Office 365 Report / Auditing

Office365

Office 365 is continually evolving, expanding and improving – meaning new capabilities and opportunities, alongside the need to support adoption and manage change on an ongoing basis. Over the years I have been asked to do lots of On Premise current state assesments to help customers plan and check to ensure that their infrastructure is running optimally and meets current, and future, requirements. Recently however I have noticed an incline in requests from customers who want the same current state assesment for Office 365.

Whilst doing a bit of googling to see if there were any reporting tools that could ensure I capture key information on our customers tenant I was amazed at what I found, the following tool can be downloaded for FREE from Microsoft Technet and it ticks all the boxes:

To get your copy of the tool follow the link here: https://gallery.technet.microsoft.com/office/Office-365-Reporting-Tool-7987b4c2

Below are some screenshot from within the reporting tool:azure-overall-dashboard exchange-audit-overall-dashboard

sharepoint-overall-dashboardAdminDroid MFA Dashboard

What Can the Tool Do?

The tool provides detail reports on the following areas of Office 365

  • Azure Active Directory (43 reports)
  • Security Reports (22 Reports)
  • Exchange Online (99 reports)
  • SharePoint Online (35 reports)
  • OneDrive for Business  (11 reports)
  • Skype for Business (22 reports)
  • Yammer (20 reports)
  • Microsoft Teams (16 reports)
  • General Office 365 Reports (9 reports)

Reporting Capabilities Highlights

This Office 365 Reporting tool comes with advanced reporting capabilities which make tedious reporting task to an easier one.
  • Automatic Schedule –  Schedule one or more reports to run automatically at the configured time and delivered straight to your preferred mail-ids.
  • Rich Filters – Apply filter on any columns to see only the required information and save the filter for future use.
  • Easy Customization – Allow you to easily customize the reports by rearranging, adding or removing the columns and its size.
  • Report Export – Ability to export the reports to CSV, PDF, HTML, XLS or XLSX.

 

For me this tool will help me put together usefull documentation that we can present to customers and hopefully help plan a way forward with something that customers have aready invested in, I believe this FREE tool will help customers decide on a stratagy to develop their Office 365 utilisation for the better.

Advertisements

Office 365 Tenant to Tenant Migration without expensive tools

Office365.png

I have recently been working on a project to move nearly 2000 users from one Office 365 tenant to another. You may say simple, there are plenty of third party tools out there that will do that for you, but what about if the customer has not budgeted for the extra cost for these tools…. What do you do?

Now in this solution we had to purchase a very cost effective tool and a SSL certificate for the Exchange Server. The costs for these were no where near the costs of all of the well known tools from BitTitan and Cloud Migrator. we were quoted $6 per user by BitTitan as it was education or for normal businesses we were quote $14 per user. So as you would expect approx 2000 licenses at $6 each works out very expensive for an unexpected cost.

The tool we used was called Systools OneDrive Migrator and as you can see the tool cost starts from $99. We ended up paying $1 per user for this product. So a massive saving on the total cost of the tool from other competitors.

Stage 1 – Build a On Premise Hybrid Server

Download the latest Exchange 2016 ISO from here: Exchange Download

Before you deploy the On Premise Exchange Server you need to make sure your AD infrastructure is in good shape and able to support the deployment of Exchange 2016, so you need to ensure that the Forest and Domain Functional Levels are at least Windows Server 2008 R2

Before you begin to install Exchange Server 2016 you will need to install the Windows Server Roles and Features… Below is the PowerShell to ensure that all Windows Features are deployed:

Windows Server 2012 and 2012 R2

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, 
NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, 
RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation,
RSAT-ADDS

Windows Server 2016

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy,
RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation,
RSAT-ADDS

When the pre reqs are installing it will look something like this:

exchange-2016-pre-requisites-01

You then need to prepare the your AD Environment by running the following commands:

setup o	/prepareschema
      o	/prepareAD
      o	/preparealldomains
			    /iacceptexchangeserverlicenseterms

and then to begin the installation of Exchange 2016 you need to run the following:

setup /m:install /r:mailbox /iacceptexchangeserverlicenseterms

A successful Exchange Installation will look like this:

Exchange 2016 Installation

Stage 2 – AAD Connect

A Guide for deploying AAD Connect can be found here

Key things to take into consideration are to ensure the following:

1, The AD Account UPNs match that of the email address of the user

2, When you deploy AAD Connect the following options must be chosen in order for the Exchange Hybrid to work correctly:

optional_features

Stage 3 – Update all the users in Active Directory to have some Exchange attributes

The first thing you need to do is collect information about the online mailbox that you are looking to move. The information you need is the Mailbox Alias The User Principal Name and the Mailbox Guid. To get this information and output it to a CSV file run the following script in your Exchange Online Shell.

Get-Mailbox -ResultSize Unlimited | 
Select-Object Alias,UserPrincipalName,ExchangeGUID | 
Export-Csv -Path c:\temp\userExport.csv -NoTypeInformation

Once you have exported the above information you will need to move over to you On Premise Exchange Server and the Exchange Management Shell and run the following command that update all of the Active Directory objects with the required Exchange Attributes:

$allUsers = Import-Csv C:\temp\userExport.csv
foreach ($user in $allUsers) { Enable-RemoteMailbox $user.alias 
-RemoteRoutingAddress "$($user.alias)@tenant.mail.onmicrosoft.com"; 
Set-RemoteMailbox $user.alias -ExchangeGuid $user.ExchangeGuid 
-EmailAddressPolicyEnabled $false -PrimarySmtpAddress 
"$($user.alias)@bscmail.org" }

When you go into the Exchange Management Centre and look at the mailboxes you will be able to see all of your Exchange Online Mailboxes listed in your On Prem Exchange Server.

Stage 4 – Migrate mailboxes to Exchange 2016

Prepare the Hybrid Configuration

Details for configuring and Exchange Hybrid based on your on prem Exchange Server can be found here:

https://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=3229-W-AQAIAAAAQAAAAAEAAAAAAAAAAAAAwAMAAAA~

Migrate Mailboxes to the Hybrid Server

Steps to migrate mailboxes from Exchange Online can be found here:

https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes#move-exchange-online-mailboxes-to-the-on-premises-organization

 

Stage 5 – Migrate mailboxes to the other Office 365 Tenant

Re point the Hybrid connection to the new Office 365 Tenant

All the hard work would have been done in the previous section about creating the hybrid. – all you need to do here is re run the hybrid configuration wizard and point it at the new Office 365 tenant.

Migrate mailboxes to Office 365

Steps to move mailboxes back to Office 365 can be found here

https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes

Stage 6 – Preparing OneDrive For Business for Migration

In order for us to be able to migrate data from OneDrive for business we will need to configure user interpretation on all of the users OneDrive sites. To do this the following steps need to be followed:

Assign eDiscovery permissions to OneDrive for Business Sites – Follow this guide from Microsoft:

https://docs.microsoft.com/en-us/office365/securitycompliance/assign-permissions-to-onedrive-for-business-sites?redirectSourcePath=%252fen-us%252farticle%252fAssign-eDiscovery-permissions-to-OneDrive-for-Business-sites-422858ff-917b-46d4-9e5b-3397f60eee4d

Once this has been done, the user that will be used to the data migration will have sufficient access to the users OneDrive for Business sites.

Stage 7 Migrating OneDrive For Business to the new Tenant

This stage is rather like the previous one. However you will need to ensure that all the users OneDrive sites have been provisioned, unfortunately just by allocating a license to the user does not automatically provision, so there is a script that needs to be run in order to force the provisioning to take place. This also takes some time to do depending on how many users there are.

1, Provision OneDrive For Business Sites in new Tenant

https://docs.microsoft.com/en-us/onedrive/pre-provision-accounts

2, Assign eDiscovery permissions to OneDrive for Business – New Tenant (destination)

https://docs.microsoft.com/en-us/office365/securitycompliance/assign-permissions-to-onedrive-for-business-sites?redirectSourcePath=%252fen-us%252farticle%252fAssign-eDiscovery-permissions-to-OneDrive-for-Business-sites-422858ff-917b-46d4-9e5b-3397f60eee4d

3, Run the Systools Migration Tool to move the data between the tenants. – Make sure your CSV files that are created with this tool match the users up correctly, as it will be very easy to mix up the user source and destination. – we don’t want users to get the wrong data in their OneDrive sites.

Download & Install SysTools OneDrive Migrator Tool.

check-for-prerequisiteNow provide the ID for the first Onedrive account. CLick on the “Login” button:

check-for-prerequisiteNow, The tool will redirect to a browser window where you have to provide the password for the same.

check-for-prerequisite


STEP 2


Now, Provide the credentials for the second account as follows:

scan


STEP 3


Click on the “Import CSV” button in order to add a csv file containing all the id that are to be added to the CSV file.

select file typeNavigate and select the location for the CSV file as follows:

select file type


STEP 4


The Ids will be displayed as follows in the following section:

file folderClick on the “Next” button.

file folder


STEP 5


Now, Provide the filters in the following section as follows:

Provide the permissions for which the files are to be transferred on the respective ids:

file folderClick on the “Import CSV” button.


STEP 6


Go to the Date filterto provide the calendar interval according to which the data should be transferred.

search by


STEP 7


Click on “Advanced Settings” and check mark the check box correspoding to the text include file type as follows:

search byClick on the “Export” button.


STEP 8


The export process will start as follows:

search byThe conversion will be completed as follows:

search by


STEP 9


Click on the “Save Report” to save the export report for the process:

search byNavigate the location for the final export report file:

search byThe export report will be saved successfully.

search by


STEP 10

The export report can be viewed as follows:

search byThe final migrated can also be viewed as:

search by

Exchange Online Delegation Rights

exchange-online

Managing Exchange Calendars with PowerShell.

Some companies I deployed Exchange or Office 365 would like to be able to view readable information in everyone’s calendar by default you only get Free or Busy information. The following script changes the default calendar permissions for ALL Users folders to Reviewer – This gives you readable / not editable information.

foreach($user in Get-Mailbox  -RecipientTypeDetails UserMailbox) {
$cal = $user.alias+":\Calendar"
Set-MailboxFolderPermission -Identity $cal -User Default -AccessRights Reviewer
}

Senior management sometimes have PA’s that will need delegate access to their calendar, this this will include view calendar items that are marked as private.

To Set the delegate to view private items in the calendar

Add-MailboxFolderPermission –Identity <delegates mailbox>:\Calendar 
–User <delegated mailbox> -AccessRights Editor -SharingPermissionFlags 
Delegate,CanViewPrivateItems

To Set the delegate to not view private items in the calendar

Add-MailboxFolderPermission -Identity <delegates mailbox>:\Calendar 
-User <delegated mailbox> -AccessRights Editor -SharingPermissionFlags 
Delegate

To remove any individual calendar permission

Remove-MailboxFolderPermission -Identity "delegates mailbox:\Calendar" 
-user "delegated mailbox"

How to migrate G-Suite to Office 365

Wow, time flies when you are having fun….I can’t believe it has been 7 months since my last post.

So since January I have been really busy with numerous projects revolving largely around Office 365 and Exchange. I have picked up some useful knowledge which I will write about here in the coming weeks.

This post is dedicated to something new to me – G-Suite to Office 365 – What a ride this has been! Let me explain how I managed to get it all to hang together and get the two services to exist together during the migration and testing phases.

EMAIL Co Existence / Routing between O365 and G-Suite

This was the tricky bit, how could we get users to co-exist in different services whilst we undertake testing and migrations? There is no connector or hybrid solution like there is with Exchange. We did not want to cut over all the users at the same time – this had to be a phased migration over to Office 365. We are also using MimeCast for SPAM and Relay protection so we need Google & Office 365 to send outbound via Mimecast without any mails getting blocked. Here is how we did it:

Office 365

Office 365 needs to be forwarding mail onto a domain that G-Suite knows about and the users mailboxes need to have an alias address for office 365 to forward onto.

The steps are as follows:

  • Add Domain Domain A with MX Record
  • Add secondary email address for each user. This needs to be set to: user@domainA.com

For users that are not yet in Office 365 we need to configure the Accepted Domain as an Internal Relay in Mail Flow in Exchange Online Admin Centre

internalrelay

Then we create a connector back to G-Suite for any address that does not live in O365 yet. Doing this tells Exchange Online to send the email to the recipient over in G-Suite.

We then stumbled across another minor problem. In order for the Email Data to be migrated into the new Office 365 users mailbox, we need to activate the license. In doing this creates a Office 365 mailbox so then Office 365 thinks the user is now happily working from Office 365. “WRONG”!!! The user still lives in G-Suite until the migration is completed. So in order for the users in Office 365 to send to a user in G-Suite who’s mailbox is provisioned in O365 we have need to create another forwarder back to G-Suite until the migration is completed. How to do this in bulk is in a following section in the blog post. – Adding Contacts to Office 365.

G-Suite

G-Suite needs to have a forwarder configured that the Tenant does not have the domain registered to. If you register a domain with Google it treats all SUB domains as internal as well, so a completely new unregistered domain is required to forward any Office 365 bound mail to.

In order for Gmail to send a message to a forwarding address, the address needs to be verified. So here is a way to forward to an address that is not verified (added to the G-Suite Tenant):

You will need to apply mappings (aliases) to recipient addresses on messages received by your domain. You can map multiple individual recipient addresses (a maximum of 2,000 entries) to other addresses. An individual address can map to a maximum of twelve addresses.

This is a basic routing concept, sometimes called a virtual user table, that’s frequently used in mail routing situations to redirect mail from one address to another. By using this setting you don’t need to create individual routing settings for each address mapping.

Configure the Recipient address map setting for your domain:

  1. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.Tip: To see Advanced settings, scroll to the bottom of the Gmail page.

  2. At the top of the page, ensure that the top-level org is highlighted.
  3. Scroll down to the Recipient address map section, or type Recipient address map in the search box:

    If the setting’s status is Not configured yet, click Configure (the “Add setting” dialog box displays).

    ​If the setting’s status is Locally applied or Inherited, click Edit to edit an existing setting (the “Edit setting” dialog box displays).

  4. Enter a short description that will appear within the setting’s summary.
  5. Under Messages to affect, select All incoming messages or Only external incoming messages.
  6. Scroll down to Routing options, and select Also route to original destination to send a copy of the message to the new address and also deliver it to the original recipient.

    Note: If you don’t select this option, the message is only sent to the new address.

    For example, jensmith@solarmora.com is in the address map and the new address is jensmith@gmail.com. If the checkbox is checked, both jensmith@solarmora.com and jensmith@gmail.com will receive a copy of the message. If the checkbox is unchecked, then only jensmith@gmail.com will receive the message.

  7. Enter address mappings in the box.

    Each mapping must include two addresses on a single line, separated by a comma. Place the map-to address after the comma. In the following example, davidb@solarmora.com is the map-to address:

    jensmith@solarmora.com, davidb@solarmora.com
    Each address must be a complete, specific address, and is case-insensitive. An address can be mapped to multiple map-to addresses. In the following example, jensmith@solarmora.com is mapped to both michellec@solarmora.com and johnd@solarmora.com:

    jensmith@solarmora.commichellec@solarmora.com
    jensmith@solarmora.comjohnd@solarmora.com

  8. Click Add to add the mappings.
  9. When you’re finished making changes, click Add setting or Save to close the dialog box.
    Note: Any settings you add are highlighted on the “Email settings” page.
  10. Click Save changes at the bottom of the “Email settings” page.
  11. When you’re finished, click Add Setting (at the bottom of the dialog box).
  12. Click Save changes (at the bottom of the “Email settings” page) to confirm your changes.

It can take up to an hour for changes to propagate to user accounts. You can track changes in the Admin audit log.

Adding Contacts to Office 365

First of all you will need a CSV file like the one in the image below ensuring the column headers match:

externalcontacts

When you have created your list of new Contacts that you need to create you can then import these into Office 365 using the following Powershell Commands:

To Connect to Office 365 Powershell:

Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri 
https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic 
-AllowRedirection
Import-PSSession $O365Session

To import the contacts in your CSV file:

Import-Csv c:\externalcontacts.csv|%
{New-MailContact -Name $_.Name -DisplayName $_.Name -ExternalEmailAddress 
$_.ExternalEmailAddress -FirstName $_.FirstName -LastName $_.LastName}

We then had to update all the Office 365 mailboxes to use the forwarding address to send mail back to G-Suite using the following PowerShell and CSV file:

o365forwarding

Import-CSV "C:\Temp\Users.csv" | % 
{ $_.Condition = [bool]($_.Condition -as [int]); $_  } |
 ForEach {Set-Mailbox -Identity $_.mailbox
 -ForwardingAddress $_.forwardto -Delivertomailboxandforward
 $_.Condition}

On Prem AD with NO Exchange Attributes

So when adding the mailboxes in Office 365 be default the users email addresses were the onmicrosoft.com domain. This was happening because there were no On Premise Exchange Server therefore no Proxy addresses recorded in Active Directory. We then had to add all of the email address alias’s to the proxy addresses using PowerShell. The next few commands are how we did this.

Export the SamAccount and Existing Email details

Import-Module ActiveDirectory
# Delete file if it exists
$FileName = "C:\temp\user.csv"
if (Test-Path $FileName) 
{
  Remove-Item $FileName
}
Get-Aduser -filter * -Properties * | 
Select SamAccountName,mail | export-csv $FileName

Once you have a list of users with the correct list of Alias addresses I then ran the following PoweShell to update all of the proxy addresses

GC C:\temp\user.csv | % {
Set-ADUser $_ -Add @{ProxyAddresses="smtp:$_@aliasdomain.org.uk"}
}

Implementation of Mimecast – Outbound

G-Suite

To prepare your outbound G Suite hostname:

  1. Log on to the Google Admin Console.
  2. Navigate to Apps | G Suite | Gmail | Advanced Settings.
  3. Click on the Hosts button.
  4. Click on the Add Route button.
  5. Enter a Route Name (e.g. Mimecast Outbound Host).
  6. Select Multiple Host and enter the Mimecast Outbound Hostnames for your Mimecast region. Both must be marked as primary. See the “Outbound Send Connectors section of the Mimecast Gateway page for full details.
  7. Click on the Save button.
  8. Click on the Add Route button.
  9. Enter a Route Name (e.g. Internal Sending Host).
  10. Select Multiple Host and enter the Google Apps MX Records (ASPMX.L.GOOGLE.COM. and ALT1.ASPMX.L.GOOGLE.COM).
  11. Click on the Save button.

To configure routing rules:

  1. Click on the General Settings tab.
  2. Navigate to the Routing section.
  3. Click on the Configure button.
  4. Select the Outbound option in the “Messages to Affect” section.
  5. Select the Change Route option in the Route section.
  6. Select the Route Name created in step 5 of the “Preparing Your Outbound Hostname” section.
  7. Click on the Add Setting button.
  8. Click on the Add Another button.
  9. Select the Internal | Sending option in the “Messages to Affect” section.
  10. Select the Change Route option in the Route section.
  11. Select the Route Name created in step 9 of the “Preparing Your Outbound Hostname” section.
  12. Click on the Add Setting button.

 

Office 365

  1. Log in to the Office 365 Administration Console.
  2. Select the Admin | Exchange menu item.
  3. Select the Mail Flow | Connectors menu item.
  4. Create a Connector.
  5. Complete the New Connector – Select Your Mail Flow Scenario dialog as follows:
    Field Description
    From Select “Office 365” from the drop down list.
    To Select “Partner Organization” from the drop down list.
  6. Select the Next button.
  7. Complete the New Connector – New Connector dialog as follows:
    Field Description
    Name Enter a name for the connector.
    Description Enter a description for the connector.
    Turn It On Select this option to enable the connector.
  8. Select the Next button.
  9. Select the Only When Email Messages are Sent to These Domains option.
  10. Select the ico_plus.png icon to add the recipient domains that should use this connector.
  11. Enter a value of * to route all outbound emails through us.
  12. Select the OK button.
    Connector
  13. Select the Next button.
  14. Select the Route Email Through These Smart Hosts option.
  15. Select the ico_plus.png icon to add your region’s smart hosts.
    add_smart_host.png

    Region Office 365 Account Hostnames
    Europe (Excluding Germany) eu-smtp-o365-outbound-1.mimecast.com

    eu-smtp-o365-outbound-2.mimecast.com

    Germany de-smtp-o365-outbound-1.mimecast.com

    de-smtp-o365-outbound-2.mimecast.com

    America us-smtp-o365-outbound-1.mimecast.com

    us-smtp-o365-outbound-2.mimecast.com

    South Africa za-smtp-o365-outbound-1.mimecast.co.za

    za-smtp-o365-outbound-2.mimecast.co.za

    Australia au-smtp-o365-outbound-1.mimecast.com

    au-smtp-o365-outbound-2.mimecast.com

    Offshore je-smtp-o365-outbound-1.mimecast-offshore.com

    je-smtp-o365-outbound-2.mimecast-offshore.com

  16. Select the Save button.
  17. Select the Next button.
  18. Select the following options:
    • Always use Transport Layer Security (TLS) to Secure the Connection (recommended)
    • Issued by a trusted certificate authority (CA)
  19. Select the Next button.
  20. Select the Next button.
  21. Add an Email Address of a recipient from a domain external to your organization.
  22. Select the Validate button.
  23. Select the Save button once Office 365 has successfully validated your settings.

Cloud Migrator Used for Data Migrations

Link to the 3rd Party Migration Tool:

https://cloudm.co/cloudmigrator?gclid=CjwKCAjwns_bBRBCEiwA7AVGHlIcjIAmgfI64swjBotgV_WwduBCpMhEaBjYrcruD30K1wuJPuIkERoC–wQAvD_BwE

So our experience with the Cloud Migrator APP has been interesting. Initially we started to use the Cloud Migrator Go SaaS application which was reasonably simple to configure following the guides provided by Cloud M. However we soon realised there were speed issues when moving data between G-Suite & O365.  The issues are caused by the API’s between GSuite and O365 being limited. There is nothing we or Cloud M could do to improve the migration speed between the two services.

We then switched to the Cloud Migrator App which you install on your own dedicated server On Premise – in our case we used a Virtual machine in VMWare. Once configured we were able to fire up numerous Servers to run Cloud Migrator having a number of migration batches running at the same time and our Data throughput seemed to be 4x that of the cloud Migrator Go SaaS option.

All in all the customer is now running Co Existence of Office 365 and G-Suite. Mail is flowing and users are happy. We intend to complete the migration to Office 365 in the coming weeks. I decided to write this post as there does not seem to be many guides out there to help you migrate from G-Suite to Office 365. Hopefully if you read this it will help you on your projects.

 

 

Useful Powershell Commands for Exchange

One of my recent projects was to implement a new Highly Available Exchange 2016 environment for a customer who was upgrading from Exchange 2010. When Exchange 2016 was in place, we then had to create  hybrid to Office 365. Below are some really useful PowerShell Commands I used during the implementation.

Installing Exchange 2016 Pre Requisites 

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, 
NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, 
RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, 
RSAT-ADDS

Collecting Virtual Directory Details 

Outlook Anywhere

Get-OutlookAnywhere -AdPropertiesonly | Select server,Internalhostname,
Externalhostname

Outlook Web Access

Get-OWAVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Exchange Control Panel

Get-ECPVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Outlook Address Book

Get-OABVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Web Services

Get-WebServicesVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

MAPI

Get-MAPIVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Active Sync

Get-ActiveSyncVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

 

AutoDiscover

Collecting the AutoDiscover URI for Exchange 2010 Servers in the environment

Get-ClientAccessServer -identity SERVERNAME|select Name,
AutodiscoverServiceInternalURI |FL

Setting the AutoDiscover URI on the newly installed Exchange 2016 Server

Set-ClientAccessService -identity SERVERNAME -AutodiscoverServiceInternalURI 
https://mail.domainname.com/autodiscover/autodiscover.xml

 

Exchange 2016 CU7 Hybrid Gotcha!!!

So after a successful deployment of Exchange 2016 the next step was to create a hybrid to Office 365 Exchange Online, Simple as Exchange 2016 was “Born in the cloud” according to Microsoft. NOT SO!!! – I downloaded the latest version of Exchange 2016 which at the time was CU7, but when configuring the hybrid it would just sit at adding Federated Domain.

A bug slipped into Exchange 2016 CU7 which prevents the HCW from completing. The HCW fails to get past the domain ownership validation:


No matter how hard you try, you can’t get past this screen.

Fortunately CU8 was release 19th December 2017 – So I spent the next day patching my newly installed Exchange environment. – then completing the Hybrid configuration.

Add customised help desk info to the Office 365 help pane

Well, here is a nice little feature that I was unaware of until today…. A handy way to inform your users on support information for Microsoft Office 365.

As an Office 365 admin, you can streamline user support by adding customised contact information to the help pane. Users in need of support will be able to access your organisation’s custom support contact info with a single click of the help icon.

image

Create the custom help desk card

NOTE: To create a custom help desk card, you must be a global admin for Office 365 and have a license to Exchange Online. Learn how to assign licenses in Office 365 for business.

Create the custom help desk card in the admin center

1. Sign in to Office 365 with your work or school account. Learn how to sign in to Office 365.

2. Select the app launcher icon clip_image003 and choose Admin.

3. Choose the settings icon, and then choose Organization profile.

clip_image004

4. Next to Provide customized help desk contact info, choose Edit.

clip_image005

5. Turn on the Help desk card.

6. As an admin, you decide what kind of contact information you want to give users. The title and at least one form of contact information are required. Select what you want to display, and fill out the appropriate info.

o Custom title: Enter a title that clearly indicates your intent, like “Contoso help desk” or “Need help?”

o Help desk phone: Enter the phone number users should call to talk to a tech support agent at your organization. Be sure to include any prefixes that may be needed to complete the call.

o Help desk email: Enter the email address for your support department.

o Help desk URL: If your support department has an internal or public website with helpful tools and resources, enter its name and the associated URL.

7. Choose Save.

To see your new customized help desk card, sign out and back in again. We recommend you test the links on the card as soon as you sign back in. Your users will be able to see the card the next time they sign in.

Office 365 New Application “Bookings”

Last year, Microsoft released a product called Bookings to customers in the U.S. and Canada, introducing an easy way for small businesses to schedule and manage appointments with their customers. Microsoft have recently announced that they are beginning to roll out the service to Office 365 Business Premium subscribers worldwide. based on user feedback, they are bringing several new features to Bookings as well.

  • Add your Office 365 calendar to Bookings—Connect your Office 365 calendar to Bookings, so that the times you are busy will automatically be blocked in your public Booking page.
  • Add buffer time before and after your appointments—Do you need prep time before or after an appointment? Adding buffer time to a service automatically blocks that time in your Booking page too.
  • Bookings apps for your iOS and Android phone—Now you can book an appointment, contact a customer or check a staff member’s appointments while away from the office.
  • Customize your Booking page—We added more color customization options, so you can better personalize your Booking page.

These new capabilities will start showing up automatically in Bookings in the coming weeks. Let’s take a detailed look at what’s new.

Add your Office 365 calendar to Bookings

One of the top pieces of feedback we’ve heard is that you want to be able to add events from your Office 365 calendar to Bookings. So, we added integration between these calendars to help you avoid booking customer meetings during the time you’ve set aside for personal appointments, staff and partner meetings or other aspects of running your business.

To add Office 365 calendars to Bookings, click the Staff tab on the left navigation panel. On the Staff details page, select the Events on Office 365 calendar affect availability checkbox.

Add Office 365 calendar events to Bookings.

Once you activate this option, the system automatically blocks busy times on the Bookings calendar and on the self-service Booking page your customers see, so that you won’t get double-booked. Similarly, so your staff doesn’t get double-booked, you can also add their Office 365 calendars.

Add buffer time between appointments

Some services can be provided through back-to-back appointments. But another top piece of feedback you gave us was that many of your services require travel, prep and/or set-up time beforehand, and clean-up and travel time once the service was delivered. For customers with these needs, we added buffer times to give you more options to customize the services you deliver.

To add buffer times, click the Services tab in the left navigation column and either edit a current service or create a new one. Turn on the toggle below the Buffer time your customers can’t book and you will get buffer time selections that can be applied before and after the service appointment. These are times your customers can’t book an appointment with you before and after an appointment.

You can turn on the “buffer time” option in the Services tab.

Apps for iOS and Android

We know it’s essential for you to keep up with your business while you are away from a desk, so we built mobile apps that let you manage your bookings and staff, or access your customer list while you’re on the go.

After you download the Bookings app on iOS and Android, you can use your phone to:

  • View and manage your Bookings calendar.
  • Create and edit bookings.
  • See real-time availability and whereabouts of your staff.
  • Respond to customers with bookings quickly and easily.
  • Get directions to your next booking.
  • Access your customer list.

Customise your Booking page

Your Booking page should look and feel like an extension of your business, and it needs to positively reflect your brand.

To help you achieve this, we added options to customize it. For example, you can choose your main color for your Booking page from a color palette, and choose whether you’d like to show your business logo.

To customise your page, click Booking page in the left navigation list and select the color you want. If you don’t want your logo to be displayed, uncheck the Display your business logo on your booking page checkbox. Once you are done, simply click Save and publish.

Use the Booking page tab to customize your Booking page. Remember to click Save and publish to keep your changes.

How to get started with Bookings

Bookings is included in all Office 365 Business Premium subscriptions, and getting started is easy. To simplify the work of customer scheduling for your business, just sign in to Office 365 and click the Bookings tile on the App Launcher. If you don’t see the Bookings tile, we may still be in the process of rolling out the service in your region—so check back a bit later. If you need more help, the article “Say hello to Microsoft Bookings” provides a quick overview of how to use Bookings.

Once you are signed in to Office 365 you can find the App Launcher on the top left corner.

Bookings is designed to delight your customers, simplify scheduling and free time for you to be on top of your business wherever you are. Your feedback has been extremely useful; please keep it coming by clicking the feedback links found on the Bookings home page.

Microsoft intend to bring Bookings to E3 and E5 customers in the near future

Introduction to Microsoft Flow

My adventures within Microsoft Office 365 continue… another new feature to Microsoft Office 365 Power Apps.

Back in November 2016, Microsoft released for general availability Microsoft Flow and PowerApps. These tools will give users the power to enable the automation of workflows and the building of custom apps, and will also ease and expedite the creation of applications without the need for complex custom software development.

Microsoft Flow IconMicrosoft Flow is a new workflow automation solution that can be used to tap application and service data, making it easy to combine different services. Microsoft Flow connects more than 35 services, including SharePoint, OneDrive, Slack, and Twitter, so that users can perform actions such as sending notifications, pushing data into Excel, sending OneDrive files to SharePoint sites, automatically copying files from Dropbox to their SharePoint document library, and creating simple workflow approval tracking. Along with this, business users will be able to use Microsoft Flow to utilise pre-built templates and create their own flows in a visual designer that can work anywhere on the web.

Below is a short video detailing how Flow will be able to automate your repetitive daily tasks:

Turn on Microsoft Teams for your organisation

Originally posted on Microsoft Office Blogs

You use the Office 365 admin centre to enable and configure Microsoft Teams for your organisation.

IMPORTANT: All settings are tenant-wide and affect everyone in the organisation who has an active license for Microsoft Teams. To manage per-user licenses for Microsoft Teams, see Turn on or turn off Microsoft Teams licenses.

  1. Sign in to Office 365 with your work or school account.
  2. Choose Admin to go to the Office 365 admin centre.
  3. Go to Settings > Services & add-ins.Sign in to Office 365, go to the Office 365 admin center, go to Settings, and then choose Services & add-ins.
  4. On the Services & add-ins page, choose Microsoft Teams.Scroll down on the Services & add-ins page, and then choose Microsoft Teams.
  5. On the Microsoft Teams settings page that opens, click or tap to switch the toggle to the On position to turn on Teams for your organization, and then choose Save.On the Microsoft Teams settings page, set the toggle to On to turn on Teams for your entire organization, and then choose Save.

General tenant-level settings

On the Microsoft Teams settings page, in the General section, you can choose if you want to show an organization chart in user profiles. By default, this setting is turned on. To change this setting, click or tap to switch the toggle next to Show organization chart in personal profile to Off or On, and then choose Save.

On the Microsoft Teams settings page, under General, you can turn off or turn on organization charts in user profiles.

Teams & Channel

A team is designed to bring together a group of people who work closely to get things done. Teams can be dynamic for project-based work (for example, launching a product or creating a digital war room). Or, teams can be ongoing, to reflect the internal structure of your organization. Channels are subcategories of teams. You might create a channel for an activity or for a department. Conversations, files, and notes are specific to each channel, but all members of the team can see them.

As an administrator, you can manage team owners and members by using the Groups control panel in the Office 365 admin center portal. At this time, you cannot create teams from the Groups control panel – teams must be created by using the Microsoft Teams desktop client or web app.

Admins can create teams and manage ownership and members by using the Groups control panel in the Office 365 admin center.For more information about managing Office 365 Groups, see Create an Office 365 Group in the admin center.

Users can create teams by choosing Teams on the left side in the Microsoft Teams client (desktop or web app), and then choosing Create team at the bottom of the client, below the team list.

Users can create a new team by going to Teams in the Microsoft Teams client, and then choosing Create team.As an admin, you can control which users in your organization can create teams in Microsoft Teams. The same creation settings defined by Office 365 Groups apply to Microsoft Teams. By default, every user has the ability to create a team or group. For more information, see Manage Office 365 Group Creation.

Calls & Meetings

Microsoft Teams includes calling and meeting capabilities, with support for video and screen sharing. Some companies may want to turn off those features. On the Microsoft Teams settings page, in the Calls & Meetings section, you can choose if users can use video and screen sharing during calls and meetings.

On the Microsoft Teams settings page, under Calls & Meetings, you can turn settings off or on to prevent or allow videos and screen sharing in meetings.

Messaging

As a tenant admin, you can turn on or turn off media content such as animated images, memes, and stickers in the Messaging section of the Microsoft Teams settings page.

On the Microsoft Teams settings page, under Messaging, you can set a content rating and turn settings off or on to prevent or allow animated, Internet, and editable images.To turn on or turn off animated images, click or tap the toggle switch next to Add fun animated images to the conversations, and then choose Save.

When animated images are turned on, you can apply a content rating to restrict the type of animated images that can be displayed in conversations. You can set the Content Rating to be one of the following:

  • Strict
  • Moderate
  • No restriction

To turn on or turn off custom memes, click or tap the toggle switch next to Add customisation images from the Internet, and then choose Save.

To turn on or turn off stickers, click or tap the toggle switch next to Add editable images to the conversations, and then choose Save.

Tabs

Tabs let you customise a channel to include content and capabilities your team needs every day. They provide quick access to frequently used documents and cloud services. In the preview release, there are several built-in tabs such as Files and Notes. In the Microsoft Teams client, at the top of the channel, users can add tabs for Word documents, PowerPoint presentations, Excel spreadsheets, OneNote notebooks, Power BI reports, and plans from Planner.

In the Microsoft Teams client, at the top of the channel, users can add tabs for favorite apps and files by using the Tabs gallery.Over time, more tabs will be added, both from Microsoft and from partners. Team owners can also side-load tabs so they appear in the Tab gallery for that team. And developers who create line-of-business (LOB) applications can also use the side-load capability to test their applications in test teams that they create.

To turn on or turn off support for tabs from partners and support for side-loading of applications, in the Tabs section of the Microsoft Teams settings page, click or tap the toggle switch next to Enable extension tabs in Microsoft Teams, and then choose Save. Changing this setting does not turn off the built-in support for default tabs, including Microsoft Office files, OneNote, Microsoft Planner, and SharePoint document libraries.

On the Microsoft Teams settings page, under Tabs, you can turn the setting off or on to prevent or allow side-loaded tabs in the Tab gallery.For more information about building custom tabs or integrating an existing tool as a tab, see Getting started with tabs for Microsoft Teams (preview). Developers can also learn more from Office Dev Center – Microsoft Teams.

Bots

Microsoft Teams users can complete tasks such as querying information and performing commands by using bots. You can also integrate your existing LOB applications with Microsoft Teams by using a bot.

To turn on or turn off any built-in bots, in the Bots section of the Microsoft Teams settings page, click or tap to switch the toggle next to Enable bots in Microsoft Teams to help users complete more tasks easily, and then choose Save. Changing this setting does not turn off the availability of T-Bot, the built-in help bot.

To prevent or allow side-loading of proprietary bots, click or tap to switch the toggle next to Enable side loading of external Bots, and then choose Save.

On the Microsoft Teams settings page, under Bots, you can turn settings off or on to prevent or allow the use of built-in bots and side-loaded external bots.If you’re interested in building a bot, see Creating bots for Microsoft Teams (preview). It has step-by-step instructions for getting started with writing bots for Microsoft Teams. Developers can also learn more from Office Dev Center – Microsoft Teams.

NOTE: For developers to be able to test bots in Microsoft Teams, you must turn on bots.

Connectors

Office 365 Connectors allow your Microsoft Teams users to receive updates from popular services such as Twitter, Trello, Wunderlist, GitHub, and VSTS, within the chat stream in their team.

Connectors also provide a way for developers to integrate with Microsoft Teams by building custom connectors to generate rich cards within channels. See Getting started with Office 365 Connectors for Microsoft Teams (preview) and Connect apps to your groups for more information. Developers can also learn more from Office Dev Center – Microsoft Teams.

Client distribution

The installers for the Microsoft Teams Windows and Mac desktop clients can be downloaded from https://teams.microsoft.com/downloads. End users on desktops can install the application if they have the appropriate permissions. Admins can also download the installer and distribute it through client distribution tools.

End users who are using mobile devices can download the Microsoft Teams app from their mobile platform’s app store.Microsoft Teams is available on Windows (Windows 7 and later) and Mac desktop (Mac 10.10 and later). It is also available on iOS v9 and later (iPhone and iPad), Android 4.4 and later, and Windows Phone 10.0.10586 and later. Microsoft Teams is not available via a mobile web browser – it is available only through the mobile app.

Microsoft Teams supports the web client on Microsoft Edge 12+, Internet Explorer 11+, Firefox 47.0+, and Chrome 51.0+. Users who try to open the Microsoft Teams web client on Safari are directed to download the desktop client. Support for Safari is coming at a later date.

Turn on or turn off Microsoft Teams licenses

As an Office 365 administrator, you can manage user access to Microsoft Teams licenses in the Office 365 admin center. You must be an Office 365 global administrator or user management administrator to manage Microsoft Teams licenses.

To keep a user in your organization from accessing Microsoft Teams, remove the Microsoft Teams license for that user. After you turn off a license, that user can’t sign in to Microsoft Teams.

You assign Microsoft Teams licenses the same way you assign any other Office 365 Enterprise license. Sign in to Office 365, go to the Office 365 admin center and, on the Users > Active Users page, assign or remove the Microsoft Teams license. See Assign or remove licenses for Office 365 for business for more information.

If you’d rather use PowerShell, see Assign licenses to user accounts with Office 365 PowerShell or Remove licenses from user accounts with office 365 PowerShell.

Microsoft Teams URLs and IP address ranges

If your organization restricts computers on your network from connecting to the Internet, refer to Office 365 URLs and IP address ranges. This article lists the endpoints that you should include in your outbound allow lists and the Internet Explorer Trusted Sites Zone of client computers to make sure computers in your organization can successfully use Microsoft Teams in Office 365.

Things To Know About The New Microsoft Teams

Microsoft unveiled Microsoft Teams at an event in New York back in November 2016. This is an Office 365 component that adds a group chat tool to the pre existing office suite.

Teams is a competitor to Slack. This web-based software pulls together messaging, archived content and search capabilities.

Microsoft CEO Satya Nadella described it as a “chat-based workspace” – so Teams combines informal chatting and productive collaboration. The app combines the online Office applications, Skype, Exchange servers, Azure, security and more, all in one piece of software.

It’s a lot like Slack

When viewing demos or screenshots of Microsoft Teams, you could be forgiven for confusing it with a new version of Slack. The user interfaces look extremely similar, and it uses the same general “channels” and individual/small group chat design language.

It’s a free add-on for Office 365 enterprise subscribers

Teams isn’t exactly free, but if your organization is already an Office 365 subscriber it won’t cost anything additional. Of course, that doesn’t mean it’ll just pop up on your desktop the day it launches. Like any Office component, it’ll be up to your company’s IT department whether or not to deploy it to users in the organisation.

Teams brings together the following 3 components that are essential in any collaborative effort:

Chat

Microsoft Teams is, at its base, a chat-centered team workspace that’s easy to set up. Once your team is on board (and you can have multiple, different teams), you’ll have different channels within the teams for specific conversation topics. What’s more, you can even chat with members individually. Not only can you like posts, mention people, reply directly to posts, and even save posts, you can also post in rich text formats (including subject lines, bullet points, images, etc.). The addition of emoticons, gifs, and stickers make this platform a friendly, informal way for teams to chat. It makes it a much more personal and enjoyable experience than having a bland email chain.

Files

Teams is based on Office 365 Groups. Every time you make a team, it syncs and creates a group in SharePoint Team Sites. This allows Microsoft Teams to easily integrate to OneNote, Planner, Exchange Calendar, and all sorts of files to make sharing within your team the simplest it can be. Let’s say you share a file in a channel with your team. That file will automatically be uploaded to a folder specific to that channel. The folder contains all the uploaded files of that channel, and can easily be found in Teams for later use.

Meetings

With the simple click of a button, within the chat itself, you and your team can have an audio or video meeting. Not only can you schedule these meetings, you can make them happen with no preparation by clicking the button, and having whoever is available join. Since Teams is a flexible app, you can just as easily do this from your desktop or your mobile. You and your teammates can easily share notes and files during the meeting as well. Once the meeting is over, you can find a record of it saved in the chat history for future reference.

Now that you have read all of this, lets have a look in the video below: