Short takes: ADFS certificate expiry; Azure Authenticator setup on Windows Phone; checking if a MSOL tenant name exists

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Some more snippets of randomness pulled together to make a blog post…

ADFS certificate expiry

One of my colleagues spotted this in a customer’s Office 365 tenant recently:

Office 365 - Renew your certificates

Thankfully, it wasn’t one we were managing… but I did feel the need to flag it to the incumbent service provider. If this happens to you, my colleague Gavin Morrison (@GavinMorrison) flagged a potentially useful blog post from Jack Stromberg about renewing ADFS Certificates.

Azure Authenticator Setup on Windows Phone

Whilst setting up additional authentication for Office 365 (in effect, Azure AD MFA) I found that I couldn’t add an account until the Windows Phone Azure Authentication app had enabled push notifications. Despite repeatedly enabling it in Settings, completing setup of the account needed a phone reboot, at which point it was ready for me to scan a QR code and continue.  Even then the option to allow notifications doesn’t seem to stick!

Checking if a Microsoft Online Services tenant name exists

My colleague Gareth Larter found a neat trick this week for checking if a Microsoft Online Services (MSOL) tenant exists (e.g. for Office 365).

Gareth’s advice is to browse to https://login.windows.net/tenantname.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml and, if you get an error, it should show “No service namespace named ‘tenantname.onmicrosoft.com’ was found in the data store” at the bottom right meaning that the tenant name is available:

On the other hand, if you get a bunch of XML data returned, then that tenant already exists.

“Unlicensed Product” errors in Microsoft Office

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier this evening, I noticed that my copy of Outlook was showing as an “unlicensed product” at the top of the screen. That seemed strange, as I pay for an Office 365 Home subscription, which covers my family’s various copies of Office.

Outlook reports intself as an unlicensed product

So, I took a look at the Office Account settings, and noticed that it wasn’t signed in to Office 365 for some of the connected sources.

Disconnected from Office 365 services

I reconnected to My Office 365 subscription, signing in with my “Work or school account” as that’s what the markwilson.it Office 365 subscription uses, even though the Office 365 Home subscription uses a Personal Account (formerly known as a Microsoft Account):

Which Microsoft account to use?!

After authenticating (and a restart), Outlook was no longer complaining about being unlicenced.

I’m not sure if it’s a complication of having both a Microsoft Account (MSA) and an Organization/Work and School (Azure AD) account with the same email address, but it seems there are various scenarios that can present this issue.

Thankfully this one wasn’t too hard to sort out!

Why Microsoft customers don’t need to worry about EU-US Safe Harbour/Harbor

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

When European Courts judged the 15-year-old EU-US Safe Harbour/Harbor treaty to be invalid last October, Internet news sites started to report how terrible this was for EU companies placing data into cloud services offered (mostly) by American companies. For some, that may be true, but that assumes Safe Harbour is the only protection in place.

This week, IT news sites are at it again. The Register (the tabloid newspaper of IT news sites) has an article titled Safe Harbor 2.0: US-Europe talks on privacy go down to the wire but the actual URI belies a much more dramatic title of “Safe Harbor countdown to Armageddon”. Sensationalist at best, some might even say irresponsible.

I’m no lawyer but, for my customers, who are implementing Microsoft cloud services, there seems to be nothing to worry about and I’ll explain why in this blog post. Of course, Microsoft is just one of many cloud services providers – and for others there may be valid concerns.

The United States Export.Gov website currently displays the following text regarding Safe Harbor:

“On October 6, 2015, the European Court of Justice issued a judgment declaring as ‘invalid’ the European Commission’s Decision 2000/520/EC of 26 July 2000 ‘on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.’

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.”

EU Model Clauses trump Safe Harbour

Microsoft President and Chief Legal Officer, Brad Smith, issued a statement on 6 October 2015. Quoting from that article:

“For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place. This includes additional and stringent privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor. Both the ruling and comments by the European Commission recognized these types of steps earlier today.

Microsoft’s cloud services including Azure Core Services, Office 365, Dynamics CRM Online and Microsoft Intune all comply with the EU Model Clauses and hence are covered in this way.”

There’s also a follow-on post which talks in general terms about the wider issues and privacy beliefs but the key point is that Microsoft offers EU Model Clauses within its contracts, which go beyond Safe Harbour. Microsoft also has an FAQ on the EU Model Clauses that is worth a read.

Quoting again from the 6 October 2015 statement:

“We wanted to make sure all of our enterprise cloud customers receive this benefit so, beginning last year, we included compliance with the EU Model Clauses as a standard part of the contracts for our major enterprise cloud services with every customer. Microsoft cloud customers don’t need to do anything else to be covered in this way.”

That suggests to me that customers who have signed up to Azure Core Services, Office 365, Dynamics CRM Online or Intune since early 2014 already have greater privacy protection than was afforded by Safe Harbour – and that protection meets the EU’s current requirements. In short, Microsoft customers don’t need to worry about Safe Harbor (sic).

Short takes: SharePoint/Delve and shortlinks; CESG guidance on Office 365; removing Sway from the App Launcher

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

So, it’s Christmas Eve and I’ve run out of annual leave this year so I’m still working… looks like everyone else has gone home though so I’m really just clearing down my mailbox, searching for Inbox Zero nirvana. As I do, there are lots of little snippets that I might like to remember, so here’s a little Christmas compilation…

SharePoint, Delve and short links

We have a URL shortener at work and one of the things it’s really great for is taking reallyreallylongandundigestibleurisfromsharepoint and making them risu.al/short. Unfortunately Alex Eggar, who leads our Business Productivity group, highlighted to me that I’m better off using SharePoint’s sharing functionality… otherwise Delve won’t know what’s going on…

There’s loads of information on Delve for Office 365 administrators and Paul Olenick (SharePoint MVP) has an interesting post the describes more about Delve. What I haven’t managed to get clear in my head yet is why a short URL bypasses the Office Graph… I’m still accessing the content… but I’ll leave that one to the experts!

CESG Guidelines for use of Office 365 at OFFICIAL

I had an interesting meeting with a customer recently, discussing how their Office 365 implementation aligned to UK Government (CESG) guidelines. Whilst they are guidelines, and this customer is only loosely affiliated with the Government, the CESG guidance on Office 365 could be considered as a useful benchmark.

The guidelines are available on the gov.uk website. Currently they include:

Turning off the App Launcher tile for Sway

As I wrote a couple of months ago when describing how to selectively remove tiles from the Office 365 App Launcher, disabling Sway in Office 365 didn’t used to remove the tile from the launcher. Since earlier this month, that behaviour has been changed with more details in Microsoft knowledge base article 3075256.

Encouraging adoption in enterprise social networks

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In my job, consulting with many organisations who are adopting Microsoft products and services, including Office 365, I have a lot of discussions about Yammer and other modern communication methods (e.g. Sway).

Many have already had pilots with Yammer and found it didn’t work for them. Some are smart enough to realise that it wasn’t Yammer at fault but a lack of executive sponsorship. Adapting a new medium for communication takes time; it needs a cultural shift. If your boss uses it, you might consider giving it a try (although when I had a team, my experience at getting them to use Yammer was best described as mixed). But if your boss’ boss uses it, or the CEO, and the internal communications team are are using it instead of email, then you might stand some chance of success – because, as well as executive sponsorship, it needs critical mass (which means people need a reason to visit).

Of course, the platform itself has to be usable. In my last place the corporate social platform was Newsgator (which was awful), coupled with an old version of SharePoint and, aside from the teams whose job it was to evangelise its use, it was pretty much ignored. In fact, so much so that other social networks popped up in their own bubbles: the sales community were using Salesforce Chatter; although Yammer actually seemed to gain more traction in some areas (via an external network hosted by Microsoft for partner engagement) because there was something of value there for people.

So, we need executive sponsorship, critical mass, and a usable platform, with content that people value. But there’s something else too – people have to stop using the old methods in parallel.

Recently, I witnessed one organisation where someone posted some infomration on Yammer and it got a flurry of activity/commentary on the original post (so far so good). Then someone else sent an email to a distribution group to highlight the same information. That sender might not have seen the original post but email isn’t a good way to share links about new products. Some (myself included) may consider it as just unsolicited bulk email (spam) but spam that’s sent from inside the organisation. To make matters worse, because Office 365 Clutter doesn’t filter out email from people in your management chain, that email will never be filtered.

No, no, no, no! Post once, on the right medium*. Yammer for information sharing/comments on a topic that might run and run; instant messaging for messages that require a response… instantly (the clue’s in the name) and stop abusing email (which, incidentally is an asynchronous communications mechanism to which you should not require, or even expect, a response). As for voice mail, SMS, etc. Well, who knows… anyway, I’m supposed to be writing about getting people using enterprise social networks here – not a lecture on communication methods (and I know one size doesn’t fit all).

So, that’s my view – which you might agree with, or you may not. But it’s been cathartic to have a little online rant and at least it means I’ll get at least one blog post up this month! For another view, take a look at what the Yammer team at Microsoft shared with me – a 2012 Office blog post on Deploying a Successful Enterprise Social Network: Best Practices From the Field.

 

Mark Wilson is an increasingly busy, grumpy and ranty man, who wants to reduce the volume of email arriving in his Inbox…

* I do have to admit that, on occasion, I have been known to email a group of people and say “please reply to my thread on Yammer”, because I knew a lot of them didn’t use it but I wanted everyone to see the replies withough creating a Reply All email storm. This is not good.

Recovering data after OneDrive for Business “ate” my OneNote notebooks…

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday, I wrote about troubleshooting OneDrive for Business. What I didn’t write about though was the problems that a simple repair to OneDrive for Business (acting on advice to resolve some sync issues on my client) caused for me…

The OneDrive for Business repair operation works as follows:

  • Disconnects all libraries that were experiencing sync problems.
  • Reconnects these libraries. This means Repair downloads and syncs the current server version of each library, as if you were syncing for the first time.
  • Creates an archive copy of any file that had unsynced changes and places these files in a library folder under C:\users\username\OneDrive for Business archives\.

So, if you are using that full 1TB of storage… you’d better have a good network connection to pull the entire contents of the library from the cloud (which is why the next version of the OneDrive client has selective sync).

In my case, I’m only using a few GB but, because I moved my entire Documents folder to OneDrive a few months ago, my OneNote notebooks were part of the data that was pulled down from the cloud.

I rely heavily on OneNote – I stopped using paper notebooks when I left my last job, as my everyday device is a Surface Pro 3 (which I find ideally suited to note-taking) – and here’s the lesson I learned:

OneNote and OneDrive for Business do not (always) play together nicely.

It should work – there’s even Microsoft advice for moving a OneNote notebook to OneDrive (and the same process works for OneDrive for Business) but it seems the mistake I made was to move all of my files in Windows Explorer. Whilst researching this blog post I’ve found Microsoft’s OneNote syncing best practices (KB2819334) and what I should have done is move the OneNote notebooks from within OneNote…

After the OneDrive for Business repair, I was left with a .ms-one-stub file which Explorer reported as being 1KB in size. 6 months of notes had disappeared – and opening OneNote didn’t follow the stub and magically pick up my notes. I felt physically sick. I thought I had two copies – one on the PC and one in OneDrive for Business. But no, OneDrive for Business was my backup – and it had “eaten” my work.

Luckily, there was another backup copy. It wasn’t current, but it was only a couple of days out of date, rather than starting from scratch. I found that OneNote stores a copy of notes in C:\Users\username\AppData\Local\Microsoft\OneNote\15.0\Backup.

That location has a folder for each notebook. Each folder contains a OneDrive recycle bin (OneNote_RecycleBin) and copies of  my .one files for each section, with a date when the backup was taken – for example project.one (On 22-11-2015).one. I’m not sure when the backup is taken (I’ve made changes to sections today that are still not reflected in the OneNote backup, but losing a couple of days is vastly superior to losing 6 months.

Even with the new information about the correct way to sync OneNote to OneDrive for Business, I’m not sure I completely trust it. From now on I’ll be making a third copy to another location…

 

Troubleshooting OneDrive for Business

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve written previously about the OneDrive for Business sync client – and I was pretty critical of it too. Since then, I’ve been working with OneDrive for Business every day on my work PC and it generally works well for me.  It’s not all a bed of roses though. I’ve had significant challenges with OneDrive in one customer implementation but part of the issue would appear to be their PC build, compounded by the approach taken to applying Microsoft updates.

It doesn’t help though that some Microsoft updates actually break OneDrive – the 13 October 2015 update for Office 2013 (KB3085566) prevents OneDrive for Business from syncing and needs an additional update from 21 October 2013 (KB2986219). And those are Office updates – separate to the OneDrive for Business client updates (e.g. KB3085509 and KB3101505).

I’m hoping that the new unified OneDrive sync client will improve things further. After all, Microsoft are claiming that:

“First and foremost, we’re delivering a rock-solid new sync experience.”

Great! That’s exactly what’s needed.

The new client (based on the consumer OneDrive client, which I think has its roots in Windows Live Mesh, rather than in Groove) introduces selective sync, removes some previous item count and file size limits and gets away from having two clients for OneDrive and OneDrive for Business. It’s also coming alongside improvements to the browser and mobile experiences, and changing to external sharing options (there’s more information on the OneDrive blog) but, for now, it’s an early preview and unfortunately not available for Windows 8.x.

Trying to fix my customer’s issues has led me to some useful resources for troubleshooting OneDrive for Business though – including an Office Support article on Fixing OneDrive for Business Sync Problems and a OneDrive for Business Sync Issues Troubleshooter. I’m not sure how well-known this second resource is, but it walks through a number of scenarios to help resolve problems, including:

Some of this is good practice, some is standard troubleshooting (clearing caches, reinstalling applications) but hopefully most people won’t need to go much further than the first few items. It’s definitely worth knowing about though…

Clutter and Junk Email in Exchange Online

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of my Office 365 customers has been asking about Clutter and Junk Email – with concerns that Clutter doesn’t move all the mail they think it should and also that more email is being trapped as junk than they expect (or experienced with on-premises Exchange.  I thought it might be useful to cover a few bits and pieces on the topic…

Clutter

Looking first at Clutter, it’s a new capability introduced in Exchange Online a year ago which uses the Office Graph to move lower priority messages out of your way and into a new Clutter folder, with the intention that users can focus on the most important messages in their Inbox.  In essence, not everything received from third parties trying to sell things is junk – you may have newsletters and other updates that are not essential but that you don’t need to read right away. And, as your reading habits change, Clutter learns and adapts.

It’s a nice idea, but sometimes Clutter needs a little helping hand. You can switch Clutter on/off, or help it to learn your preferences by following Microsoft’s advice to use Clutter to sort low priority messages in Outlook on the web. Office 2016 users can also train Clutter in Outlook (the capability is not there in Outlook 2013).

In addition, messages sent from yourself, or from your management chain or direct reports (if you’re an Office 365 Business user) will never be identified as Clutter. It’s also possible for administrators to use a transport rule to ensure that certain messages are not treated as Clutter.

If you want to know more, Tony Redmond (@12knocksinna) has an FAQ with answers to common Clutter questions that I recommend reading.

Junk Email

Junk Email filtering has been around for a lot longer than Clutter and Office 365 uses intelligence built up over time to ?determine which messages are “spam” or junk email. Many messages are trapped before they even get to your Inbox. Sometimes, it’s not clear whether a message is Junk or not and something you intended to receive may be moved to your Junk Email folder in error. In my customer’s case, after a mailbox had been transferred from the on-premises Exchange to Exchange Online, we effectively have a new mailbox in a new Exchange organisation and it needed to re-learn some of the personal preferences around Junk email.

It’s unlikely that internal email will be classified as Junk; however you can edit this following the advice in Microsoft knowledge base article 2545137. It’s also possible to use a transport rule to set the spam confidence level (SCL) to -1 (i.e. definitely not spam) based on given criteria.  In addition, allow and block lists can be created within the spam filter in the Exchange Admin Center.

There’s more information on safe and blocked senders and the various mechanisms that are used in the Microsoft TechNet safe sender and blocked senders FAQ as well as consumer advice on using Junk Email Filters to control which messages you see.

The whole process

The whole filtering/organising process works like this:

  1. Messages identified as possible junk email are automatically moved to the Junk Email folder, and any potentially dangerous content, for example links or attached programs, are disabled.
  2. Next, any Inbox rules are processed.
  3. If you use Sweep in Outlook on the web, it will then organize your Inbox.
  4. Finally, Clutter will analyse the remaining messages and filters those that match a pattern for being ignored or not responded to, based on past behaviour.

The impact of Microsoft’s changes to OneDrive storage quotas on Office 365 plans

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier this week, Microsoft announced some changes to its consumer cloud storage product, OneDrive (with more details in this FAQ).

Whilst the changes to OneDrive storage quotas are disappointing for some users, that’s life – you don’t get much that’s genuinely free and Microsoft clearly wasn’t making money on OneDrive.

What I find more disappointing is that Microsoft has created a real mess, after so much positive publicity in the new cloud-first, mobile-first Microsoft that Satya Nadella is leading. And it’s not about the products – the marketing guys are to blame here. First of all, there was nothing on the Office blogs about this – the announcement is on a separate OneDrive blog. Then that announcement refers to “Office 365 consumer subscribers”. So, as one person commented on the Office 365 Yammer network:

“Oh Microsoft what were you thinking with your poorly articulated and conceived change to OneDrive? https://blog.onedrive.com/onedrive_change . What a mess! Now people are emailing me and asking when they will lose space on their OneDrive and I have to explain ‘not that OneDrive this OneDrive’ and ‘not that Office 365 this Office 365′”

As well as two OneDrive products (OneDrive and OneDrive for Business, although sometimes with a unified client) and two Skype products (Skype and Skype for Business, again becoming more integrated but not quite there) we now seem to have the marketing teams talking about two sets of Office 365 subscription plans (Office 365 consumer and Office 365 business).

Anyway… setting aside some dubious product naming decisions, a retrenchment from “unlimited” storage (we all know what unlimited means to marketing departments… and surely it can be managed with an acceptable use policy if it’s being used to extremes) and some mightily annoyed end users who are about to see a drop in their OneDrive storage, what does this actually mean for Office 365 customers? I heard one MVP announce that Microsoft was reducing the amount of storage in Office 365 – and, unless we’re talking about an Office 365 Home, Personal, or University subscriber, that’s simply not the case.

Well, if you have an Office 365 consumer subscription, you still get 1TB of storage (per user – so with my family of 4 users on Office 365 Home, that’s potentially 4TB of storage) and, if you have an Office 365 business subscription, then the unlimited storage was never rolled out (at least not on any tenant I’ve seen) – although at the time of writing it is still on the Office 365 Roadmap as “in development” (I do expect that to change, although I haven’t seen any announcements from Microsoft).

In essence, it seems “unlimited” is a terabyte. Which may not be what the Oxford English Dictionary defines as the meaning of unlimited but is still a huge uplift on any file shares I’ve ever seen provisioned to end users!

Up to 22% discount on Office 365 Home subscriptions

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few weeks ago, I wrote about Office 365 Home, which allows me to get the latest version of Microsoft Office on up to 5 PCs/Macs, 5 tablets and 5 phones.  Originally, I took out a one month free trial, after which it becomes a monthly subscription at £7.99.

If you pay annually, you can get 2 months free. Add that to the one month free trial and by my calculations that’s a 22% discount on Office 365 in year 1 and 16% in subsequent years.

Beware though, if you make a payment too early in your trial period, the free trial ends immediately.

I also found that, when I went to renew, the price was in US Dollars (although that might actually have been cheaper, before credit card charges, etc.). I contacted Microsoft support, who were happy to make the required changes on my account from monthly to annual renewal.