Every year in September, right after the summer holidays, there is an unofficial start of a new “work season”. For some this unofficial start moment comes a bit earlier, for others a bit later. Some even say their work season lasts the entire year… But that’s besides the point. The fall traditionally also heralds a myriad of tech conferences, each fighting for a moment in the spotlights. With Microsoft’s massive Ignite conference moving in from May, this year’s “conference season” promises to be exceptionally busy.
I’ve always liked going to conferences. Although content is important, having the opportunity to talk to peers and interact with the speakers (experts) is something I’ve learned to value more and more with each conference I attended in the past.
This year, I’m lined up to speak at a bunch of conferences again. If you have read some of my previous announcements, you’ll notice that I’m speaking at a pretty much the same conferences as before. Continue reading to find out why!
Nothing but excellent news in the hybrid Exchange realm these days! Microsoft recently updated the support statement for cross-premises permissions in a hybrid deployment. As of now, Full Access delegate permissions are supported cross-premises. I know many customers will be delighted to hear this as this has been a big ask for quite some time now.
It’s important to understand that the support only applies to Full Access permissions, as stated here. Other permissions like Send-As, Receive-As or Send-on-Behalf are still not supported. Note that Microsoft is in the process of updating its documentation; you should see a more consistent message across TechNet over the next few days!
Although full access permissions have been reported to work intermittently, no cross-premises permissions were supported previously. As such, you could not rely on them working either. From what I understand, the plumbing was already in place for a while but the intermittent results were partially due to the Outlook client not honoring them quite as one would expect. Provided you have the November 2015 update to Outlook 2013, you should no longer run into any problems.
As you move mailboxes to Office 365, permissions are migrated along. If you already had permissions assigned before the move, there is nothing you need to do. Although the permissions were also migrated previously, you had to move connected mailboxes at the same time so they would be hosted in the same organization in order for them to work. Not too long ago, I was talking to a customer who started out with a handful of mailboxes to move to Office 365 but ended up with a huge migration batch because of the interweaved permissions… As of now, this is no longer needed, making planning for migration batches a lot easier!
You should now also be able to add the Full Access permissions after mailboxes have been moved. This means you can give an on-premises mailbox access to a mailbox in Office 365 and the other way around without having to set the permissions prior to moving the target mailbox to Office 365.
In order to explain things more clearly, I have put together a Q&A. I hope this helps!
What cross-premises permissions are supported in a hybrid deployment today?
Full Access only. Other delegate permissions like Send-As, Receive-As or Send-on-Behalf are not. There are no changes to cross-premises calendar delegation either. That continues to work the same way it did before.
Will the permissions work both ways?
Yes. On-premises mailboxes can access Office 365 mailboxes and vice versa.
What do I need to do to make this work?
Nothing, really. Just make sure you are using an up-to-date Outlook client. For Outlook 2013, this means you need at least the November 2015 Cumulative Updates. Needless to say, the more up-to-date you are, the better!
In order to add permissions for a recipient in the other organization, you can either use PowerShell or the Exchange Admin Center. Unlike the EAC in Office 365, you cannot use the on-premises EAC to grant an Office 365 mailbox access to an on-premises mailbox. For that you must revert to using PowerShell.
How do I add permissions to an Office 365 mailbox for an on-premises recipient?
Follow these steps to add Full Access permissions to an Office 365 mailbox for an on-premises recipient:
Login to the EAC in Office 365 (Exchange Online)
Navigate to recipients > mailboxes and then select properties of the mailbox you want to add Full Access permissions for.
In the properties window, navigate to mailbox delegation
Scroll down to you get to the Full Access From there, use the recipient picker (plus-sign) to add the on-premises mailbox you wish to grant permissions to:
How do I add permissions to an on-premises mailbox for an Office 365 recipient?
As mentioned earlier, you cannot use the EAC to add permissions for an Office 365 recipient. Instead, you must use the on-premises Exchange Management Shell. Don’t worry it’s quite simple!
Unlike for permissions in the same environment, the AutoMapping feature is not supported. Hence why I specified the –AutoMapping $false parameter. I suspect the permissions to work without adding the parameter too!
What will my users see?
There is no difference in how Outlook displays an Office 365 mailbox over an on-premises mailbox you have access to. However, an on-premises user might get prompted for credentials when trying to access a mailbox in Office 365. This is because, in the back, the Outlook client must establish a connection with the Office 365 service first.
How that looks, depends on a number of things like the version of the Outlook client, whether you use Modern Authentication and whether or not they already have another Office 365 mailboxes in their Outlook profile.
First of all, let me start by wishing all of you a happy (belated) New Year. I hope that 2016 is off to a good start!
As you might have noticed, it’s been a little quiet around here these past few months. There’s a few good reasons for that:
I’ve been writing a lot for my employer, ENow. As a matter of fact, you could consider ENow’s solution Engine, also known as “ESE blog” (pun intended) as my new “primary” blog location. However, I realize I could do a better of “cross-posting” articles here, which I will vigorously keep an eye on in 2016. In the meantime, you can go to http://blog.enowsoftware.com to see what others and I have been writing about lately.
It’s been super busy at work (in a good way)! We are in the process of creating something entirely new and that has been keeping me busy –along with some really interesting consulting engagements! In due time, I’ll share more details on what exactly it is that we are doing. Needless to say, 2016 will be an interesting year @ ENow.
The Office 365 book for Exchange Professionals has been taking up quite a bit of time (rightfully so!). As Tony reported earlier, there have been a massive amount of changes in 2015 –all of which need to go into the book in one way or another. Throw in the release of Exchange 2016 and there’s plenty of things to keep you busy for a while. The upside of all this is that the latest version of the book is really, really good and very up-to-date –something that would not be possible when publishing in a traditional way. If you haven’t picked up your copy so far, you can do so here.
Anyway. A new year wouldn’t be one without proper resolutions, would it? The good news is that after some necessary downtime in December, my batteries are fully charged again and ready to hit to road running!
The Belgian “Pro-Exchange” user group is shortly moving to a new website (and platform). The team is seizing this opportunity to revitalize the community as well. Expect some big announcements in the days and weeks to come. I can share that we will be introducing a new name and we plan on having (more) regular in-person events. Because of everyone’s busy schedules we only had a few but successful events last year.
I look forward to the next release of the Office 365 book for Exchange Professionals. Although the book is updated incrementally (there’s a new release every few weeks), we find ourselves with a major update once or twice a year (there were two major releases, last year). I am in full writing mode as we speak, and you can expect a lot of new content from me evolving around authentication (Passport, Windows Hello, Multi-factor authentication), mail flow, hybrid deployments (and caveats) and hybrid recipient management. Keep in mind that I’m not the only one working on the book. Both Tony and Paul are also continuously adding new content to their chapters, so there’s much more to discover with every update/release!
The fall will be quite a busy time. First, there’s Ignite in Atlanta in September, followed by IT/DEV Connections in Vegas (in October) and the UK/UC Day as well. Although I am a little skeptical about Ignite as a conference, it is a must-attend event if you want to know what is happening in the Microsoft ecosphere. It’s as simple as that.
For the past few years, I have been lucky enough to be allowed to speak at IT/DEV Connections. Compared to Ignite this is a very small conference, but very technical with lots of deep insights from the real world. Whereas Microsoft-hosted events sometimes tend to be a big heavy on the marketing-side of things, IT/DEV Connections is the independent voice which tells you what the world really looks like. I like the conference for a variety of things. First of all, it’s in Vegas (doesn’t need more explaining). I like speaking there and I thoroughly enjoy attending a lot of the sessions. But foremost, because the conference runs at a much smaller scale, it is the perfect opportunity to socialize with the attendees and have lots of great conversations. A fellow-MVP once described it to me as almost having a user group feeling is pretty close to what it is. If you don’t believe me: just take a look at last year’s sessions or perhaps purchase access to the session recordings. You’ll have to agree.
Last but not least there’s the UK UC Day. It was organized for the first time, last year, and I was impressed by how well it was organized and by the amount of sessions and the quality of them. Given the reactions from the attendees, I’m confident that this year’s edition will be equally if not more successful.
Although I’m not making any commitments yet, I think 2016 would be a good year to write a successor to the Exchange 2013 High Availability e-book that Paul Cunningham, Steve Goodman and myself created. However, I wouldn’t expect it until later this year because none will really start deploying Exchange 2016 until after the first CU (or two)…
On a more personal level, I have taken it upon myself to read more books –other than tech e-books and (finally?) pursue my Instructor degree in Krav Maga.
Either way, I better get going to make all this happen! I don’t like waiting for the sun, the stars and the moon to align properly.
I know it’s been a while since I last posted here, but that’s just because I’ve been super busy with lots of things. Besides speaking at IT/Dev Connections and writing the Office 365 for IT Professionals ebook with Tony Redmond and Paul Cunningham, I have been working on some really exciting things at ENow! Amongst other cool new features, we recently developed new remote probes for our Exchange and Office 365 solutions. These probes allow you to monitor specific functionality such as the Autodiscover process or the ability to logon through AD FS from various locations other than your HQ or datacenter. I’m sure that this is something that larger organizations with multiple sites will appreciated!
This being said, I have other good news too! I am excited to share with you that Paul Robichaux, a long-time Exchange Server MVP will be joining the ranks at ENow as Vice President and CTO!
I’ve known Paul personally for a few years now, and I look forward to working with him at ENow. Paul is one of the people who inspired me to work in technology and more specifically in the area of Exchange. Even before I knew Paul personally, I was a big fan of him and his work. The many books and articles he authored have helped me through many of the endeavors in my early career –and they continue to do so today. Needless to say, his track record speaks for itself. And let’s not forget that he used to teach classes for the Microsoft Certified Solutions Master (MCM/MCSM) program as well!
Office 365 is very important to us. Back in 2012, ENow was the first to develop Mailscape 365, our best-in-class Office 365 monitoring and analytics solution. Since then, a lot of things have changed. We work hard to continuously improve our solution. Not only to meet the changing needs of our customers but also to evolve along with Office 365 –which changes faster than ever before. In order to align with the pace of change in Office 365, ENow moved to the Agile development process which allows us to respond more quickly to those changes and push out updates to our customers as quickly as possible. That Paul is joining our team reinforces ENow’s commitment to the future and is a herald of what more is to come!
Behind the curtains we are working on some really interesting things. Unfortunately, I cannot share too much about what that entails just yet. But trust me when I tell you it is BIG! Paul’s background in software development and his expertise in the area of Office 365 will play an important role in solidifying our position as a leading ISV in the Office 365 space as well as in the development of our future products and platforms.
Make sure to keep an eye out on the official ENow blog for future announcements. On my end, I’ll promise to update content on this website a little more often…!
Yesterday, Microsoft announced they released Azure AD Connect and Azure AD Connect Health to the public.
Azure AD Connect can be seen as the successor to DirSync/AADSync, with an added edge. It does not only allow you to configure directory synchronization, but the wizard also allows you to automatically setup and configure Active Directory Federation Services instead of having to go through the motions manually.
The GA of the tool has been long awaited and it’s great to finally see it become available for everyone. Make sure to check back in the weeks to come as I will more than likely be posting some articles on what’s new and how to deal with the tool.
You can read the original announcement here. If you want to skip the ‘boring’ stuff and get going straight away, you can get the tool from here.
The April 2015 Security Bulletin, Microsoft released an update for Active Directory Federation Service 3.0 which comes with Windows Server 2012 R2.
According to the documentation, the vulnerability would allow an attacker to gain access to an application – such as Office 365. Apparently the flaw is in the logoff process. As I understand it from the limited information available, although the user appears to have logged off, the logoff actually failed allowing an attacker to re-use the existing token to access the application as the user.
Although the bulletin mentions that Microsoft has no knowledge of any cases where this vulnerability was exploited, I personally wouldn’t wait for it to happen to me… 🙂
More information can be found here: https://technet.microsoft.com/library/security/MS15-040
It’s been a while since I have last posted an article on my blog, and there’s a good reason for that. For the past few months, Paul Cunningham, Tony Redmond and I have been working fiercely on a new ebook, called “Office 365 for Exchange Professionals“. Together with Exchange MVP Jeff Guillet who is leading the efforts as our technical editor, we are confident that this book will deliver high quality, up-to-date and relevant information!
As the name might already give away, this book is targeted to Exchange administrators, enthusiasts and experts to help them transition their skills to the cloud. One of the biggest challenges writing about Office 365 is the fast rate at which things change. That is also the reason why we have chosen to publish the book as an ebook rather than a traditional, printed, book. We plan to have the book available in early May with contents being up-to-date as close as possible to the release date! We’re continuously editing the text to ensure that even the latest changes in Office 365 are included.
We are also looking at keeping the book up-to-date in the future to stay relevant as Office 365 (and Exchange Online) evolve. Right now, we are still figuring out what the best way would be to do that. Once we’ve come up with something suitable, we will definitely share that with you.
In the meantime, if you have any questions or there are topics which you would like to see covered in the book, feel free to leave a comment. The book already contains a lot (really, a LOT) of information, but getting your feedback has proven to be invaluable!
In yesterday’s rollup article for December 2014, Microsoft mentioned that they have upped the 25MB message size limit to 150MB when onboarding a mailbox to Office 365. The new limit applies, for instance, to mailboxes moved through a hybrid configuration to Office 365:
Office 365 Exchange Online message size onboarding limit increase — We are making a change to allow customers to migrate larger mail messages to Exchange Online. We now allow messages up to 150MB to be migrated to the service. The change is available immediately to all customers and is published as a new limit in the Exchange Online limits page in the Office 365 service description. We are not changing other limits such as mailbox size or maximum send/receive limit for messages. This change enables customers with large messages to easily migrate their existing content to the message.
Before, any message greater than 25MB were skipped. The hard limit might have been a little over 25MB, because the system accounted for overhead as well. As a result of that, the administrator either had to manually export those message from the mailbox (to keep them) or just ‘leave them behind’.
This new limit is without any doubt good news for many organizations that are moving (or looking to move) to Office 365. The change also adds something extra to consider when onboarding mailboxes –mainly with regards to the velocity of a migration. Before, mailboxes could potentially be a lot smaller if it contained many items that exceeded the limit. With the new limit, administrators will have to take into account the additional payload (size) of those messages; potentially increasing the amount of data that has to be moved to ‘the cloud’.
All in all, this is yet another obstacle that Microsoft got rid of in favor of moving to Office 365 easier, but there are still some ‘limitations’ left; I can’t wait for Microsoft to address those too! For instance, the message size limit for sending and receiving messages hasn’t changed and Free/Busy lookups between two hybrid organizations is still a pain as well. However, I have no doubt that Microsoft will tackle these issues in due time as well.
We’re almost one day into the new year and this is usually the time people look back at the past year and make their comments. As I have my piece coming up on TechTarget shortly, I will save you from doing it here! However, I do want to look forward a bit and tell you about some of the (cool) things I’ve been working on (which is also why it’s been a little more quiet on my blog these past few weeks…).
First of all, starting my new job at ENow has kept me quite busy. There’s always a learning curve when starting at a new place and I certainly had to learn a lot (still have to). As a result, I haven’t had as much time for writing as I would have liked. On the other hand, I’m pretty sure that the “Configuring and Managing Exchange Server 2013 High Availability” ebook has had its hand at why I have not written as much as I usually try to do. Nonetheless, I have prepared some things which I hope to be releasing in the next few days and weeks. Here’s a little teaser:
1. I am working on a comparative analysis of several 3rd party identity federation solutions that work with Office 365 (such as e.g. Celestix and Orka). It is not my intention to determine which one is better than the other, instead I wanted to talk about what each service/manufacturer does and how it works with and relates to Office 365 (and maybe walk you through the basic configuration). Given that Identity Management is a big part of the work I do with Office 365, I found this might be useful! Next to the aforementioned vendors, I also hope to include solutions from Ping Identity and OneLogin so that I cover a little more ground. Unfortunately I cannot cover all solutions that exists, but if you think I should take a look at another solutions, feel free to shoot me an email! If time permits, the first part should be available before the end of this week.
2. 2014 was definitely a year in which “Cyber Security” has had a lot of attention… More specifically, there have been a lot of “breaches”, the last one being the story of how Sony got attacked and sensitive information got leaked –apparently via email. Together with some other MVPs, I will be building a set of articles to discuss how these events relate to Exchange and how you can “harden” your Exchange environment. Even though Exchange is considered (and it is) to be “secure out of the box”, there are some additional steps you could take –IF your organization requires it. However, if you decide to take additional steps, it’s even more important that you do things right. And that’s the sweet spot we’re aiming for.
Lastly, I’m happy to announce that 2015 start off quite well. Earlier today I was presented with the MVP-Award for the third time in a row. I would like to take this opportunity to thank you guys for supporting me by reading my articles and interacting through comments. I look forward to many more interesting talks in the coming year!
A few days ago, Microsoft released Cumulative Update 6 for Exchange 2013 to the world. There used to be a time where Exchange server updates were fairly safe. However, pretty much like in every other Cumulative Update for Exchange 2013, this one also includes some bugs which break functionality in one way or another. While one would say that it starts to become painful for Microsoft, I’m starting to believe it’s more of a joke.
Exchange Server MVP Jeff Guillet was the one to first report the issue. As it turns out, the Hybrid Configuration Wizard in CU6 runs just fine, but some of the features (like initiating a mailbox move from the on-premises EAC or the ability to switch between the on-prem/cloud EAC) no longer work. Although the scope of the break is somewhat limited (it only applies to customers in a hybrid deployment), one could argue it’s an important focus area for Microsoft – especially given that it’s cloud-related. Microsoft has been trying really hard (with success, may I add) to promote Office 365 and get customers to onboard to “the service”. As such, I find it really surprising that it’s the n-th issue related to hybrid deployments in such a short time. In Cumulative Update 5, the Hybrid Configuration Wizard is broken and now there’s this.
Needless to say, you are warned about deploying Cumulative Updates into production. Pretty much every MVP which announced the Cumulative Update made the remark that you should better test the update before deploying it. I would say this is a general best-practice, but given the history of recent Exchange Server updates, I wouldn’t dare to deploy one without thoroughly testing it.
This brings me to another point: what happened to testing, Microsoft? I understand that it’s impossible to test every customer scenario that you can find out there, but how come that pretty obvious functionalities like these manage to slip through the cracks? If it were a one-time event, I could understand. But there’s a clear trend developing here.
Running a service like Office 365 is not easy. More so, the cadence at which the service evolves can be really scathing. On-premises customers have been struggling to keep up with the updates that are being released in the cloud, but it seems that Microsoft itself is having a hard time to keep up too.
On a final note, I’m wondering what customers with a hybrid deployment should do. According to Microsoft support guidelines, hybrid customers are requested to stay current with Exchange Server updates. But given that this is now two consecutive update that are causing problems, one might start to wonder if it’s not better to stay at CU4 as it was the last CU which did not have any hybrid issues…
I imagine that Microsoft is working hard on a fix for this issue, even during a holiday weekend… Let’s wait and see what happens early next week!
Until then, I would hold off on deploying CU6 and revert to using CU5 with the interim update which fixes the HCW bug or – if you don’t like IUs – stick to CU4/SP1.