“Conference season” is about to start!

Every year in September, right after the summer holidays, there is an unofficial start of a new “work season”. For some this unofficial start moment comes a bit earlier, for others a bit later. Some even say their work season lasts the entire year… But that’s besides the point. The fall traditionally also heralds a myriad of tech conferences, each fighting for a moment in the spotlights. With Microsoft’s massive Ignite conference moving in from May, this year’s “conference season” promises to be exceptionally busy.

I’ve always liked going to conferences. Although content is important, having the opportunity to talk to peers and interact with the speakers (experts) is something I’ve learned to value more and more with each conference I attended in the past.

This year, I’m lined up to speak at a bunch of conferences again. If you have read some of my previous announcements, you’ll notice that I’m speaking at a pretty much the same conferences as before. Continue reading to find out why!

Blog Events News

Exchange Hybrid Deployments and cross-premises Full Access permissions

Nothing but excellent news in the hybrid Exchange realm these days! Microsoft recently updated the support statement for cross-premises permissions in a hybrid deployment. As of now, Full Access delegate permissions are supported cross-premises. I know many customers will be delighted to hear this as this has been a big ask for quite some time now.

It’s important to understand that the support only applies to Full Access permissions, as stated here. Other permissions like Send-As, Receive-As or Send-on-Behalf are still not supported. Note that Microsoft is in the process of updating its documentation; you should see a more consistent message across TechNet over the next few days!

Although full access permissions have been reported to work intermittently, no cross-premises permissions were supported previously. As such, you could not rely on them working either. From what I understand, the plumbing was already in place for a while but the intermittent results were partially due to the Outlook client not honoring them quite as one would expect. Provided you have the November 2015 update to Outlook 2013, you should no longer run into any problems.

As you move mailboxes to Office 365, permissions are migrated along. If you already had permissions assigned before the move, there is nothing you need to do. Although the permissions were also migrated previously, you had to move connected mailboxes at the same time so they would be hosted in the same organization in order for them to work. Not too long ago, I was talking to a customer who started out with a handful of mailboxes to move to Office 365 but ended up with a huge migration batch because of the interweaved permissions… As of now, this is no longer needed, making planning for migration batches a lot easier!

You should now also be able to add the Full Access permissions after mailboxes have been moved. This means you can give an on-premises mailbox access to a mailbox in Office 365 and the other way around without having to set the permissions prior to moving the target mailbox to Office 365.

In order to explain things more clearly, I have put together a Q&A. I hope this helps!

Until later,

Michael

What cross-premises permissions are supported in a hybrid deployment today?

Full Access only. Other delegate permissions like Send-As, Receive-As or Send-on-Behalf are not. There are no changes to cross-premises calendar delegation either. That continues to work the same way it did before.

Will the permissions work both ways?

Yes. On-premises mailboxes can access Office 365 mailboxes and vice versa.

What do I need to do to make this work?

Nothing, really. Just make sure you are using an up-to-date Outlook client. For Outlook 2013, this means you need at least the November 2015 Cumulative Updates. Needless to say, the more up-to-date you are, the better!

In order to add permissions for a recipient in the other organization, you can either use PowerShell or the Exchange Admin Center. Unlike the EAC in Office 365, you cannot use the on-premises EAC to grant an Office 365 mailbox access to an on-premises mailbox. For that you must revert to using PowerShell.

How do I add permissions to an Office 365 mailbox for an on-premises recipient?

Follow these steps to add Full Access permissions to an Office 365 mailbox for an on-premises recipient:

  1. Login to the EAC in Office 365 (Exchange Online)
  2. Navigate to recipients > mailboxes and then select properties of the mailbox you want to add Full Access permissions for.
  3. In the properties window, navigate to mailbox delegation
  4. Scroll down to you get to the Full Access From there, use the recipient picker (plus-sign) to add the on-premises mailbox you wish to grant permissions to:
    hybridperm1
  5. Click save.

How do I add permissions to an on-premises mailbox for an Office 365 recipient?

As mentioned earlier, you cannot use the EAC to add permissions for an Office 365 recipient. Instead, you must use the on-premises Exchange Management Shell. Don’t worry it’s quite simple!

Add-MailboxPermission –Identity <On-Prem_mailbox_to_give_permissions_for> -User <O365_mailbox_to_give_permissions_to> -AccessRights FullAccess –AutoMapping $false

For example:

Add-MailboxPermission –Identity onpremmbx@domain.com –User clouduser@domain.com –AccessRights FullAccess –AutoMapping $false

Unlike for permissions in the same environment, the AutoMapping feature is not supported. Hence why I specified the –AutoMapping $false parameter. I suspect the permissions to work without adding the parameter too!

What will my users see?

There is no difference in how Outlook displays an Office 365 mailbox over an on-premises mailbox you have access to. However, an on-premises user might get prompted for credentials when trying to access a mailbox in Office 365. This is because, in the back, the Outlook client must establish a connection with the Office 365 service first.

How that looks, depends on a number of things like the version of the Outlook client, whether you use Modern Authentication and whether or not they already have another Office 365 mailboxes in their Outlook profile.

Blog Exchange Hybrid Exchange News Office 365

Looking forward to 2016…

…also means looking back at 2015. 🙂

First of all, let me start by wishing all of you a happy (belated) New Year. I hope that 2016 is off to a good start!

As you might have noticed, it’s been a little quiet around here these past few months. There’s a few good reasons for that:

  • I’ve been writing a lot for my employer, ENow. As a matter of fact, you could consider ENow’s solution Engine, also known as “ESE blog” (pun intended) as my new “primary” blog location. However, I realize I could do a better of “cross-posting” articles here, which I will vigorously keep an eye on in 2016. In the meantime, you can go to http://blog.enowsoftware.com to see what others and I have been writing about lately.
  • It’s been super busy at work (in a good way)! We are in the process of creating something entirely new and that has been keeping me busy –along with some really interesting consulting engagements! In due time, I’ll share more details on what exactly it is that we are doing. Needless to say, 2016 will be an interesting year @ ENow.
  • The Office 365 book for Exchange Professionals has been taking up quite a bit of time (rightfully so!). As Tony reported earlier, there have been a massive amount of changes in 2015 –all of which need to go into the book in one way or another. Throw in the release of Exchange 2016 and there’s plenty of things to keep you busy for a while. The upside of all this is that the latest version of the book is really, really good and very up-to-date –something that would not be possible when publishing in a traditional way. If you haven’t picked up your copy so far, you can do so here.

Anyway. A new year wouldn’t be one without proper resolutions, would it? The good news is that after some necessary downtime in December, my batteries are fully charged again and ready to hit to road running!

  • The Belgian “Pro-Exchange” user group is shortly moving to a new website (and platform). The team is seizing this opportunity to revitalize the community as well. Expect some big announcements in the days and weeks to come. I can share that we will be introducing a new name and we plan on having (more) regular in-person events. Because of everyone’s busy schedules we only had a few but successful events last year.
  • I look forward to the next release of the Office 365 book for Exchange Professionals. Although the book is updated incrementally (there’s a new release every few weeks), we find ourselves with a major update once or twice a year (there were two major releases, last year). I am in full writing mode as we speak, and you can expect a lot of new content from me evolving around authentication (Passport, Windows Hello, Multi-factor authentication), mail flow, hybrid deployments (and caveats) and hybrid recipient management. Keep in mind that I’m not the only one working on the book. Both Tony and Paul are also continuously adding new content to their chapters, so there’s much more to discover with every update/release!
  • The fall will be quite a busy time. First, there’s Ignite in Atlanta in September, followed by IT/DEV Connections in Vegas (in October) and the UK/UC Day as well. Although I am a little skeptical about Ignite as a conference, it is a must-attend event if you want to know what is happening in the Microsoft ecosphere. It’s as simple as that.
    For the past few years, I have been lucky enough to be allowed to speak at IT/DEV Connections. Compared to Ignite this is a very small conference, but very technical with lots of deep insights from the real world. Whereas Microsoft-hosted events sometimes tend to be a big heavy on the marketing-side of things, IT/DEV Connections is the independent voice which tells you what the world really looks like. I like the conference for a variety of things. First of all, it’s in Vegas (doesn’t need more explaining). I like speaking there and I thoroughly enjoy attending a lot of the sessions. But foremost, because the conference runs at a much smaller scale, it is the perfect opportunity to socialize with the attendees and have lots of great conversations. A fellow-MVP once described it to me as almost having a user group feeling is pretty close to what it is. If you don’t believe me: just take a look at last year’s sessions or perhaps purchase access to the session recordings. You’ll have to agree.
    Last but not least there’s the UK UC Day. It was organized for the first time, last year, and I was impressed by how well it was organized and by the amount of sessions and the quality of them. Given the reactions from the attendees, I’m confident that this year’s edition will be equally if not more successful.
  • Although I’m not making any commitments yet, I think 2016 would be a good year to write a successor to the Exchange 2013 High Availability e-book that Paul Cunningham, Steve Goodman and myself created. However, I wouldn’t expect it until later this year because none will really start deploying Exchange 2016 until after the first CU (or two)…
  • On a more personal level, I have taken it upon myself to read more books –other than tech e-books and (finally?) pursue my Instructor degree in Krav Maga.

Either way, I better get going to make all this happen! I don’t like waiting for the sun, the stars and the moon to align properly.

Until next time,

-Michael

News

Paul Robichaux joins ENow as CTO!

Hi all,

Today is a great day!

I know it’s been a while since I last posted here, but that’s just because I’ve been super busy with lots of things. Besides speaking at IT/Dev Connections and writing the Office 365 for IT Professionals ebook with Tony Redmond and Paul Cunningham, I have been working on some really exciting things at ENow! Amongst other cool new features, we recently developed new remote probes for our Exchange and Office 365 solutions. These probes allow you to monitor specific functionality such as the Autodiscover process or the ability to logon through AD FS from various locations other than your HQ or datacenter. I’m sure that this is something that larger organizations with multiple sites will appreciated!

This being said, I have other good news too! I am excited to share with you that Paul Robichaux, a long-time Exchange Server MVP will be joining the ranks at ENow as Vice President and CTO!

I’ve known Paul personally for a few years now, and I look forward to working with him at ENow. Paul is one of the people who inspired me to work in technology and more specifically in the area of Exchange. Even before I knew Paul personally, I was a big fan of him and his work. The many books and articles he authored have helped me through many of the endeavors in my early career –and they continue to do so today. Needless to say, his track record speaks for itself. And let’s not forget that he used to teach classes for the Microsoft Certified Solutions Master (MCM/MCSM) program as well!

Office 365 is very important to us. Back in 2012, ENow was the first to develop Mailscape 365, our best-in-class Office 365 monitoring and analytics solution. Since then, a lot of things have changed. We work hard to continuously improve our solution. Not only to meet the changing needs of our customers but also to evolve along with Office 365 –which changes faster than ever before. In order to align with the pace of change in Office 365, ENow moved to the Agile development process which allows us to respond more quickly to those changes and push out updates to our customers as quickly as possible. That Paul is joining our team reinforces ENow’s commitment to the future and is a herald of what more is to come!

Behind the curtains we are working on some really interesting things. Unfortunately, I cannot share too much about what that entails just yet. But trust me when I tell you it is BIG! Paul’s background in software development and his expertise in the area of Office 365 will play an important role in solidifying our position as a leading ISV in the Office 365 space as well as in the development of our future products and platforms.

Make sure to keep an eye out on the official ENow blog for future announcements. On my end, I’ll promise to update content on this website a little more often…!

Cheers,

Michael

Blog News

Azure AD Connect is now GA

Yesterday, Microsoft announced they released Azure AD Connect and Azure AD Connect Health to the public.
Azure AD Connect can be seen as the successor to DirSync/AADSync, with an added edge. It does not only allow you to configure directory synchronization, but the wizard also allows you to automatically setup and configure Active Directory Federation Services instead of having to go through the motions manually.

The GA of the tool has been long awaited and it’s great to finally see it become available for everyone. Make sure to check back in the weeks to come as I will more than likely be posting some articles on what’s new and how to deal with the tool.

You can read the original announcement here. If you want to skip the ‘boring’ stuff and get going straight away, you can get the tool from here.

-Michael

ADFS Blog Hybrid Exchange News Office 365

Latest security bulletin addresses vulnerability in AD FS

The April 2015 Security Bulletin, Microsoft released an update for Active Directory Federation Service 3.0 which comes with Windows Server 2012 R2.

According to the documentation, the vulnerability would allow an attacker to gain access to an application – such as Office 365. Apparently the flaw is in the logoff process. As I understand it from the limited information available, although the user appears to have logged off, the logoff actually failed allowing an attacker to re-use the existing token to access the application as the user.

Although the bulletin mentions that Microsoft has no knowledge of any cases where this vulnerability was exploited, I personally wouldn’t wait for it to happen to me… 🙂

More information can be found here: https://technet.microsoft.com/library/security/MS15-040

ADFS Blog News Office 365

Announcing “Office 365 for Exchange Professionals” (ebook)!

Hey all,

It’s been a while since I have last posted an article on my blog, and there’s a good reason for that. For the past few months, Paul Cunningham, Tony Redmond and I have been working fiercely on a new ebook, called “Office 365 for Exchange Professionals“. Together with Exchange MVP Jeff Guillet who is leading the efforts as our technical editor, we are confident that this book will deliver high quality, up-to-date and relevant information!

office-365-for-exchange-pros-cover-350

As the name might already give away, this book is targeted to Exchange administrators, enthusiasts and experts to help them transition their skills to the cloud. One of the biggest challenges writing about Office 365 is the fast rate at which things change. That is also the reason why we have chosen to publish the book as an ebook rather than a traditional, printed, book. We plan to have the book available in early May with contents being up-to-date as close as possible to the release date! We’re continuously editing the text to ensure that even the latest changes in Office 365 are included.

We are also looking at keeping the book up-to-date in the future to stay relevant as Office 365 (and Exchange Online) evolve. Right now, we are still figuring out what the best way would be to do that. Once we’ve come up with something suitable, we will definitely share that with you.

In the meantime, if you have any questions or there are topics which you would like to see covered in the book, feel free to leave a comment. The book already contains a lot (really, a LOT) of information, but getting your feedback has proven to be invaluable!

Looking forward to hearing from you!

-Michael

 

Blog Exchange News Office 365