Friday, December 26, 2014

SharePoint Online Public Website Support Changing

There was a recent announcement that SharePoint Online is changing its support for public websites. I recommend that you read the following support article -

  • Customers using public SPO sites today will be supported for next two years.
  • Microsoft will be transitioning to third-party solutions. More information will be available in Jan 2015.

Thursday, December 4, 2014

Office 365 GCC FedRAMP ATO

I am a little late on posting this huge news for Microsoft. Microsoft Office365 is the first cloud-based communication (including email) & collaboration service to obtain a FedRAMP Authority to Operation (ATO).
This is significant news based on the hard work we have been doing with US Federal customer to demonstrate our security and compliance.
For more information, please review the following:

Tuesday, December 2, 2014

New Office 365 GCC Service Description

There is a brand new service description on the Office 365 Government Community Cloud (GCC) service located here -

There is a lot of good initial detail on the Office 365 GCC service and why Microsoft created this service.

Saturday, November 15, 2014

Office 365 ProPlus Adding Passive Authentication

There has been a change I have been waiting on that. On the Office 365 Public roadmap it is called “Office 2013 client update to support passive authentication using SAML” -

What is this announcement?

Office 365 ProPlus / Office 2013 will be getting a modification to support 2FA authentication scenarios. This is enabled through the Active Direct Authentication Library (ADAL).

Why is it so important?

There are many customers who require 2FA to authenticate to the Office 365 service. For Office, the Outlook rich client typically comes up a lot because customers want to ensure that users using Outlook use 2FA to receive email. With Outlook today there are scenarios that organizations can implement to ensure there is 2FA with Outlook, however the better long-term solution is to have Office modified to support 2FA directly.

Specifically Office 2013 is changing such that is can support “passive authentication” scenarios in the same way a browser does.

This will enable is a cleaner solution with Office 365 MFA. More importantly it allows for additional support scenarios for organizations who use smart cards (PIV, CaC, etc.) to authenticate to the Office 365 service using the Office 2013 rich client.

What are some facts you should know?

Private Preview Release – Office 365 customers who are in the private preview program can have access to this.

ADAL Authentication – As I mentioned earlier, Office 2013 will be adopting passive authentication in the same way a browser authenticates. If you have AD FS implemented with Office 365, the user will authenticate through that federated trust relationship with Office 365. If you organization requires a second form factor (2FA) for authentication, the user will be required to provide it. A nice side effect of this is Outlook no longer needs to have direct access to the user’s password. Please read this blog for more details on the authentication process -

What Clients are impacted? - Word 2013, Excel 2013, PowerPoint 2013, Lync 2013, Outlook 2013, Publisher 2013, Visio 2013, Access 2013, Project 2013 and OneDrive for Business Sync Client.

Will this work with AD FS Only? – Please review information about other STS providers: and

Office 2010 Support? – No. This solution is for Office 2013 and Office 365 ProPlus.


New Announcement – Office 2013 update for SAML and 2FA Auth -

Original Announcement -

SAML 2.0 Announcement -

Outlook Connectivity with MAPI over HTTP Announcement -

Skype for Business Announcement

There was a big announcement this week that Lync is being rebranded as Skype for Business. Please review the following announcement for the exact details -

What are my takeaways?

  • In H1, Lync will transition its brand to Skype for Business.
  • Skype for Business will be available through Office 365 and/or customers can deploy Skype for Business on-premises. Customers who have Lync on-premises today, “No new hardware is required” is required to support this transition.
  • The user experience will begin to merge such that Skype for Business has a similar experience to Skype.

This is very similar and consistent change that Microsoft did to OneDrive and OneDrive for Business brands. These are very similar solution offerings however there is a different offering for consumers and business. As a result of this change there is a pretty common user experience between OneDrive and OneDrive for Business. OneDrive and OneDrive for Business are not the same implement. OneDrive for Business is specific to Office 365 only. OneDrive for Business has enhanced features to support enterprise business scenarios (supported through SharePoint Online). Customers who are 100% on-premises still have the ability to deploy OneDrive for Business within their SharePoint 2013 on-premises deployments.

Current Office 365 Encryption Solutions

The question comes up a lot on is does Office 365 support encryption? The answer is Yes and there are lots of encryption solutions implemented.
A great resource that you should always start at is the Office 365 Trust Center - You should also review the Office 365 Security Whitepaper located here -
I usually break this down into a couple different views. Encryption in Transit, Encryption at Rest and Payload Encryption.

Encryption in Transit
All Office 365 traffic / data is encrypted in using SSL/TLS to client machines connecting to the service. Read about this in the Office 365 Security Whitepaper.

Encryption at Rest
BitLocker has been deployed to encrypt data at rest inside of Office 365.
Additionally for OneDrive for Business and SharePoint Online a new file based encryption solution has been implemented. Read about both of theses in the Office 365 Security Whitepaper.

Payload Encryption
There are additional solutions that customers can choose to utilize with Office 365 to encrypt data.

S/MIME was actually the original intent of why I was writing this blog; but I figured it was worth communicating that encryption is more than just S/MIME. S/MIME encryption of email is supported with Office 365. Please review these two article for more information: and

UPDATE 1/2/2015 - Shortly after I wrote this blog, a really good article was created here -

Rights Management Service (RMS) is supported as well. Office 365 supports both Windows RMS or Azure RMS. You can use RMS is a great solution to assist with DLP for email and documents. You have the ability to create policy to encrypt data. For SharePoint Online please review the Service Description here - For Exchange Online please review

Office 365 Message Encryption (OME) is another solution that is available to you. This is another solution provided that allows you administrators to create policy to encrypt data that is leaving the organization. For detailed information, please review this -

Additionally in Exchange Online Protection (EOP) you have the ability to enforce Transport Layer Security (TLS) for SMTP messages to partners. For more information, please review the following -

Sunday, November 9, 2014

New Office 365 App Launcher

Again there has been a new usability function added to Office 365. Some people call it the “Waffle”. It is in the top left hand corner and when you click on it, you can get to any Office 365 App.

I absolutely love it. It is changing the way I use Office 365.

I will be honest, at times Office 365 felt like SharePoint Online, OneDrive for Business, Exchange Online, Lync Online, Office Online, Yammer, etc. were all separate applications. Now through the browser, these applications are all meshed together. I challenge people to spend the entire day in the browser experience and you will see everything is connected.

The “Waffle”, officially called the Office 365 App Launcher provides you the ability to quickly access apps. You can create a Word Online file, jump over to OWA, etc. You have the ability to pin your own personal items into the menu as well that you use the most. Plus organizations can customize the App Launcher with custom theme for your company.


Reference -

New OWA and OneDrive for Business Integration

Sometimes it is the little things that count. There has been a new feature added to OWA and OneDrive for Business. If you have not tried, trying closing down Outlook for a day and play with OWA, SharePoint Online and OneDrive for a day. You will see all this new integration where everything seems to be one click away.

Case in point, Microsoft just added a new feature to OWA that allows you very easily send a OneDrive for Business file.

First attaching a file has changed. In the old days you used to attach a file to a message, send it to someone, they edit the file locally and then reattach the file to an email and send it back to you. Inefficient in numerous ways. Now there is a new feature in OWA that allows you to select a file from OneDrive for business and then a link to the file is sent to users. This is more efficient because we are not attaching and sending around numerous versions a file. There is a single version of that file, and it is located in your OneDrive for Business. What is even more impressive is that the permissions to the OneDrive for Business file is automatically set to view/edit for all the people in the To and CC line of your email. This is awesome because you can quickly send a file to anyone via a link. They and perform edits without having to download the file and then just give you a simple notification they are done with their edits.


Second, there is also a new option in OWA that allows you to quickly attach a local file to an email, but instead of attaching the file to message, you can again select to share the file through OneDrive for Business. What will happen this time is OWA will take the local file, upload it to OneDrive for Business for you and then insert a link to in an email. This again saves me tons of clicks.

One really good point made about this is once a file gets into OneDrive for Business, everyone on the email can co-author the file. No more ten people creating different edits and then you having to try to merge everything back together.

Like I said it is the simple things that count.

Reference -

Lync Online Report Updates

Lync Online recently expanded is reporting capability. To date, there are numerous Lync Online reports such as peer-to-peer session report, conferences report, active users report, and audio / video minutes report - All of these reports are available visually through the admin center plus there are REST web services and PowerShell available to pull the data.

Lync Online has just new report called the Client Devices report - This report provides data about what types of devices are being used to connect to Lync Online.

All of these reports will provide you good insight into how the Lync Online service is being utilized by your end users.

Saturday, November 8, 2014

Office 365 Message Encryption (OME) Enhancements

Some of you may be familiar with the Office 365 Message Encryption (OME) solution. This solution has been available for some time in Office 365 for some time and it is next release of the Exchange Hosted Encryption (EHE). OME is a slick solution that allows administrators to rules and policy to encrypt email that is leaving the organization. Encryption policy is simply added to transport rules. When a message goes external, the receiver of the email will be given a simple user experience to access the email. To date, the external receive of the email had to authenticate to access the email by using either their Office 365 ID (if they are an existing Office 365 user) or use a Microsoft Account which is free and anyone can sign up for.

This past month, Office 365 has modified this offering to now allow external receivers to access a message using a One-Time Passcode to access the encrypted message. The user does not need to have a Microsoft Account either. This provides a lot flexibility to be able to send an encrypted message externally. The external user simply selects the option to view with a one-time passcode which will be separated emailed to them. If your organization does not like this option, it can be turned off through PowerShell.

Remember OME is not the only type of encryption that is available in Office 365. I typically put encryption into three buckets. There is encryption in transit supported with TLS and SSL. There is encryption at rest with BitLocker. There is finally payload encryption which you can use OME, Information Rights Management (AD RMS) and S/MIME.

Here are some references:

Office for Android Table

I have to say this has been an extremely active time for Office 365. A significant announcement was announced that Office for Android Tablet is being announced for preview -

Microsoft has made good on its vision to provide Office across all major mobile platforms. Office is now available on iPhone, iPad, Android Phone, Android Tablet, Windows Phone and Windows tables.

This is amazing.

Organizations can now empower their employees to remain productive where ever they are at without compromises.

MDM for Office 365

There was another major announcement recently for Office 365. This past week Microsoft announced that is was adding a new solution called MDM for Office 365 is being released. To date many organizations utilized Exchange ActiveSync (EAS) policies and sometimes other third-party MDM solutions to protect business data on mobile devices connecting to Office 365.

With this new announcement, organizations will now have the ability to provide even more protection of their business data on mobile without having to rely on other solutions.

The new MDM for Office 365 will be available in Q1 of 2015.

Devices: MDM for Office 365 will provide organizations the ability to manage email and documents across iPhone, iPad, Android Phone, Android Table and Windows Phones.

Data Protection: When you learn more about it, you will be impressed with the approach. Typically other MDM providers have enforced data protection through a container and even custom applications within those containers. Many times the feature set offered is limited. In the case of MDM for Office 365, protection is enforced within the applications that users use. For instance Office is now available across all major mobile platforms. Customers can set up protection within Office such that business data is protected and cannot leave the application. End users can remain highly productive without having to learn something new.

Device Lock: There are several new features being added as well such as Pin lock and jailbreak detection.

Device Wipe: Plus enhanced features are being added for device wipe for not just email but also documents. The nice thing about the wipe policy is that it will only wipe company owned data, and not impact a user’s personal data. This is extremely important in a BYOD world no one should have their personal files impacted when they go from one company to another.

Integrated Administration: From an administrative perspective, MDM for Office 365 is integrated right in the administrative experience of Office 365. Administrators do not need to bounce around to other third-party applications nor do they have to spend the time trying to configure them together. MDM for Office 365 is simply just built into the service. Administrators will have access to a full set of reports as well through their reporting center.

InTune: Finally, organizations can easily upgrade to advanced MDM with InTune. With InTune there is advanced mobile application management, integration with System Center and advanced mobile device policy.

Please review these announcements: and

OneDrive for Business Unlimited Storage

There are a bunch of new announcements that have been made for Office 365 of the past several days. Probably the most significant announcement is that OneDrive for Business will changing its offering to allow end users to have unlimited storage. This change will not have available until CY 2015. As of right now, OneDrive for Business users do have 1TB of storage available per user.

I feel this change is significant:

  • It is aligned to rate that data is being created.
  • Gives organizations the ability to save significant amount of money by getting rid of all those old files shares.
  • Organizations have the ability to keep all their corporate data in a single location and have all data managed through compliance policy across devices. Office 365 provides compliance solutions such as DLP, legal hold, retention, archiving, eDiscovery, etc.

No other cloud productivity platform can provide this combination solutions.

For more information, please read here -

Tuesday, October 14, 2014

Delivery Milestones for Delve and Groups for Office 365

If you were at the SharePoint Conference in March 2014, there were some big vision announcements made - Mostly notably in the area of Enterprise Social. Microsoft is taking many of the solutions that were very successful with Yammer and adopting these solutions into Office 365. This resulted in:

  • Office Graph – This is fabric inside of Office 365 that can look at email, conversations, documents, sites, instant messages, posts, etc. and evaluate your relationship with people and things. This is then used as an engine to provide collaborative and social end user experiences.
  • Delve – Formerly codename Oslo, is a new app and user experience built on top of Office Graph which delivers a personalized (and security trimmed) connecting a person to business data across the enterprise based on interaction, communications and collaboration with other people. If you want to learn more about it – go here -
  • Groups for Office 365 – This is a really cool new feature that allows users to quickly and easily create a group. In that group there is a shared calendar, shared mail, shared conversation, shared documents, etc. The beautiful thing about this is that the end user experience is consolidated such that Exchange Online, SharePoint Online, and Office Online experience all in one. The user does not need to bounce around to differ applications, it is just a simple end user experience. No more having to independently create a team site, shared calendar, shared mailbox, etc. I feel I am doing an injustice to this new feature because it is so cool and I do not have a lot of time to write about it. If you want to learn more about it, please go here -

The reason why I writing this blog is that both Delve and Groups have reach major milestones in Sept 2014 and are now being released into the Office 365 for customers to start using. For more information:

New Exchange Online Protection Bulk Compliant Level and Phishing Confidence Level

In this new blog post - - there was an announcement enhancements in regards to how Exchange Online Protection (EOP) will handle Bulk Mail Detection. I found this interesting because I have this discussion all the time with customers who are evaluating Exchange Online and EOP.

Today in EOP, under advanced options, there is a Yes/No flag called “Block all bulk mail messages”. In the Microsoft blog they correctly called out this as a “gray area”. I have always had the exact discussion of “what constitutes” bulk email because there can absolutely be legitimate external email campaigns with information that can be important to a business. What they have said up to today is that EOP has not been very aggressive when evaluating bulk email. This is changing.

Moving forward in EOP, a new header is available called X-Microsoft-Antispam. In this header will be values for BCL (Bulk Complaint Level) and PCL (Phishing Confidence Level). What you can do now is have the ability to evaluate the X-Microsoft-Antispam header in a transport rule and if the BCL or PCL level is too high for your liking, you can then set the SCL (Spam Confidence Level) to an appropriate level and then have message route to the end user using the policies you have set-up (send to quarantine, send to junk mail folder, etc., etc.). They also noted in the blog that they plan to change the “Block all bulk mail messages” flay from Yes/No to a value based level set which will be an alternative to creating the transport rule that I just discussed.

Here are some other good links which were on the blog on this subject:

Monday, September 1, 2014

SharePoint Online Storage Calculation Updates


There have been new modifications to SharePoint Online storage. All for the better. If you have been following SharePoint Online and OneDrive for Business, there has been some truly exciting things going on as of late with the announcement for the ability to support 1 TB site collections and 1 TB OneDrive for Business sites.

I have literally seen this as a complete game changer for enterprise organizations to get rid of expensive legacy file drives and move all user data to the cloud. This allows end users to have access to their data where ever they go across devices. It literally changes the way people work.

So What Is Changing?

In this new blog there are some new announcements -

Updated Usage Model

SharePoint Online Site Collection storage will now only calculates on actual storage utilized. They give an example:

  • Old Model - If you had set the SharePoint Online Site Collection quota at 100 GB, but was only using 20 GB, SharePoint Online would still calculate as if you are using 100 GB from the pooled storage.
  • New Model – If you set a SharePoint Online Site Collection quota to 100, but are only using 20 GB in that specific site collection, SharePoint Online will only count the 20 GB that is actually being used. Meaning you still have 80 GB available in pooled storage.

This is great thing given that direction of:

  1. 1 TB site collection.
  2. No cap on the amount of additional storage you can purchase for SharePoint Online pooled storage.

Remember nothing has changed from how your pooled storage is calculated. It is 10 GB + 500 MB per user. You can purchase as much storage beyond that as you want. OneDrive for Business storage is in no way associated to the calculation for SharePoint Online Pooled storage. Details are located here -

Auto versus Manual

Along with the changes above there is a change in how Site Collections sizes are managed.

  • Old Model – In SharePoint Online, every site collection requires a quota to be set for the Site Collection.
  • New Model – There is a new setting in SharePoint Online called Site Collection Storage Management. This setting can be set to Auto or Manual.
  • New Model Manual - If set to Manual, the SharePoint Online administrator will continue to set quotas to each site collectoin. When set to Manual, the site collection will use the new storage utilization model described above. If the site collection reaches its quota, the administrator will have to allocate more quota. If the site collection does not utilize all the quota but all the SharePoint Online pooled storage, the administrator will either need to free up space or purchase more pool storage on a per GB per month basis.
  • New Model Auto - If set to Auto, none of the Site Collections have a quota set. The site collections will grow to the current system maximum which is 1 TB per site collection. Do not worry, the site collections can only use the SharePoint Online pooled storage that is available to them. An administrator will have to purchase more SharePoint Online pooled storage when it gets maxed out. The SharePoint Online Admin Center has several new reports that will show how much storage you still have available.

I can see some pros/cons for both Auto and Manual. For Auto, the big benefit is if you want to keep it simple, Auto is the perfect choice. There are still some reason why you may want to use Manual over Auto; especially if you are a large organization with a lot of new content being created or acquired. What if there are specific site collections that are consuming large amounts of pooled storage? With Manual you will be able to continue to stop the growth by using quotas. For instance:

  • Check if there are automation processes building up too much data, should something be changed?
  • Determine if the retention policies for content need to be changed.
  • Determine if there is a reason to logically partition data into a new site collections because you see even more long-term growth.
  • Etc.

I still see good reasons why Manual would be needed.

Site Collection Limits

To go along with this, the number of Site Collections is now being increased from 10,000 to 500,000 Site Collections. That is a lot. This was a needed change to support this. You now have the ability to spin up tons of site collections to support this new storage model.

SharePoint Online DLP

I have to say I have been waiting awhile for the new SharePoint Online DLP solution to be released. It is super exciting because we now see this DLP capability being applied to both Exchange Online and SharePoint Online with a strategy to centrally manage both. Here is a brand new blog discussing the new SharePoint Online DLP capability - In this blog I will talk about the solution, important facts, plus talk about the future statements made in the Microsoft blog.

As of this posting, according to the Office 365 Public Roadmap, the feature is in Rolling Out phase - If you are an Office 365 for Enterprises customer, you have signed up for the First Release program, you will have the ability to get early access.

The Solution
The new solution provides the ability to discover sensitive data that may be in SharePoint Online and OneDrive for Business. The solution looks very similar to the eDiscovery Center. What this solution is initially providing the ability to use 51 built-in sensitive security types. For instance SSN, Passport number, credit card numbers, etc. You will be able to identify the SharePoint Online and OneDrive for Business locations to search. When items are found you can:
  • Preview the results.
  • Refine with complex query.
  • Export the results with a report and then remediate. Remediation would be anything from deleting the data, changing permissions around the data, check for false positives, etc.
  • Ability to save and re-execute the query.

The Details for Implementing the DLP Policy
Additionally here is a TechNet Article that explains the actual steps to use the new SharePoint Online DLP capability - As you see, the steps are same for using the eDiscovery Center. The great thing about this is the compliance officers do not need to be trained on a new solution, they will use what they already know to perform DLP operation.

Important Facts
Here are some important facts found out while reading this blog:
The Future
In the blog, the referred to the future. The important fact is this is not the only release. If you have been an Office 365 customer for a while now, you know that Microsoft is releasing new enterprise features and capabilities quickly. This is reflected in public roadmap. In regards to futures on SharePoint DLP:
  • They mention that they are building a capability to create policies that can automatically detect sensitive data along with taking an action once discovered, like quarantining or delete the data. I absolutely love this. SharePoint Online DLP will then have the same concepts that are built into Exchange Online DLP as data is going through transport rules.
  • They also mention they plan to create a unified policy experience for DLP across all of Office 365. This will allow a compliance officer to define a DLP policy that would apply to Exchange Online, SharePoint Online and OneDrive for Business.

Saturday, August 9, 2014

System Center Office 365 Management Pack

There is a new feature which is on the Office 365 public roadmap called “System Center Office 365 Management Pack” ( which I am excited to see.

This is something a lot Office 365 customers will be excited to see because they want to have Office 365 “monitored” holistically across their enterprise. Today organizations have to System Center Operations Manager (SCOM) to monitor their entire organization, however they have no way to get feeds from Office 365. This results in them having to go to the Office 365 Administration Center and rely on RSS feeds for notification and messages. Additionally if you are an organization that may have multiple Office 365 tenants you will be able to consume status on all of your tenants.

With the System Center Office 365 Management Pack this will change. With management pack organizations will be able to get the following:

  • Subscription health
  • Service status
  • Active/resolved incidents
  • Message center communications

All of this information is readily available through the Office 365 Administration Portal but will be able as well through a SCOM Pack. Now organizations can notified of health, status, incidents and change through SCOM and if the organization already has existing business process to handle these events, Office 365 can plugged into those existing business processes.

Here is a guide on the new Management Pack -


Sunday, July 20, 2014

Outlook MAPI over HTTP

There was a recent announcement in May 2014 that probably went by with not as much fanfare as some of the recent OneDrive for Business announcements. The announcement I am referring to is changing Outlook Connectivity to be MAPI over HTTP -

If you check out the public roadmap site, as of my writing today (June 2014), this feature is currently under the Rolling Out phase -

This change is part of the Exchange 2013 SP1 and Outlook 2013 SP1 updates.

So why am I excited?

Up to now, Outlook has used RPC over HTTP (commonly referred to Outlook Anywhere). This change removes the many of the complexities associated to Outlook Anywhere dependency on legacy RPC. This changes the connection to be a true HTTP connection and no longer requires long-lived TCP connections. This ultimately will provide better performance which is explained in detailed in the reference above.

Additionally this change provides the first step for Outlook to natively support third-party multi-factor solutions (such as smartcards). Today third-party multi-factor solutions can be supported with OWA through ADFS. The goal is to support this not just through browser but rich clients such as well as described here -

Friday, June 20, 2014

Office 365 Public Roadmap

There was a major announcement today for Office 365 customers. Microsoft has now publishing the Office 365 roadmap publically here - This is huge and been long awaited. This solution will allow enterprise customers to review the roadmap and prepare for change. I say this make the Office 365 cloud “predictable”!!!

Additionally here is an announcement about the new Roadmap site and the First Release program - The First Release program was announced at the SharePoint Conference and it is a new solution that allows customers to opt into a program so they can receive new features and capabilities quicker. You do not have the option to select on a feature-by-feature basis; you are either in the program or are not.

Sunday, May 25, 2014

Lync Online, Exchange Online and SharePoint Online Bandwidth Planning and Estimation

Bandwidth planning comes up a lot with customers who are coming to the cloud. Most customers are initially concerned with understanding Exchange Online bandwidth. There are definitely new email traffic patterns that must be considered (especially if you are retaining the MX record on-premise). This can be remediated pretty quickly.

However the one that requires even more planning and consideration is Lync Online.

Here is the reference for the Office 365 Internet Bandwidth guide - In this article it has references calculators for both Exchange and Lync bandwidth calculators. The Exchange bandwidth tool is fairly straight forward.

The real reason why I am writing this blog is for Lync Online Bandwidth estimation. Today Microsoft does not have a Lync Online bandwidth tool; there is only the on-premises tool. However we have always said when using this on-premises tool if you:

1. Treat Lync Online as your Lync server deployment.

2. Then treat all end users as “external” users.

3. Then model out all the locations for where you have end users.

The first 30 minutes of the Lync Online How to Estimate Bandwidth presentation ( at the recent Lync Conference 2014 has a great discussion of how you should look and understand the traffic. There are several considerations you need to account for when estimating this traffic. I highly recommend sitting down and watching this session.

If you feel I missed on mentioning SharePoint Online, as you may see here - - that there is a tool in the works. However if you are a SharePoint person, you can look at many of the existing SharePoint on-premises planning tools, plan out your content acquisition strategy and look at how much content you have today. It comes down to knowing how many upload / download transactions you expect to have at peak times and what is the average file sizes. There can be other considerations for geographically dispersed organizations that again are working with large files. Organizations can look at their current SharePoint on-premise logs to plan.

Office 365: How we run it

My job requires me to talk with a lot of prospective customers about Office 365. One of the biggest tasks I have is to explain to large enterprise customers how we actually do Exchange, SharePoint and Lync in the cloud. Many customers come to the table with a lot of know about Exchange, SharePoint and Lync. They have a lot of operational experience for supporting these products on-premises and they want to know how Microsoft does it? Not to say they do not believe us; but I get the question a lot “show me”. Personally I am not on the operations team however I have to take customers through a lot of conversations to demonstrate to them how we deliver on such a scale.
There are actually some really good presentations from the past Microsoft Exchange Conference (MEC) and SharePoint Conferences which explain how we do it. These discussions cover our operations support, incident response, security, networking, farm provisioning, etc.
I high recommend you take a look at the following sessions:

Friday, April 25, 2014

New Office 365 Security Whitepaper

There is a new Whitepaper called “The Microsoft Approach to Compliance in the Cloud”. It is really good and you should check it out -

Saturday, March 29, 2014

Office 365 Federation Updates

There was some good information in this blog that really cleared the air on a few topics which I talk a lot about with customers -

A lot of times I am asked, can authentication federation with Office 365 can be done with something other than Active Directory Federation Services (ADFS) and Active Directory (AD)? The answer has always been yes as there are other third-party STS servers that have been supported plus other LDAP directories are supported.

However with this recent announcement this story has been cleaned up a bit. Here are the high level facts you need to know:

  • Active Directory (AD) can be used to synchronize your directories to Office 365. You can use DirSync to do this. Everyone knows this. If you have multiple AD forests, you will need to use Forefront Identity Manager (FIM).
  • LDAP directories can also be synchronized with Office 365. Again you will need to use FIM to support this. Recommend that you talk with your licensing person at Microsoft. Remember a full FIM CAL is not needed when all you are using is the FIM synchronization service. I am not a licensing expert on FIM so I recommend you double check.
  • SAML 2.0 is now offered as an authentication federation option now with Office 365. This allows a whole host of STS identity providers to authenticate with Office 365. The important note is that SAML 2.0 support is for “passive authentication” scenarios which as you may know is used for browser based authentication.
  • Office 365 has supported and will continue to support WS-Federation and WS-Trust to support ADFS and other WS-* identity providers.
  • So what about the Rich Clients? When we are talking rich clients we are talking such client applications as Lync client, Office Desktop clients (Word, Excel, PowerPoint, Outlook, etc.), etc. In the Microsoft Office 365 world, it is not just browser only, there are tons of other clients that can to connect to Office 365 service. Authentication using these rich clients is referred to as “active authentication” which currently requires WS-Trust. If you want to have federated authentication and you need to support rich clients, you will need to use an STS identity provider that supports WS-Federation and WS-Trust. You will need to use either Active Directory Federation Services (ADFS) or a qualified solutions partner that can support this level of authentication. A list of third-party approved providers is listed here - and information about the program for getting third-party qualified is listed here -
  • So is the Rich Client scenario ever going to support SAML 2.0 and Passive Authentication? The answer is YES. It is reflected in the public roadmap of these two blogs and There will be an update to Office 2013 client applications, in the year 2014, which will allow Office 2013 client applications to support SAML 2.0 (or Shibboleth) passive authentication.

These changes in Office 365 federation authentication are great changes to supporting more enterprise scenarios.

Office for iPad and Office Mobile

There was a major announcement for Office 365 this week that I think almost everyone heard about this week. iPad for Office is now available. For business Office 365 business customers (and consumers) this was long awaited and a proof to world that Microsoft is making a commitment to be a devices and services company. Here are the big facts that everyone should know:

  • Office for iPad supports Word, PowerPoint and Excel.
  • Office for iPad for free allows you to read, view and present.
  • Office for iPad subscription service with Office 365 allows you to create and edit.
  • Office Mobile for iPhone and Android phones is now free, just like on a Windows Phone. No Office 365 subscription is needed.
  • Office for iPad when creating and editing will ensure that content and formatting will be maintained. This is really important for business scenarios to ensure the integrity of documents as a record.
  • Remember all this gets hooked into OneDrive and OneDrive for Business. This means your documents follow you everywhere. I will have to say that OneDrive for Business has literally changed the way I work. When I work with files on my laptop on in OneDrive or any SharePoint Online document library, I have access to all my recently edited Office files on my phone. So when I am on the run, I always have access to what I have been working on. Plus all my OneDrive for Business files accessible from Office Mobile / Office for iPad. Office is not longer just on my PC, it is everywhere I am working across devices. All the Office files (and other file types) are managed in the corporation and are discoverable.

I am telling you. Office Mobile / Office for iPad / OneDrive for Business is literally a game-changer in how your business people work across devices.

Then when you start looking at all the Lync Apps available on Windows Phone, iPhone, iPad and Android you can really see how productive people can really become.

Sunday, March 23, 2014

SharePoint Online Unlimited Storage

I have not had a lot of time to blog about the most recent SharePoint Conference. There was a lot of good things presented. With my focus on Office 365 and SharePoint Online, the announcement that gave me the most excitement was that Site Collection storage was being expanded to 1 TB with the ability to purchase unlimited storage -

When I heard this I was blown away. We now have a similar solution for SharePoint Online, like we have for Exchange Online. Customers no longer have to worry about how much data they have. Microsoft Office 365 can hold it all.

Saturday, February 15, 2014

Office 365 Power BI is now Generally Available

If you did not hear this week, there was a big announcement that Power BI has now moved into General Availability for Office 365. Please read this announcement -

Now you may be wondering, what is this actually mean if you actually own Office 365 or SharePoint Online Plan 2? I actually found this table right here gave the exact answer I was looking for -

The core features of Power BI for Office 365 you get:

  • BI Sites
  • Scheduled Data Refresh
  • Enterprise Data Search
  • Data Stewardship
  • Mobile BI
  • Natural Language Query

So if you are an existing E3/E4 customer, you get those features.

Remember with SharePoint Online Plan 2 you already get BI solutions such as Excel Services, Power View and Power Pivot reporting through the browser, etc. For more information read the Service Description here -

Additionally with Office ProPlus and Excel you get Data Discovery & Access, Data Modeling & Analysis and Visualization which equates to Power Query, Power Pivot, Power View and Power Map.

So you may be asking, what are these new features. I have pulled together some quick references for you to read:

Frankly I need to spin up on this a little bit more, but wanted to get some quick information out to folks…

Office 365 and Third-Party STS Providers

I have been asked a lot lately how other STS providers could be used to federate authentication with Office 365 instead of using ADFS.

Additionally there was an announcement about a new program to get third-party identity providers (STS providers) tested and approved with Office 365 quicker. If you want to get one that you are working approved, recommend to them to read this -

New Office 265 Multi-Factor Authentication and Roadmap Announcement

There as a big announcement that was publically disclosed recently that Multi-Factor Authentication (MFA) was added to the Office 365 service - Here is a detailed article about it - This is a really exciting announcement about for MFA, two-factor authentication, 2FA, etc.

However I like to make clear that Office 365 has always been able to support 2FA and this was achievable through configuration of federation with ADFS (or other STS servers). So it is possible to integrated RSA, smart cards, etc. but the policy for third-party 2FA is managed by the customer and enforced through ADFS (or other STS servers). The new Office 365 MFA offering discussed here will be immensely valuable to customers who do not have federated authentication and are using Cloud Based IDs. If you do not know much about Office 365 authentication, I recommend you start with the Service Description and read some of the linked articles -

Another important announcement discussed is that Office 2013 client applications “native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business, with a release date planned for later in 2014”. This will work with this new solution Office 365 MFA as well as third-party 2FA solutions that have been implemented on-premise (i.e. RSA, smart cards, etc.).

Directory Based Edge Blocking added to Exchange Online Protection

Another new feature of Exchange Online Protection (EOP) was recently added called Directory Based Edge Blocking (DBEB). With this, all messages directed for email addresses that do not exist in your organization will be blocked on the edge. The message will be blocked and it will not be processed. Otherwise if the message is bound for a valid email address in your organization, the message will continue through connection and content filtering (anti-spam, etc.) policies you have configured in EOP. This allows for more efficiency.

For Exchange Online customers using EOP apparently the change will not be too noticeable. Messages bound for invalid email address was being blocked in Transport rules. With the introduction of DBEB, the block is moved forward in the filtering process. This will be reflected in reporting and there is some planned additional reporting that will be released in the future to differentiate between DBEB and SMTP blocking.

For information about the announcement, please review this -

Exchange Online Log Retention Period Increased

The application logging for Exchange Online has been increased from what was once a week out to 90 days. The first announcement was for Message Trace capability was announce going up to 90 days. The announcement was here - Additional information is here -

Along with that I noticed that the Audit Logging reports have as well been increased to 90 days as well. Read here -

Information in general is available in the Reporting Features and Troubleshooting Tools Service Description for Exchange Online located here -

Remember if you need the data for even more than 90 days, there are reporting APIs available that can allow you to get access to all of this data and store it locally -

Saturday, February 1, 2014

InfoPath Being Retired

Announcement: Well there was a big announcement in the SharePoint world that hit me personally – InfoPath is being retired -

Reflection: I had been waiting for public announcement and it was pretty obvious it was coming down when we saw that no new additions or investments (of any importance) we made into InfoPath 2013 and InfoPath Form Services.

Now InfoPath has a special place in my heart and I will say that my love for InfoPath put me where I am today. Really. When I first started at RDA Corp back in 2005 I was just a .NET engineer. My first project I was thrown into an engagement where I had to learn InfoPath 2003, 2003, BizTalk 2004 and SharePoint 2003 in a week and make them work. That project change my life. I built this solution (with some smart people) which eventually was the finalist for solution of the year at the Microsoft World Wide Partner conference. It had tons of InfoPath components which were hooked on top of a VAX mainframe. I subsequently got hooked into the developer community in ways I had not done before. I starting doing more and more InfoPath and K2 projects and then I got really hooked into SharePoint; the rest is history. I was able to get a job as a SharePoint TSP at Microsoft which has transcended into a career doing Office 365. I can say, it was InfoPath that sparked my love for the Microsoft productivity stack to build business solutions. I started saying “why do I need to build solutions from scratch when I can take all the Microsoft solutions together and build something”.

Over the years on this blog I had wrote extensively on how to do development, best practices and build solutions for InfoPath - My first blogs in September 2007 were focused on InfoPath. I thought it was a great solution with SharePoint to build business forms and automate them using simple or complex business processes. Reflecting back, I found that InfoPath did a lot of great things for standard to moderately complex forms but when you brush up against the edges (which is what I had to do a lot as a consultant) you found tough things you would be able to resolve with a custom web form. I would always be put into these debates with colleagues on this topic.

Where Do We Go From Here: I believe Microsoft product team is making the right decision. InfoPath had its day, it is a great concept behind it to create forms quickly, extract the XML, shred it and sent it to a database. However today there are so many development frameworks for rapid development and Microsoft is going to continue to create new solutions that will help customers build forms and process automated solutions. Support for InfoPath is not going away anytime soon, they are keeping support through April 2023 (not a typo) and I still say InfoPath is a great solution, just nothing new is being introduced. They noted they plan to create some migration scenarios in Q4 of CY2014, so I will be keeping an eye out for that.

Tuesday, January 28, 2014

OneDrive Announcement

If you have not heard by now, big news SkyDrive and SkyDrive Pro is going to be renamed to OneDrive and OneDrive for Business.


I love it. I have completely transitioned myself over to it at work. I have 25 GB of space with SharePoint Online which gives me more than enough room for my working files. I can access all my files on my work laptop, my Windows 8 Phone (or if you have Android, iPhone and iPad that is supported to) and on my Surface, my Dell Venue Pro 8 (which is an awesome device). I can work effectively everywhere and I am compliant with company policy. I love it.

Announcement -

Saturday, January 25, 2014

Office 365 January 2014 Updates

There were a few releases lately through Office 365 this past month. These are two new features that have been released that I have really liked and help me on a daily basis.

Lync App Voice Commands

As many of you know Lync App has been released on all the major mobile platforms that are out there. A new feature was just pushed out to my phone to allow for hands free commands for Lync.

All you need to do is press the start button and say the following (the word “my” is optional):

“Lync, join [my] next meeting”

“Lync, join [my] current meeting”

“Lync, show [my] next meeting”

“Lync, show [my] current meeting”

"Lync, show [my] meetings”

”Lync, play [my] voicemail”

“Lync, show [my] voicemail”

This is a really basic feature but I love it on a mobile device because it allows me the ability to quickly and safely jump into a meeting.

Reference - - this blog also talks about the new iOS App update has updated the user experience. Plus it talks about seeing desktop shares and shared presentations on your mobile device which I have talked about in the past. That is a huge feature as well because you can attend web meetings and see shared content. Huge.

OWA People View

Another new feature just released is the People View in OWA. I have started to play around with this and find it to be really good for the people (like myself) who are “stackers” and have lots of email. With a large inbox, those messages can build up. This allows you to quickly find messages for people whom you talk with the most.


Reference -