the error, or maybe Microsoft will fix it…

6 Comments

Filed under Office 365, UC&C

Fixing SharePoint Online OneNote “something went wrong” errors

I recently ran into a problem with a SharePoint Online site that had previously been created on BPOS and moved around through various iterations of Office 365. None of the site users had ever used the OneNote notebook associated with the site, but the link was present in the side navigation bar. When I tried to access it, I got the infamous “sorry, but something went wrong” error page. (For another day: discuss the Fisher-Price-ization of service error messages; the low information content doesn’t scare end users but makes it impossible to troubleshoot problems.)

A little binging turned up a plausible solution: “SharePoint 2013 OneNote Notebook something went wrong error“. I was a little leery of turning off the feature for fear that it wouldn’t turn back on. However, I took the plunge. After disabling the feature and re-enabling it, I was able to open the OneNote Online notebook, but I wasn’t able to use the “open in OneNote” link until I added some content in OneNote Online. All’s well that ends well. This may not be the only solution for this problem, but it has a 100% success rate for me so far.

1 Comment

Filed under Office 365, UC&C