Fresh on the episode we did at Microsoft Ignite this year, Tony and I thought it would be fun to do another short episode while we’re both in Vegas for IT/DevConnections… so we did. Topics include a spiffy new profanity filter (for Office 365 Groups, not Tony and me), the triumphant debut of Focused Inbox on desktop Outlook, and a touching closing segment where Tony mourns the loss of a favored gadget.
Tag Archives: Office 365
The Exchange team (or at least Perry Clarke, its fearless leader) has been known to describe Exchange Online as “the gateway drug to the cloud.” But how did that come to pass?
This week at Ignite, I was lucky enough to have dinner with some folks from the Exchange product team and a very, very large customer where we discussed the various ways in which Exchange engineering has blazed a trail the rest of Microsoft’s server products have eventually followed. After a bracing Twitter discussion this afternoon with @swiftonsecurity and some of her other followers, I thought it would be fun to put together a partial list of some of the things we discussed to illustrate how the Exchange team has built a stairway to heaven, or an elevator to the cloud, or something like that.
Let’s start with PowerShell. Love it or hate it, it is here, so we all have to deal with it. In 2007, the idea that Exchange would be built on PS was both revolutionary and, to many, revolting, but it allowed Microsoft to do several important things (not all of which shipped in Exchange 2007, but all of which are critical to cloud operations):
- Greatly improve testability, both for the developers themselves but also for administrators, who now got a suite of protocol and endpoint-related tests they could run as part of troubleshooting– critically important when you have to troubleshoot in a global network of data centers hosting tens of millions of mailboxes
- Fully enable role-based access control, also critical for cloud deployments where customers want to control who can do what with their data
- Finally decouple the presentation layer of the UI (EMC, EAC, etc) from business logic
- Massively improve the tools for scripting, including enabling very large-scale bulk operations– an obvious requirement for a cloud-scale service
Requiring PowerShell was a bold move by the Exchange team but one which has both paid off hugely and one that’s been echoed by the Windows, SharePoint, SQL Server and Skype teams, all of whom depend on it for managing their own cloud services. (See also: the Microsoft Graph APIs.)
Then there’s storage performance. In ancient days, getting scale from Exchange pretty much required the use of SANs due to Exchange’s IO requirements. Now, thanks to the IOPS diet imposed by Exchange engineering, it doesn’t. Tony does his usual excellent job of summarizing the actual reductions. Summary: Exchange 2016 requires roughly 96% fewer IOPS than Exchange 2003 did. There have been a ton of storage performance improvements in Exchange’s sister products (notably SQL) but those have their own stories that I’m not competent to tell. The relentless drive to cut IOPS requirements was one of the biggest enablers for Exchange Online, since controlling storage provisioning costs is critical for any type of scaled cloud service.
Of course, data protection is critical too. Exchange moved from having a single monolithic database to one with separate property and MIME databases (Exchange 2000) then to having software-based database replication with clustering (Exchange 2007) to shared-nothing, fully-replicated active/passive database replication (Exchange 2010 and later). Keeping multiple separate database copies (including lagged copies) enables all sorts of DR and HA scenarios that previously had required SANs. The ability to reliably use cheap JBOD disks, which thanks to Moore’s Law have embiggened nicely during Exchange’s lifetime, has been a key enabler for Exchange Online.
Then there’s a bunch of other architectural changes and improvements that are really only interesting to Exchange nerds. For the latest example, I present “read from passive,” but there’s also all the stuff covered by the Preferred Architecture.
Oh, I almost forgot: managed availability gives ExO a fair degree of self-healing, although its behavior sometimes surprises on-prem admins who see it do things on their behalf unexpectedly.
Oh, and let’s not forget the conversion of all the Exchange codebase to managed code– that was an important accelerator for the move to the cloud, as well as serving as a lighthouse for other product groups with code of similar vintage.
There are more examples, I’m sure, but these should get the point across– there’s been a steady stream of architectural changes in the nearly 20 years since Exchange 4.0 shipped that have led directly to the capability, power, and reliability of Exchange Online– which really has been the gateway drug for getting Microsoft’s customers to Office 365.
Another trip to California for Tony and me means another episode of Office 365 Exposed! This time, we talked about Microsoft Ignite, Office 365 Groups, why the Saints are my favorite football team, and a host of other topics. (OK, I admit it. We did not actually talk about the Saints. Maybe next episode. I did sneak in a plug for the College Football Hall of Fame though.)
Yay! Microsoft has updated their downloadable Visio stencil set for Office 365 to include the 2016 versions of the application icons, plus some other visual improvements. Now your Visio diagrams can have that fresh 2016 feel. (Thanks to Samantha Robertson, Dan Fraser, and Tony Smith of Microsoft for making this happen.)
I recently had the opportunity to sit down with Tony at ENow World Headquarters (OK, it’s just a regular office, but that sounds better) to talk about the state of the Office 365 world. In this episode, we talked about the latest bit of ill behavior from Microsoft Learning, the best paths to take to gain practical Office 365 knowledge, and what to expect from the upcoming Microsoft Ignite and IT/DevConnections shows. Enjoy!
This is a great example of Microsoft bringing useful innovation to end users by deploying new features in Office 365:
Outlook on the web now makes it easier to clear your calendar and automatically decline meetings before you head out for some time away from the office. When you set an automatic reply in Outlook on the web, Outlook will offer to do the following on your behalf:
- Block your calendar so people know you’re away.
- Clear existing meetings on your calendar by declining/canceling them.
- Automatically send a response to incoming invitations while you’re away.
Of course, Outlook and Exchange have long had the ability to automatically send an out-of-office (or “OOF”, from “out of facility“) message when you specify the dates when you’ll be away. These new features extend the traditional OOF behavior by adding some business logic to the OOF process– after all, when you’re out of the office, it is logical to assume that you won’t be accepting appointments during that time, and that you want new invitations to be automatically declined. (There are exceptions, of course, which is why you can turn this business logic off.) I’m not in love with the fact that this feature requires you to set your works in Outlook on the web, but I’m hopeful that it will make it into other versions of Outlook at some point.
Apart from the specifics of this individual feature, it’s really encouraging to see the Outlook team invest in innovation like this. Given the large feature gap between Outlook on the web and Gmail (the only real enterprise competitor to Exchange/Outlook) it would be easy for the Outlook team to coast. Part of the ethos of building software at cloud speed involves iterating rapidly, and that in turn means sometimes you build something that turns out to get a lukewarm reception because it’s not as useful as first thought. (Tony argues that this is the case for Outlook’s support for likes and @ mentions.) However, sometimes you build something that turns out to be really nifty, and I think this feature is a good example– I look forward to seeing it roll out more broadly.
(for another time: I know not every tenant admin will want this feature turned on for their users without prior notice or permission, and Microsoft has a lot of room to improve the way they deliver features so that administrators can control user access to them.)
It’s the offseason for Office 365, at least sort of– with no conferences until the fall, Tony and I had to take the opportunity of meetings at ENow to record this episode of Office 365 Exposed. Topics we covered included Delve Analytics, the contentious topic of mailbox anchoring, a bit about Skype for Business Online’s telephony features, and frequent mentions of Yammer for those of you who like to enjoy our podcast with a beverage in hand.
Microsoft has a really complex infrastructure for deploying new features into Office 365. This deployment process, internally known as “flighting,” involves rolling out code changes across a huge base of servers— by some estimates, more than 600,000 worldwide— spread across dozens of data centers all around the world. This poses an interesting challenge. Flighting has to be automated because of the scale necessary, but with an automated tool that works at high scale, you can make a quickly replicated mistake. Think of it like shooting yourself in the foot with a machine gun.
Recently one of my customers notified me that they had noticed a change in their tenant: each user with an E3 or E4 license was now showing a possible total of 10 product activations for Office 365 Pro Plus. The limit had previously always been 5, meaning each user may install Pro Plus on up to five PCs and Macs. The release of Office applications for Windows 10, iOS, and Android devices changed things slightly; you were allowed to install on 5 PCs/Macs plus 5 tablets or mobile devices. At various times I’ve been told that the limit was 10 (5 PC + 5 devices) and 15 (5 PC + 5 tablet + 5 phone), but in any event, the user interface in the Office 365 management tools has always reported per-user activation as N installed copies out of a maximum of 5.
Immediately upon hearing this, I checked my tenants. Sure enough, now my tenant users were showing a maximum of 10 installs.
I followed up with some local Microsoft folks and was told that they were told by Office 365 support that this was a mistake, whether in flighting or configuration I’m not sure. However, two-plus days later, tenants are still showing 10 activations. I took the below screenshot a few minutes before writing this post; it shows 4 activated Pro Plus installations, with 6 more available.
I’m going to reach out directly to the O365 team to ask whether this is: a) a temporary mistake that will be reversed b) a policy change that hasn’t been officially announced or c) a restatement of the 5 PC/Mac + 5 device policy that was already in place. I’ll report back what I find out.
Over at my work blog, I have a post that tackles an important issue: how do you reliably design and operate Exchange if you don’t happen to have a large team of Exchange rock stars on staff? (Short answer: hire me. Longer answer: read the post to find out). Bonus: the post contains a picture of
Ross Smith IV Yoda.
This week I had the opportunity to present a session called “Cloud Best Practices” at the Alabama Digital Government Summit. I had a great time— it was fascinating to see how many different agencies in our state are putting advanced IT to work to save money and get more done for the taxpayer. However, there was one blemish on the experience that I wanted to polish away, so to speak.
Part of my talk concerned the fact that no matter where you live, your local government has lawful means to get your data: they can subpoena you, or your cloud provider, to get it. There’s nothing that you can do about it. It’s a feature, not a bug, of modern legal systems. I often talk about this in the context of people’s fears that the NSA, GCHQ, or whomever will snag their data, by lawful or unlawful means. Here’s the slide I put up:
I don’t think these are controversial assertions. However, at this point in my talk, Stuart McKee (chief technical officer for state and local government at Microsoft) flatly asserted that Microsoft does not comply with government subpoenas for customer data; I believe he used the word “never”. He went on to say that Microsoft has a pattern of resisting subpoena requests and that this “has gotten [them] into some trouble.” He concluded by saying that Microsoft’s standard action is to tell governments that they must subpoena the data owner, not the service provider.
I believe these assertions to be largely untrue, and certainly misleading. (I’ll leave aside the insulting manner in which Stuart asserted that I was wrong— after all, I am certainly wrong sometimes and generally appreciate when people point it out.) I want to set the record straight to the extent that I can.
First, Microsoft absolutely does comply with lawful subpoenas for customer data. This page at Microsoft’s web site summarizes their responses to lawful legal demands for customer information (both information about customers and information belonging to customers) across a broad variety of jurisdictions, from Argentina to Venezuela. To assert otherwise is ludicrous.
Second, Microsoft has a pattern of complying with these lawful subpoenas, not refusing them. When Stuart said that Microsoft is “in trouble” for refusing a subpoena, I suspect that he’s referring to Microsoft vs United States, where the issue at hand is that Microsoft was served a search warrant for data stored in a Microsoft data center hosted in Ireland. The data are stored there because the customer is located outside the US. Microsoft moved to have the warrant vacated, and when that failed, asked the cognizant district court to vacate it. The district court upheld the original warrant; Microsoft refused to comply and was held in contempt. Now this particular case is working its way through the US federal court system.
Let me be clear: I applaud Microsoft for standing up and resisting the overreach in the original warrant— there doesn’t seem to be (at least not to my layman’s understanding) a right of the US government, at any level, to subpoena data belonging to a non-US person or organization if it’s stored outside the US, even if it’s held in a cloud service operated by a US person or organization. The brief Microsoft filed likens this to a German court ordering seizure of letters stored in a safe deposit box in a US branch of a German bank. Having said all that, claiming that this kind of resistance is routine is overblown. It isn’t. If Microsoft were refusing subpoenas left and right, the numbers I mentioned above would look very much different.
Third, Microsoft’s policy is indeed to try to redirect access requests whenever possible. The Office 365 privacy page has this to say:
We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact Microsoft with a request for Customer Data, we will attempt to redirect the third party to request the data directly from you. As part of that process, we may provide your contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.
In other words, Microsoft will try to redirect subpoenas from themselves to the data owner, where they are allowed by law to do so, and if they can’t, they will notify you, if allowed by law to do so. This is the only one of Stuart’s claims that I think is inarguable.
Finally, Microsoft proactively cooperates with law enforcement. The Microsoft Digital Crimes Unit newsroom contains press releases touting Microsoft’s cooperation with law enforcement agencies around the world (here’s just one example). This cooperation and disclosure extends to Microsoft proactively notifying law enforcement agencies when their PhotoDNA service identifies child porn images in customer’s private OneDrive data. I support their right to do this (it’s covered very clearly in the terms of service for Microsoft cloud services), and I believe it’s the right thing to do— but to claim that Microsoft never discloses customer data to law enforcement agencies while they are voluntarily doing so is both untrue and misleading.
Everyone’s interests are best served when everyone understands the specifics of the legal interaction between local and national governments and cloud service providers in various jurisdictions. This is a really new area of law in many respects, so it’s understandable that some things may not be clear, or even defined yet, but I wanted to correct what I view as dangerously misleading misinformation in this specific instance.
The bottom line: no matter what cloud service you choose, be sure you understand the policies that your cloud provider uses to determine the conditions under which they’ll cough up your data.
I recently ran into a problem with a SharePoint Online site that had previously been created on BPOS and moved around through various iterations of Office 365. None of the site users had ever used the OneNote notebook associated with the site, but the link was present in the side navigation bar. When I tried to access it, I got the infamous “sorry, but something went wrong” error page. (For another day: discuss the Fisher-Price-ization of service error messages; the low information content doesn’t scare end users but makes it impossible to troubleshoot problems.)
A little binging turned up a plausible solution: “SharePoint 2013 OneNote Notebook something went wrong error“. I was a little leery of turning off the feature for fear that it wouldn’t turn back on. However, I took the plunge. After disabling the feature and re-enabling it, I was able to open the OneNote Online notebook, but I wasn’t able to use the “open in OneNote” link until I added some content in OneNote Online. All’s well that ends well. This may not be the only solution for this problem, but it has a 100% success rate for me so far.
Back in November, I wrote about my early experience with the Office 365 Clutter feature. I’ve been using it on and off– mostly off, due to a rare bug that surfaced because my mailbox is actually hosted on a portion of the Office 365 cloud that descends from the old Exchange Labs “friends and family” tenant. The bug kept Clutter from correctly moving clutter messages automatically; once it was fixed things returned to normal after I re-enabled the Clutter feature, and I’ve been happily using it since.
One of the big advantages of Office 365 is that the service team can develop and release new features much faster than they can for on-premises services. Sure enough, Microsoft today announced three new features for Clutter.
The biggest of these is the ability to create transport rules that flag messages, or senders, as exempt from Clutter processing. This is exactly the same thing as specifying safe senders for message hygiene filtering, although the implementation is a little different. You’ll create a transport rule that has the conditions and exceptions you want, but with an action that adds a header value of “ClutterBypassedByTransportRuleOverride: TRUE”, as described here. I have not personally had even a single false positive from Clutter since I’ve been testing it, and I haven’t seen any complaints about false positive problems from other users, MVPs, or customers. Having said that, Microsoft was smart to include a way to exempt certain messages from processing, as this will soothe some users and tenant administrators who are worried about the potential to have important messages be misdirected.
Second, the Clutter folder can now be managed by retention policies. This is an eminently logical thing to do, and it nicely highlights the flexibility of Exchange’s messaging records management system.
Rounding out the trio, you now have a very limited ability to customize the message that users see when they enable Clutter for their mailboxes: you can change the display name that the notification appears to be from, and you’ll soon be abe to change the logo. Frankly, this is weak sauce; there’s no way to customize the text of the notification, add custom URLs to it, or otherwise modify it in a useful way. Long-time Exchange administrators will recognize a familiar pattern exemplified by customizable delivery status notifications (DSNs), quota warning messages, and MailTips in previous versions of Exchange: first Microsoft delivered a useful feature with no customization capability, then they enabled limited customization, then (after prolonged complaining from customers) they broadened the range of things that could be customized. Let’s hope that pattern holds here.
There’s still one weak spot in the Clutter feature set: it still requires individual users to opt in (or out). While it’s true that users would likely be alarmed by the sudden forceful application or removal of the Clutter feature from their mailboxes, it’s also true that Office 365 as a whole needs to provide better controls for administrators to regulate which service features users have access to. I am hopeful that we’ll see better admin controls (and reporting) for this feature in the future.
While these improvements aren’t necessarily earth-shaking, they do add some welcome utility to what is already a valuable feature. Clutter is a great example of a feature that can make a measurable positive difference in users’ satisfaction with the service, and I look forward to more improvements in the feature.
On this blog, I write about whatever interests me. To the chagrin of some folks, this often includes aviation, fitness, and various complaints, but hey.. it could be worse. I save the really inane stuff for Twitter.
Besides the content I post here, though, I also blog at the Summit 7 Systems blog collective. Right now I’m publishing a series on reporting in Office 365. The first part of the series, on license usage reporting, is here, and the second part will be published shortly. In general, when I post content there that might be of interest to readers here, I’ll cross-post it with a short post like this one.
Good news: Microsoft just issued an updated version of Outlook for Mac. (I guess that’s the official name, as opposed to the older Outlook 2011). The list of fixes is pretty nondescript: you can change calendar colors, add alt-text to images, and use custom AD RMS templates. I suspect most of the effort for this release was actually focused on the “Top crashes fixed” item in the KB article.
Bad news: you have to manually download it from the Office 365 portal. The AutoUpdate mechanism shipped with Office 2011 doesn’t yet know how to handle updates for Outlook for Mac. I suppose Microsoft could either update the Office 2011 AU mechanism or ship a new one as part of a future Outlook update; presumably the latter choice would actually deliver the Office 2015 update mechanism, since there’s undoubtedly going to be one.
The real news here is how quickly Microsoft released this update. While this is only one release, it’s an excellent sign that we got it quickly, and it makes me hopeful that we’ll see a steady stream of updates and fixes for the Mac Office apps in the future— with a cadence more akin to the Lync Mobile clients releases than the glacial pace of past Mac Office updates.
Immediately after Microsoft announced that Clutter was available, I enabled it in all my personal tenants and started training it. As you may recall, you can train Clutter in two ways: implicitly (as it sees how you interact with mail from particular senders, such as by ignoring it or deleting it without reading it) or explicitly (by moving messages into or out of the Clutter folder). Because I’m fairly impatient, I set about explicit training by moving messages to the Clutter folder. I’ve done this with all of the clients I use: Outlook for Mac, OWA, Outlook 2013, the iOS mail app, and Outlook Mobile. Whenever possible I move the message while leaving it unread, so as not to make Clutter think I’m interested.
The upshot: it works reasonably well, but it seems to have trouble learning about messages from some sources. For example, both Strava and Twitter alerts remain resolutely un-Cluttered even though I’ve been moving 100% of those messages, unread, to the folder. I think that’s because the message subject for these messages often changes to reflect the message contents (e.g. “@jaapwess retweeted a Tweet you were mentioned in!”) and that confuses the algorithm in some way. It may be that the algorithm used to categorize these messages needs more data to act on before it can decide. The downside of machine learning systems is that, as an end user, you often can’t see just what the machine has learned, only the actions it takes. In this regard, machine learning is somewhat like owning a cat. I can see that Clutter isn’t moving some messages I think it should, but I don’t have any way to see why, nor any way to effectively correct it. This reminds me of the good old days of training neural networks from HNC Software to do various interesting things and sometimes being bewildered by the resulting behavior.
One bit of good news: I have been very pleased to see no false positives; that is, Clutter has not taken any mail I wanted to read and treated it as clutter. If the price of zero false positives is that some real clutter isn’t treated as such, I’m OK with that.
The junk mail filtering infrastructure continues to catch some messages that might more properly be treated as clutter, e.g. the flood of marketing crap I get from GameStop. I don’t mind such messages being treated as junk, though.
One unexpected side effect is that I have been much more diligent than usual about unsubscribing from newsletters or marketing mails that I no longer care about. This has helped to cut the volume of clutter I have to deal with.
In closing, I note that no matter how many times I tell Clutter that notifications from Yammer should be treated as clutter, they keep going right into my Inbox. I suspect a conspiracy.