Featured post

Disclaimer

The information contained in this website is for general information purposes only. The information is provided by www.office365support.ca and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of www.office365support.ca. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, www.office365support.ca takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

List and Export the Admin Roles Assigned to Users in Office 365 with PowerShell

If you didn’t know, you can use the Office 365 Admin portal to view and create views of all the admin roles in Office 365 and who is assigned to each of those roles. This is good for a quick reference, but sometimes we need that data in a workable format (CSV). The following step-by-step will show you how to list and export the admin roles assigned to users in Office 365 with PowerShell. This is done with the Get-MsolRoleMember command in PowerShell

 

Connect to Azure Active Directory with PowerShell

Enter the command $role = Get-MsolRole -RoleName “Company Administrator”

Enter the command Get-MsolRoleMember -RoleObjectId $role.ObjectId | Export-CSV c:\directory\filename.csv

This will export all the members of the Company Administrator (Global Admin) group.

 

If you want to export from the other built-in groups, a list is provided below. You can always view the roles by entering the command Get-MsolRole

 

Name Description
Compliance Administrator Compliance administrator.
Exchange Service Administrator Exchange Service Administrator.
Partner Tier1 Support Allows ability to perform tier1 support tasks.
Company Administrator Company Administrator role has full access to perform any operation in the company scope.
Helpdesk Administrator Helpdesk Administrator has access to perform common helpdesk related tasks.
Lync Service Administrator Lync Service Administrator.
Directory Readers Allows access to various read only tasks in the directory.
Directory Writers Allows access read tasks and a subset of write tasks in the directory.
Device Join Device Join
Device Administrators Device Administrators
Billing Administrator Billing Administrator has access to perform common billing related tasks.
Workplace Device Join Workplace Device Join
Directory Synchronization Accounts Directory Synchronization Accounts
Device Users Device Users
Partner Tier2 Support Allows ability to perform tier2 support tasks.
Service Support Administrator Service Support Administrator has access to perform common support tasks.
SharePoint Service Administrator SharePoint Service Administrator.
User Account Administrator User Account Administrator has access to perform common user management related tasks.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Adding a Domain to Office 365 that is Registered with GoDaddy

Adding a domain to Office 365 is really easy. To make the process even more wasy, the web page walk you through it. For this post, I am addding a domain to Office 365 that is managed at GoDaddy

 

Open the Microsoft Online Portal

Click Domains

Click + Add Domain

 

The add a domain in Office 365 Window will popup.

Click Let’s get started to allow the webpage to discover your domain registrar

 

Enter the domain you want added to Office 365

Click Next

 

Domain ownership needs to be verified. In this case, it was discovered that the domain is registered at GoDaddy.

If you want the web page to do all the steps, sign in with your GoDaddy account

If you want to verify the domain manually, then click ‘use a TXT record to verify you own this domain’

 

Sign in to your GoDaddy account

 

To confirm Office 365 access to your domain at GoDaddy, click Accept

 

The domain is verified

Click Next

 

At this point, you have the option to convert all the domain.onmicrosoft.com UPNs on the users to domain.com.

You can skip this if you wish, see below.

 

Click Update selected users to update the users, or click skip this step if you wish not to update the UPN

 

The next step in the process allows you to add more users, or you can skip the step.

 

Update DNS records. Be really careful here. If you have a production domain and you are using it for production email or other services, then changing DNS can cause some havoc if you are not ready to flip the services to Office 365. In my case, this is a test domain and I have no production users on it.

Click Next

 

Click Next

Keep in mind that I want the web page to change my DNS records, so I am leaving the Outlook and Lync checked.

 

Here is a screen shot of my DNS records before the webpage makes it’s changes to DNS

 

Here is a screen shot of the DNS records that the web page added, to enable services on Office 365

 

 

Done, the domain is added and now active for Office 365 use.

Click Finish

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

 

Setup and Enable Office 365 Message Encryption

thThe process to setup and enable Office 365 Message Encryption is really easy. There are three main steps that need to be followed

  1. Activate Azure Rights Management
  2. Setup Azure Rights Management for Exchange Online
  3. Setup transport rules to enforce message encryption in Exchange Online

 

The following Microsoft TechNet article details the process, I have a step-by-step below.

https://technet.microsoft.com/en-us/library/dn569291.aspx

 

Office 365 Message Encryption Mail Flow

 

 

Activate Azure Rights Management for Office 365 Message Encryption

 

Login to Microsoft Online Portal with a Global Admin Account

Open the App Launcher (waffle)

Select Admin

 

Select SERVICE SETTINGS from the left pane

Click Rights Management

 

From within RIGHTS MANAGEMENT click Manage

 

 

You’ll be redirected to the management page

Click Activate

Click Activate again on the popup asking if you are sure you want to activate Rights Management

 

 

Set up Azure Rights Management for Office 365 Message Encryption

 

Connect to Exchange Online with PowerShell

Open PowerShell as Administrator

Enter the following commands to connect and import the session

  • Set-ExecutionPolicy RemoteSigned

     

  • $cred = Get-Credential

     

  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection

 

  • Import-PSSession $Session

 


 

Verify your IRM isn’t configured already

  • Get-IRMConfiguration

 

Configure RMS with the online key-sharing location for Exchange Online with PowerShell (locations below). For my example I am using North America, but the table below shows all the locations

 

Location

RMS key sharing location

North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

 

Import the Trusted Publishing Domain (TPD) from RMS Online

  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

 

Verify successful setup of IRM in Exchange Online

  • Test-IRMConfiguration –sender admin@domain.com

 

Disable IRM templates in OWA and Outlook

  • Set-IRMConfiguration -ClientAccessServerEnabled $false

 

Enable IRM for Office 365 Message Encryption

  • Set-IRMConfiguration -InternalLicensingEnabled $true


*Note – You shouldn’t see that warning, but if you do it’s safe to ignore. I got it because I ran the command and forgot to grab the screen shot before clearing the screen, thus I had to run the command again.

 

View the IRM Configuration

  • Get-IRMConfiguration


 

Create Transport Rules to Encrypt Messages

Open the Office 365 Admin Portal (https://portal.microsoftonline.com)

Open Exchange Admin Center


 

Click Mail Flow


 

 

Click the + and create your transport rule. I have created two simple rules.

This rule will encrypt anything that is sent external with an attachment larger than 1MB


This rule will encrypt the email if the word ‘Encrypt’ is in the subject line of the email. This will give the users (once trained) the flexibility to encrypt emails they deem sensitive.


 

Make sure the rules are active and test


 

 

Testing that the transport rule apply Office 365 Message Encryption

Testing Transport Rule 1


 

Testing Transport Rule 2


 

 

When the user gets the email, this is how its presented to them


 One thing to note is that after you go through the setup process, it may take some time to replicate across the Microsoft back end servers. So if you test and it doesn’t work, give it some more time. I have see this process take up to 2 hours to replicate.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Office365 – Creating a New Shared Mailbox

Creating a shared mailbox is simple with Office 365. Follow the step-by-step below, for the simplified process.

Per Microsoft – https://support.office.com/en-au/article/Create-and-use-shared-mailboxes-ecacf5b0-b5c8-449f-a89a-b7e87dcb55d4 

Shared mailboxes make it easy for a specific group of people to monitor and send email from a common account, like public email addresses, such as info@contoso.com or contact@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. 

Shared mailboxes are a great way to handle customer email queries because several people in your organization can share the responsibility of monitoring the mailbox and responding to queries. Your customer queries get quicker answers, and related emails are all stored in one mailbox. 

A shared mailbox doesn’t have its own user name and password. You can’t log into a shared mailbox directly using Outlook or Outlook Web App. You must first be granted permissions to the shared mailbox, and then you access it using Outlook or Outlook Web App. You don’t need to assign licenses to shared mailboxes, except when they are over their storage quota of 10 gigabytes (GB).

 

Sign in to Office 365

Click the waffle and select Admin

 

Expand Admin

Select Exchange

Select Recipients

Select Shared

 

Click +

 

Enter Display Name

Enter Email Address (this value must be unique) – Drop down the list to select the email domain.

Select the User(s) that has permissions to send mail from the shared mailbox. This can be changed later with advanced options

Enter Alias

Click Save

 

Once the shared mailbox is created, select it and click the pencil to edit the properties. Advanced settings are available.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Office365 – Lync for Mac 2011 – The System is Unavailable Now

 

Error

The system is unavailable now so you have been signed out of Microsoft Lync.

 

Other symptoms of the issue is that it will log you in, but your contacts list isn’t populated and you can’t send or receive messages

 

 

The fix for this error is really simple and Microsoft has this documented in the following KB. Follow my screen shots below to update to the latest version of Lync for Mac 2011

http://support.microsoft.com/kb/2629861

 

 

Click Help

Click Check for Updates

 

Click Install

 

Click Continue

 

Update will Download

 

Click Continue

 

Agree

 

Click Install

 

Enter Admin Password – If prompted

 

Click Close

 

Sign in

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Office365 – Lync for Mac 2011 Sign in Failed Because Service is not Available

 

Error

Sign in to Microsoft Lync failed because the service is not available of you may not be connected to the Internet.

 

 

If you have run into the issue above, the fix is simple. Microsoft has put out a KB article that details the resolution, or you can follow my screen shots below.

 

http://support.microsoft.com/kb/2629861

 

Click Advanced at the bottom of the application

 

Click Manual Configuration

Change Internal Server name to sipdir.online.lync.com:443

Change External Server name to sipdir.online.lync.com:443

Click OK

 

Login

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

In the previous post we setup two WAP servers that will act as the AD FS proxy role for our internal AD FS servers. Now that the servers are setup, we need to add an end point so that the servers are accessible from the internet and we also need to load balance the end point across the two WAP servers.

 

Configure a Load Balanced End Point on the first Web Application Proxy Server

 

Open the Azure Management Portal

Select the first WAP Server

 

Select Endpoints

Click + Add

 

Select Add a Stand-Alone Endpoint

Click Next Arrow

 

Select HTTPS

Verify TCP

Verify Public Port 443

Verify Private Port 443

Select Create a Load-balanced set

Click Next Arrow

 

Name the load-balanced Set

Verify Protocol – TCP

Verify Probe Port – 443

Verify Probe Interval – 15

Verify Number of Probes – 2

Click the complete check mark

 

Load balanced endpoint is added

 

Add the Second Web Application Proxy Server to the WAP Load Balanced Set

 

Now that we have the load balanced endpoint setup on the first server, we now need to add the second server to this set.

 

Select the second WAP server

Click Endpoints

Click + Add

 

Select Add an endpoint to an existing load-balanced set

Select the load-balanced set you created in the step above

Click Next Arrow

 

Name the endpoint for this server

Verify the protocol – TCP

Click the complete checkmark

 

At this point the servers are both added to the load balanced end point and are live on the internet.

 

Collect the External IP Address of the WAP Cloud Service

 

Now that the WAP servers are load balanced, we will need to update our public DNS so that the Public Virtual IP (VIP) Address for the WAP cloud service is resolving to the AD FS farm name (in my case it’s sts.office365supportlab.com)

Click on the WAP Cloud Service – On the main page the Public Virtual IP (VIP) Address will be displayed

 

 

Update Public DNS

 

Before you complete this step, please note that this could have an impact if you are already in production. Don’t update this record if you don’t know what you are doing.

Since we all use different DNS hosts, I’ll leave this one up to you. Here is a screen shot of my GoDaddy DNS zone for reference.

 

Testing AD FS from External

 

 

Browse to the URL – https://sts.domain.com/adfs/ls/IdpInitiatedSignon.aspx
Make sure to modify the hostname and domain for your own domain.

Enter credentials

Click Sign in

 

 

Testing Access from Office365

Navigate to https://portal.office.com

 

Enter your UserID

Hit Tab

 

Redirecting to the WAP servers

 

The user name should be populated with the value entered on Office365 sign-in page

Enter Password

Click Sign-in

 

Credentials are verified and you are re-directed to Office365

 

This completes the series for Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365.

 

 

My BLOG Series

Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365

  1. Setting up the Primary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
  2. Setting up the Secondary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
    1. Configure the AD FS Servers in an Internal Load-Balanced Set in Windows Azure for Office365 Single Sign-On
    2. Configure the AD FS Servers with Azure Load Balanced Set in Windows Azure for Office365 Single Sign-On
  3. Securing the AD FS 3.0 servers and Configuring Azure ACLs for WAP Communications
  4. Setting up the First Web Application Proxy Servers (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  5. Setting up the Second Web Application Proxy Server (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  6. Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Technical Consultant

Concepps Group

Email Me Follow me on Twitter Connect with me on LinkedIN