Wednesday, February 27, 2013
Two factor provides an much greater level of security because it means that anyone trying to access your system need more than just a password (which could be captured by a key logged on a PC you are using). A good example of this is the PayPal security key that I have blogged about previously.
When you access PayPal you are asked for the security key number that appears when you press the key. So without this physical key you can’t gain access to PayPal services.
Now this is all well and good if you always remember to have your security key with you. But what happens if you don’t and you need to access your system? The solution is to use a software token. That is a piece of software on a device you have with you (a tablet or mobile for example) that allows you to generate the required key. A great example of this is Google Authenticator which I use with all my Google accounts as well as Lastpass. If I need to access my Google information or retrieve a password from Lastpass I simply run the Google Authenticator program on my iPad and enter the number it provides (along with my password and id) to gain access.
Even something as simple as Google Authenticator can prove technically challenging for some, so a final option is to use an SMS text message to provide the required key. As I mentioned, Microsoft has been a little late to the game but that should all change now that they have acquired Phonefactor.
Hopefully we’ll soon be able to use two factor authentication with Office 365 to provide additional security and overcome the tendency for users to implement poor passwords. It also looks like you’ll be able to use these with on premise Microsoft software but I reckon it’ll come to the cloud first.
I’ll keep my eyes peeled for when it becomes available and let you know.
Tuesday, February 26, 2013
I am please to announced that Microsoft Australia has extended the full 2 day exam cram training session on the following exams:
Day 1 - 74-324: Administering Office 365 for Small Business
Day 2 - 70-687: Configuring Windows 8
- Day 1 – Tuesday 14th May (74-324: Administering Office 365 for Small Business)
- Day 2 – Wednesday 15th May (70-687: Configuring Windows 8)
It is important to note that this training in not like my normal bootcamps. These days are specifically focused on helping attendees pass the appropriate Microsoft certification exams so they are eligible to attain the Microsoft Small Business Competency. Thus, to get the most from this training you should be at least familiar with Windows 8 and Office 365.
I hope you are able to attend and I look forward to meeting you on the day but remember to book early as there is only a limited number of places available at each venue.
Saturday, February 23, 2013
One of the most difficult things to implement for cloud based systems is the concept of federated identity and Single Sign On (SSO). This means that a user only needs one set of credentials to log into the cloud or the local network. It also means that when they log in somewhere they are seamlessly logged into everything else they need.
Many local network users have taken for granted the fact that when they log into their local network (say Small Business Server) they are logged into the local machine, given access to files on the server, allowed to browse the Internet and more, all from a a single login.
Now, when users information is relocated to other systems, like the cloud, single sign on becomes much more challenging because you now have two (or more) completely separate systems that must trust each other first before they can share credentials between them. In the Office 365 world this was handled by Active Directory Federated Services (ADFS). When configured, this basically allowed the local network to ‘trust’ the cloud so users information could be passed securely between them.
Problem is that ADFS is really not a small business solution. It requires additional on site hardware as well a involved configuration process which was generally beyond most SMB resellers. Don’t get me wrong, ADFS is not impossible to implement in SMB but it certainly wasn’t a few clicks of the wizard.
For that reason, we have generally not seen a lot of Single Sign On (SSO) in SMB, yet there has been growing demand for a simpler solution. Personally, I now think we are about cross the Rubicon where SSO is a requirement. In that respect I would be suggesting NOW is the time to start looking at how to implement federation and SSO with cloud based systems. Sure, there aren’t a lot of solutions out there and many are complex but I think this will all change rapidly very soon. Get in early I say to lead the pack going forward.
So, my advice to SMB resellers and IT Professionals is to put aside what you have heard about ADFS and SSO and start investigating what they can offer. Have a look at third party options and two factor authentication. Most importantly keep you ear to ground on what changes are happening in the industry and be especially watchful of what Microsoft will bring to the table in the near future to greatly ease the pain of SSO in SMB.
Wednesday, February 20, 2013
Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw
You can find out more about the specific of the issues at:
So advice is that you should check to ensure your router is not vulnerable. To do this visit grc.com and go to the Shields Up page like so:
Click on the GRC’s Instant UPnP Exposure test.
Hopefully you will see:
If not then you need to take steps to ensure you rectify any issues discovered.
There are plenty of changes around Office 2013 licensing along with questions about what happens with previous editions, what’s allowed and what’s not. Here’s a nice table that summarizes everything quite nicely.
More information is contained in the blog post:
Tuesday, February 19, 2013
For example, here is a slide that is worth considering.
What it basically says is that Windows based machines now represent only 35% of the market, Apple and Android together are now the dominate players. Even worse for Windows is that both iOS and Android continue to grow at accelerating rates.
If you are in the IT market in any way shape or form you need to spend some time and have a look at all the information in the slide deck. I am confident that you’ll walk away having learnt something (good or bad).
Monday, February 18, 2013
I have finally completed the migration of over 1,200 blog posts going back prior to 2007 onto this new platform. During the process I came across a lot of really good posts that are still very interesting and relevant. There are also plenty of interesting posts along with some funny and downright stupid ones. So, what I thought I’d start doing is spend one post a month reviewing a sampling posts from that month back in the history of this blog.
Thus, it being February here we go:
Office 365 Identity options – information about the different ways that identity are handled in Office 365.
No Office Web Apps on SBS 2011 standard – information about how Office Web Apps, which is an addition to SharePoint is not supported on Small Business Server.
SharePoint Foundation BLOB storage – details how Binary Large OBject storage can be used with SharePoint and why in an SMB environment you really shouldn’t use it.
Productivity Part 1 – first of a three part series I wrote as a guest blogger on real productivity.
Installing SQL Server 2008 on Windows Server 2008 R2 – SQL is the basis for SharePoint storage.
Productivity costs – how much poor productivity is costs businesses
Email addiction – interesting information about how many people’s lives are rules by email.
It’s all going to the cloud – Yes, even back then I was saying this!
Sunday, February 17, 2013
I have started to come across more and more people who don’t seem to realise that you can purchase individual Office 365 components. This means if you just want basic email you can purchase Exchange Online Plan 1 (from around $4 per user per month) or if you want email with advanced features like Legal Hold and unlimited inbox then you can go for Exchange Online Plan 2 (from around $8 per user per month). The same holds true for SharePoint, Lync and even Office on the desktop (yes you can purchase just the latest Office desktop software via Office 365).
Typically, if you needs extend beyond just a single product, say email and collaboration, then that’s when the value of a suite becomes apparent but importantly, you don’t necessarily have to start there. Let’s say you just want basic email, you could purchase Exchange Online Plan 1. Then a few months down the track you get bitten by the SharePoint bug (if you haven’t yet you will), you can simply add that to your current Exchange Plan 1 in Office 365.
The individual components of Office 365 are currently offered under the Enterprise (E) licenses. Currently the cheapest suite offering is the Small Business and Professionals license (P) which offers the basic plans of Exchange, SharePoint and Lync (but no Office) rolled into a single package. The good thing about this P licenses is that it is great value for what you get. The bad thing is that it is not as flexible as the Enterprise or E plans. This means you can’t add features to the P license (say kiosk workers).
For that reason, it is my opinion that most businesses should only consider E licenses for the simple fact that it provides far more flexibility with the ability to easily add and remove features for individual users. P Plans are great provided the business is not planning to change much and is unlikely to want additional functionality.
I would still caution people about P plan even if they think they are unlikely to change. Why? Because chances are a change of circumstance will dictate a need to change down the track. If they have locked themselves into a P plan then migration is not easy. A good example is where a business decides on a P plan solely based on price. Down the track, if they find they need inboxes greater than the current 25GB limit in a P plan they can not simply add to their current offering as doing so is unsupported on P Plans. However, if they were instead over on an Enterprise (E) plan it would be simple process to effect this upgrade, even for just a single user.
For example, here’s the link to just the Exchange Online plans in Office 365
If you are in Australia you’ll find them at:
My experience with ANY technology is that you want to provide the maximum amount of flexibility because situations change. This should be EXACTLY the same when it comes to choosing Office 365 for your business. My advice is to just start with what you need and grow from there. This generally means moving to Enterprise (E) plans from the get go. They may be a little more expensive than the P plans but having that flexibility is well worth any small incremental cost. Trust me, you’ll find out what I mean if you don’t.
Thursday, February 14, 2013
One of biggest improvements to SharePoint 2013 and especially SharePoint Online coming with the next version of Office 365 real soon, is the addition of a SharePoint Store.
You access the Store by simply adding an App and selecting the SharePoint Store link on the page. Once there you’ll truly be surprised at how many apps are there (remembering that this still a preview!).
Even though many of the apps are free this still represents as much an opportunity for developers as it does end users. Having a simple place to see SharePoint solutions, right in SharePoint, I reckon is really going to be big. Why? Simply because SharePoint is only the starting point for solutions that businesses want. If clever developers can come up with handy apps then the potential is huge just as it has been in the mobile space.
Once the new Office 365 is released I’ll start digging more into the store and reporting here on the best apps I find, so stay tuned. In the meantime, if you have the Office 365 preview dive in and try a few. I’d be interested to know what you find.
A final reminder about my SharePoint Online bootcamp next week in North Ryde on Thursday the 21st of February. Places are still available via registration at:
You’ll receive a full days training on available SharePoint hosting options, with a particular focus on Office 365. You’ll also learn how to do SharePoint Online administration as well as learn how to use SharePoint Online to construct business solutions.
Entry to course will also provided you with all meals and refreshments, a comprehensive set of course notes, Internet access as well as the opportunity to network with other about SharePoint.
If you want to learn how to take advantage of on of the fastest growing fields in technology then this course is for you.
Sunday, February 10, 2013
Friday, February 8, 2013
A couple posts ago I wrote that external user sharing is confusing with the new Office 365 but I’m glad to report that things have changed for the better (not unexpectedly) just recently.
So now when you share a site with the new Office 365 for an external contact they will receive an email like:
Clicking on the link they will now be taken to:
which is MUCH clearer that it used to be (see the previous post for what it was like)!
It is still recommended that you have an existing Windows Live Id already created and if so you select the Microsoft Account option at the top.
You’ll then be taken to the familiar Office 365 login, from which you’ll need to select Sign in with Windows Live ID at the bottom of the page, which I think is still a little confusing to an external (non-Office 365) user.
However, if you are already signed into the browser with Windows Live ID, you will see the above screen, with most of the details already in place. To me this is much more obvious. So, there’s a tip, before an external user clicks on the sharing link from Office 365 get them login with their Windows Live Id to:
just to make things easier. Would of course be nice to not have to do that to keep things simple but I’ll take any change that come.
The great thing overall is that it demonstrates how quickly these things are being improved so I would expect further changes in the very near future. Keep them coming Microsoft.
Wednesday, February 6, 2013
It is best practice to create security groups and assign these groups rights in SharePoint, for once the security groups have been correctly configured there is no need to return and fiddle with SharePoint securities if new users get added for example. All that now needs to be done is to add the new user to the appropriate security group. When they are added they automatically receive the appropriate rights in SharePoint simply because they are part of the security group that already has assigned SharePoint rights. Thus, you only ever need to add the security groups to SharePoint once. You should never add individual user rights they should all be done via security groups.
To do this with Office 365 you’ll need to login to the administration portal.
Then select the Security Groups from the menu on the left hand side under the Management heading. This will display any existing security groups.
To create a new security group select the New link.
You’ll then be asked to provide a name and description for the security group. My advice, when it comes to specific SharePoint Security groups is to always start them in the same way. That way they will appear together in a list. Here I have chosen to create the security group SP-Accounts-RO.
Once you have created the group you need to add users to the group. You can return later and edit this if you need to. To add users simply place a check in the box to the left of their name and press the Add link.
When complete you should see the security group listed. Remember what name you used.
If you visit your SharePoint site and select Site Actions then Site Settings from the top left.
Now select Site Permissions in the top left under the Users and Permissions heading.
By default SharePoint securities inherit. This means areas have the same rights as the area directly above them in the hierarchy. To create unique rights you’ll need to select the Stop Inheriting Permission button. Press OK to proceed past the warning confirmation dialog you receive.
You should now see that you can select existing groups and users and remove them if desired.
To add the security group just created press the Grant Permissions button.
In the dialog that appears enter the security group name into the Select Users area at the top (here SP-Accounts-RO).
In the Grant Permissions area you can elect to give this user or group direct permission or make them part of an existing SharePoint Group. In this case we’ll elect to make the newly created security group part of the existing SharePoint group, Team Site Visitor, which has Read permissions to the site. Remember, adding something to a pre-existing group will provide that user or group access to everything the group has access to the site. Thus, by adding the newly created security group to the SharePoint Team Site Visitors group every user in the security group will effectively have read permissions to every part of the site, not just the one being edited here. If you don’t want that then only give the user or group direct permissions (i.e. the second option above).
Once complete you should now see the name of the newly created security group appear in SharePoint as shown above. In this case, since we made it a member of Team Site Visitors group in SharePoint that is where it appears.
SharePoint security is easy if you map it out before and implement it using this best practice. In my opinion, no user should be granted direct access to a SharePoint site, they should be part of a security group and that security group is assigned rights in SharePoint.Configuring things this way is gong to reduce confusion and make it less likely you’ll assign the wrong rights, which is easy to do as securities become more complex.
Remember, distribution groups are typically used so lots of users can receive e-mail sent to a single e-mail address. The primary purpose of a security group is to assign permissions to a large group of users instead of assigning permissions to individual users one at a time. If you're a Microsoft Online e-mail organization, use security groups if you need to assign users permissions to resources in other hosted online services such as Microsoft SharePoint Online.
One of the common things I see people wanting from products like SharePoint is project management. SharePoint does a great job but a dedicated tool like Microsoft Project does even better. Trouble was to get the most from Project you needed Project Server at the back end, and that was usually too expensive for most non enterprise customers.
However, when I now tell people that Project will be available from the cloud via Office 365 their eyes light up. If you want to have look at the preview visit:
There will be a few different flavours apparently, one that is web based and one that also allows you to download a client app from what I see on first glance. I need to spend some more time understanding exactly what will be offered and when it will be available but if it is in preview now it can’t be far away, surely?
The best thing I reckon is that the interface is all SharePoint based as you can see from the above screen shot. This means it should function just like SharePoint but with more options. There is always room for more SharePoint in my books.
Project Online is yet another huge opportunity for resellers to get involved with. I see so many businesses crying out for Project skills and very few resellers out there who can assist. If that ain’t an opportunity I don’t know what is. I’m very keen myself to become more skilled in Project Online and hopefully with my SharePoint experience it won’t be too much of a stretch. I’ll post more information about what I find as I play with the preview.
Yet more opportunity for everyone with Office 365. I’m EXCITED!
Tuesday, February 5, 2013
I am very happy to announce that Kerio Technologies have signed on as a silver sponsor of the upcoming Desktop to Cloud Day on the 18th of May.
Abi Vickram (Director of Sales for APAC at Kerio) will be presenting the following session:
Social Collaboration in the Cloud with Samepage
Samepage is a social collaboration platform connecting people with projects, conversations and files. Teams work together in a fast, iterative way, keeping the conversations focused on projects at hand. Join us as we discuss the role of social collaboration in business and how Samepage can help.
Episode 46 - Rob Farley
If you wanna know about the all things SQL then this episode is for you, featuring SQL MVP Rob Farley.
You can support this podcast via http://donation.ciaops.com
Don't forget all the other podcasts at http://ciaops.podbean.com and appreciate a like over at http://www.facebook.com/n2kpodcast.
Remember if you want to be a guest please contact me (firstname.lastname@example.org).
Monday, February 4, 2013
Plugged in my trusty Windows Phone 7 to get my current podcasts and was pleased to see that an update was also available.
Installed with no issues, up and running on the latest release now.
If you want to know what the update contains check out:
Saturday, February 2, 2013
But in summary:
- Office Web Apps read/write ability is being added to E1 and K1 plans
- E2 and K2 plans will get priced at E1 and K1 plans (as they are effective the same feature set now).
- E1 and E2 to merge and K1 and K2 plans to merge eventually.
Here’s the line up:
This move makes a lot of sense in my books as there was not a lot of difference between the E1 and E2 plans. It also makes more room for the M plans expected with the new release.
I’m sure there are still plenty of changes to come. Stay posted.
Friday, February 1, 2013
Office 365: The Next Bold Step
It is interesting that, as Paul Thurrott points out, Office 365 Home Premium doesn’t take advantage of any the enterprise grade applications like Exchange, SharePoint and Lync that traditional Office 365 does. That perhaps makes it a little confusing but I think that if you look at the bigger picture Microsoft is trying to align these offerings all under a single brand. There is nothing to stop office 365 Home Premium from migrating to full Office 365 enterprise services in the future. I therefore see this more as an opportunity for Microsoft to start aligning products and offerings for the full range of consumers under a single brand, in this case Office 365. This is very similar to Apple and it’s branding of the ‘Ipad’ without referring to version numbers. It isn’t an Ipad 4 it is just an Ipad.
Also contained in the blog post was the following information about the business versions of Office 365:
“These businesses will get to enjoy the new Office 365 service for businesses beginning Feb. 27.”
This means the new Office 365 plans around Exchange, SharePoint, Lync and Office 2013 will be available by month end, which is great news.
This news has however raised more questions that it answered. The first of these is around the change of plan offerings. There will now be a new Small Business and Professionals P2 plan that offers Microsoft Office 2013 on the desktop. There will also be a new M plan for ‘medium’ business. The existing P and E plans remain.
Probably the best information available on this at the moment is from Mary Joe Foley:
Microsoft Office 365: More new packages and prices coming in November
An interesting point with the above plans is that the P plans (Small Business) appear be limited to a maximum of 10 users. This raises an interesting migration question for existing P plans which have an maximum absolute limit currently of 50 users.
Probably the biggest questions not yet revealed are around migration for existing Office 365 users. It would seem that these people have to wait at least 60 days after the release of the new version. It would also appear that they will be contacted by Microsoft to schedule an upgrade of their service and indication are that US customers will be upgraded first, followed by Europe with Asia Pacific last. All migrations are scheduled to be completed by November 2013.
If you want more information about the upgrades from an existing Office 365 service you should check the following:
Office 365 Service Upgrade Center for Enterprise
Office 365 Service Upgrade Center for Small Business
So what can we expect here in Australia? According to the the Official Microsoft Partner blog (my emphasis added):
- In Australia our Enterprise customers will be able to buy Office 365 on their Enterprise Agreements on the 28th February.
- For our small and medium business customers we are working with Telstra to have the service available on the same day.
- For existing Office 365 customers, we expect the upgrade to be available in the coming months.
The announcement also talks about the availability of Office 365 via Distribution on an Open License type. In Australia Office 365 will not be available as an Open License type, we will continue to sell Office 365 exclusively via our Partner, Telstra for small and medium business and Enterprise customers can purchase directly from Microsoft under and Enterprise Agreement. The two new product SKUs (M and P2 SKUs) will be available in Australia as a subscription from Telstra. They are targeted to the small and medium business customer, therefore will not be available to enterprise customers under Enterprise Agreements.
So at the moment we need to wait till February 27th to see exactly what is revealed. We’ll probably have to wait a bit longer before all the answers to questions like migration are answered in more detail. For the time being the best bet is to stay tuned here and I’ll bring you the information as I find out.