Category Archives: UC&C

The difference between supportability and patching

I’m at the annual MVP Summit this week, and everything we hear and see is pretty much NDA (except for pictures of Flat Tony). However, we just had a really interesting discussion that I think is safe to abstract here.

A couple years ago I wrote a post about what it means to be supported or unsupported. What I wrote then still stands: when Microsoft says something is unsupported, there can be multiple reasons for that label, and you do whatever-it-is at your own risk.

Microsoft’s support policy for Exchange 2013 can be summed up as “N-1”: when they release a new cumulative update (CU) or service pack, that version and the previous version are considered to be supported. So, in the fullness of time, when we get Exchange 2013 CU7, then CU6 and CU7 will be the officially supported versions.

It’s very clear that there’s a lot of confusion about what “supported” means in this context. Microsoft product support will always support you if you call for help with a product that’s within its lifecycle window. Call them today and ask how to configure Exchange ActiveSync on Exchange 2010 RU2, they’ll help you. Call to ask about an issue you’re seeing with DAG failover in Exchange 2013 CU2, they’ll help you. Call for help with Exchange 2003, and they may even help you on a best-effort basis.

What they won’t do is create fixes for bugs or problems in unsupported versions.

If you call them and say “hey, I’m having this problem with Exchange 2013 SP1,” they will help you troubleshoot it. If it’s a known problem, they may tell you “update to CU5 or later”– but Microsoft will not create a hotfix or IU that fixes that problem in SP1, or any other older version that’s outside that N-1 boundary.

So: help always, bug fixes only within the support boundary. Tell your friends.

 

1 Comment

Filed under Office 365, UC&C

Microsoft announces data loss prevention, mobile device management for Office 365

Microsoft made a slew of Office 365 announcements at TechEd Europe this week. Taken collectively, they’re clear evidence of how Microsoft is executing their strategy of cross-linking capabilities across Windows, the Office suite, and Office 365.

Let’s start with data loss prevention (DLP), a feature first introduced in Exchange 2013. (Side note: I love it that yet another marquee feature in Office 365 was first shipped as part of Exchange.) The idea behind DLP is that you can have an automated system that will detect when users send out sensitive information (for certain selected values of “sensitive”) and take appropriate action, ranging from warning the user through a Policy Tip to journaling the message to notifying a person or group to blocking the message. DLP shipped with a template engine that allows Microsoft and its partners to build templates for different policies, along with a set of templates for common policies such as US HIPAA and PCI. However, Exchange 2013 DLP suffered from some limitations, chiefly that it only worked with messages sent through Exchange. Users only get Policy Tip warnings in OWA 2013 and Outlook 2013, and the template system seems primarily intended for use by a few specialized partners and not the general population.

Microsoft is addressing these problems by extending DLP into SharePoint Online and OneDrive for Business. While they haven’t discussed the specifics of how this will work, it seems reasonable that both SharePoint and ODB will consume the same policy templates used in Exchange, so that you can apply a consistent set of policies across the three products. Conspicuously absent from the announcement was any mention of bringing this capability to on-prem SharePoint. Maybe that was just an oversight.

The OneDrive for Business capability will be of huge interest to several of my large customers. Microsoft’s messaging around large, low-cost personal storage for business users is getting a lot of traction, with both users and enterprises eager to take advantage of it, but organizations have a reasonable concern that users will, accidentally or on purpose, put stuff in their ODB libraries that they shouldn’t. Assuming that you can define a DLP policy that covers what you don’t want stored in ODB, having this enforcement mechanism could potentially be very valuable.

In addition to these DLP extensions, Microsoft is giving Office 365 DLP the ability to recognize and act on tags created in the Windows Server file classification infrastructure (FCI). With this support, the automated metadata tags generated by FCI can be recognized by Exchange Online, SharePoint Online, and OneDrive for Business—so if you have, say, an Excel spreadsheet that’s classified as protected health information (PHI), the DLP infrastructure will recognize and treat it as such. I don’t have a good feel for how pervasive FCI is in the enterprise, since I don’t normally deal with file/print deployments, but I suspect that this is a nice 2-for-1 play for Microsoft: they can sell the benefits of FCI to cloud customers and sell the benefits of DLP that’s driven by FCI to entrenched on-prem customers.

Another major DLP improvement is coming in Office: Word, PowerPoint, and Excel will get support for Policy Tips. While it would be technically possible to roll this out into Office 2013, it wouldn’t surprise me at all to see this offered as a feature only in Office 16.

I’ll have a lot more to say about the details of these features once Microsoft releases more public details. While I’ll look forward to picking the collective brains of the Office 365 PM team at the MVP Summit, I don’t expect them to share any public details beyond what they’re showing in Barcelona. In the meantime, though, Microsoft is clearly trying to reinforce the ties between their core Office and Windows Server customers and Office 365, while at the same time providing some more tasty cloud-only features in an attempt to entice customers into drinking the 365 Kool-aid.

For another day, a more detailed analysis of Microsoft’s announcement that mobile device management (MDM) capabilities are being added to almost all of the existing Office 365 plans.

3 Comments

Filed under Office 365, UC&C

A few quick notes on Office 365 Groups

Today the Office 365 team announced the rollout of the first phase of the Groups feature. I hadn’t been playing close attention to the roadmap for this particular feature, so I decided to play around with it and report my findings. Rather than the kind of carefully reasoned analysis you might expect from Tony or Van Hybrid, this is sort of a stream-of-consciousness record of my initial exploration. However, it probably reflects how most customers will discover and use the feature. Remember that this is written within a few hours after the feature launched, so things that I call out as not working or missing may not be lit up in my tenant yet.

  • First, I looked around to figure out how to create a new group. The screenshot in the online help shows Groups appearing in the left-side folder nav bar. I didn’t see that in my tenant. When I switched to the People view, I noticed that the People search selector had a “Groups” item available, but since there were no groups that wasn’t super helpful. Clicking the “New” icon at the upper right of the People view gave me a modal pop-up asking me whether I wanted to create a new group or person. The interface for creating new groups is straightforward: give your group a name, add some people to it, and off you go. Here’s what it looks like:
Creating a new group is straightforward.

Creating a new group is straightforward.

Note that there’s no way to specify an email address for the group object. You can send mail to it from within OWA, or by clicking the envelope icon in the group information sheet, but there’s no visible external SMTP address to, send to. This seems like an oversight.

  • The group documentation says that newly created groups get their own OneDrive for Business folder and group mailbox, but I haven’t yet seen any signs of those objects in my tenant. However, the docs also say that group members will get a “welcome to your new group” email once those objects have been created, and because that hasn’t shown up yet, I’m guessing that there’s just a short provisioning delay.
  • I created a new group named “Managing Consultants”. I picked that name on purpose, because I already had a mail-enabled security group with the same name. The Groups interface happily let me create a duplicate. The existing USG doesn’t show up in the Groups interface in OWA, nor does the new Group show up in Outlook’s online GAL (which may just be an artifact of AD latency). The help topic for creating and navigating groups shows a number of settings that aren’t visible in my tenant. For example, you can supposedly change the URL used to access the group or set the group to either private or public– those options aren’t available to me yet.
  • I clicked on the mail icon to create a message and sent it off; it arrived immediately in the target mailboxes. Interestingly, though, the group name doesn’t show up in Outlook; instead, the individual group members’ names appear.
  • Even after creating two groups and sending a message to one of them, neither group appeared in the OWA left navigation bar. Surprisingly, they didn’t appear in the OneDrive nav bar either:
Where'd my groups go?

Where’d my groups go?

  • Bizarrely, clicking the “Browse groups” item opens a new OWA window, which opens in mail view, not the People view. The new OWA window’s left nav bar has a People section, but it’s empty– even though the original OWA window I kept open still correctly shows unread mail from people in my Inbox.
  • When I create a Group, it doesn’t appear as an available group in Yammer. I presume this is by design.
  • I didn’t test Group conversations because there are no visible Group objects in OWA where the docs say they should be.

From the bumpy state of feature display and behavior at this point, I infer that there’s a multi-step provisioning task that runs when a new Group is created, and that at least the ODB step hasn’t run yet. This might confuse users who wonder why they can use a group for one purpose (sending mail) but not another (ODB). I’ll wait a day or so for the provisioning and loop back to see which of these items are bugs and which are just caused by setup delays.

6 Comments

Filed under Office 365, UC&C

Exchange Connections wrap-up wrap-up

Over at the Summit 7 blog, I have a post detailing some of my higher-level thoughts from this year’s Exchange Connections conference. I also had a few less-structured things to throw out there, thus this post.

First, I was really thankful to be able to see and spend time with so many of my good friends from the Exchange tribe. With the untimely demise of our friend Andrew Ehrensing fresh in my mind, I really appreciated getting to see Tony, Paul, Nathan, Wes, Michael, Jaap, Michel, Amy, Jay, Joel, Sigi, Andrew, Bhargav, Greg, the two Jeffs, Chris, Dave, Megan– and that’s just who I can remember off the top of my head (sorry if I’ve forgotten anyone). One of the biggest benefits of Exchange Connections and MEC is the close engagement it fosters within our community.

Second, sometimes session attendance offers surprising insights. I had 3 sessions: one on Managed Availability, one on Office 365 migration, and one on Lync/Exchange feature integration. I expected the migration session to draw the biggest crowd, but my Managed Availability session was jam-packed, and the Lync session was well-attended too– despite the fact that the integration items I talked about are well-documented and fairly common. I got some good attendee questions, which I’ll be using as blog fodder. It was a bit surprising to see how few attendees had deployed SharePoint, although that may have been because the real SharePoint devotees were in other sessions. Few of the attendees in my session had already deployed Office 365, although again those who had were probably in other sessions.

All three went well, though I felt a little flat in the second half of the first session. Thankfully none of my sessions were in the first time slot of the day, nor were any on the last day. My experience with Vegas conferences has been that being first up or on the last day means that attendees will be {tired, hung over, broke} and not at their most receptive.

Speaking of Vegas conferences: the Aria is a great property and I hope that future Exchange Connections conferences return there. I never did get to try their vaunted red velvet pancakes (Tony, here’s a recipe if you want to try them at home) but the conference food itself was decent and the meals I had (at Javier’s and the Aria Cafe) were quite good.

With Exchange Connections out of the way, my next planned event is the MVP Summit in Redmond in November. The Exchange MVPs have a long list of things we want to vigorously discuss with the product team, so I am looking forward to getting everyone in the same room again and having it out!

3 Comments

Filed under UC&C

New ADAL hopefully means Outlook MFA coming soon

Remember back in April when I wrote this post on multi-factor authentication (MFA) for Office 2013? (It’s OK if you don’t, because you can go read it now.) Good news: one of the things required to ship MFA in office is an updated version of the Active Directory Authentication Library, or ADAL. Well, guess what? A couple of days ago, Microsoft announced a major Azure AD update that includes a new release of ADAL. The release notes don’t specifically mention MFA support in ADAL, but they do say that ADAL 2.0 supports “new authentication flows” so I am hopeful that this is the release required to unlock Office 2013 MFA support. I guess we’ll see; it wouldn’t surprise me to see Microsoft announce its availability at TechEd Europe, since that’s the next major event on their schedule. Stay tuned…

Leave a comment

Filed under Office 365, UC&C

Moving to Summit 7 Systems

It must be the season or something. Like several of my peers (e.g. Paul, Phoummala, and Michael, to name 3), I’m moving on from my current position to a unique new challenge. In my case, I’m taking the role of Principal Architect at Summit 7 Systems.

Astute readers may remember that, just about a year ago, I joined Dell’s global services organization as a global principal consultant. I was fortunate to work with a large group of extremely smart and talented people, including several MCMs (Todd, Dave, Andrew, Ron, and Alessandro, y’all know who I’m talking about!) Working for a large company has both its benefits and challenges, but I was happy with the work I was doing and the people I was working with. However, then this happened.

Scott Edwards, cofounder of Summit 7 and a longtime friend from my prior time in Huntsville, told me that he wanted to grow Summit 7’s very successful business, previously focused on SharePoint and business process consulting, to expand into Office 365, Lync, and Exchange. Would I be interested in helping? Yes, yes, I would. Summit 7 is already really well known in the SharePoint world, with customers such as NASA, Coca-Cola, Nucor Steel, and the State of Minnesota. SharePoint consulting is a very different world in many ways from what I’m used to, so it will be interesting, challenging, and FUN to carry the Lync/Exchange/365 torch into a new environment.

In my new role, I’ll be building a practice essentially from scratch, but I’ll be able to take advantage of Summit 7’s deep bench of project management, business process consulting, marketing, and sales talent. I’m excited by the opportunity, which is essentially the next step forward from my prior work as a delivery specialist. I am not yet taking over the role of Summit 7’s corporate pilot, but that’s on my to-do list as well. (A couple of folks have already asked, and the answer is: yes, I will be flying myself occasionally to customer gigs, something that Dell explicitly forbade. Can’t wait!)

This is an exciting opportunity for me and I relish the chance to get in and start punching. Stay tuned! (Meanwhile, you can read the official Summit 7 press release here.)

4 Comments

Filed under UC&C

Microsoft replaces MEC, LyncConf, SPC with new “unified technology event”

So the news is out: Microsoft is rolling MEC, Lync Conference, and SharePoint Conference into a single “unified commercial technology conference” in Chicago next year. MVPs were notified that this change was in the works, and there was a lot of vigorous discussion. Now that the cat has been debagged, I wanted to share a few thoughts about this new conference. For perspective, I should say that I attended almost all of the original MEC conferences back in the day and hit both “next-gen” MECs and this year’s Lync Conference. I have also spoken at TechEd around a dozen times all told; I co-chaired Exchange Connections for a number of years and am a repeat speaker there as well, so I am thoroughly familiar with the landscape of Exchange and Lync-oriented conferences. (Since I haven’t been to SPC, any time I talk about MEC or LyC you can just mentally search-and-replace “SPC” in there if you like.)

Is this just TechEd 2.0?

The announcement, bylined with Julia White’s name, says that Microsoft is combining MEC, LyC, and SPC to provide a unified event that will give attendees “clearer visibility into Microsoft’s future technology vision and roadmap” and “unparalleled access to Microsoft senior leaders and the developers who write the code.” One of the most valuable aspects of the current set of product-specific conferences, of course, is the deep engagement with people from each specific product group. The enthusiasm and passion that the developers, testers, support engineers, PMs, and leaders of the Exchange and Lync product groups shines through: they are just as happy and excited to be there as the attendees are, and this creates a unique energy and sense of community that are consistently absent from TechEd.

Microsoft has been very successful at positioning TechEd as the generalists’ conference, with coverage of every part of their stack. Developers, architects, security engineers, and business decision makers all had content targeted at them, but it was often driven by Microsoft’s marketing agenda and not by customer demand. As the number of products in Microsoft’s portfolio has grown, TechEd hasn’t lengthened to accommodate more sessions; instead, the number of Exchange/Lync/Office 365 sessions has remained roughly constant even as those products have expanded. I think it’s fair to say that as a vehicle for deep technical information, TechEd’s glory days are far behind it. On the other hand, as a vehicle to showcase the Microsoft party line, TechEd thrived. It became clear several years ago that individual product communities would greatly benefit from having their own conferences to focus on their unique needs. Exchange Connections did a good job of filling this niche, of course, but first SPC, then LyC, then MEC proved that these product-specific conferences engendered a very high degree of attendee (and exhibitor) satisfaction and engagement, and they proved the high value of having a Microsoft-led and -organized conference with enthusiastic participation from the big wheels in each product group.

The announcement goes on to say “feedback from attendees across the past conferences asking for more content and product team engagement across Microsoft versus just within one product area.” In complete sincerity, I can say that none of the hundreds of MEC or LyC attendees, or MVPs, or Microsoft product group folks I have spoken to have said “gee, what we really need is a big conference that covers all of Microsoft’s UC&C products.” I do know that the product groups have aggressively sought and carefully considered feedback from attendees at these conferences, so it’s certainly possible that they’ve been hearing something very different than I have. It is true that people whose duties or interests span multiple products have to go to multiple conferences, and this is a valid complaint. Many consultants can’t spare multiple weeks of bench time to attend all of the relevant conferences, and many smaller companies that are using multiple products aren’t able to budget multiple conferences either. So from their standpoint, perhaps this unification is a win.

Tony points out that there are great logistical and cost-savings benefits to Microsoft in consolidating the conference, and that exhibitors may prefer to have a larger, more diverse audience. I agree with the former; on the latter, I’m not sure. Companies whose product lines span multiple parts of the UC&C ecosystem may benefit; for example, ENow makes both Exchange and Lync monitoring solutions, so having both Lync and Exchange admins in the crowd is great for them. I’m not sure the same is true for exhibitors such as Polycom, AvePoint, or Sherpa Software, whose products focus on one Microsoft server.

Julia goes on to promise that “this unified conference will be every bit as awesome, every bit as valuable and in fact, it will exceed on both these measures. That is our maniacal focus and commitment to you, so hold us to it!” While I am naturally skeptical of broad and unsupported promises such as this, the many, many people involved in the existing round of conferences— from Julia and her staff to the individual product group folks like Jamie Stark and Brian Shiers to the MVP and MCM speakers— all have a huge interest in making sure that the new event meets the high bar set by the existing conference. That helps temper my skepticism with a high degree of optimism. The announcement promises more details on the conference (perhaps including a name?) in September, and I’d expect to see more details at TechEd EMEA in October.

One last note for speculation: if you were Julia, and you were planning on introducing new versions of your flagship products, wouldn’t it be logical to do it with a big splash at a new event? May 2015 is, conveniently, in the first half of calendar year 2015, and at MEC 2014 Microsoft told us to expect a new on-prem version of Exchange in the second half of 2015.

2 Comments

Filed under Office 365, UC&C

Does Azure Machine Learning open the door for on-premises Office Graph?

Microsoft continues to expand the reach of its Azure services by introducing new capabilities, seemingly on a daily basis. Today I was surprised to see an announcement for the new Azure Machine Learning service (more background in this NY Times article). The link for the service apparently isn’t live yet, though.

The availability of this service raises some interesting questions around Office Graph, the set of nifty social-ish features that Microsoft introduced at SPC and reiterated at MEC and TechEd. We recently learned that, at least for now, there are no plans to offer Office Graph, and its associated features, to on-premises customers in the next release of Exchange Server. Carefully parse that statement; it could mean anything from “there will never be Office Graph features in on-prem Exchange” to “we can change our plans and include them at any time.”

It’s fair to say that Office Graph is designed to leverage the high scale of Office 365, and that because it is a resource-intesive group of processes and services, that there’s likely to be a lot of infrastructure for management, monitoring, and tuning of its components— not necessarily something that could trivially be unleashed on the existing base of on-premises customers. I’d bet that these services have a lot of interconnections, too. However, if Microsoft is adopting the Amazon approach of  “everything is a service”, as they seem to be, you’d think that having some parts of Office Graph running on Azure ML is not only possible but probable. And the Azure folks are clearly comfortable with hybrid environments, as witness the fact that the Forza 5 and Titanfall video games on Xbox One both make extensive use of Azure-based resources.

So, if Office Graph is (or could be) consuming Azure ML as a service, it would seem to lower the barrier for getting Office Graph-related services into on-prem Exchange. I’ll be watching closely to see what Microsoft announces, and even more closely to see what they do, around this issue— it seems like the best possible world would be one where on-prem customers can harness the scale of Azure to get access to Office Graph features and where Microsoft doesn’t have to engineer a complete support system around on-prem variants of the Office Graph components. Stay tuned…

Leave a comment

Filed under Office 365, UC&C

Creating an Office 365 demo tenant

One of the big advantage of software as a service (SaaS) is supposed to be reduced overhead: there are no servers to install or configure, so provisioning services is supposed to be much easier. That might be true for customers, but it isn’t necessarily true for us as administrators and consultants. Learning about Office 365 really requires hands-on experience. You can only get so far from reading the (voluminous) documentation and watching the (many and excellent) training videos that Microsoft has produced. However, there’s a problem: Office 365 costs money.

There are a few routes to get free access to Office 365. If you’re an MVP, you can get a free subscription, limited (I think) to 25 users. If you’re an MSDN subscriber, you can get a tenant with a single user license, which is fine for playtime but not terribly useful if you need a bigger lab. Microsoft also has a 30-day trial program (for some plans: Small Business Premium, Midsize Business, and Enterprise) that allows you to set up a tenant and use it, but at the end of that 30-day period the tenant goes away if you don’t pay for it. That means you can potentially waste a lot of effort customizing a tenant, creating users, and so on only to have it vanish unless you whip out the credit card.

I was a little surprised to find out recently that there’s another alternative: Microsoft has a tool that will create a new demo tenant on demand for you. You can customize many aspects of the tenant behavior, and you can use the provided user accounts (which include contact photos and real-looking sample emails and documents) or create your own. There are even vertical-specific packs that customize the environment for particular customer types. And it’s all free; no payment information is required. However, you do have to have a Windows Live ID that is associated with a Microsoft Partner Network (MPN) account. If you don’t have one, you can join MPN fairly easily.
All this goodness is available from www.microsoftofficedemos.com. Here’s what you need to do to use it.
  1. Go to http://www.microsoftofficedemos.com/ and log in.
  2. Click the “Get Demo” link in the top nav bar, or the “Create Demo” link on the page, or just go to https://www.microsoftofficedemos.com/Provision_step1.aspx. That will display the page below. Note that you can download VHDs that provide an on-prem version of the demo environment if you want those instead.
    Tenant01
  3. Make sure you’ve selected “Office 365 tenant” from the pulldown, then click “Next”. That will display a new page with four choices, all of which are pretty much self-explanatory. If you want an empty tenant to play around with, choose the “Create an empty Office 365 tenant”. If you want one that has users, email, documents, and so on, choose “Create new demo environment” instead.
    tenant02
  4. On the next page, you can choose whether you want the standard demo content or a vertical-specific demo pack. This will be a really useful option once Microsoft adds more vertical packs, but for now the only semi-interesting one is retail, and the provided demo guides (IMHO) are more useful for the standard set, so that’s what I’d pick. After you choose a data set, click “Create Your Demo”.
  5. The next page is where you name the tenant, and where Microsoft asks you to prove you’re not a bot by entering a code that they send to your mobile phone. (Bonus points if you know why I picked this particular tenant name!) The optional “Personalize Your Environment” button lets you change the user names (both aliases and full names) and contact pictures, so if you’re doing a demo for a particular customer you can put in the names of the people who will attend the demo to add a little spice. The simple option is to customize a single user; there’s one main user for each of the demos (which I’ll get to in a minute), but you can customize any or all of the 25 default users.
    Tenant04
  6. Once you click “Create My Account”, the demo engine will start creating your tenant  and provisioning it. This takes a while; for example, yesterday it took about 12 hours from start to finish. Provisioning demos is just about last on Microsoft’s priority list, so if you need a tenant in a hurry use the “create a blank tenant” option I mentioned earlier. You’ll see a progress page like the one below, but you’ll also get a notification email to the address you provided in step 5 when everything’s finished, so there’s no need to sit and watch it.
    Tenant06
Once the tenant is provisioned, you can log into it using any of the test users, or the default “admin” user. How do you know which users are configured (presuming you didn’t customize them, that is)? Excellent question. The demo guides provide a complete step-by-step script both for setting up the demo environment and executing the demo itself. For example, the Office 365 Enterprise “hero demo” is an exhaustive set of steps that covers all the setup you need to do on the tenant and whatever client machines you’re planning on using.
Once the tenant is provisioned, it’s good for 90 days. You can’t renew it, but at any time during the 90 days you can refresh the demo content so that emails, document modification times, and so on are fresh. And on the 91st day, you can just recreate the tenant; there doesn’t seem to be any explicit limit to the number of tenants you can create or the number of times you can create a tenant with a given name.
While the demo data set is quite rich, and the provided demo scripts give you a great walkthrough to show off Office 365, you don’t have to use them. If you just want a play area that you can test with, this environment is pretty much ideal. It has full SMTP connectivity, although I haven’t tested to verify that every federation and sharing feature works properly (so, for example, you might not be able to set up free/busy sharing with your on-prem accounts). I also don’t know whether there are any admin functions that have been RBAC’d to be off limits. (If you see anything like that, please post a comment here.)
Enjoy!

11 Comments

Filed under Office 365, UC&C

Mailbox-level backups in Office 365

Executive summary: there aren’t any, so plan accordingly.

Recently I was working with a customer (let’s call him Joe, as in “Joe Customer”) who was considering moving to Office 365. They went to our executive briefing center in Austin, where some Dell sales hotshots met and briefed them, then I joined in via Lync (with video!) for a demo. The demo went really well, and I was feeling good about our odds of winning the deal… until the Q&A period.

“How does Office 365 provide mailbox-level backups?” Joe asked.

“Well, it doesn’t,” I said. “Microsoft doesn’t give you direct access to the mailbox databases. Instead, they give you deleted item retention, plus you can use single-item retention and various types of holds.” Then I sent him this link.

“Let me tell you why I’m asking,” Joe retorted after skimming the link. “A couple of times we’ve lost our CIO’s calendar. He uses an Outlook add-in that prints out his calendar every day, and sometimes it corrupts calendar items. We need to be able to do mailbox-level backups so that we can restore any damaged items.”

At that point I had to admit to being stumped. Sure enough, there is no Office 365 feature or capability that protects against this kind of logical corruption. You can’t use New-MailboxExportRequest or the EAC to export the contents of Office 365 mailboxes to PST files. You obviously can’t run backup tools that run on the Exchange server against your Office 365 mailbox databases; there may exist tools that use EWS to directly access a mailbox and make a backup copy, but I don’t know of any that are built for that purpose.

I ran Joe’s query past a few folks I know on the 365 team. Apart from the (partially helpful) suggestion not to run Outlook add-ins that are known to corrupt data, none of them had good answers either.

While it’s tempting to view the inability to do mailbox-level backups as a limitation, it’s perfectly understandable. Microsoft spent years trying to get people not to run brick-level backups using MAPI. The number of use cases for this feature is getting smaller each year as both the data-integrity and retention features of Exchange get better. In fact, one of the major reasons that we now have single-item recovery in its current form is because customers kept asking for expanded tools to recover deleted items, either after an accidental deletion or a purge. Exchange also incorporates all sorts of infrastructure to protect against data loss, both for stored data and data in transit, but nothing really helps in this case: the corrupt data comes from the client, and Exchange is faithfully storing and replicating what it gets from the client. In fairness, we have seen business logic added to Exchange in the past to protect against problems caused by malformed calendar entries created by old versions of Outlook, but clearly Microsoft can’t do that for every random add-in that might stomp on a user’s calendar.

A few days after the original presentation, I sent Joe an email summarizing what I’d found out and telling him that, if mailbox-level backup was an absolute requirement, he probably shouldn’t move those mailboxes to Office 365.

The moral of this story, to an extent that there is one, is that Microsoft is engineering Office 365 for the majority of their users and their needs. Just as Word (for instance) is supplemented by specialized plugins for reference and footnote tracking, mathematical typesetting, and chemistry diagrams, Exchange has a whole ecosystem of products that connect to it in various ways, and Office 365 doesn’t support every single one of those. The breadth and diversity of the Exchange ecosystem is one of the major reasons that I expect on-premises Exchange to be with us for years to come. Until it finally disappears, don’t forget to do some kind of backups.

8 Comments

Filed under Office 365, UC&C

US lawyers and Office 365

Every field has its own unique constraints; the things the owner of a small manufacturing business worries about will have some overlap, but many differences, compared to what the CEO of a multi-billion-dollar energy company is concerned with. The legal industry is no exception; one major area of concern for lawyers is ethics. No, I don’t mean that they’re concerned about not having any. (I will try to refrain from adding any further lawyer jokes in this post unless, you know, they’re funny).

Disclaimer: I am not a lawyer. This is not legal advice. Seriously.

The entire US legal system is based on a number of core principles, including that of precedent, or what laymen might call “tradition”. For that reason, as well as the stiff professional penalties that may result from a finding of malpractice or incompetence, many in the legal profession have been slower to embrace technology than their peers in other industries. When there is no settled precedent to answer a question, someone has to generate precedent, often by taking a case to court. Various professional standards bodies can generate opinions that are considered to be more or less binding on their members, too. To cite one example of what I mean, here’s what the Lawyers’ Professional Responsibility Board of the state of Minnesota has to say about one small aspect of legal ethics, the safeguarding and use of metadata:

…a lawyer is ethically required to act competently to avoid improper disclosure of confidential and privileged information in metadata in electronic documents.

That seems pretty straightforward; the body responsible for “the operation of the professional responsibility system in Minnesota” issued an opinion calling for attorneys in that state to safeguard metadata and refrain from using it in ways that conflict with their other ethical obligations. With that opinion now extant, lawyers in Minnesota can, presumably, be disciplined for failing to meet that standard.

With that as background, let me share this fascinating link: a list of ethics opinions related to the use of cloud services by lawyers and law firms. (I found the list at Sharon Nelson’s excellent “Ride the Lightning” blog, which I commend to your attention.)

Let that sink in for a minute: some of the organizations responsible for setting ethical standards for lawyers in various states are weighing in on the ethics of legal use of cloud services.

This strikes me as remarkable for several reasons. Consider, for example, that there don’t seem to be similar guidelines for e-mail admins, or professional engineers, or cosmetologists, or any other profession that I can think of. In pretty much every other market, if you want to use cloud services, feel free! Oh, sure, you may want to consider the ramifications of putting sensitive or protected data into the cloud, especially if you have specific requirements around compliance or governance. By and large, though, no one is going to punish you for using cloud services in your business if that choice turns out to be inappropriate. On the other hand, if you’re a lawyer, you can be professionally liable for failing to protect your clients’ confidentiality, as might happen in case of a data breach at your cloud provider.

The existence of these opinions, then, means that in at least 14 states, there are now defined standards that practitioners are expected to follow when choosing and using cloud services. For example, the Alabama standard (which I picked because it is simple, because I live in Alabama, and because it was first in the alphabetical list) says:

…a lawyer may use “cloud computing” or third-party providers to store client data provided that the attorney exercises reasonable care in doing so… The duty of reasonable care requires the lawyer to become knowledgeable about how the provider will handle the storage and security of the data being stored and to reasonably ensure that the provider will abide by a confidentiality agreement in handling the data. Additionally, because technology is constantly evolving, the lawyer will have a continuing duty to stay abreast of appropriate security safeguards that should be employed by the lawyer and the third-party provider. If there is a breach of confidentiality, the focus of any inquiry will be whether the lawyer acted reasonably in selecting the method of storage and/or the third party provider.

The other state opinions are generally similar in that they require an attorney to act with “reasonable care” in choosing a cloud service provider. That makes Microsoft’s recent relaunch of the expanded Office 365 Trust Center a great move: it succinctly addresses “appropriate security safeguards” that are applied throughout the Office 365 stack. Reading it will give you a solid grounding in the physical. technical, and operational safeguards that Microsoft has in place.

Compared to its major SaaS competitors, Microsoft’s site has more breadth and depth about security in Office 365, and it’s written in an approachable style that is appropriate for non-technical people… including attorneys. In particular, the top-10 lists provide easily digestible bites that help to reassure customers that there data, and metadata, are safe within Microsoft’s cloud. By comparison, the Google Apps security page is limited in both breadth and depth; the Dropbox page is laughable, and the Box.net page is basically a quick list of bullets without much depth to back them up.

The Office 365 Trust Center certainly provides the information necessary for an attorney to “become knowledgeable about how the provider will handle the storage and security of the data being stored”, and it is equally useful for the rest of us because we can do the same thing. If you haven’t already done so, it’s worth a few minutes of your time to go check it out; you’ll probably come away with a better idea of the number and type of security measures that Microsoft applies to Office 365 operations, which will help you if a) you go to law school and/or b) you are considering moving to Office 365.

4 Comments

Filed under Office 365, UC&C

Exchange Server and Azure: “not now” vs “never”

Wow, look what I found in my drafts folder: an old post.

Lots of Exchange admins have been wondering whether Windows Azure can be used to host Exchange. This is to be expected for two reasons. First, Microsoft has been steadily raising the volume of Azure-related announcements, demos, and other collateral material. TechEd 2014 was a great example: there were several Azure-related announcements, including the availability of ExpressRoute for private connections to the Azure cloud and several major new storage improvements. These changes build on their aggressive evangelism, which has been attempting, and succeeding, to convince iOS and Android developers to use Azure as the back-end service for their apps. The other reason, sadly, is why I’m writing: there’s a lot of misinformation about Exchange on Azure (e.g. this article from SearchExchange titled “Points to consider before running Exchange on Azure”, which is wrong, wrong, and wrong), and you need to be prepared to defuse its wrongness with customers who may misunderstand what they’re potentially getting into.

On its face, Azure’s infrastructure-as-a-service (IaaS) offering seems pretty compelling: you can build Windows Server VMs and host them in the Azure cloud. That seems like it would be a natural fit for Exchange, which is increasingly viewed as an infrastructure service by customers who depend on it. However, there are at least three serious problems with this approach.

First: it’s not supported by Microsoft, something that the “points to consider” article doesn’t even mention. The Exchange team doesn’t support Exchange 2010 or Exchange 2013 on Azure or Amazon EC2 or anyone else’s cloud service at present. It is possible that this will change in the future, but for now any customer who runs Exchange on Azure will be in an unsupported state. It’s fun to imagine scenarios where the Azure team takes over first-line support responsibility for customers running Exchange and other Microsoft server applications; this sounds a little crazy but the precedent exists, as EMC and other storage companies did exactly this for users of their replication solutions back in Exchange 5.5/2000 times. Having said that, don’t hold your breath. The Azure team has plenty of other more pressing work to do first, so I think that any change in this support model will require the Exchange team to buy in to it. The Azure team has been able to get that buy-in from SharePoint, Dynamics, and other major product groups within Microsoft, so this is by no means impossible.

Second: it’s more work. In some ways Azure gives you the worst of the hosted Exchange model: you have to do just as much work as you would if Exchange were hosted on-premises, but you’re also subject to service outages, inconsistent network latency, and all the other transient or chronic irritations that come, at no extra cost, with cloud services. Part of the reason that the Exchange team doesn’t support Azure is because there’s no way to guarantee that any IaaS provider is offering enough IOPS, low-enough latency, and so on, so troubleshooting performance or behavior problems with a service such as Azure can quickly turn into a nightmare. If Azure is able to provide guaranteed service levels for disk I/O throughput and latency, that would help quite a bit, but this would probably require significant engineering effort. Although I don’t recommend that you do it at the moment, you might be interested in this writeup on how to deploy Exchange on Azure; it gives a good look at some of the operational challenges you might face in setting up Exchange+Azure for test or demo use.

Third: it’s going to cost more. Remember that IaaS networks typically charge for resource consumption. Exchange 2013 (and Exchange 2010, too) is designed to be “always on”. The workload management features in Exchange 2013 provide throttling, sure, but they don’t eliminate all of the background maintenance that Exchange is more-or-less continuously performing. These tasks, including GAL grammar generation for Exchange UM, the managed folder assistant, calendar repair, and various database-related tasks, have to be run, and so IaaS-based Exchange servers are continually going to be racking up storage, CPU, and network charges. In fairness, I haven’t estimated what these charges might be for a typical test-lab environment; it’s possible that they’d be cheap enough to be tolerable, but I’m not betting on it, and no doubt a real deployment would be significantly more expensive.

Of course, all three of these problems are soluble: the Exchange team could at any time change their support policy for Exchange on Azure, and/or the Azure team could adjust the cost model to make the cost for doing so competitive with Office 365 or other hosted solutions. Interestingly, though, two different groups would have to make those decisions, and their interests don’t necessarily align, so it’s not clear to me if or when we might see this happen. Remember, the Office 365 team at Microsoft uses physical hardware exclusively for their operations.

Does that mean that Azure has no value for Exchange? On the contrary. At TechEd New Orleans in June 2013, Microsoft’s Scott Schnoll said they were studying the possibility of using an Azure VM as the witness server for DAGs in Exchange 2013 CU2 and later. This would be a super feature because it would allow customers with two or more physically separate data centers to build large DAGs that weren’t dependent on site interconnects (at the risk, of course, of requiring always-on connectivity to Azure). The cost and workload penalty for running an FSW on Azure would be low, too. In August 2013, the word came down: Azure in its present implementation isn’t suitable for use as an FSW. However, the Exchange team has requested some Azure functionality changes that would make it possible to run this configuration in the future, so we have that to look forward to.

Then we have the wide world of IaaS capabilities opened up by Windows Azure Active Directory (WAAD), Azure Rights Management Services, Azure Multi-Factor Authentication, and the large-volume disk ingestion program (now known as the Azure Import/Export Service). As time passes, Microsoft keeps delivering more, and better, Azure services that complement on-premises Exchange, which has been really interesting to watch. I expect that trend to continue, and there are other, less expensive ways to use IaaS for Exchange if you only want it for test labs and the like. More on that in a future post….

5 Comments

Filed under General Tech Stuff, UC&C

Getting ready for TechEd 2014

Wow, this snuck up on me! TechEd 2014 starts in 10 days, and I am nowhere near ready.

A few years ago, I started a new policy: I only attend TechEd to speak, not as a general attendee or press member; the level of technical content for the products I work with has declined steadily over the years. This is to be expected; in a four-day event, there’s a finite number of sessions that Microsoft can present, and as they add new products, every fiefdom must have its due. There are typically around 30 sessions that involve unified communications in some way; that number has remained fairly constant since 2005 or so. Over the last several years, the mix of sessions has changed to accommodate new versions of Exchange, Lync, and Office 365, but the limited number of sessions means that TechEd can’t offer the depth of MEC, Exchange Connections, or Lync Conference. This year there are 28 Exchange-related sessions, including several that are really about Office 365— so about 25% the content of MEC.

I can’t keep track of how many previous TechEd events I’ve been to; if you look at the list, you’ll see that they tend to be concentrated in a small number of cities and so they all kind of blend together. (Interestingly, this 2007 list of the types of attendees you see at TechEd is still current.) The most memorable events for me have been the ones in Europe (especially last year’s event in Madrid, where I’d never been before).

This year I was asked to pinch-hit and present OFC-B318, “What’s New in Lync Mobile.” That’s right— so far this year, I have presented on Lync at Lync Conference and MEC, plus this session, plus another Lync session at Exchange Connections! If I am not careful I’ll get a reputation. Anyway, I am about ready to dive into shining up my demos, which will feature Lync Mobile on a variety of devices— plus some special guests will be joining me on stage, including my favorite Canadian, an accomplished motorcycle rider, and a CrossFitter. You’ll have to attend the session to find out who these people are though: 3pm, Monday the 12th— see you there! I’ll also be working in the Microsoft booth area at some point, but I don’t know when yet; stay tuned for updates.

Leave a comment

Filed under UC&C

Speaking at Exchange Connections 2014

I’m excited to say that I’ll be presenting at Exchange Connections 2014, coming up this fall at the Aria in Las Vegas.

Tony posted the complete list of speakers and session titles a couple of days ago. I’m doing three sessions:

  • “Who Wears the Pants In Your Datacenter: Taming Managed Availability”: an all-new session in which the phrase “you’re not the boss of me” will feature prominently. You might want to prepare by reading my Windows IT Pro article on MA, sort of to set the table.
  • “Just Like Lemmings: Mass Migration to Office 365”: an all-new session that discusses the hows and whys of moving large volumes of mailbox and PST data into the service, using both Microsoft and third-party tools. (On the sometimes-contentious topic of public folder migration, I plead ignorance; see Sigi Jagott’s session if you want to know more). There is a big gap between theory and practice here and I plan to shine some light into it.
  • “Deep Dive: Exchange 2013 and Lync 2013 Integration” covers the nuts and bolts of how to tie Lync and Exchange 2013 together. Frankly, if you saw me present on this topic at DellWorld, MEC, or Lync Conference, you don’t need to attend this iteration. However, every time I’ve presented it, the room has been packed to capacity, so there’s clearly still demand for the material!

Exchange Connections always has a more relaxed, intimate feeling about it than the bigger Microsoft-themed conferences. This is in part because it’s not a Microsoft event and in part because it is considerably smaller. As a speaker, I really enjoy the chance to engage more deeply with the attendees than is possible at mega-events. If you’re planning to be there, great— and, if not, you should change your plans!

1 Comment

Filed under Office 365, UC&C

MEC 2014 wrap-up by the numbers

The MEC 2014 conference team sent out a statistical summary of the conference to speakers, and it makes for fascinating reading. I wanted to share a few of the highlights of the report because I think it makes some really interesting points about the state of the Exchange market and community.

First: the 101 sessions were attended by a total of 13,079 people. The average attendance across all sessions was 129, which is impressive (though skewed a bit by the size of some of the mega-sessions; Microsoft had to make a bet that lots of people would attend these sessions, which they did!). In terms of attendance, the top 10 sessions were mostly focused on architecture and deployment:

  • Exchange Server 2013 Architecture
  • Ready, set, deploy: Exchange Server 2013
  • Experts Unplugged: Exchange Top Issues – What are they and does anyone care or listen?
  • Exchange Server 2013 Tips & Tricks
  • The latest on High Availability & Site Resilience
  • Exchange hybrid: architecture and deployment
  • Experts Unplugged: Exchange Deployment
  • Exchange Server 2013 Transport Architecture
  • Exchange Server 2013 Virtualization Best Practices
  • Exchange Design Concepts and Best Practices
RS IV, not life size To put this in perspective, the top session on this list had just over 600 attendees and the bottom had just under 300. Overall attendance to sessions on the architecture track was about double that of the next contender, the deployment and migration track. That tells me that there is still a large audience for discussions of fundamental architecture topics, in addition to the day-in, day-out operational material that we’d normally see emerging as the mainstay of content at this point in the product lifecycle.Next takeaway: Tim McMichael is a rock star. He captured the #1 and #2 slots in the session ratings, which is no surprise to anyone who’s ever heard him speak. I am very hopeful that I’ll get to hear him speak at Exchange Connections this year. The overall quality of speakers was superb, in my biased opinion. I’d like to see my ratings improve (more demos!) but there’s no shame in being outranked by heavy hitters such as Tony, Michael, Jeff Mealiffe, Ross Smith IV (pictured at left; not actual size), or the ebullient Kamal Janardhan. MEC provides an excellent venue for the speakers to mingle with attendees, too, both at structured events like MAPI Hour and in unstructured post-session or hallway conversations. To me, that direct interaction is one of the most valuable parts of attending a conference, both as a speaker and because I can ask other speakers questions about their particular areas of expertise.

Third, the Unplugged sessions were very popular, as measured both by attendance numbers and session ratings. I loved both the format and content of the ones I attended, but they depend on having a good moderator— someone who is both knowledgeable about the topic at hand and experienced at steering a group of opinionated folks back on topic when needed. While I am naturally bad at that, the moderators overall did an excellent job and I hope to see more Unplugged sessions at future events. When attendees added sessions to their calendar, the event staff used that as a means of gauging interest and assigning rooms based on the likely number of attendees. However, looking at the data shows that people flocked to sessions based on word-of-mouth and didn’t necessarily update their calendars; I calculated the attendance split by dividing the number of people who attended an actual session by the number who said they would attend. If 100 calendared the session but 50 attended, that would be a 50% split. The average split across all sessions (except one) was 53.8%— not bad considering how dynamic the attendance was. The one session I left out was “Experts Unplugged: Architecture – HA and Storage”, which had a split of 1167%! Of the top 10 splits (i.e. sessions where the largest percentage of people stood by their original plans), 4 were Unplugged sessions.

Of course, MEC was much more than the numbers, but this kind of data helps Microsoft understand what people want from future events, measured not just by asking them but by observing their actual preferences and actions. I can’t wait to see what the next event, whenever it may be, will look like!

2 Comments

Filed under UC&C