As Microsoft Azure is frequently evolving this can be quite a challenge to find/know what is available as well as getting documentation and pricing
You can find all the current services/features on this interactive web site http://aka.ms/azposterapp
In the same time, if you need to create Visio diagrams and/or documentation for your Azure services, you can go to http://aka.ms/CnESymbols to download the Azure symbols
As you may know, you can share content stored on SharePoint Online by getting a link (depending of the settings enabled by your administrator, you may get different options).
Now, SharePoint Online administrators can define which sharing link type (direct, internal or anonymous – again depending of the sharing configuration settings defined) will be the default option.
To change the default sharing link type, log on as with an administrator account on your SharePoint Online Administration portal (https://<your tenant>-admin.sharepoint.com or from the Office 365 admin portal) and reach out the Sharing section
Microsoft has announced the availability of Visio Online in preview (first release tenant will get it first)
This will allow you to share Vision files (.vsdx) with others which do not have Visio client or Visio viewer installed; they will be able to open Visio files using the web browser, as they already can for Word, Excel or PowerPoint files.
General availability is scheduled for the end of this year
Microsoft has added a new service into Office 365 called Advanced Security Management.
This new service allows administrators to setup alerts for various activities, from users to administrators activities, anomalous or suspicious behavior and define action to these issues, such as suspending user account.
To start using this new service, you need first to assign a license to each of your user – this requires you have activated the service from the Billing\Purchase Service section
Then you need to access the Security and Compliance administration center (as reminder you can also use this URL https://protection.office.com)
From there access the Alerts\Manage Advanced Alerts section to enable the service
Then go to the Advanced Security Management portal by hitting the blue button below the activation check box; the ASM portal URL will be like https://<your tenant>.portal.cloudappsecurity.com/
You may have already one default alert called General Anomaly Detection
When you hit the Gear button, you will be able to edit this rule (as well as all other rules you will create)
You can switch On or Off the setting you want and enabled/disabled alerting.
By default, the setting applies to ALL activities, if you want to select specific activities, just click on All monitored activity to select Selected activity
Then you can define the filter you want to select activity/ies to monitor
You can even test your selection by hitting the Edit and preview results button shown on the top right of the filtering interface
Using the gear button on the top right of the navigation bar you can delegate access to the ASM portal as well as define your “authorized/identified” IP ranges
By default, all Azure Active Directory Global admins (which off course includes Office 365 Global admins) have access to the ASM portal but you can delegate the access to your security officers or auditors as off course you do not want them to be global admins
You need to add the email address of the account you want to delegate the access
The IP range option allows you to create IP ranges definition and associate them with a confidence level (category). This can be helpful if you have already detected some IP’s as risk
It is highly recommended to define your IP ranges as soon as possible only future events will be affected by this definition
If you click on the Control button in the top bar, you will be able to manage your own policies and templates
At this stage there 6 default template – you can not create your own nor edit them (yet?)
Each template is a predefined set of rules related specific activities, you can create your policy from an existing template by hitting the + (plus) sign
You can also create your policy from the Control button
The below screenshot is a new policy created from a template
You can Disable or Delete a policy using the button on the right side of the policy
As soon as you have enabled the license for your users, the system starts gathering data and while you are working on the configuration or reviewing the portal, you may see appearing some alerts on the top bar
If you hit this notification, you will see all activities detected by the system – it may reports activities executed/completed in the past
You can access the detail of the alert by clicking on it; from there you can then review the alert and take appropriate action; in the following screenshot, the alert is related to an admin privilege granted to an account
If you have to action to apply because this is a legitimate action, you can Dismiss the alert by hitting the button at the top right of the alert details
Dismissing an alert will ask you to provide detail on the dismissal
And then you got confirmation of the dismiss action
You can review all activities by hitting the Activity Log button
You can review all activities performed by any user with the action, user, application and location
If you open one of the activity log, you will get even more details
Finally you have one last service available called Governance Logs which will help you to audit all the activities
If you have enabled the notifications to be alerted in case of suspicious activity, you will receive an email similar to the screenshot below showing the user and the workload involved in the suspicious activity
The latest update for System Center Configuration Manager 2012 R2 (build 5.00.8412.1000 – released on August 2nd, 2016) has added the ability to integrate your Corporate Windows Store into SCCM.
The ability to deploy Universal Apps using SCCM has been introduced some time ago but you were obliged to use the Offline Licensing and create an application in SCCM prior to the deployment.
Your client device must run Windows 10 build 1511 or later (build released in November 2015)
First thing, off course you need to update your SCCM infrastructure with the reference update.
If this already done, open your SCCM administration console and go to Administration\Cloud Services\Updates and Servicing\Features to turn on (the default is Off) the Windows Store for Business Integration feature and confirm the activation
Starting from then you will be able to directly add applications from your Windows Store for Business.
To be able to continue the configuration process, you need to register your SCCM infrastructure on Azure Active Directory
Connect to your Azure portal (https://manage.windowsazure.com) and access the Applications section your Azure AD tenant to Add a new application
Choose to add an Application my organization is developing
Name the application (like SCCM for example) and select the Web Application type
Define the sign in and app ID url’s – the values you defined do not really matter as these will no be really used; this needed to complete the process and then be able to get a key
Finally, configure the added application to generate a key using the keys section on then select the duration of the key
Once the key has been generated, stay on this page until you complete the next steps. If you do, you will not be able to get the key after.
You then need to connect to your Windows Store for Business (https://businessstore.microsoft.com) to define the management tool used to deploy the applications, search using the name of the application you added during the previous step and make it active
While you are on your Windows Store for Business, you also need to enable the Show offline licensed apps option available through the Manage\Account Information section
Once the feature has been successfully added, close the console and re open it to go back to Administration\Cloud Services section, you should see the Windows Store for Business section
You can only add one Windows Store for Business account
Right click on it and choose to add Windows Store for Business Account; this where we will need the key created during the previous step
Just follow the wizard to define the credentials to connect to the store
You will need to define your Azure AD tenant (the one on which you have added your SCCM), the client ID and the key
Click to the Verify button to ensure everything is correct and finally define the location where to save Windows apps for Offline deployment
Finally you can refine the language(s) available
You Windows Store for Business is now added
IMPORTANT this where you will have to go when the application key will expire to change it
Your Windows Store for Business has been now added and you can deploy the application you have in store (see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=793 for more information on how to get application on your store, ensure you select the Offline license type)
Go to the Software Library\Application Management\License Information for Store Apps section and add a new application for deployment
Right click on the application you want to deploy and Create application, then follow the well known create application wizard.
The latest update of System Center Configuration Manager 2012 R2 (build 5.00.8412.100 published on August 2016) has added a prerelease feature to use OMS to synch your monitoring logs.
Off course, to take advantage of this feature, you need to have an Operations Management Suite tenant (https://www.mms.microsoft.com)
To take advantage of this prerelease feature, you first need to enable the activation of prerelease from the Administration\Site Configuration\Sites\Hierarchy Settings
From the SCCM administration console, access the Administration\Cloud Services\Updates and Servicing\Features and turn on the Pre-release – Microsoft Operations Management Suite (OMS) feature
Once activated, close the console and re open it to see the OMS Connector
You need to perform this step ONLY if you did not already have registered your SCCM infrastructure; you may already have done this to integrate your Windows Store for Business store. You will need anyway to configure the permission to grant the correct rights (next step).
Connect to your Azure management portal (https://portal.azure.com) and add a resource; if you already have an OMS workspace, just search for it and go to the step to grant the permission
Search for Log Analytics (OMS) and create the workspace
Create or link an existing OMS workspace
Then fill the additional settings like resource group, location…
Open the Log Analytics (OMS) blade and open your workspace
Click on the Access management
Add a contributor role and add the user - which is the application name you created on your Azure AD
From the administration console, browse to Administration\Cloud Services\OMS Connector and right click to create the connector – from the top tier site in your hierarchy
Just follow the wizard to configure the tenant, client ID and key for the application added previously
Click the Verify button to ensure everything is correct; this will show Successfully verified
During the next step, you need to define your Azure subscription, the Azure resource group and the OMS workspace; you need to manually fill these fields (as this is a prerelease, we can expect this could be prepopulated at a later stage). If you have multiple Azure subscription, it is recommended to use the one you are already using with OMS (you can check it from the OMS portal, Settings\Accounts\Azure Subscription section) and select the device collection you want to synch with OMS – you can change it anytime later
The collection will then be shown in the OMS portal helping you monitoring your device collections.
You must install the OMS agent on the server hosting the connection point to OMS
Connect to your OMS workspace portal (https://mms.microsoft.com) and go to the Settings
You should see an SCCM tab as part of the Computer Groups section and activate the Import Configuration Manager collection membership
You can sign in to the Citrix TechPreview (scheduled for Q4 and GA 2017) here https://www.citrix.com/global-partners/microsoft/remote-app.html
Microsoft has announced the retirement of the Azure Remote App solution.
Azure RemoteApp was the ability to publish applications and resources using Remote Desktop technology through Azure, either in full cloud mode (ie application and applications/resources hosted on Azure) or in hybrid mode (ie using Azure to access applications/resources hosted either in Azure or On Premises).
The Azure RemoteApp is not anymore available for sale and if you are already using it, you can still continue to use it for one more year while you look for alternative solutions.
See https://blogs.technet.microsoft.com/enterprisemobility/2016/08/12/application-remoting-and-the-cloud/ for the official announcement and alternative solutions.
A new feature is being rolled out to allow you to convert your distribution lists to Office 365 Groups.
The following table defines what can be converted (as of today – August 5th, 2016)
On-premise managed distribution group. (synched)
Nested distribution groups. Distribution group either has child groups or is a member of another group.
Moderated distribution group
Distribution groups with send on behalf settings
Distribution groups hidden from address lists
Distribution groups with member RecipientTypeDetails other than UserMailbox, SharedMailbox, TeamMailbox, MailUser
Distribution groups with member join or depart restriction as Closed
Eligible. Converted to a private Office 365 Group.
Distribution groups with custom delivery status notifications. ReportToManager = true, ReportToOriginator = false ReportToManager = false, ReportToOriginator = false
Eligible. Office 365 Groups don't understand these properties, and delivery status notifications are always sent to the person that sent the email.
Logon to your Exchange Online ECP (https://outlook.office365.com/ecp/) and reach the Recipients\Groups section
Select the distribution group you want to convert to Office 365 – please refer to the table – and click the Upgrade to Office 365 Groups button
Don’t worry, if the distribution list is NOT eligible, this button will not be available
Don’t worry, if the distribution list is NOT eligible, this button will not be available
Confirm you want to convert to Office 365 Groups – thankfully if anything goes wrong, the DL will not be changed
Then the conversion may take some time
Please note it may take some time also to refresh the Office 365 Admin portal; this means you may see twice your DL/Office 365 groups – one distribution list and one Office 365 Groups; if you try to select the former distribution group you will got an error
The Office 365 Admin Universal App has reached general availability.
If you have been running the beta version (Office 365 Admin Universal Beta) you need to install the released version.
If you have been running the ‘old’ version of the Office 365 Admin app on Windows 10, the app will be updated - if not, check the app store to ensure you have enable automatic updates or to manually check for update.
If you are using Windows Phone 8.1, the app will continue to run but will not receive any further update.
If you have configured you Skype for Business infrastructure to use UCS (Unified Contact Store) or if you have requested to get it enabled on Office 365 (yes, you do not have UCS activated by default on Office 365 and you need to open a SR to get it), you may face the following issue.
With Skype for Business client, you may have some notification
MAPI Information;Your Outlook profile is not configured correctly. Contact your support team with this information.;MAPI unavailable; EWS Information;;EWS Status OK;
If so, there is 2 plan: 1 simple, 1 a little bit more complex
This is very simple, just download and deploy the fix from
However this may not work, especially if you have Office 2013/Office 2016 Click To Run installation. The fix will not detect any product for which the fix must be applied.
You can try to force your Click To Run install to get updated but it seems the fix is not yet available neither (I did and the issue was not solved)
So, let’s take a look at the more complex action
Launch the registry editor (regedit) and browse to the following key
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles and open your default profile
Then locate the subkey named 9375CFF0413111d3B88A00104B2A6676
Open the subkey and check each of the key until you found the one with your email address shown in the Account Name value
Take the value from the Service UID and then locate the subkey with the same value below the Profiles tree – like in this example the Service UID value is 980e871e9d8a8644b50ddd6c2c583715, the subkay to locate will be HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\980e871e9d8a8644b50ddd6c2c583715
Take the value from the 01023d0d binary value and repeat the same search
In this example, the value is 2c5e812328c4cb42bfbd2be3d360e7b3 so the subkey to search is HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\2c5e812328c4cb42bfbd2be3d360e7b3
There you need to create a new String value named 001e6603
Edit this new string value with the value of your mailbox LegacyDN – you can get the LegacyDN with the Test e-mail autoconfiguration from Outlook from the XML tab
Close your Sfb/Lync client and restart it. You should now get
UCS Connectivity State;Exchange connection Active;--; MAPI Information;MAPI Status OK;MAPI Status OK;
Benoit is specialized on Microsoft infrastructure (Active Directory, Azure, ForeFront products, Hyper-V, Identity Management, System Center, Windows) and collaboration (BPOS, Exchange, Office 365, SharePoint) technologies.
He has been awarded as Microsoft Most Valuable Professional (MVP) since 2002 - on Windows, then SharePoint and finally Office 365. He has been recoginzed as Microsoft Community Contributor for his work on the Office 365 community in 2013 and 2014.
He has been involved in early stage of testing phase for many Microsoft products - from Windows to Office 365, including Exchange, SharePoint or Office client and WindowsUpdate.
He has participated as speaker or Ask The Expert (ATE) at many Microsoft or Quest events. He also participed in writing several books on SharePoint (2003 to 2010).
With more than 10 years of professional experience, he has a deep knowledge of the Microsoft market and his competitors.
This blog is using tracking code for analytics purpose.
No personal data are stored and maintained.