IdFix Tool

Many Office 365 professionals know about the Office 365 Deployment Readiness Tool - http://community.office365.com/en-us/forums/183/p/2285/8155.aspx. This tool does an assessment and gives you a report on numerous things such as domains, active directory, Exchange, SharePoint, Lync, network ports, etc. In many cases, this report will provide many tasks an organization will have to do for AD preparation and remediation.

Microsoft has just released a new tool called IdFix. The purpose of this tool is to help customers remediate AD objects / attributes for a pilot or migration to Office 365 significantly quicker than before.

Here is where to download the new IdFix tool - http://www.microsoft.com/en-us/download/details.aspx?id=36832

Exchange Online Hybrid Update

Introduction

I recently wrote two blogs recently on SharePoint Online and Lync Online Hybrid. I figured I complete this out and write some notes on Exchange Online hybrid with Exchange 2013.

The reason why I started off with SharePoint and Lync Hybrid was because there were some major advances with the new 2013 platform being released. Exchange Hybrid has already been a fairly robust solution even before the 2013 release. There are still improvements to be talked about and some good resources you should have.

In this blog I will capture some of the new changes to Exchange Hybrid good resources you should be aware of for planning.

Resource

The best resource to reach is the Exchange Server 2013 Hybrid Deployments Whitepaper - http://technet.microsoft.com/en-us/library/jj200581.aspx. This covers all the details for setting up hybrid.

What is Exchange Hybrid?

Exchange Hybrid allows organizations to host Exchange servers on-premise that are connected to Exchange Online in Office 365. Organizations have the ability to share the same domain space across they hybrid environment and route inbound/outbound email securely between both environments. With Exchange hybrid there is a unified GAL, free/busy is shared, unified messaging, mailboxes can be moved between environments, centralized mailbox management across environments, messaging tracking, mailbox search across environments, etc.

Why Hybrid?

In most cases, the goal of going to the cloud is to remove all on-premise mail servers. In many cases, organizations are able to achieve that. However there can be scenarios that organizations may encounter that may require keeping some mail servers running in hybrid. Two most common are running an extended migration where customers want to slowly move to the cloud or the customer may have a server side add-in that needs to be maintained for a period of time which cannot run in Exchange Online. I have seen scenarios where there are scenarios where there are policies that customers must support which does not allow them to have certain mailboxes reside in the cloud, while everyone else can.

Whatever the scenario is, Office 365 and Exchange Online support this allowing customers some real flexibility when moving to the cloud.

Solution Architecture

This solution architecture has been around for a while. To recap at a high level:

• DirSync – This needed to support the unified GAL across both environments. The organization’s AD will be synchronized to the cloud.
• ADFS – Used to authenticate users in the cloud using their on-premise credentials and domain. Single Sign On is not required, but highly recommended when implementing Exchange Hybrid.
• Microsoft Federation Gateway – Is the trust broker between the two environments.
• CAS / Edge Server Connection – On-premise an Exchange CAS or Edge Transport server can be connected to the cloud instance. Here is more information about the server the transport server you would configure to run with the cloud - http://technet.microsoft.com/en-us/library/hh134662.aspx.
• Mailbox / CAS Server - There are pre-requisites you must consider when setting up this hybrid. One important one is ensuring both the CAS and Mailbox servers that are running in hybrid are running at the right level. For instance is possible to have an Exchange 2007 or later org on-premise but will require the correct level Mailbox/CAS server also be added to the farm on-premise. Please review the prerequisites for details - http://technet.microsoft.com/en-us/library/hh534377.aspx.

What’s New?

Now let’s get to what is new. Actually it is listed here in detail - http://technet.microsoft.com/en-us/library/jj200790(v=exchg.150).aspx – but I will summarize.

• Right out of the gate, we are no longer referring to Exchange hybrid as “rich co-existence”, we are just referring it to Exchange Hybrid J
• Hybrid configuration tools have been consolidated and streamlined to make the configuration simple.
• As you know FOPE has been replaced Exchange Online Protection (EOP). EOP has new features that allow for easier connection configuration between on-premise and the cloud. EOP is the endpoint that is connected to and you no longer have to configure a static IP address. We now have forced TLS configured between the two end points.
• New support options for routing inbound and outbound email based on the location of the MX record.
• Etc.

Planning

This entire whitepaper is filled with very important articles. However when doing your planning, especially on how you want do your mail routing, the following articles two articles are a must read: http://technet.microsoft.com/en-us/library/jj659055(v=exchg.150).aspx and http://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx. The big decision you have is where you want to have your MX record reside. You can have it remain on-premise or have it point to EOP. Both have considerations where are discussed in these articles.

Deployment

As I mentioned, there is a ton of information located off here - http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx. There is information about prerequisites, considerations, routing, server topologies, deployment steps, and management considerations.

Controlling File Types in Office 365

I was recently asked, how do you control file types end users can work with in Office 365? I pulled this together which captures how file types are restricted in various solutions in Office 365.

SharePoint Online

For SharePoint Online, this is pretty simple – here is the list of supported file types that can be stored in SharePoint Online - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/types-of-files-that-cannot-be-added-to-a-list-or-library-HA101907868.aspx?CTT=5&origin=HA102694293

This list is not customizable. Note that SharePoint Online does have virus protection built in to check files when they are uploaded.

Lync Online

For Lync Online, if you allow users to transfer files, the following file types are supported - http://support.microsoft.com/kb/2799505.

This list is not customizable. The Intelligent Instant Message Filter (IIMF) solution built into Lync Online checks for viruses.

Exchange Online

For Exchange Online, this discussion is a little bit more to think about.

• Exchange Online Protection (EOP) – Malware in EOP will always check for viruses on all attachments.
• Exchange Online Protection (EOP) Transport Rule Predicates – These can be created to check for file extensions - http://technet.microsoft.com/en-us/library/jj919235(v=exchg.150).aspx.

Then there are the user interfaces that connect to Exchange Online.

• Outlook – The following is an article about blocked file types for out - http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA102749484.aspx. Your organization can create policies to control this.
• OWA – There is an OWA Mailbox Policy that you can manage through PowerShell. Here is a reference - http://technet.microsoft.com/en-us/library/dd335142(v=exchg.150).aspx. That policy can control files that are allowed or not.
• ActiveSync – There is policy in Exchange Online ActiveSync to block attachments (http://technet.microsoft.com/en-us/library/jj945882(v=exchg.150).aspx), but not by type. EOP Transport Rules (referenced above) would then be utilized control file types.

With all of this, an organization can create rules on how they want to support the emailing of files in Exchange Online.

Email and Process Automation with Office 365

New Site Mailboxes

I have been asked many times about email enabled document libraries in SharePoint Online. With the new SharePoint Online (SharePoint 2013 in the cloud) there are new Site Mailboxes.

Site mailboxes are a rather interesting solutions as it brings together the ability to both documents and emails into the same user interface, while continuing to leverage both Exchange and SharePoint to store data.

Here are some really good articles about Site Mailboxes:

• Site Mailboxes - http://technet.microsoft.com/en-us/library/jj150499(v=exchg.150).aspx
• Site Mailboxes in the new Office - http://blogs.technet.com/b/exchange/archive/2012/08/22/site-mailboxes-in-the-new-office.aspx
• Prepare for using site mailboxes in Office 365 - http://office.microsoft.com/en-us/office365-suite-help/prepare-for-using-site-mailboxes-in-office-365-HA103834109.aspx - good article that explains all the features that an end user will have.

You can read about many features but the big one is emailing items to the site mailbox.

Initiating a Process Based on Email Arrival

The next question I have come up against is now that we can email items to a site mailbox, can we do any automation when an item arrives (i.e. some code needs to be executed or a process initiated)? That is the part that must be thought through.

As you see in the picture below and read the referenced articles I provided, you will see that some data is stored in Exchange and some is stored in SharePoint. Emailing to a Site Mailbox will store the item in Exchange while dragging / dropping a file through Outlook to a Site Mailbox will store the document in SharePoint. Knowing that, you would have to have code implemented in two places.

What are the options?

For SharePoint Online it is simple enough to create an event receiver or configure the document library to initiate workflow when an item arrives.

For Exchange Online, it is possible to use Exchange Web Services (EWS) is it possible to write code that will listen for arrivals of emails and then execute code to do “something”. Please read following on setting up a streaming subscription to a Exchange mailbox using Exchange Web Services (EWS) Managed API - http://code.msdn.microsoft.com/Exchange-2013-Set-push-82738cc5.

Areas to Get Started

In Office 365, if you really need to build a solution that will initiate automated business processes based on an arrival of an email, it would be better to start with EWS. Create a mailbox that emails would be sent to. When email arrives your code will be connected to Exchange through EWS which can connect with line of business systems across the enterprise, integrate to SharePoint Online through remote APIs/Web Services, etc.

If you just need to support business processes when email arrives but does not be highly automated you have lots of options:

• Site Mailboxes – Which we have already discussed. This is a great solutions to enable group collaboration around shared email and document data. This works great for projects.
• Shared Mailboxes – This is a great solution where an email address can be created and then allow multiple to monitor and then respond from that email address.
• Distribution Groups – Email is sent and stored in each person’s individual mailbox.
• Public Folders – Yes they are now support on Exchange Online. They have typically been used to storage email and allow people to centrally access it. Public folders are not a recommended solution for storing large files nor is it a document management system.

SkyDrive Pro Sync and SharePoint 2010 Workspace

Introduction
Here is an important distinction I have had to discuss with customers lately about SharePoint 2013 in Office 365 and SkyDrive Pro.

One of the new features of SharePoint Online is SkyDrive Pro. One solution feature of this is the new Sync capability. This Sync capability is actually available in all document libraries.

However this new SkyDrive Pro Windows Sync capability is different than the previous SharePoint Workspace 2010 solution. Additionally the new SkyDrive Pro Windows Sync capability only works when Office 2013 is installed.

SkyDrive Pro Windows Sync Client
Let’s discuss a little more.

Specifically there is this new Sync button up in the top right hand corner in SharePoint Online or SharePoint 2013 on-premise.



This will provide users to work with files locally out of their file explorer like below.



The SkyDrive Pro Windows Sync client which facilitates this is installed with Office 2013.

Why is this important? If a customer has Office 2010 installed on their client, they will not be able to use the new SkyDrive Pro Windows Sync client. However this does not preclude the end user from working with content offline. The end user will have to use SharePoint 2010 Workspace client will does work with the new SharePoint Online and SharePoint 2013 on-premise.

SharePoint 2010 Workspace
It is really important to note that SkyDrive Pro Windows Sync client does not replace, or is not an updated version of, SharePoint Workspace 2010. Both of these solutions are different but they provide a similar end result, allowing a user to work with documents when they are offline.

Additionally you still also have the ability to connect Outlook to SharePoint Online to work with documents offline too.

References

• What is SkyDrive Pro - http://office.microsoft.com/en-us/sharepoint-server-help/what-is-skydrive-pro-HA102822076.aspx
• Sync a library to your computer - http://office.microsoft.com/en-us/support/sync-a-library-to-your-computer-HA102832401.aspx?CTT=5&origin=HA102822076
• Overview of SkyDrive Pro in SharePoint Server 2013 - http://technet.microsoft.com/en-us/library/dn167720.aspx

New Office 365 Dedicated Service Descriptions

The new Dedicated Service Descriptions have been updated here - http://technet.microsoft.com/en-us/library/jj879309.aspx. These Service Descriptions for Dedicated have been updated with features and capabilities of 2013. They are no longer independent Word documents; they are being managed out of TechNet just like the multi-tenant service descriptions.

Additionally the “Microsoft Office 365 ITAR-Support Service and Network Descriptions” have been updated are located here - http://www.microsoft.com/en-us/download/details.aspx?id=23910.

I will provide some details soon about some of the important updates you should know about with Dedicated….

SharePoint Online External Users Update

Introduction

Several months ago I wrote a blog on SharePoint Online Partner Access (http://www.astaticstate.com/2012/06/sharepoint-online-partner-access.html). It was the first release and it worked pretty well. With the new SharePoint Online there have been a few improvements and changes that are worth noting.

If you are not familiar with SharePoint Online, there is a solution for Partner support. You can read about it my old blog. The ability to use SharePoint for external is nothing new and has been done many organizations with SharePoint on-premise. For SharePoint 2013 on-premise additional information is here (http://technet.microsoft.com/en-us/library/cc263199.aspx). End of day the organization must deploy SharePoint in your DMZ, secure and then manage user access. External users are typically stored in LDAP directories, Forms Based Authentication could be used, sometimes a custom authentication provider maybe written or even users are managed in AD. This is a great solution but the implementation and management can be costly to an organization.

SharePoint Online is a great solution to reduce those costs. SharePoint is securely managed and highly available in Office 365. No more management of infrastructure in your DMZ.

Another great thing about using SharePoint Online in general with external partners it the corporate control you can. This is important because I have seen situations far too many times where organizations quickly jump to use free document sharing solutions. These solutions present real challenges to enterprise organizations because they typically do not provide enterprise solutions for eDiscovery, legal hold, put on retention, etc. Nor can they be managed by your corporate Active Directory and policies that you need to manage centrally. With SharePoint Online, you can do this.

New Features and Improvements

As I mentioned at the top of this article there are some improvements to the Partner Solution that is now available with the new SharePoint Online.

• Change in the Steps – The steps for adding partner support to a site collection has been streamlined. By default it not enabled and an SharePoint Online tenant administrator will have to enable this. It can be done on as many site collections that you want to enable it on. All you need to do is give the Site Collection the ability to allow “Partner Support”. Once the Site Collection has been given partner support, then you will need to activate the external user invitations feature. Follow the new instructions here - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-a-site-with-external-users-HA102476183.aspx.
• Sharing a Site – Sharing a site has been streamlined. When you share it with external users you enter in their email address and you now have the ability to select which SharePoint group you want those external users to be associated to. This is really convenient if you are managing all your external users in specified SharePoint User Groups. Here is some more information - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658100.
• Revoking an Invite - External users have 7 days to accept an invitation. There is a new capability to revoke an invite - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658104.
• Managing Users Access – You have the ability at any time to remove an external user by removing them from the SharePoint permissions just like an internal user.
• Sharing a Document – There is some new capabilities as well to support just sharing an external document. You have the ability to require the external user to sign-in or be able to view a document anonymously. You also have the ability to remove the external sharing of the document at any time (i.e. you keep the document where it is but no on externally should have access to the document anymore). For more information read here - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658101.
• External Usernames Appearance – External users now appear in the People Picker just like internal users. You will know that a person is an external user by the email address that is shown alongside of the external user’s full name. If the email address is external to your organization, you know it is an external user.
• SharePoint Online PowerShell – There is new SharePoint Online PowerShell that will allow you to manage external users in an automated fashion. This is a big deal because you can actually run a report of all external users who have access to anything in SharePoint and then create processes to remove people - http://technet.microsoft.com/en-us/library/fp161364.aspx.
• Number of External Users – Depending on the plan you have, you have permission to allow X amount of users during a period of time. If you are considering purchasing Enterprises / Education / Government you can add up to 10,000 unique external partner users per month.
• External Users Capabilities – Generally External Users can do many of the same things internal users can do. They can use Office Web Apps, collaborate, take part in workflow, search, etc. using the permissions that was given to them just like any other SharePoint Users. General features they do not have access to are: they do not have MySites (but can use SkyDrive Pro features in team site document libraries), they do not get access to companywide feeds, they do not give the organization additional pooled storage, they cannot be assigned as an administrator, etc. For more information please review this - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/what-is-an-external-user-HA104036809.aspx?CTT=5&origin=HA102694293. For detailed information, there is a column called External User here that details each and every feature of SharePoint Online an External User will have access to http://technet.microsoft.com/en-us/library/jj819267.aspx.

Additionally this is a really good article for you to read - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx?CTT=5&origin=HA102476183. Discusses many questions you should ask yourself on how you plan to share data externally and what controls you would like to put in place.