AD RMS on devices

Active Directory Right Management Services (AD RMS) enables the protection of emails and documents within the domain for users and computers.

If you have RMS in place with Exchange Server or Exchange Online, how do your mobile workers gain secure access? Some platforms (Windows Phone) support this out of the box, but it does require a bit of configuration. If you have Apple, Android or even the creaking BlackBerry OS in the mix I have used the following apps fill the gap.

NitroDesk TouchDown 7.3+ for Android

GigaTrust for Apple iOS and BlackBerry

I will write a follow up post covering RMS/IRM for Exchange Server and Exchange Online and how Windows Phone can leverage this in the coming weeks.


Forefront changes, TMG is no more

Threat Management Gateway and ISA before it provided a pretty simple way to get client connectivity to Exchange mailboxes from the internet. Microsoft have announced changes to the Forefront roadmap, which when you consider the next wave of server products and partner solutions makes sense.

Discontinued, but supported:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

This kind on makes sense, for example Exchange 2013 comes with a basic level of protection built-in and a lot of organisations will already have a third party mail gateway or service deployed on the “perimeter”. The CAS role has also changed resulting, as Hosters have been doing it for years, in reduced risks in exposing this to the internet (via HLB etc).

Direct Access will play a big part in remote access, the UAG cash cow (heavy on licencing compared to TMG) will also continue as a product.

Azure AD Standalone Tenants

Over of the Windows Azure blog there have been some cool announcements,

I’ve been using for a while now and with the announcement of “standalone tenants” this presents huge possibilities. In hosting circles I have often had discussions for providing “multi-tenant” AD available on demand, but have always come to the conclusion it would require Microsoft to make some key changes.

Check it out now,

Windows 8 tip: Browser choice

If you have windows 8 RTM editions you will have recently had to complete the browser choice wizard. This is great until you realise it unpins desktop IE from the taskbar and the Start Screen only provides Windows Store/Modern UI (Metro) IE.

There are 2 simple solutions:

1. Start > type “iexplore.exe” > right click > Pin To Taskbar

2. Open Windows Store style IE > click the spanner/tools option > View on Desktop > right click IE on taskbar > Pin To Task Bar

Anyway, hope that helps some folks out.

Office 365 Outlook Password Notifications

Microsoft have released updates for Outlook 2007 and Outlook 2010 which provide password expiry notifications for non-federated users using a balloon in the system tray. If it is the first logon or the password has expired the user will receive a dialogue prompting them to change the password. In either case the user is directed to the Office 365 portal.

Password expiration notification.

Password has expired notification.

Get the updates for Outlook here:

  • 2687351 Description of the Outlook 2010 hotfix package (Outlook-x-none.msp): August 28, 2012
  • 2687336 Description of the Outlook 2007 hotfix package (Outlook-x-none.msp): August 28, 2012

For some organisations SSO just isn’t important, combining these Outlook updates with the Set-MSOLPasswordPolicy allows the customisation and enforcement of policy with reduced user training and helpdesk calls.

As always, the Exchange Team have created a great post with videos.

There is also a TechNet article explaining it all,