Skip Ribbon Commands
Skip to main content
Benoit s Corner

Benoit's corner

Aug 29
Azure – Interactive Azure Platform Big Picture and Symbols set

As Microsoft Azure is frequently evolving this can be quite a challenge to find/know what is available as well as getting documentation and pricing

You can find all the current services/features on this interactive web site http://aka.ms/azposterapp

In the same time, if you need to create Visio diagrams and/or documentation for your Azure services, you can go to http://aka.ms/CnESymbols to download the Azure symbols

Aug 29
SharePoint Online – Change the default sharing link type

As you may know, you can share content stored on SharePoint Online by getting a link (depending of the settings enabled by your administrator, you may get different options).

Now, SharePoint Online administrators can define which sharing link type (direct, internal or anonymous – again depending of the sharing configuration settings defined) will be the default option.

To change the default sharing link type, log on as with an administrator account on your SharePoint Online Administration portal (https://<your tenant>-admin.sharepoint.com or from the Office 365 admin portal) and reach out the Sharing section

image 

Aug 29
Office 365 – Vision Online is coming

Microsoft has announced the availability of Visio Online in preview (first release tenant will get it first)

This will allow you to share Vision files (.vsdx) with others which do not have Visio client or Visio viewer installed; they will be able to open Visio files using the web browser, as they already can for Word, Excel or PowerPoint files.

imageimage 

General availability is scheduled for the end of this year

Aug 29
Office 365 – Advanced Security Management

Microsoft has added a new service into Office 365 called Advanced Security Management.

This new service allows administrators to setup alerts for various activities, from users to administrators activities, anomalous or suspicious behavior and define action to these issues, such as suspending user account.

Activation

To start using this new service, you need first to assign a license to each of your user – this requires you have activated the service from the Billing\Purchase Service section

image image

Then you need to access the Security and Compliance administration center (as reminder you can also use this URL https://protection.office.com)

image 

From there access the Alerts\Manage Advanced Alerts section to enable the service

image 

 

Advanced Security Management Portal

Then go to the Advanced Security Management portal by hitting the blue button below the activation check box; the ASM portal URL will be like https://<your tenant>.portal.cloudappsecurity.com/

You may have already one default alert called General Anomaly Detection

image 

When you hit the Gear button, you will be able to edit this rule (as well as all other rules you will create)

image 

You can switch On or Off the setting you want and enabled/disabled alerting.

By default, the setting applies to ALL activities, if you want to select specific activities, just click on All monitored activity to select Selected activity

image 

Then you can define the filter you want to select activity/ies to monitor

image 

You can even test your selection by hitting the Edit and preview results button shown on the top right of the filtering interface

image 

 

Delegate Access and IP Range Definition

Using the gear button on the top right of the navigation bar you can delegate access to the ASM portal as well as define your “authorized/identified” IP ranges

image 

By default, all Azure Active Directory Global admins (which off course includes Office 365 Global admins) have access to the ASM portal but you can delegate the access to your security officers or auditors as off course you do not want them to be global admins

You need to add the email address of the account you want to delegate the access

image 

The IP range option allows you to create IP ranges definition and associate them with a confidence level (category). This can be helpful if you have already detected some IP’s as risk

It is highly recommended to define your IP ranges as soon as possible only future events will be affected by this definition

imageimage 

 

Policies and Templates

If you click on the Control button in the top bar, you will be able to manage your own policies and templates

image 

At this stage there 6 default template – you can not create your own nor edit them (yet?)

Each template is a predefined set of rules related specific activities, you can create your policy from an existing template by hitting the + (plus) sign

image 

You can also create your policy from the Control button

image 

The below screenshot is a new policy created from a template

image 

You can Disable or Delete a policy using the button on the right side of the policy

image 

 

Alerts

As soon as you have enabled the license for your users, the system starts gathering data and while you are working on the configuration or reviewing the portal, you may see appearing some alerts on the top bar

image 

If you hit this notification, you will see all activities detected by the system – it may reports activities executed/completed in the past

image 

You can access the detail of the alert by clicking on it; from there you can then review the alert and take appropriate action; in the following screenshot, the alert is related to an admin privilege granted to an account

image 

If you have to action to apply because this is a legitimate action, you can Dismiss the alert by hitting the button at the top right of the alert details

image 

Dismissing an alert will ask you to provide detail on the dismissal

image 

And then you got confirmation of the dismiss action

image 

 

Activities Log

You can review all activities by hitting the Activity Log button

image 

You can review all activities performed by any user with the action, user, application and location

image 

If you open one of the activity log, you will get even more details

image 

 

Governance Logs

Finally you have one last service available called Governance Logs which will help you to audit all the activities

image 

image 

 

Notifications

If you have enabled the notifications to be alerted in case of suspicious activity, you will receive an email similar to the screenshot below showing the user and the workload involved in the suspicious activity

image 

Aug 26
System Center Configuration Manager – Integrate your Windows Store for Business

The latest update for System Center Configuration Manager 2012 R2 (build 5.00.8412.1000 – released on August 2nd, 2016) has added the ability to integrate your Corporate Windows Store into SCCM.

The ability to deploy Universal Apps using SCCM has been introduced some time ago but you were obliged to use the Offline Licensing and create an application in SCCM prior to the deployment.

Your client device must run Windows 10 build 1511 or later (build released in November 2015)

First thing, off course you need to update your SCCM infrastructure with the reference update.

If this already done, open your SCCM administration console and go to Administration\Cloud Services\Updates and Servicing\Features to turn on (the default is Off) the Windows Store for Business Integration feature and confirm the activation

imageimage

Starting from then you will be able to directly add applications from your Windows Store for Business.

Register your SCCM infrastructure

To be able to continue the configuration process, you need to register your SCCM infrastructure on Azure Active Directory

Connect to your Azure portal (https://manage.windowsazure.com) and access the Applications section your Azure AD tenant to Add a new application

image

Choose to add an Application my organization is developing

image

Name the application (like SCCM for example) and select the Web Application type

image

Define the sign in and app ID url’s – the values you defined do not really matter as these will no be really used; this needed to complete the process and then be able to get a key

image

Finally, configure the added application to generate a key using the keys section on then select the duration of the key

imageimage

Once the key has been generated, stay on this page until you complete the next steps. If you do, you will not be able to get the key after.

Define SCCM as management tool

You then need to connect to your Windows Store for Business (https://businessstore.microsoft.com) to define the management tool used to deploy the applications, search using the name of the application you added during the previous step and make it active

imageimage

While you are on your Windows Store for Business, you also need to enable the Show offline licensed apps option available through the Manage\Account Information section

imageimage

Adding Windows Store for Business account

Once the feature has been successfully added, close the console and re open it to go back to Administration\Cloud Services section, you should see the Windows Store for Business section

You can only add one Windows Store for Business account

image

Right click on it and choose to add Windows Store for Business Account; this where we will need the key created during the previous step

image

Just follow the wizard to define the credentials to connect to the store

You will need to define your Azure AD tenant (the one on which you have added your SCCM), the client ID and the key

image imageimage

Click to the Verify button to ensure everything is correct and finally define the location where to save Windows apps for Offline deployment

Finally you can refine the language(s) available

imageimage

You Windows Store for Business is now added

image

IMPORTANT this where you will have to go when the application key will expire to change it

image

Deploy Windows Universal Apps

Your Windows Store for Business has been now added and you can deploy the application you have in store (see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=793 for more information on how to get application on your store, ensure you select the Offline license type)

Go to the Software Library\Application Management\License Information for Store Apps section and add a new application for deployment

Right click on the application you want to deploy and Create application, then follow the well known create application wizard.

image 

Aug 26
SCCM – Integrate OMS with your SCCM infrastructure

The latest update of System Center Configuration Manager 2012 R2 (build 5.00.8412.100 published on August 2016) has added a prerelease feature to use OMS to synch your monitoring logs.

Off course, to take advantage of this feature, you need to have an Operations Management Suite tenant (https://www.mms.microsoft.com)

Enable Prerelease Features

To take advantage of this prerelease feature, you first need to enable the activation of prerelease from the Administration\Site Configuration\Sites\Hierarchy Settings

image 

 

Enable Microsoft OMS Connector

From the SCCM administration console, access the Administration\Cloud Services\Updates and Servicing\Features and turn on the Pre-release – Microsoft Operations Management Suite (OMS) feature

image 

Once activated, close the console and re open it to see the OMS Connector

image 

 

Register your SCCM infrastructure

You need to perform this step ONLY if you did not already have registered your SCCM infrastructure; you may already have done this to integrate your Windows Store for Business store. You will need anyway to configure the permission to grant the correct rights (next step).

To be able to continue the configuration process, you need to register your SCCM infrastructure on Azure Active Directory

Connect to your Azure portal (https://manage.windowsazure.com) and access the Applications section your Azure AD tenant to Add a new application

image_thumb1 

Choose to add an Application my organization is developing

image_thumb2 

Name the application (like SCCM for example) and select the Web Application type

image_thumb3[1] 

Define the sign in and app ID url’s – the values you defined do not really matter as these will no be really used; this needed to complete the process and then be able to get a key

image_thumb4 

Finally, configure the added application to generate a key using the keys section on then select the duration of the key

image_thumb5image_thumb6 

Once the key has been generated, stay on this page until you complete the next steps. If you do, you will not be able to get the key after.

  

Create the OMS workspace on Azure

Connect to your Azure management portal (https://portal.azure.com) and add a resource; if you already have an OMS workspace, just search for it and go to the step to grant the permission

Search for Log Analytics (OMS) and create the workspace

image 

Create or link an existing OMS workspace

image 

Then fill the additional settings like resource group, location…

image 

Grant Permission to Connect to the OMS Workspace

Open the Log Analytics (OMS) blade and open your workspace

image 

Click on the Access management

image 

Add a contributor role and add the user - which is the application name you created on your Azure AD

image 

 

Configure OMS Connector

From the administration console, browse to Administration\Cloud Services\OMS Connector and right click to create the connector – from the top tier site in your hierarchy

image 

Just follow the wizard to configure the tenant, client ID and key for the application added previously

imageimageimage_thumb11[1] 

Click the Verify button to ensure everything is correct; this will show Successfully verified

image 

During the next step, you need to define your Azure subscription, the Azure resource group and the OMS workspace; you need to manually fill these fields (as this is a prerelease, we can expect this could be prepopulated at a later stage). If you have multiple Azure subscription, it is recommended to use the one you are already using with OMS (you can check it from the OMS portal, Settings\Accounts\Azure Subscription section) and select the device collection you want to synch with OMS – you can change it anytime later

image 

The collection will then be shown in the OMS portal helping you monitoring your device collections.

Install the OMS Agent on the SCCM Server with the Connection Point

You must install the OMS agent on the server hosting the connection point to OMS

See https://azure.microsoft.com/en-us/documentation/articles/log-analytics-windows-agents/#download-the-agent-setup-file-from-oms

 

Import the collection on OMS

Connect to your OMS workspace portal (https://mms.microsoft.com) and go to the Settings

You should see an SCCM tab as part of the Computer Groups section and activate the Import Configuration Manager collection membership

image 

Aug 13
Azure – Azure RemoteApp is being retired

UPDATE 13/08

You can sign in to the Citrix TechPreview (scheduled for Q4 and GA 2017) here https://www.citrix.com/global-partners/microsoft/remote-app.html

Microsoft has announced the retirement of the Azure Remote App solution.

Azure RemoteApp was the ability to publish applications and resources using Remote Desktop technology through Azure, either in full cloud mode (ie application and applications/resources hosted on Azure) or in hybrid mode (ie using Azure to access applications/resources hosted either in Azure or On Premises).

The Azure RemoteApp is not anymore available for sale and if you are already using it, you can still continue to use it for one more year while you look for alternative solutions.

See https://blogs.technet.microsoft.com/enterprisemobility/2016/08/12/application-remoting-and-the-cloud/  for the official announcement and alternative solutions.

Aug 05
Office 365 / Exchange – Convert your distribution lists to Office 365 Groups

A new feature is being rolled out to allow you to convert your distribution lists to Office 365 Groups.

 

What can be converted to Office 365 Groups

The following table defines what can be converted (as of today – August 5th, 2016)

Distribution Group Types Eligibility
Mail enabled security group. Not eligible

On-premise managed distribution group. (synched)

Not eligible

Nested distribution groups. Distribution group either has child groups or is a member of another group.

Not eligible

Moderated distribution group

Not eligible

Distribution groups with send on behalf settings

Not eligible

Distribution groups hidden from address lists

Not eligible

Distribution groups with member RecipientTypeDetails other than UserMailbox, SharedMailbox, TeamMailbox, MailUser

Not eligible

Distribution groups with member join or depart restriction as Closed

Eligible. Converted to a private Office 365 Group.

Distribution groups with custom delivery status notifications. ReportToManager = true, ReportToOriginator = false ReportToManager = false, ReportToOriginator = false

Eligible. Office 365 Groups don't understand these properties, and delivery status notifications are always sent to the person that sent the email.

Convert a distribution group

Logon to your Exchange Online ECP (https://outlook.office365.com/ecp/) and reach the Recipients\Groups section

Select the distribution group you want to convert to Office 365 – please refer to the table – and click the Upgrade to Office 365 Groups button

Don’t worry, if the distribution list is NOT eligible, this button will not be available

image_thumb

Confirm you want to convert to Office 365 Groups – thankfully if anything goes wrong, the DL will not be changed

image_thumb5

image_thumb1

Then the conversion may take some time

image_thumb4

Please note it may take some time also to refresh the Office 365 Admin portal; this means you may see twice your DL/Office 365 groups – one distribution list and one Office 365 Groups; if you try to select the former distribution group you will got an error
image_thumb7

image_thumb6 

Aug 05
Office 365 – Office 365 Admin Universal App is GA

The Office 365 Admin Universal App has reached general availability.

Google_play      IOS_Appstore      Windows_Store

If you have been running the beta version (Office 365 Admin Universal Beta) you need to install the released version.

If you have been running the ‘old’ version of the Office 365 Admin app on Windows 10, the app will be updated -  if not, check the app store to ensure you have enable automatic updates or to manually check for update.

If you are using Windows Phone 8.1, the app will continue to run but will not receive any further update.

Jul 26
Skype for Business – Getting MAPI unavailable message after switching to UCS

If you have configured you Skype for Business infrastructure to use UCS (Unified Contact Store) or if you have requested to get it enabled on Office 365 (yes, you do not have UCS activated by default on Office 365 and you need to open a SR to get it), you may face the following issue.

With Skype for Business client, you may have some notification

  • When displaying the Configuration Information
  • image

MAPI Information;Your Outlook profile is not configured correctly. Contact your support team with this information.;MAPI unavailable;
EWS Information;;EWS Status OK;   
image 

  • Delegate functionality may be broken

If so, there is 2 plan: 1 simple, 1 a little bit more complex

 

Simple Plan – Deploy the July 5th 2016 fix

This is very simple, just download and deploy the fix from

However this may not work, especially if you have Office 2013/Office 2016 Click To Run installation. The fix will not detect any product for which the fix must be applied.

You can try to force your Click To Run install to get updated but it seems the fix is not yet available neither (I did and the issue was not solved)

So, let’s take a look at the more complex action

More Complex – Registry fix

Launch the registry editor (regedit) and browse to the following key

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles and open your default profile

Then locate the subkey named 9375CFF0413111d3B88A00104B2A6676

Open the subkey and check each of the key until you found the one with your email address shown in the Account Name value

imageimage 

Take the value from the Service UID and then locate the subkey with the same value below the Profiles tree – like in this example the Service UID value is 980e871e9d8a8644b50ddd6c2c583715, the subkay to locate will be HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\980e871e9d8a8644b50ddd6c2c583715

Take the value from the 01023d0d binary value and repeat the same search

image 

In this example, the value is 2c5e812328c4cb42bfbd2be3d360e7b3 so the subkey to search is HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\2c5e812328c4cb42bfbd2be3d360e7b3

There you need to create a new String value named 001e6603

image 

Edit this new string value with the value of your mailbox LegacyDN – you can get the LegacyDN with the Test e-mail autoconfiguration from Outlook from the XML tab

image 

Close your Sfb/Lync client and restart it. You should now get

UCS Connectivity State;Exchange connection Active;--;
MAPI Information;MAPI Status OK;MAPI Status OK;

image 

1 - 10Next

 ‭(Hidden)‬ Blog Tools

 About

Benoit is specialized on Microsoft infrastructure (Active Directory, Azure, ForeFront products, Hyper-V, Identity Management, System Center, Windows) and collaboration (BPOS, Exchange, Office 365, SharePoint) technologies.

He has been awarded as Microsoft Most Valuable Professional (MVP) since 2002 - on Windows, then SharePoint and finally Office 365. He has been recoginzed as Microsoft Community Contributor for his work on the Office 365 community in 2013 and 2014.

He has been involved in early stage of testing phase for many Microsoft products - from Windows to Office 365, including Exchange, SharePoint or Office client and WindowsUpdate.

He has participated as speaker or Ask The Expert (ATE) at many Microsoft or Quest events. He also participed in writing several books on SharePoint (2003 to 2010).

With more than 10 years of professional experience, he has a deep knowledge of the Microsoft market and his competitors.

 Copyright

​Privacy Information

This blog is using tracking code for analytics purpose.

No personal data are stored and maintained.

 Follow me on

 Share This

 Office365 Undercover by Arnaud ALCABEZ

Retrieving Data

 Certifications

Microsoft Certified Systems Administrator 
Microsoft Certified Systems Administrator - Messaging
Microsoft Certified Systems Engineer 
Microsoft Technology Specialist 
 Microsoft Certified IT Professional

 Translation Tool

Translate this page

 FaceBook Fan's Page

 Books I wrote

Le portail Microsoft SharePoint 
Microsoft Office SharePoint Portal Server 2003 et WSS au quotidien 
Microsoft Office SharePoint Server (MOSS) et Office 2007  
Microsoft Sharepoint 2010