Azure AD Integration Updates

Azure AD integration now provides multiple approaches direct from Microsoft and the ability to write back to on premises AD. The recently update table on MSDN outline the capabilities, I'm also particularly keen to monitor the Azure Device Registration Service Preview as this will enable very dynamic environments,

The new and soon to be updated Azure AD Sync Services (AAD Sync) information is available here,

Happy sync'ing.



Office 365 First Release - How to enable

Content from:

With Office 365, you get product updates – like new email features, more site storage, and new collaboration features – as they become available. You can decide when to receive the updates by opting in to the First Release program or remaining on the Standard Release program.

First Release
With this option, you and your users receive a select set of significant service updates as early as one week after the official announcement. Choose this option if you and your employees are comfortable with regular updates to the Office 365 service.
Standard Release
With this default option, you and your users receive a select set of significant service updates 3 weeks or more after the official announcement. For at least 3 weeks, you have time to learn about the updates and prepare your employees.
Note    The Office 365 updates described in this article apply to the Office 365 suite, SharePoint Online, and Exchange Online. They do not apply to Lync Online, Exchange Online Protection, the latest version of Office and related services.

Turn on First Release

By default, all Office 365 accounts are on the Standard Release program. They receive service updates 3 weeks or more after the official announcement. You can remain on this update schedule or turn on First Release by following these steps.
  1. Sign in to Office O365.
  2. Go to Admin > Service settings > Updates.
  3. Turn First Release on or off.

ADFS 3 Device Registration SSL SAN required with Workplace Join

I came across an interesting issue when deploying Workplace Join as part of a migration to ADFS 3. ADFS had been tested as working correctly with the Device Registration service initialized and enabled, but I could not register Windows devices.

After running the lab (which used different different host names!) and checking many settings I decided to go back to the beginning (always a good place to start) and review the Device Registration requirements listed on TechNet. Surprise, I had missed something really obvious in my clients choice of a wildcard SSL certificate - something I normally dig my heels in over.

Solution: You must add enterpriseregistration. (i.e. where is the UPN) to the certificate used for Device Registration as a SAN for each UPN suffix in use.

Straight from the horse's mouth, "AD FS must be configured with a server SSL certificate that includes the well-known Device Registration server names" and this is followed by an example, "enterpriseregistration.".

Ah, that explains it, but then somewhat confusingly TechNet states:

"You can satisfy this requirement in two ways. You can use a wildcard certificate that covers all of the possible names used at your company or you can add the additional names as subject alternative names."

Important: The first way above is not true, at least for now, either that or the Device Registration service is not implemented as designed with all devices in mind.

Office 365 IE8 support ends 8 April 2014

If you use IE8 with Office 365 it is now time to upgrade or deploy an alternate browser. I see this as a huge step forward, enabling new and the best experience in the browser for users... on any device!

You can deploy a newer version of IE,  best to use IE10 or IE11. The latest version of Chrome, Firefox and Safari (on Mac) supported by the vendor are also designed to work with Office 365.

TechNet: Office 365 System Requirements:

Office 365 is designed to work with the current or immediately previous version of Internet Explorer. We recommend that you upgrade to the latest version of Internet Explorer after it is released. Office 365 might continue to work with versions of Internet Explorer other than the current and immediately previous versions for some time after the release of a new version of Internet Explorer, but Office 365 can’t provide any guarantees.
When accessing Office 365 from older versions of Internet Explorer, users may experience known issues and limitations depending on the versions of Internet Explorer, including:
  • Internet Explorer 9   Office 365 does not offer code fixes to resolve problems you encounter when using the service with Internet Explorer 9. You should expect the quality of the user experience to diminish over time, and that many new Office 365 experiences might not work at all.
  • Internet Explorer 8   The user experience sending and receiving email with Outlook Web App and Internet Explorer 8 might be substantially diminished, especially when used on Windows XP or with low memory devices. Office 365 does not offer code fixes to resolve problems you encounter when using the service with Internet Explorer 8, and new Office 365 experiences might not work at all. You should also expect the quality of the user experience with Internet Explorer 8 to diminish further in the near future. After April 8, 2014, Internet Explorer 8 will only display Outlook Web App Light.

OneDrive for Business - 1 TB quota available

If, unlike me, you are lucky enough to have a large storage pool in SharePoint Online it is now possible to assign 1024 GB / 1 TB  to OneDrive for Business Office 365 users. If you don't buy more storage each E user still gets 25 GB of personal storage and adds 500 MB to the overall pool.

OneDrive for business - 1TB quota

This started rolling out a week or so back, keep an eye out for it. I believe the maximum amount of storage which can be purchased per tenant is 25 TB... that is for now I guess.

More information on SharePoint Online and OneDrive for Business limits can be found here.

Exchange Online: Get a Hybrd key

If you have or plan to deploy Exchange Hybrid within your Exchange Server 2003 or 2007 Org obtaining the key just became a lot easier.

This wizard drives through validating eligibility to issue Exchange Server 2010 or 2013 keys. This is for Hybrid only, so it is not permitted to host mailboxes.