It’s the offseason for Office 365, at least sort of– with no conferences until the fall, Tony and I had to take the opportunity of meetings at ENow to record this episode of Office 365 Exposed. Topics we covered included Delve Analytics, the contentious topic of mailbox anchoring, a bit about Skype for Business Online’s telephony features, and frequent mentions of Yammer for those of you who like to enjoy our podcast with a beverage in hand.
Category Archives: UC&C
It is a cliché to talk about an opportunity that’s too good to refuse (not to be confused with an offer you can’t refuse), but sometimes it doeshappen.
I am very excited to announce that, effective 26 October 2015, I will be taking the position of chief technology officer (CTO) for ENow Software. In that role, I will be driving the development of their next generation of products for both on-premises and Office 365 monitoring. It’s a big step forward for my career, moving me simultaneously back towards the development world and further into the cloud. (It’s also a little surreal to see one’s job change announced in a press release.)
Before I get into the nuts and bolts of what I’ll be doing, a personal note: I want to thank Scott Edwards, Ben Curry, and all my coworkers at Summit 7 Systems. What a talented and skilled group of people! I accidentally learned much more than I expected about SharePoint from them, and both Ben and managing consultant Matt Whitehorn were instrumental in helping me identify soft skills I need to work on— always a challenge. I have huge respect for what the Summit 7 team has accomplished and recommend them in the highest possible terms to anyone who needs Office 365, Azure, AWS, or SharePoint design, strategy, or migration help.
So, the new job. In the CTO role, I’ll be reporting directly to Jay Gundotra, the CEO. I’ll be responsible for technical product strategy and implementation, the customer success team, technical presales, and internal IT. (I am still working on a transition plan to establish an ENow corporate aviation department, but don’t tell Jay.) That’s quite a broad scope, which means I can bring to bear everything I’ve learned throughout my career as a developer, consultant, and administrator. Driving beneficial change across these disparate fields is going to be an exhilarating challenge! Luckily I will have a really powerful team on my side, including Michael Van Horenbeeck (noted hooligan/tequila drinker, Microsoft Certified Master, and Exchange MVP) and Tony Redmond, a member of ENow’s advisory board.
ENow is already very successful in their chosen markets, but the cloud poses a brand-new set of technical and business challenges, both for them and their customers. The #1 question I hear from IT pros and business decision makers is simple: how will the move to the cloud affect me and my business? It’s interesting that I don’t remember many people asking that during the years-long transition from mainframe- and mini-based solutions to the x86 world; people just naturally assumed their skills would transfer. That hasn’t been the case with the cloud. Figuring out how to effectively monitor and manage cloud services when you don’t control the underlying platform is a tough problem. Instrument flight is probably a good metaphor here. On a clear day, you can see the ground, so flying is easy. There’s a visible horizon and landmarks. In the clouds, everything changes– if you’ve ever been in an airplane on a cloudy day, you know that you can see where the clouds are but not what’s inside them. Flying inside clouds is like being inside a ping-pong ball, with no visual cues you can use for orientation. You have to use your instruments to keep the plane pointed in the right direction and right side up. Moving workloads such as Exchange email or SharePoint to the cloud doesn’t lessen your need to monitor what’s happening, it just changes the way in which you’ll do it, and figuring out that change is a key task in my new role.
Of course, Microsoft is releasing new services and capabilities in Office 365 at a rapid clip, so another key challenge will be figuring out how to keep up with them and how best to bring ENow’s experience in simplifying the complexities of enterprise application monitoring to a world where Microsoft seems intent on giving everyone Fisher-Price-style monitoring and reporting tools.
Despite the new job, some things won’t change: I’m still living in Huntsville, I’m still not a Cowboys fan (sorry, Jay), and I’ll still be blogging here, although I expect to be writing some more strategy-oriented posts for ENow’s blog. Where I can, I plan to share details of what I’m working on, so stay tuned!
Last year, Tony and I started producing a podcast for Windows IT Pro called “Exchange Exposed.” It was moderately successful, but the demands of producing and delivering the podcast on a regular schedule didn’t mesh well with Penton’s plan for world domination, so Tony and I took back the rights to the podcast and are recording and distributing it ourselves. However, because of some peculiarities of the way the iTunes Store lists podcasts, we couldn’t just add new episodes to the existing podcast… but we didn’t find this out until the current episode was recorded and ready.
Going forward, we’re retitling the podcast to “Office 365 Exposed” to reflect the reality that Exchange and Exchange Online are part of the Office 365 family. Unlike some other Office 365-branded media that focuses exclusively on SharePoint, we’ll be covering the non-SharePoint part of the ecosystem with vigor and depth. There’s a lot to talk about!
In this episode, recorded at IT/Dev Connections in Las Vegas, we get some quality time with special guest Bhargav Shukla of KEMP Technologies to discuss the release of Exchange 2013 CU10, the impending release of Exchange 2016, and what the future of on-premises Exchange looks like. Give it a listen below. In a day or two, iTunes should pick up the feed and you’ll be able to subscribe, or you can point your RSS feed reader to the “Podcasts” category here.
Microsoft has a really complex infrastructure for deploying new features into Office 365. This deployment process, internally known as “flighting,” involves rolling out code changes across a huge base of servers— by some estimates, more than 600,000 worldwide— spread across dozens of data centers all around the world. This poses an interesting challenge. Flighting has to be automated because of the scale necessary, but with an automated tool that works at high scale, you can make a quickly replicated mistake. Think of it like shooting yourself in the foot with a machine gun.
Recently one of my customers notified me that they had noticed a change in their tenant: each user with an E3 or E4 license was now showing a possible total of 10 product activations for Office 365 Pro Plus. The limit had previously always been 5, meaning each user may install Pro Plus on up to five PCs and Macs. The release of Office applications for Windows 10, iOS, and Android devices changed things slightly; you were allowed to install on 5 PCs/Macs plus 5 tablets or mobile devices. At various times I’ve been told that the limit was 10 (5 PC + 5 devices) and 15 (5 PC + 5 tablet + 5 phone), but in any event, the user interface in the Office 365 management tools has always reported per-user activation as N installed copies out of a maximum of 5.
Immediately upon hearing this, I checked my tenants. Sure enough, now my tenant users were showing a maximum of 10 installs.
I followed up with some local Microsoft folks and was told that they were told by Office 365 support that this was a mistake, whether in flighting or configuration I’m not sure. However, two-plus days later, tenants are still showing 10 activations. I took the below screenshot a few minutes before writing this post; it shows 4 activated Pro Plus installations, with 6 more available.
I’m going to reach out directly to the O365 team to ask whether this is: a) a temporary mistake that will be reversed b) a policy change that hasn’t been officially announced or c) a restatement of the 5 PC/Mac + 5 device policy that was already in place. I’ll report back what I find out.
Over at my work blog, I have a post that tackles an important issue: how do you reliably design and operate Exchange if you don’t happen to have a large team of Exchange rock stars on staff? (Short answer: hire me. Longer answer: read the post to find out). Bonus: the post contains a picture of
Ross Smith IV Yoda.
This week I had the opportunity to present a session called “Cloud Best Practices” at the Alabama Digital Government Summit. I had a great time— it was fascinating to see how many different agencies in our state are putting advanced IT to work to save money and get more done for the taxpayer. However, there was one blemish on the experience that I wanted to polish away, so to speak.
Part of my talk concerned the fact that no matter where you live, your local government has lawful means to get your data: they can subpoena you, or your cloud provider, to get it. There’s nothing that you can do about it. It’s a feature, not a bug, of modern legal systems. I often talk about this in the context of people’s fears that the NSA, GCHQ, or whomever will snag their data, by lawful or unlawful means. Here’s the slide I put up:
I don’t think these are controversial assertions. However, at this point in my talk, Stuart McKee (chief technical officer for state and local government at Microsoft) flatly asserted that Microsoft does not comply with government subpoenas for customer data; I believe he used the word “never”. He went on to say that Microsoft has a pattern of resisting subpoena requests and that this “has gotten [them] into some trouble.” He concluded by saying that Microsoft’s standard action is to tell governments that they must subpoena the data owner, not the service provider.
I believe these assertions to be largely untrue, and certainly misleading. (I’ll leave aside the insulting manner in which Stuart asserted that I was wrong— after all, I am certainly wrong sometimes and generally appreciate when people point it out.) I want to set the record straight to the extent that I can.
First, Microsoft absolutely does comply with lawful subpoenas for customer data. This page at Microsoft’s web site summarizes their responses to lawful legal demands for customer information (both information about customers and information belonging to customers) across a broad variety of jurisdictions, from Argentina to Venezuela. To assert otherwise is ludicrous.
Second, Microsoft has a pattern of complying with these lawful subpoenas, not refusing them. When Stuart said that Microsoft is “in trouble” for refusing a subpoena, I suspect that he’s referring to Microsoft vs United States, where the issue at hand is that Microsoft was served a search warrant for data stored in a Microsoft data center hosted in Ireland. The data are stored there because the customer is located outside the US. Microsoft moved to have the warrant vacated, and when that failed, asked the cognizant district court to vacate it. The district court upheld the original warrant; Microsoft refused to comply and was held in contempt. Now this particular case is working its way through the US federal court system.
Let me be clear: I applaud Microsoft for standing up and resisting the overreach in the original warrant— there doesn’t seem to be (at least not to my layman’s understanding) a right of the US government, at any level, to subpoena data belonging to a non-US person or organization if it’s stored outside the US, even if it’s held in a cloud service operated by a US person or organization. The brief Microsoft filed likens this to a German court ordering seizure of letters stored in a safe deposit box in a US branch of a German bank. Having said all that, claiming that this kind of resistance is routine is overblown. It isn’t. If Microsoft were refusing subpoenas left and right, the numbers I mentioned above would look very much different.
Third, Microsoft’s policy is indeed to try to redirect access requests whenever possible. The Office 365 privacy page has this to say:
We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact Microsoft with a request for Customer Data, we will attempt to redirect the third party to request the data directly from you. As part of that process, we may provide your contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.
In other words, Microsoft will try to redirect subpoenas from themselves to the data owner, where they are allowed by law to do so, and if they can’t, they will notify you, if allowed by law to do so. This is the only one of Stuart’s claims that I think is inarguable.
Finally, Microsoft proactively cooperates with law enforcement. The Microsoft Digital Crimes Unit newsroom contains press releases touting Microsoft’s cooperation with law enforcement agencies around the world (here’s just one example). This cooperation and disclosure extends to Microsoft proactively notifying law enforcement agencies when their PhotoDNA service identifies child porn images in customer’s private OneDrive data. I support their right to do this (it’s covered very clearly in the terms of service for Microsoft cloud services), and I believe it’s the right thing to do— but to claim that Microsoft never discloses customer data to law enforcement agencies while they are voluntarily doing so is both untrue and misleading.
Everyone’s interests are best served when everyone understands the specifics of the legal interaction between local and national governments and cloud service providers in various jurisdictions. This is a really new area of law in many respects, so it’s understandable that some things may not be clear, or even defined yet, but I wanted to correct what I view as dangerously misleading misinformation in this specific instance.
The bottom line: no matter what cloud service you choose, be sure you understand the policies that your cloud provider uses to determine the conditions under which they’ll cough up your data.
I was recently setting up hybrid
Lync Skype for Business for a customer. This is more properly known as “split-domain” configuration because you share a single SIP namespace across both the on-premises and cloud portions of the infrastructure.
If you’re not familiar with the process, it goes like this:
- Set up AD FS or whatever other identity federation solution you like.
- Configure the service to allow federation.
- Configure the on-premises Lync/SfB servers to allow federation.
- Turn on federation.
- Enable your tenant for split-domain operations with Set-CsTenantFederationConfiguration.
- Start moving users.
Adam Jacobs’ summary is worth reading if you haven’t seen this before, but even without reading it, it seems straightforward enough, right? I found that when I got to step 6 I got a vexing error: “Cannot find Registrar pool. Verify that ‘sipfed.online.lync.com’ is a valid registrar pool.”
I was 100% sure that the registrar pool name was correct and that it existed, so why couldn’t the Move-CsUser cmdlet find it? I spent some fruitless time binging for a solution (note: this is not the same as “binging on beer” or “binging on carbs before my race”); the few hits I found all suggested ensuring that you’d connected to the service with Import-PSSession, which is, as suggestions go, right up there with “make sure it’s plugged in.”
After some experimentation, I finally figured out that step 3 above hadn’t been performed completely; when I ran Get-CsHostingProvider, the EnableSharedAddressSpace and HostsOcsUsers parameters were both set to “false”. I reset them (and the AutodiscoverUrl parameter, also required), and that solved the problem. It’s not clear to me why anyone at Microsoft thought “cannot find registrar pool” would be an appropriate error for this condition; there are distinct error messages for most other problems that might occur (such as trying to move users to the wrong pool) but not here.
Perhaps this breadcrumb will help some future admin who gets the error, or maybe Microsoft will fix it…