Wednesday, April 24, 2013

Exchange Online Hybrid Update


I recently wrote two blogs recently on SharePoint Online and Lync Online Hybrid. I figured I complete this out and write some notes on Exchange Online hybrid with Exchange 2013.

The reason why I started off with SharePoint and Lync Hybrid was because there were some major advances with the new 2013 platform being released. Exchange Hybrid has already been a fairly robust solution even before the 2013 release. There are still improvements to be talked about and some good resources you should have.

In this blog I will capture some of the new changes to Exchange Hybrid good resources you should be aware of for planning.


The best resource to reach is the Exchange Server 2013 Hybrid Deployments Whitepaper - This covers all the details for setting up hybrid.

What is Exchange Hybrid?

Exchange Hybrid allows organizations to host Exchange servers on-premise that are connected to Exchange Online in Office 365. Organizations have the ability to share the same domain space across they hybrid environment and route inbound/outbound email securely between both environments. With Exchange hybrid there is a unified GAL, free/busy is shared, unified messaging, mailboxes can be moved between environments, centralized mailbox management across environments, messaging tracking, mailbox search across environments, etc.

Why Hybrid?

In most cases, the goal of going to the cloud is to remove all on-premise mail servers. In many cases, organizations are able to achieve that. However there can be scenarios that organizations may encounter that may require keeping some mail servers running in hybrid. Two most common are running an extended migration where customers want to slowly move to the cloud or the customer may have a server side add-in that needs to be maintained for a period of time which cannot run in Exchange Online. I have seen scenarios where there are scenarios where there are policies that customers must support which does not allow them to have certain mailboxes reside in the cloud, while everyone else can.

Whatever the scenario is, Office 365 and Exchange Online support this allowing customers some real flexibility when moving to the cloud.

Solution Architecture

This solution architecture has been around for a while. To recap at a high level:

  • DirSync – This needed to support the unified GAL across both environments. The organization’s AD will be synchronized to the cloud.
  • ADFS – Used to authenticate users in the cloud using their on-premise credentials and domain. Single Sign On is not required, but highly recommended when implementing Exchange Hybrid.
  • Microsoft Federation Gateway – Is the trust broker between the two environments.
  • CAS / Edge Server Connection – On-premise an Exchange CAS or Edge Transport server can be connected to the cloud instance. Here is more information about the server the transport server you would configure to run with the cloud -
  • Mailbox / CAS Server - There are pre-requisites you must consider when setting up this hybrid. One important one is ensuring both the CAS and Mailbox servers that are running in hybrid are running at the right level. For instance is possible to have an Exchange 2007 or later org on-premise but will require the correct level Mailbox/CAS server also be added to the farm on-premise. Please review the prerequisites for details -


What’s New?

Now let’s get to what is new. Actually it is listed here in detail - – but I will summarize.

  • Right out of the gate, we are no longer referring to Exchange hybrid as “rich co-existence”, we are just referring it to Exchange Hybrid J
  • Hybrid configuration tools have been consolidated and streamlined to make the configuration simple.
  • As you know FOPE has been replaced Exchange Online Protection (EOP). EOP has new features that allow for easier connection configuration between on-premise and the cloud. EOP is the endpoint that is connected to and you no longer have to configure a static IP address. We now have forced TLS configured between the two end points.
  • New support options for routing inbound and outbound email based on the location of the MX record.
  • Etc.


This entire whitepaper is filled with very important articles. However when doing your planning, especially on how you want do your mail routing, the following articles two articles are a must read: and The big decision you have is where you want to have your MX record reside. You can have it remain on-premise or have it point to EOP. Both have considerations where are discussed in these articles.


As I mentioned, there is a ton of information located off here - There is information about prerequisites, considerations, routing, server topologies, deployment steps, and management considerations.

Wednesday, April 17, 2013

Controlling File Types in Office 365

I was recently asked, how do you control file types end users can work with in Office 365? I pulled this together which captures how file types are restricted in various solutions in Office 365.
SharePoint Online
For SharePoint Online, this is pretty simple – here is the list of supported file types that can be stored in SharePoint Online -
This list is not customizable. Note that SharePoint Online does have virus protection built in to check files when they are uploaded.
Lync Online
For Lync Online, if you allow users to transfer files, the following file types are supported -
This list is not customizable. The Intelligent Instant Message Filter (IIMF) solution built into Lync Online checks for viruses.
Exchange Online
For Exchange Online, this discussion is a little bit more to think about.
Then there are the user interfaces that connect to Exchange Online.
With all of this, an organization can create rules on how they want to support the emailing of files in Exchange Online.

Friday, April 12, 2013

Email and Process Automation with Office 365

New Site Mailboxes

I have been asked many times about email enabled document libraries in SharePoint Online. With the new SharePoint Online (SharePoint 2013 in the cloud) there are new Site Mailboxes.

Site mailboxes are a rather interesting solutions as it brings together the ability to both documents and emails into the same user interface, while continuing to leverage both Exchange and SharePoint to store data.

Here are some really good articles about Site Mailboxes:

You can read about many features but the big one is emailing items to the site mailbox.

Initiating a Process Based on Email Arrival

The next question I have come up against is now that we can email items to a site mailbox, can we do any automation when an item arrives (i.e. some code needs to be executed or a process initiated)? That is the part that must be thought through.

As you see in the picture below and read the referenced articles I provided, you will see that some data is stored in Exchange and some is stored in SharePoint. Emailing to a Site Mailbox will store the item in Exchange while dragging / dropping a file through Outlook to a Site Mailbox will store the document in SharePoint. Knowing that, you would have to have code implemented in two places.

Hybrid Configuration Engine

What are the options?

For SharePoint Online it is simple enough to create an event receiver or configure the document library to initiate workflow when an item arrives.

For Exchange Online, it is possible to use Exchange Web Services (EWS) is it possible to write code that will listen for arrivals of emails and then execute code to do “something”. Please read following on setting up a streaming subscription to a Exchange mailbox using Exchange Web Services (EWS) Managed API -

Areas to Get Started

In Office 365, if you really need to build a solution that will initiate automated business processes based on an arrival of an email, it would be better to start with EWS. Create a mailbox that emails would be sent to. When email arrives your code will be connected to Exchange through EWS which can connect with line of business systems across the enterprise, integrate to SharePoint Online through remote APIs/Web Services, etc.

If you just need to support business processes when email arrives but does not be highly automated you have lots of options:

  • Site Mailboxes – Which we have already discussed. This is a great solutions to enable group collaboration around shared email and document data. This works great for projects.
  • Shared Mailboxes – This is a great solution where an email address can be created and then allow multiple to monitor and then respond from that email address.
  • Distribution Groups – Email is sent and stored in each person’s individual mailbox.
  • Public Folders – Yes they are now support on Exchange Online. They have typically been used to storage email and allow people to centrally access it. Public folders are not a recommended solution for storing large files nor is it a document management system.

SkyDrive Pro Sync and SharePoint 2010 Workspace

Here is an important distinction I have had to discuss with customers lately about SharePoint 2013 in Office 365 and SkyDrive Pro.

One of the new features of SharePoint Online is SkyDrive Pro. One solution feature of this is the new Sync capability. This Sync capability is actually available in all document libraries.

However this new SkyDrive Pro Windows Sync capability is different than the previous SharePoint Workspace 2010 solution. Additionally the new SkyDrive Pro Windows Sync capability only works when Office 2013 is installed.

SkyDrive Pro Windows Sync Client
Let’s discuss a little more.

Specifically there is this new Sync button up in the top right hand corner in SharePoint Online or SharePoint 2013 on-premise.


This will provide users to work with files locally out of their file explorer like below.


The SkyDrive Pro Windows Sync client which facilitates this is installed with Office 2013.

Why is this important? If a customer has Office 2010 installed on their client, they will not be able to use the new SkyDrive Pro Windows Sync client. However this does not preclude the end user from working with content offline. The end user will have to use SharePoint 2010 Workspace client will does work with the new SharePoint Online and SharePoint 2013 on-premise.

SharePoint 2010 Workspace
It is really important to note that SkyDrive Pro Windows Sync client does not replace, or is not an updated version of, SharePoint Workspace 2010. Both of these solutions are different but they provide a similar end result, allowing a user to work with documents when they are offline.

Additionally you still also have the ability to connect Outlook to SharePoint Online to work with documents offline too.


Monday, April 1, 2013

New Office 365 Dedicated Service Descriptions

The new Dedicated Service Descriptions have been updated here - These Service Descriptions for Dedicated have been updated with features and capabilities of 2013. They are no longer independent Word documents; they are being managed out of TechNet just like the multi-tenant service descriptions.

Additionally the “Microsoft Office 365 ITAR-Support Service and Network Descriptions” have been updated are located here -

I will provide some details soon about some of the important updates you should know about with Dedicated….

SharePoint Online External Users Update


Several months ago I wrote a blog on SharePoint Online Partner Access ( It was the first release and it worked pretty well. With the new SharePoint Online there have been a few improvements and changes that are worth noting.

If you are not familiar with SharePoint Online, there is a solution for Partner support. You can read about it my old blog. The ability to use SharePoint for external is nothing new and has been done many organizations with SharePoint on-premise. For SharePoint 2013 on-premise additional information is here ( End of day the organization must deploy SharePoint in your DMZ, secure and then manage user access. External users are typically stored in LDAP directories, Forms Based Authentication could be used, sometimes a custom authentication provider maybe written or even users are managed in AD. This is a great solution but the implementation and management can be costly to an organization.

SharePoint Online is a great solution to reduce those costs. SharePoint is securely managed and highly available in Office 365. No more management of infrastructure in your DMZ.

Another great thing about using SharePoint Online in general with external partners it the corporate control you can. This is important because I have seen situations far too many times where organizations quickly jump to use free document sharing solutions. These solutions present real challenges to enterprise organizations because they typically do not provide enterprise solutions for eDiscovery, legal hold, put on retention, etc. Nor can they be managed by your corporate Active Directory and policies that you need to manage centrally. With SharePoint Online, you can do this.

New Features and Improvements

As I mentioned at the top of this article there are some improvements to the Partner Solution that is now available with the new SharePoint Online.

Additionally this is a really good article for you to read - Discusses many questions you should ask yourself on how you plan to share data externally and what controls you would like to put in place.