Category Archives: UC&C

Multi-factor authentication for Exchange Online PowerShell

Everything at the Microsoft MVP Summit is automatically under NDA, so rather than talk about all the secret stuff, I thought I’d share something I learned there that isn’t under NDA because it was already public. Somehow I missed this announcement before, but: there’s a public preview of a new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA). If you have turned on MFA for administrators in Office 365, you’ve probably found that they can’t use PowerShell to manage Exchange objects. Now you can: download and install this module and you’re all set. Here’s what it looks like in action:

adal-ps

I found out about this when I complained publicly in Tim Heeney‘s session that this doesn’t work. Thankfully Tim set me straight posthaste; after I got the link to the preview, a little searching turned up fellow MVP Vasil Michev’s article describing it, which I either forgot about or never saw.

Advertisements

7 Comments

Filed under Office 365, UC&C

Creating Exchange dynamic distribution groups with custom attributes

You learn something new every day… I guess that means I’m ahead of schedule for the day.

A coworker asked if there was a way to use PowerShell to create a dynamic distribution group using one of the AD customAttributeX values. I didn’t know the answer offhand (since I create new distribution groups about every 5 years), but a little binging turned up the documentation for New-DynamicDistributionGroup. Turns out that the ConditionalCustomAttributeN parameters will do what he wanted:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -ConditionalCustomAttribute6 "PeopleToInclude"

It turns out that wasn’t what he really wanted– he wanted to create a dynamic DG to include objects where the custom attribute value was not set to a particular value. The ConditionalXXX switches can’t do that, so he had to use a RecipientFilter instead:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -RecipientFilter {ExtensionCustomAttribute6 -ne "PeopleToExclude"}...

1 Comment

Filed under Office 365, UC&C

Microsoft Exchange engineering and cloud-scale

The Exchange team (or at least Perry Clarke, its fearless leader) has been known to describe Exchange Online as “the gateway drug to the cloud.” But how did that come to pass?

This week at Ignite, I was lucky enough to have dinner with some folks from the Exchange product team and a very, very large customer where we discussed the various ways in which Exchange engineering has blazed a trail the rest of Microsoft’s server products have eventually followed. After a bracing Twitter discussion this afternoon with @swiftonsecurity and some of her other followers, I thought it would be fun to put together a partial list of some of the things we discussed to illustrate how the Exchange team has built a stairway to heaven, or an elevator to the cloud, or something like that.

Let’s start with PowerShell. Love it or hate it, it is here, so we all have to deal with it. In 2007, the idea that Exchange would be built on PS was both revolutionary and, to many, revolting, but it allowed Microsoft to do several important things (not all of which shipped in Exchange 2007, but all of which are critical to cloud operations):

  • Greatly improve testability, both for the developers themselves but also for administrators, who now got a suite of protocol and endpoint-related tests they could run as part of troubleshooting– critically important when you have to troubleshoot in a global network of data centers hosting tens of millions of mailboxes
  • Fully enable role-based access control, also critical for cloud deployments where customers want to control who can do what with their data
  • Finally decouple the presentation layer of the UI (EMC, EAC, etc) from business logic
  • Massively improve the tools for scripting, including enabling very large-scale bulk operations– an obvious requirement for a cloud-scale service

Requiring PowerShell was a bold move by the Exchange team but one which has both paid off hugely and one that’s been echoed by the Windows, SharePoint, SQL Server and Skype teams, all of whom depend on it for managing their own cloud services. (See also: the Microsoft Graph APIs.)

Then there’s storage performance. In ancient days, getting scale from Exchange pretty much required the use of SANs due to Exchange’s IO requirements. Now, thanks to the IOPS diet imposed by Exchange engineering, it doesn’t. Tony does his usual excellent job of summarizing the actual reductions. Summary: Exchange 2016 requires roughly 96% fewer IOPS than Exchange 2003 did. There have been a ton of storage performance improvements in Exchange’s sister products (notably SQL) but those have their own stories that I’m not competent to tell. The relentless drive to cut IOPS requirements was one of the biggest enablers for Exchange Online, since controlling storage provisioning costs is critical for any type of scaled cloud service.

Of course, data protection is critical too. Exchange moved from having a single monolithic database to one with separate property and MIME databases (Exchange 2000) then to having software-based database replication with clustering (Exchange 2007) to shared-nothing, fully-replicated active/passive database replication (Exchange 2010 and later). Keeping multiple separate database copies (including lagged copies) enables all sorts of DR and HA scenarios that previously had required SANs. The ability to reliably use cheap JBOD disks, which thanks to Moore’s Law have embiggened nicely during Exchange’s lifetime, has been a key enabler for Exchange Online.

Then there’s a bunch of other architectural changes and improvements that are really only interesting to Exchange nerds. For the latest example, I present “read from passive,” but there’s also all the stuff covered by the Preferred Architecture.

Oh, I almost forgot: managed availability gives ExO a fair degree of self-healing, although its behavior sometimes surprises on-prem admins who see it do things on their behalf unexpectedly.

Oh, and let’s not forget the conversion of all the Exchange codebase to managed code– that was an important accelerator for the move to the cloud, as well as serving as a lighthouse for other product groups with code of similar vintage.

There are more examples, I’m sure, but these should get the point across– there’s been a steady stream of architectural changes in the nearly 20 years since Exchange 4.0 shipped that have led directly to the capability, power, and reliability of Exchange Online– which really has been the gateway drug for getting Microsoft’s customers to Office 365.

 

 

Leave a comment

Filed under UC&C

Office 365 Exposed, Episode 4

Another trip to California for Tony and me means another episode of Office 365 Exposed! This time, we talked about Microsoft Ignite, Office 365 Groups, why the Saints are my favorite football team, and a host of other topics. (OK, I admit it. We did not actually talk about the Saints. Maybe next episode. I did sneak in a plug for the College Football Hall of Fame though.)

 

Leave a comment

Filed under Office 365, Podcasts, UC&C

Microsoft releases updated Office 365 Visio stencil

Yay! Microsoft has updated their downloadable Visio stencil set for Office 365 to include the 2016 versions of the application icons, plus some other visual improvements. Now your Visio diagrams can have that fresh 2016 feel. (Thanks to Samantha Robertson, Dan Fraser, and Tony Smith of Microsoft for making this happen.)

Leave a comment

Filed under UC&C

Nifty new auto-vacation feature for Outlook on the Web

This is a great example of Microsoft bringing useful innovation to end users by deploying new features in Office 365:

Outlook on the web now makes it easier to clear your calendar and automatically decline meetings before you head out for some time away from the office. When you set an automatic reply in Outlook on the web, Outlook will offer to do the following on your behalf:

  • Block your calendar so people know you’re away.
  • Clear existing meetings on your calendar by declining/canceling them.
  • Automatically send a response to incoming invitations while you’re away.

Of course, Outlook and Exchange have long had the ability to automatically send an out-of-office (or “OOF”, from “out of facility“) message when you specify the dates when you’ll be away. These new features extend the traditional OOF behavior by adding some business logic to the OOF process– after all, when you’re out of the office, it is logical to assume that you won’t be accepting appointments during that time, and that you want new invitations to be automatically declined. (There are exceptions, of course, which is why you can turn this business logic off.) I’m not in love with the fact that this feature requires you to set your  works in Outlook on the web, but I’m hopeful that it will make it into other versions of Outlook at some point.

Apart from the specifics of this individual feature, it’s really encouraging to see the Outlook team invest in innovation like this. Given the large feature gap between Outlook on the web and Gmail (the only real enterprise competitor to Exchange/Outlook) it would be easy for the Outlook team to coast. Part of the ethos of building software at cloud speed involves iterating rapidly, and that in turn means sometimes you build something that turns out to get a lukewarm reception because it’s not as useful as first thought. (Tony argues that this is the case for Outlook’s support for likes and @ mentions.) However, sometimes you build something that turns out to be really nifty, and I think this feature is a good example– I look forward to seeing it roll out more broadly.

(for another time: I know not every tenant admin will want this feature turned on for their users without prior notice or permission, and Microsoft has a lot of room to improve the way they deliver features so that administrators can control user access to them.)

 

Leave a comment

Filed under General Stuff, Office 365, UC&C

Office 365 Exposed ep 02

It’s the offseason for Office 365, at least sort of– with no conferences until the fall, Tony and I had to take the opportunity of meetings at ENow to record this episode of Office 365 Exposed. Topics we covered included Delve Analytics, the contentious topic of mailbox anchoring, a bit about Skype for Business Online’s telephony features, and frequent mentions of Yammer for those of you who like to enjoy our podcast with a beverage in hand.

1 Comment

Filed under Office 365, Podcasts, UC&C