Friday, September 22, 2017

Office 365 Cloud Self Service Password Resets

One thing that many may not realise with Office 365 is that you can enable users to reset their own passwords.

There are some conditions here when enabling this. If your environment does not have Azure AD Connect synchronizing users from on-premises to the cloud (i.e. what is known as ‘cloud only’ users) then you need no additions. If however, you do have a synchronized environment you will need to purchase Azure AD Premium, configure password write back and assign licenses to each user you wish to have self service password resets enabled for. This is because with an synchronized environment, the on premises domain controller is the source of all user details and from here it is hashed, encrypted and sync’ed to Office 365. Thus, if a user does change their password, using this cloud process, in a matter of moments that change is overwritten with what is on premises thanks to the synchronization configuration. However, Azure AD Premium provides two way password sync (on-prem to cloud and cloud to on prem). Thus, with Azure AD Premium in place, when a user resets their password in the cloud it gets sync’ed back to on premises. Without Azure AD Premium it doesn’t.

To enable self service password resets navigate to the Azure portal for that tenant using an Office 365 global administrator account.


You navigate there from the Office 365 Admin center by selecting Azure AD under the Admin centers option as shown above.


Locate the option Azure Active Directory from the list of options in the Azure portal on the left and select that.



From the blade that appears select Password Reset as shown above.


The Properties option allows you to enable password resets for selected or all users. Don’t forget to  press the Save button at the top when you have made your selection.


The Authentication methods allows you to determine how users will verify their identity when requesting their password to be reset.

They can be required for one or two forms of identity and there are four methods available – email, mobile phone, office phone and security questions.

In the case of security questions, you can select from 3 – 5 to be part of the registration process and 3 – 5 as being required to verify identity.


When you go to select security questions you are able to select a number of pre-defined or custom questions as well as mix of both as shown above.

Again, make sure that you Save your selections before continuing.


The Registration option allows you to force users to have to register their recovery options at next login or complete them manually.


The Notifications option allows you to set whether users are notified via email when their password is reset and whether all administrators are notified when any administrator resets their password.


The Customization option allow you to set a custom link users can refer to if they need further assistance with this process.


With all these options in place, and with users being forced to set their recovery options, the next time they login successfully they will see the above message prompting them to commence the recovery process.

Users should select Next to continue.


Users will now see the list of verification options that you set for them to complete. They need to work through all of these individually.


For example, with the mobile phone option, they enter their number and receive a code to verify.


With an email address verification they will receive a code that they need to verify.

Once the user has completed all the verification methods they will proceed to their Office 365 portal as normal.


When a user needs to reset their password they can select the link Can’t access your account? at the bottom of the login area.

They then be prompted to select a personal or work account. Normally, they will then select a work account to proceed.


To verify that the process requesting the password reset is not an automated bot, the user will need to complete a captcha as shown above.


They will then be taken to a screen where they can select from the methods available to verify their identity. These were set up previously by each individual user and should be unique for that user.


Once the user successfully completes the verification process they will be request to reset their password,


which when complete, will allow them to access their Office 365 account again.

The main benefit of enabling user self service password resets in Office 365 is that it allows users to manage their own passwords immediately and without having to contact an administrator to complete the reset. It is important that you ensure that you have enough verification methods for your environment and all users complete the registration process.

Again remember, that out of the box, Office 365 self service password resets work with cloud only identities. If you are using synchronized identities you will need to purchase Azure AD Premium and configure password write back to your on premises environment.

Thursday, September 21, 2017

CIAOPS now accepts Bitcoin

For some time now I’ve been looking into cryptocurrency and can report that I have learned much. I am vey excited about the potential that the underlying technology they are built on, known as blockchain.

I hope to soon start publishing some insights and opinions about this brave new world of payments and currencies but to the best way to get the ball rolling is to dive in head first. I therefore went ahead and set myself up with a bitcoin wallet which is here:


I have also added that information to my blog with the idea that if something I publish there is of benefit to someone they can ‘almost’ immediately make a small donation directly using bitcoin. This maybe one of the ways that things like bitcoins function well at in the future economy, via micro payments. That is, to make say a $1 donation is simply uneconomic given normal transfer and other fees if you chose to use a normal forms of payment. However, with bitcoin it is simple and easy to do exactly that. Just whip out your device, scan the QR code and make a small donation as way of appreciation.

Now to grease the wheels of commerce here a little I’m going to offer an incentive to be the first person to send me some bitcoin. So, if you are indeed the first person to send me some bitcoin (over say $1) I’ll send you free one of my publications Getting Started with Skype for Business Online or Beyond the Basics with SharePoint Online in PDF format.

So once you have sent me some coin, send me an email ( and tell me exactly how many bitcoin you sent to verify it was you, as well as which publication you’d like to receive in exchange. The best way to ensure someone else doesn't guess the amount is to send me a random amount of bitcoin (say $1.27 or the like). Once I’ve verified your transfer, I’ll send you a PDF copy of the choice of your publication.

The offer is now out there and the clock is ticking. Let’s see how long it takes for someone to win the prize.

Azure VM host machines are being updated

All those VMs that you use in Azure have to run on a host. At the moment, the majority of these hosts are running Windows Server 2012 R2. With Server 2016 now being available that include a range of additional features and functionality Microsoft is going to up updating the host machines in its datacenters to Server 2016 over the coming months.

This video will give you some good guidance on what to expect during the process for you VMs currently hosted in Azure. Chances are it will mean a reboot of your VMs but you’ll get plenty of notice beforehand and it is something that you should undertake manually anyway to complete the migration process.

The video has lots of great info, so if you have VMs running in Azure, consider this a heads up for upcoming host maintenance for your machines.

Need to Know podcast–Episode 165

Marc travels to Adelaide AU to speak with MVP Adam Fowler about his road to being an MVP as well his IT resources. They also cover off the local IT community in Adelaide as well as the upcoming cloud migration projects that Adam is involved with. Marc and I cover off the latest Microsoft Cloud news for Azure and Office 365.

Take a listen and let us know what you think

You can listen directly to this episode at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.





Adam Fowler IT Blog

Marc's Azure news

Expand your collaboration with guest access in Microsoft Teams

How external access for Microsoft Teams

Shared status indicator in OneDrive

The SharePoint and OneDrive guide to Microsoft Ignite 2017

New Office 365 App Launcher

This program is brought to you by:


Tuesday, September 19, 2017

Azure Nested Virtualization

One of the things that Azure VMs currently don’t seem to allow is the ability to login to machines using just Azure AD credentials. So, how to overcome this issue but remain totally cloud based?

The solution is to use nested virtualisation in Azure which Microsoft recently announced here:

Nested Virtualization in Azure

Nested virtualization is only available on specific machines (See above link for details). One of these is the E_V3 series, which are currently not available in every region.

image image

Just for comparison, I looked at my usual ‘go to’ machine (a DS2_v2) and the supported E2S_V3. As you can see from the above the E2S_V3 is far better value, being cheaper and having more RAM.

This made me think that perhaps I should convert some of my stand alone test VMs into guest VMs in a nested arrangement. As long as I only use these machines together the compute cost would only be for the single host VM on which the multiple guests are running rather than multiple individual Azure VMs. Hmm…something to consider down the track.


So I ran up a E2S_V3 out of the West US 2 datacenter with Windows Server 2016 datacenter in the standard manner.

Once the server I up I simply went in and added the Hyper V role as you would with any Windows Server.


The feature installed and when complete I rebooted the server as required.


After the reboot I had access to the Hyper V Manager as you can see above, as with any Windows Server.


I now needed to create a new Hyper V Virtual Switch that would support NAT that my guests could connect to and then get access to the Internet.

To do this I needed to run 3 lines of PowerShell:

New-VMSwitch -SwitchName “NATSwitch” -SwitchType Internal

New-NetIPAddress -IPAddress -PrefixLength 24 -InterfaceAlias “vEthernet (NATSwitch)”

New-NetNAT -Name “NATNetwork” -InternalIPInterfaceAddressPrefix

You can alter the IP addresses to suit.


Once this is complete if I now look in my Hyper V Manager I see a new virtual switch as shown above. I’ll use this to connect the network card of my VMs to.

At this point I’ll need to assign the IP addresses to my virtual machines manually. I can configure an appropriate DHCP server if I want but I’ll leave that for a future article.


So now I just create a VM on this server as I would normally. In this case I chose a Windows 10 Preview edition.


When complete I need to set a static IP until I get the DHCP server operating.


Voila, a nested VM in Azure connected to the Internet and ready for further testing.

I can’t tell you how much flexibility this is going to provide me. Not only can I now login to machines using Azure AD account but I can run up things like Windows 10S and (shock, horror) maybe even get SBS working as a guest. Now that would be really cool to achieve and I have added that to my ‘to do’ list. Watch for and article real soon!

Till then, all I can say is that Azure Nested Virtualization is super cool and really super cheap! Love the cloud!

Sunday, September 17, 2017

Automation options in Office 365 presentation

Here’s the presentation I did for Office 365 Saturday here in Australia in various locations. It focused on the automation options that are available to you in Office.

You can also find the slides for download.

In the session I talk about Office macros, SharePoint Designer, third party options like If This Then That and Zapier. I also focus on Microsoft Flow and dip into some PowerShell.

In short, there are lots and lots of options when it comes to automating Office 365 and I feel more people should be taking advantage of them. Too many people are simply adding technology for technology’s sake and making their life harder. That is not what technology is for. Technology is designed to give you the freedom to do what you want not burden you with additional tasks.

Are you automating as much as you could? Hopefully, this presentation will inspire you to look more deeply at what is possible with a tool like Office 365.

Thursday, September 14, 2017

Need to Know Podcast–Episode 164

Marc and I are back with the latest news and updates in the world of Office 365 and Azure. We are getting ready for the information overload we'll suffer as Microsoft Ignite rolls around at the end of this month. Stay tuned right here for all the updates and maybe some special stuff!

In this episode I do a solo session around my belief that successful Office 365 adoption comes from focusing on the 'me' services - Yammer, OneDrive for Business, OneNote and Delve. I dive deep into my reasons and the actions you need to take away for success.

Take a listen and let us know what you think

You can listen directly to this episode at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.




Focus on the me service first

Conditional access with Microsoft Teams

Skype for Business becoming Microsoft Teams

Microsoft and Adobe build a closer relationship

Skype for Business updates on the Mac

This program is brought to you by:


September Azure Webinar resources

Slides from the very first CIAOPS Azure webinar are now available for download here:

The recording is also available at:

which CIAOPS patrons get free access to as part of their subscription.

This webinar set the ground work for upcoming monthly webinars that will go deeper into Azure features and abilities.

So make sure you sign up for next month’s webinar. 

September Office 365 Webinar resources

Slides from this months Need to Know Office 365 webinar are now available for download here:

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

We looked at task management in Office 365 and all the options that are available to you.

Watch out for next month’s webinar.

Wednesday, September 13, 2017

More benefits added to CIAOPS Patron program

I am happy to announce that now Microsoft Teams is available to external users, so too is access to CIAOPS Patrons external Team from my own Office 365 tenant.

This means that all levels of CIAOPS Patrons now get access to an external Microsoft Teams resource that includes chat, SharePoint Team Site, Planner and more.


Not only will give you an better idea of what Microsoft Teams is all about, including how external access works, you’ll also get access to the variety of content that I’m adding into this Team.

The new external Microsoft Teams benefits is on top of all existing resources including a private Facebook community, webinar recording, access and more.

Visit for more details of the program and watch out for further additions to the program.

Tuesday, September 12, 2017

Enabling Microsoft Teams External Access

Microsoft Teams has just announced that you can grant access to users outside your tenant. You can read about it here:

Now being the eager beaver I am, I wanted this working asap. So I started invited people but for some reason they couldn’t gain access to my Team. They also seemed to get automatically removed from the Team after a period of time.

Turns out that external access for Teams is not enabled by default. To enable it you must go to your Office 365 Admin Center. Then select Settings from the left hand side.


From the menu that appears select Services & add-ins.


Locate Microsoft Teams from the list and select that.


In the Tenant-wide settings locate Settings by user/license type. Change the pull down to read Guest and the set the option to On as shown above.

The first time I looked, I didn’t change the pull down from the default of Business & Enterprise so I totally missed the Guest option D’Oh.

After I made that change I could indeed invite external users successfully into the Microsoft Team I had prepared for them!

So if you are having troubles like I was, check that you have enabled guest access as shown above.

Monday, September 11, 2017

Using Yammer to keep up to date

I’ve written two previous articles about how you can use various Office 365 services to keep you and your business up to date. You’ll find these at:

Using Office 365 to stay up to date

Using Microsoft Teams to keep up to date

I’ll show you how to do exactly the same thing but this time using Yammer and Microsoft Flow.


I am going to assume that you already have your Yammer network in operation (it does come free with most Office 365 suites after all!). So the first step in the process, as with previous articles, is to go and find the RSS feed for the item you wish to track.


In this case I’ve created a new Flow and the trigger item I’ve selected is when a new items is created on the feed.


Once the process has started I’m then going to send that feed through a HTML to Text convert to make it easier for users to read.


I’m then going to take the result of that conversion and post it automatically to a location in Yammer. In this case, I have elected to post it to All Company but you may wish to create a dedicated Yammer group for these items (kind of like the dedicated channel I suggested when using Teams).


So when a new article is published like that above, it will appear on Yammer like so.


This should give the news much greater visibility and importantly allow other in the business to comment, add conversations and more value around the item. It also allows people to draw it to the attention of others using ‘@’ mentions.

You could extend this further by automatically adding appropriate ‘#’ hashtags to make search and categorisation easier. You are only limited in what you can do by your imagination.

I think this Yammer style automatic posting of new items works best for items that are relevant across the organisation or at least across a group wider than what you find in a Microsoft Team channel. However, all three that I have covered, Office 365 Groups, Microsoft Teams and this can be used where ever and when ever they make sense. They all have mobile apps. They all encourage participation and they all make the information searchable.

The idea with all these suggestion is to demonstrate how easy it is to bring the news you want directly to a common location in your business. Hopefully, it also demonstrates how powerful this can be when enhanced by comments from people inside your business. This concept applies for all business, large and small. It is the smart way to use the tools you have to fetch the information you need.

Remember, Office 365 is not just a single service like email, it is a toolbox that allows you to solve business challenges. Make sure you explore all it has to offer and implement it in ways to make your business more productive as I have hopefully shown here.

Sunday, September 10, 2017

Thursday, September 7, 2017

Office 365 Saturday–Melbourne

I’ll be speaking at Office 365 Saturday in Melbourne on Saturday the 16th of September 2017.

There are three tracks with a wide range of speakers on all things Office 365. The event is free to attend and runs from 8.30am – 5.30pm at Clifton’s in Melbourne. You can learn more about the event and register here:

My session is on automation options available in Office 365.

I hope to see you there.

Sharing a link doesn’t allow download?

Here’s something that I only just came across. I want to share a PowerPoint presentation from my OneDrive for Business.


I select the file then I select Copy link from menu. In this case I am happy to share anonymously so anyone can edit.

This process gives me a link which I sent to the recipient.


When that link is opened at the destination you can view the file in a browser but, as you see above, there appears to be no option to download the file?


Even if I go in and edit the file at the destination there is no download option?

I must be missing something here? How can I actually send a link to a third part from my OneDrive for Business and allow them to just download the file?


The only way I can see to get it to work is to share the parent folder which contains the file. Send the link for the parent folder offers the option to download like you can see above but this isn’t really ideal when all I want to do is share a single file.

Surely, I must be missing something here?