Tag Archives: Exchange

Multi-factor authentication for Exchange Online PowerShell

Everything at the Microsoft MVP Summit is automatically under NDA, so rather than talk about all the secret stuff, I thought I’d share something I learned there that isn’t under NDA because it was already public. Somehow I missed this announcement before, but: there’s a public preview of a new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA). If you have turned on MFA for administrators in Office 365, you’ve probably found that they can’t use PowerShell to manage Exchange objects. Now you can: download and install this module and you’re all set. Here’s what it looks like in action:


I found out about this when I complained publicly in Tim Heeney‘s session that this doesn’t work. Thankfully Tim set me straight posthaste; after I got the link to the preview, a little searching turned up fellow MVP Vasil Michev’s article describing it, which I either forgot about or never saw.



Filed under Office 365, UC&C

Creating Exchange dynamic distribution groups with custom attributes

You learn something new every day… I guess that means I’m ahead of schedule for the day.

A coworker asked if there was a way to use PowerShell to create a dynamic distribution group using one of the AD customAttributeX values. I didn’t know the answer offhand (since I create new distribution groups about every 5 years), but a little binging turned up the documentation for New-DynamicDistributionGroup. Turns out that the ConditionalCustomAttributeN parameters will do what he wanted:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -ConditionalCustomAttribute6 "PeopleToInclude"

It turns out that wasn’t what he really wanted– he wanted to create a dynamic DG to include objects where the custom attribute value was not set to a particular value. The ConditionalXXX switches can’t do that, so he had to use a RecipientFilter instead:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -RecipientFilter {ExtensionCustomAttribute6 -ne "PeopleToExclude"}...

1 Comment

Filed under Office 365, UC&C

Operational maturity and Exchange

Over at my work blog, I have a post that tackles an important issue: how do you reliably design and operate Exchange if you don’t happen to have a large team of Exchange rock stars on staff? (Short answer: hire me. Longer answer: read the post to find out). Bonus: the post contains a picture of Ross Smith IV Yoda.

Leave a comment

Filed under Office 365, UC&C

Universal version of Outlook coming to your phone

Big news from today’s Windows 10 announcement: Microsoft will be shipping a “universal” version of Outlook that works on Windows tablets, phones, and PCs. This is a really interesting move, and not something I expected based on the existence of OWA for Devices (MOWA) on iOS and Android. The universal Outlook uses the universal version of Word as its editing engine, a huge plus because it delivers all the rich formatting tools available on Windows PCs (and which are still, sadly, missing from Mac Outlook, hint hint), and during the demo, Joe Belfiore showed a fluid touch-based interface that nonetheless preserved much of the look and feel of Outlook and OWA.

This announcement raises a lot of interesting questions, though. A partial list, just off the top of my head… (and a disclaimer: I haven’t seen any preview versions of Office 16 so perhaps these are naive questions that have all been well dealt with in the code)

  • Is this new version of Outlook a replacement for, or a complement to, the existing rich Outlook client? In other words, will it be able to do everything that I can do with Outlook 2013 on a Surface Pro 3? If not, what will they leave out?
  • Will this app replace the native WP calendar and contacts app? I’d guess not, given that the People app got a lot of play in today’s announcement.
  • Outlook’s resource requirements would seem to be a poor fit for phones and low-end tablets. I’d imagine that we’ll have sync controls similar to what exist on WP8.1 to allow users to sync a certain amount, but not necessarily all, of their mail, but it’s going to take a lot of optimization to provide acceptable performance on these devices.
  • Will this version of Outlook support on-premises servers? If so, that means it probably won’t rely on MAPI over HTTPS, which isn’t widely deployed. But it’s hard to imagine Outlook built completely on Exchange Web Services.
  • Will the universal Outlook team match the slow release cadence of desktop Office or the faster cadence of, say, the Lync mobile clients? One of the nicest features of OWA for Devices is that new OWA/Office 365 features (such as Clutter and the People view) just automatically show up in MOWA because it’s essentially a container for OWA views. How will the universal Outlook team bake in support for new features as Exchange and Office 365 ship them?
  • Will Exchange ActiveSync-specific features (especially remote device wipe) be included in this version of Outlook? They aren’t included in the existing Outlook family, of course.
    • If the answer is “no, but you can use InTune or Office 365 MDM”, that’s going to displease a lot of existing users. On the other hand, you can’t remotely wipe a desktop Office installation, something which has led several of my customers to block Outlook Anywhere so that people can’t easily use Outlook from personal machines.
    • If the answer is “yes”, then it will be fascinating to see how Outlook interacts with native data such as contacts stored on the device.
  • What does this mean for OWA for Devices? I’d guess that we won’t see Outlook for iOS and Android, but I wouldn’t necessarily rule it out. Maybe we’re headed back to the days of yore, where the premium clients run on Microsoft operating systems, with a sort of best-effort client set for competitors.
  • Is this the logical vehicle for incorporating the technology Microsoft acquired from Acompli? Or is that being baked in somewhere else?
  • When can I get a Surface Hub?

Given the upcoming availability of previews for Windows 10 for phones, I suppose we’ll get the answers to these questions soon.



Filed under UC&C

Microsoft sneaks out Mac Outlook update

Good news: Microsoft just issued an updated version of Outlook for Mac. (I guess that’s the official name, as opposed to the older Outlook 2011). The list of fixes is pretty nondescript: you can change calendar colors, add alt-text to images, and use custom AD RMS templates. I suspect most of the effort for this release was actually focused on the “Top crashes fixed” item in the KB article.

Bad news: you have to manually download it from the Office 365 portal. The AutoUpdate mechanism shipped with Office 2011 doesn’t yet know how to handle updates for Outlook for Mac. I suppose Microsoft could either update the Office 2011 AU mechanism or ship a new one as part of a future Outlook update; presumably the latter choice would actually deliver the Office 2015 update mechanism, since there’s undoubtedly going to be one.

The real news here is how quickly Microsoft released this update. While this is only one release, it’s an excellent sign that we got it quickly, and it makes me hopeful that we’ll see a steady stream of updates and fixes for the Mac Office apps in the future— with a cadence more akin to the Lync Mobile clients releases than the glacial pace of past Mac Office updates.

1 Comment

Filed under OS X, UC&C

My first week with Office 365 Clutter

Immediately after Microsoft announced that Clutter was available, I enabled it in all my personal tenants and started training it. As you may recall, you can train Clutter in two ways: implicitly (as it sees how you interact with mail from particular senders, such as by ignoring it or deleting it without reading it) or explicitly (by moving messages into or out of the Clutter folder). Because I’m fairly impatient, I set about explicit training by moving messages to the Clutter folder. I’ve done this with all of the clients I use: Outlook for Mac, OWA, Outlook 2013, the iOS mail app, and Outlook Mobile. Whenever possible I move the message while leaving it unread, so as not to make Clutter think I’m interested.

The upshot: it works reasonably well, but it seems to have trouble learning about messages from some sources. For example, both Strava and Twitter alerts remain resolutely un-Cluttered even though I’ve been moving 100% of those messages, unread, to the folder. I think that’s because the message subject for these messages often changes to reflect the message contents (e.g. “@jaapwess retweeted a Tweet you were mentioned in!”) and that confuses the algorithm in some way. It may be that the algorithm used to categorize these messages needs more data to act on before it can decide. The downside of machine learning systems is that, as an end user, you often can’t see just what the machine has learned, only the actions it takes. In this regard, machine learning is somewhat like owning a cat. I can see that Clutter isn’t moving some messages I think it should, but I don’t have any way to see why, nor any way to effectively correct it. This reminds me of the good old days of training neural networks from HNC Software to do various interesting things and sometimes being bewildered by the resulting behavior.

One bit of good news: I have been very pleased to see no false positives; that is, Clutter has not taken any mail I wanted to read and treated it as clutter. If the price of zero false positives is that some real clutter isn’t treated as such, I’m OK with that.

The junk mail filtering infrastructure continues to catch some messages that might more properly be treated as clutter, e.g. the flood of marketing crap I get from GameStop. I don’t mind such messages being treated as junk, though.

One unexpected side effect is that I have been much more diligent than usual about unsubscribing from newsletters or marketing mails that I no longer care about. This has helped to cut the volume of clutter I have to deal with.

In closing, I note that no matter how many times I tell Clutter that notifications from Yammer should be treated as clutter, they keep going right into my Inbox. I suspect a conspiracy.


Filed under Office 365, UC&C

The difference between supportability and patching

I’m at the annual MVP Summit this week, and everything we hear and see is pretty much NDA (except for pictures of Flat Tony). However, we just had a really interesting discussion that I think is safe to abstract here.

A couple years ago I wrote a post about what it means to be supported or unsupported. What I wrote then still stands: when Microsoft says something is unsupported, there can be multiple reasons for that label, and you do whatever-it-is at your own risk.

Microsoft’s support policy for Exchange 2013 can be summed up as “N-1”: when they release a new cumulative update (CU) or service pack, that version and the previous version are considered to be supported. So, in the fullness of time, when we get Exchange 2013 CU7, then CU6 and CU7 will be the officially supported versions.

It’s very clear that there’s a lot of confusion about what “supported” means in this context. Microsoft product support will always support you if you call for help with a product that’s within its lifecycle window. Call them today and ask how to configure Exchange ActiveSync on Exchange 2010 RU2, they’ll help you. Call to ask about an issue you’re seeing with DAG failover in Exchange 2013 CU2, they’ll help you. Call for help with Exchange 2003, and they may even help you on a best-effort basis.

What they won’t do is create fixes for bugs or problems in unsupported versions.

If you call them and say “hey, I’m having this problem with Exchange 2013 SP1,” they will help you troubleshoot it. If it’s a known problem, they may tell you “update to CU5 or later”– but Microsoft will not create a hotfix or IU that fixes that problem in SP1, or any other older version that’s outside that N-1 boundary.

So: help always, bug fixes only within the support boundary. Tell your friends.


1 Comment

Filed under Office 365, UC&C