Month: July 2014

Reporting on Office 365 Online Users with Services and Licensing Status

Posted on

For those Online Administrators who need to account for Online Users and the Services they are assigned, along with enabled services, this email is for you!  The below is provided as-is and should be placed into a .ps1 PowerShell file, so you can run these commands against the Microsoft Online Services.  The end result will be a .csv (spreadsheet) file that outputs all the relevant information:

…special thanks to Mauricio O. for the following information!

Steps to Run

Notes:

  1. Make sure you have installed the following prerequisites:
    1. Sign-In Assistant – Note: Even though the download states BETA, it is the proper SIA: http://www.microsoft.com/en-us/download/details.aspx?id=39267
    2. Windows Azure Active Directory Module for Windows PowerShell: https://portal.office.com/default.aspx#@/IdentityFederation/IdentityFederation.aspx
      1. clip_image001
  2. Start –> Run: Notepad
    1. Copy the text below into NotePad
      1. Replace the <user> with the location you want to save the output .csv spreadsheet file!

     

    1. Connect-MsolService -Credential $UserCredential

      write-host “Getting a list of users with their assigned licenses. Can take a while”

      $withlicense=get-msoluser -all | where {$_.islicensed}

      write-host “Tenant contains “$withlicense.count” licensed users. Generating report in c:\users\<user>\desktop\report.csv”

      ”UPN,Product,Status” | out-file “c:\users\<user>\desktop\report.csv” -Append

      foreach ($usr in $withlicense) {

          $status=$usr.licenses.servicestatus

          $status | %{

              $licstatus=$usr.userprincipalname+”,”+$_.serviceplan.servicename+”,”+$_.provisioningstatus

              $licstatus | out-file “c:\users\<user>\desktop\report.csv” -Append

          }

      }

  3. Save-As and set the File Type to All and place a .ps1 file extension to the file name
  4. clip_image003
  5. Open PowerShell and run the command, such as: c:\users\<user>\Desktop> .\OnlineuserReport.ps1

     

    Notes

  6. The output is all placed into a single column, so the best option here is to open the .csv file via Excel with File –> Open to review and massage the data!

  7. Launch Excel

  8. File –> Open and open the file

  9. Select Delimited à Next

  10. clip_image009

  1. Uncheck Tab and select Comma as the Delimiter –> Next

  2. clip_image011 

  3. Finish

  4. clip_image013 

  5. This will open the spreadsheet with the different data in different columns making it easier to read and review, filter, etc

  6. clip_image015

 

Legend of Column #3

  1. Pending Input = Needs attention from Admin to assign license
  2. Disabled = Disabled
  3. Success = Activated and enabled with Service, service listed in 2nd column

Managing the New Exchange Online OWA Document Collaboration Feature

Posted on

exchange_online_banner_sm

For those Office 365 Admins who are responsible for Outlook Web Access (OWA) and the new Document Collaboration feature, allowing Office 365 Web Apps to render the attached document and provide document editing and collaboration. While this is a great new addition, as Exchange previously would not allow or provide the ability to edit these attached documents, as the Exchange Information Store did not have that capability.  So now instead of having to save the attached document to a local PC, fileshare, SharePoint Online, etc and then edit the document, the attached documents can now have full editing capabilities, which is FANTASTIC!

OWA_Doc_Collaboration

So your next question might be “How do I manage this?  While I like this capability, my users may not be ready, I need to get everyone trained on this before rolling this out. How do I manage this?

special thanks to Bala K. for the following information

Steps to Manage Enablement/Disablement of OWA Document Editing

  1. Connect to Exchange Online via PowerShell
    1. http://help.outlook.com/en-us/140/cc952755.aspx
      1.  $LiveCred = Get-Credential
      2. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
      3. Import-PSSession $Session
    2. Once connected, you will manage this OWA Document Editing Capability by managing the OWAMailboxPolicy attribute for the Exchange Online tenant level for all users:
      1. Tenant
        1. Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -WacViewingOnPublicComputersEnabled $False -WacViewingOnPrivateComputersEnabled $False

Note – When using this new feature notice that the attached document has three elipsys (dots) which give users the ability to select if they want to download, otherwise clicking the document will open the attached document into Editing View:

doc_edit_download

Exchange Online Protection (EOP) – SPAM, Blocklist, URL Community Participation

Posted on

exchange_online_banner

For those Exchange Online Admins who are interested in Protection, SPAM and other security related mail concepts, this posting is for you.

Exchange Online participates in Protection Communities, which handle tracking and sharing information to other Community Members:

  • Exchange Online participates in the following communities in regards to security:
    • IP Blocklist in concert with Spamhaus
    • URL Lists in concert with Spamhaus, SURBL, URIBL and Invaluement

Office 365 & Mobility Management – Enterprise Mobility Suite

Posted on Updated on

Screen Shot 2014-07-03 at 3.07.21 PM

For you Online Administrators who have a mobility management role and responsibility, then this posting is FOR YOU!  Learn more about how to manage your Bring Your Own Device (BYOD) strategy by managing business mobile devices via Microsoft Online Services.  The Enterprise Mobility Solution allows for iOS, Android and Windows Phones, and desktop(s), providing a complete solution for all your mobility needs and business needs.

Microsoft Enterprise Mobility Suite

Screen Shot 2014-07-03 at 3.04.37 PM

Exchange Online Load Balancing of Mailboxes – Considerations to Outlook Clients

Posted on

exchange_online_banner_sm

For Exchange Online Administrators who hear from their users that they “sometimes” get disconnected and reconnected quickly and wondering…what is going on…this posting is for you!

Background

Exchange Online is constantly reviewing Exchange Mailbox Servers, determining if the right load or amount of mailboxes are on the Exchange Server.  As you know, the Exchange Store, Database Availability Groups (DAG), etc all play a part in how many mailboxes should be located on a server.  EXO makes sure that no servers are NOT overburdened to make sure all users, using any mail application, are not impacted by slow or sluggish performance.

To this end, Office 365 Exchange Admins may notice from time to time, through an Exchange Hybrid Server or Exchange Online Remote PowerShell that EXO mailboxes are being moved, with a move designation as local. This signifies that the mailbox is being load balanced onto another backend mailbox server and don’t worry, this is an Online Move, which means the MBX is being copied/moved over to a new server to provide the best server resources available.  As a result of the Online Move, once complete the original MBX is removed, Active Directory and Exchange are updated to the new location of the mailbox and the Outlook user will reconnect to outlook.office365.com, which then connects to the new mailbox server and mailbox.

Outlook Users

For those users whose MBXs are being moved to provide the best possible server health and access, they may see Outlook show as Disconnected and then quickly show Connected, with each Outlook connection changing within seconds or less.  In order to minimize the impact to users, the best possible configuration for Outlook users is the following, which allows Outlook to send credentials when asked without being prompted.

  1. Internet Explorer
    1. Why IE?  IE leverages the OS’ WinInet, which is used by socket based applications and when EXO asks for credentials and you add the following to your IE Security Zone settings, Outlook is able to release those credentials without being prompted to manually enter them
      1. Internet Explorer –> Tools –> Internet Options –> Security –> Local Intranet –> Sites –> Advanced
        1. For Active Directory Federation Service (ADFS) SSO (Single Sign-On) users add:
          1. https://*.yourcompanyDomain.com
          2. https://*.microsoftonline.com
          3. https://outlook.office365.com
        2. For non ADFS users
          1. https://*.microsoftonline.com
          2. https://outlook.office365.com
  2. Outlook
    1. When connecting to Exchange Online via Outlook, make sure each user uses the Save or Remember Me authentication dialog box.  This saves the users credentials into the Windows Operating System’s Credential Manager (CredMan), so when/if their mailbox is moved and Outlook must reconnect to an Exchange Online CAFE Server (Client Access Front-End), EXO will ask “who are you” and CredMan will silently pass those credentials and allow the Outlook client to quickly reconnect!