Wednesday, October 30, 2013

Training and certification opportunity from Microsoft


I am pleased to announce that Microsoft Australia is planning a new training and certification campaign, Ready, Cert, Go which I will be involved with.

To start off with there will be complimentary 60 minute instructor lead tutorial webcasts in November which will cover the topic to be offered in full day exam prep courses in December 2013 at Microsoft in Sydney.

Here are the links to the upcoming webinars:

Server and Tools

Monday – 4 November 2pm, System Center 2012 (Exam 70-247)

Tuesday – 5 November 12pm, SQL Server 2012 (Exam 70-462)

Wednesday – 6 November 12pm, Windows Server 2012 (Exam 70-410)

Thursday – 7 November 12pm, Windows 8 (Exam 70-688)

Friday – 8 November 12pm, Windows Azure (Exam 70-487)

You can register for these webinars at:

Business Productivity

Monday – 4 November 12pm, SharePoint 2013 (Exam 70-331)

Tuesday – 5 November 2pm, Lync (Exam 70-337)

Wednesday – 6 November 2pm, Exchange (Exam 70-341)

Thursday – 7 November 2pm, Office 365 (Exam 74-325) (with me!)

Thursday – 7 November 3pm, Office 365 (Exam 70-321) (with me!)

You can register for these webinars at:

Here are the dates for the Exam Preparation Sessions, designed to get you across the line, first time. It’s $150 per day and includes an Exam Voucher, which is usually $206:

Server and Tools

Monday – 9 December, System Center 2012 (Exam 70-247)

Tuesday – 10 December, SQL Server 2012 (Exam 70-462)

Wednesday – 11 December, Windows Server 2012 (Exam 70-410)

Thursday – 12 December, Windows 8 (Exam 70-688)

Friday – 13 December, Windows Azure (Exam 70-487)

You can register for these certification days at:

Business Productivity

Monday – 9 December, SharePoint 2013 (Exam 70-331)

Tuesday – 10 December, Lync (Exam 70-337)

Wednesday – 11 December, Exchange (Exam 70-341)

Thursday – 12 December, Office 365 (Exam 74-325) (with me!)

Friday – 13 December, Office 365 (Exam 70-321) (with me!)

You can register for these certification days at:

Even though I am giving the Office 365 content I have signed up myself for the SharePoint and Lync sessions as I see this as a great opportunity to not only learn about the product but also hopefully pass the certification. I’d love to do the Windows 8 and Azure sessions as well, alas, not to be this time.

I hope to see you there at the webinar or on the day.

Getting Started With SharePoint Online 2013 for Enterprises


I am proud to announce the completion of another Office 365 book. This one is titled Getting Started With SharePoint Online 2013 for Enterprises and is the longest book I have written to date at 275 pages!


This book helps novice users understand the basic usage and operation of SharePoint Online 2013 that is available via the Office 365 Enterprise and Mid-Sized plans. It examines the following basic components of SharePoint Online: Documents, Calendars, Tasks, Picture Libraries, Recycle Bin, Search, Site Notebooks, Public website and more. The reader will be taken through a tutorial process on how to use each item. Much has changed since previous versions of SharePoint and Office 365, however there are still some similarities. This book may also provide some insight into the basics of SharePoint Online 2013 for Small Business Office 365 plans as well. It will show you how to start interacting with SharePoint Online 2013 so it can be put to use in your business as well as provide a number of resources for continuing familiarity with SharePoint Online 2013.

This booked is aimed at users who have never used SharePoint Online 2013 or Office 365 plans.

Price = AU$4.95

You can purchase this directly from my publication page at:

along with all my other works. You can also view the table of contents to get a better idea of what the book contains. the ePub and Kindle version will be available soon from my publications page as well as other book resellers.

Tuesday, October 29, 2013

Great OneNote videos

If you are reader of this blog you’ll know what a big advocate I am for OneNote. Coupled with SkyDrive or SharePoint Online it is really the premier collaboration solution out there. if you haven’t used it then you really should.

With that in mind here are three new videos demonstrating what OneNote can do for a variety of people.

OneNote, use it. You won’t regret it!

CIAOPS Virtual Technology Meeting–Reminder

Don’t forget the CIAOPS Virtual Tech Meeting on Wednesday the 6th of November. You can register at:
This meeting will features a presentation on the public website capabilities in Office 365 by myself. Details are:
You may not be aware that every Office 365 plan that includes SharePoint Online comes with the ability to create a public website linked to any domain. In this demonstration you'll learn how to configure this public website and how to customize it for your needs.
There will also be the usual news, product updates, general discussion as well as questions and answers. I’ll also be revealing more information about what Cloud Business Blueprint will be offering.

So if you want to get the latest make sure you register now.
I look forward to seeing you on the day.

Monday, October 28, 2013

Cloud Business Blueprint–Register now

I am happy to give you the opportunity to jump on board with a new venture my partners and I are working hard on – Cloud Business Blueprint. At this point I can’t reveal too much only that it will the culmination of many things I have been working on recently, but now all together under a single banner.

The site will provide a range of resources to assist IT Professionals and resellers better manage and take advantage of the opportunities that cloud business affords. It will be more than simply technical information, it is aimed at providing a complete range of resources, information, training and support on a variety of technical and business topics.

I am very excited by this opportunity and as such I invite you to register your interest now at:

There is no obligation when you register, you are just letting us know that you wish to be informed (and take advantage of our start up offer) about what we are bringing to market and some opportunities we believe you will be interested in. Whether you act on these opportunities when they become available is totally up to you.

If you are interested at all I encourage you to sign up and be the first to advantage of what we will be announcing in the very near future.

More information about what we have planned will be revealed very soon, so watch this space.

Friday, October 25, 2013

Whitelisting a domain in Office 365

So here’s another quick walk through of a very common request in Office 365. How do you ensure all emails from a certain domain are never treated as spam?


Firstly, login to the Office 365 console as an administrator. Select the Admin menu item in the top right of the window. From the menu that appears select Exchange.


That will take you to the Exchange admin center. From the menu on the left select mail flow.


Select the + icon and then Create a new rule from the menu that appears.


This is the step that many miss, select the More options link towards the bottom of the window.


Then, in the Apply this rule if option box pull down the options and select The sender and then domain is.


Enter the domain you want to have excluded (e.g. and press the + key to add and then ok to save this.


In the Do the following option box pull down the options and select Modify the message properties and then set the spam confidence level (SCL).


Change the specify SCL to Bypass spam filtering via the pull down options. Press the ok button to save.


If you scroll down you will see a number of additional options you can set before saving this new rule if desired.

You can of course achieve the same thing in PowerShell but I won’t cover that here. Have a look at the:


referenced here:

Why people hate Windows 8

I think that perhaps the term ‘hate’ is a little emotive but that is what much of the media portrays the reaction to Windows 8 as. I’ll try and take a pragmatic view to why I believe many are having such strong reactions.
The first point I believe is that the major issue for most people is the new ‘fluid’ or tiled interface (that was once known as metro). Thus, I’m going therefore focus on this and assume that most of the other parts people can live with.
So why does the new ‘tiled’ interface cause so much angst? I reckon because there is no bridge for users to bring their accumulated knowledge forward. Let me start with an analogy.
Imagine that you came into work one day and found that not only had your desk been relocated, but everything on the desk had been moved inside cabinets. Also imagine that you where no longer located near your previous work colleagues and worst of all no one assisted you make this transition. You’d probably really struggle to settle into your routine and get work done wouldn’t you? You’d also get pretty annoyed about these changes being something outside your control.
So let’s now reframe that in the Windows context. The Windows 7 interface many people are using today is now actually over 20 years old. If you stop and think about it, you need to go back to Windows 3.X to find a major interface difference. The old Start button has been with us since Windows 95 days, almost 20 years!
If the interface change from Windows 3.X to Windows 95 was the last major look and feel that Windows underwent you’ll still find some commonality that was brought forward. Things like the desktop, wallpaper, maximizing and closing windows in the top right corner, icons, etc remained essentially the same. Such items provided a bridge for users to make them more comfortable with being able to bring some of their accumulated knowledge forward. Because of this they were much more willing to learn new features.
So even though there was major interface changes, there was still enough things that didn’t change to assist people moving forward. Now fast forward 20 years to the next major interface change Windows 8.
In short, Windows 8 has been too ambitious in what it has tried to do. When an existing user boots Windows 8 they no longer really see anything familiar. This immediately creates a sense of panic. Also unfortunately, Windows 8 has not provided an easy path to help users acclimatize to the new operating system. This is where my previous post on training was relevant as well.
What do I mean? As an example let’s take a look at the standard desktop wallpaper. Many users like to customize this with pictures of family, pets, vacations, dreams, etc. Having such familiar objects helps them personalize their machine and develop a sense of ownership since they can make the changes themselves.
Problem is with the new titled screen in Windows 8 you can’t easily change the background. You also can’t easily have a familiar wallpaper here. In short you are stuck with what Microsoft dictates, you don’t have the control you used to. The same arguments applies to the colours and theme, again something that many people like to customize, to feel a sense of ownership and familiarity.
Another example is that previously in Windows 7 everything you worked on was available on the one screen. I could see all the desktop icons or access the programs via the Start menu. With the new tiled interface you need to scroll to the right to see things. Obviously that is something copied from devices like the iPad but when you come from a legacy environment like Windows, subjecting this to users so dramatically will cause problems. It is successful on an iPad because that’s the way it has always been on an iPad. If Apple ever attempt to change that they’ll face the same challenges Microsoft currently does.

Next example is the app duality. This means you have apps that run on the tiled interface and different apps that run on the desktop. A good is example is viewing pictures. If I run Outlook on the desktop and open an image from an email, by default it launches the titled interface app to view that image. Now how do I get back to Outlook? Once you know that hitting the Windows key or dragging from the top of the screen down does the job BUT my point is people don’t know this initially and the product doesn’t provide any hints on what you need to do. There again is a sense of a loss of control which leads to frustration. To my way of thinking it would have been a very logical idea to include the familiar close X button in the top right of the tilted program as an additional method of closing the app. That way, most people would probably try looking there to close the app. Thus, add all the new features but keep some of the old ones that people are familiar with as an transition.
Next, by making all the titled apps run in full screen mode it not only creates a lot of wasted space but hides everything you are doing. Even if you maximize Windows 7 apps you generally still retain the bar at the bottom of the screen along with the Start button in the bottom left. In Windows 8 all you get is a full screen app. This again creates a sense of the loss of control and frustration when it comes to navigation.
I’m sure there are plenty of others people have frustration with but I hope you see my point that unfortunately Microsoft has neglected to retain some key features of the interface to provide people with a bridge into this new world. There is no doubt that Windows 8 is a better option than Windows 7, especially in the long run, however if people have major frustrations when they first start using something they are going to turn against it as they have.
Unfortunately for Microsoft they are constrained by the legacy of their existing successful software which limits their ability to bring true innovation to the market, which unfortunately is something they get roundly criticized for. They have certainly tried to make this jump with Windows 8 and as expected they have copped backlash. Perhaps they have been too bold? Perhaps users are too conservative? Over time we will no doubt reach the happy medium everyone is looking for, but it will be a bit bumpy along the way as both Microsoft and users insist that they shouldn’t have to change. Both have valid reasons both need to compromise to move forward.
As I have noted, I think that a few minor inclusions in Windows 8 to allow a bridge between the old and new interface is what would be the best option, however I am yet to see them. Microsoft has attempted a really innovative change to its flagship product in order to align with the coming changes in technology. Problem is the sheer legacy of its previous successful software has meant such a radical change is no longer without major risk simply because, thanks to human nature, people prefer things to stay the way they are. The only way to move them forward is to provide a familiar bridge so that they have early successes and have confidence to explore new features and functionality. Balancing how big this bridge is with the need to innovate is a challenge that is not always achieved at the first attempt.

Thursday, October 24, 2013

Enabling Exchange Online Archive

One big point of confusion I find with people and Exchange in Office 365 is around the concept of an email in-place archive. There are some important things that should be pointed out when it comes to this in-place archive:

1. Every Exchange Online plan (except Kiosk plans) has the ability to have an in-place email archive. (In-Place Archive isn’t included in Exchange Online Kiosk. However, it can be purchased as an add-on through Exchange Online Archiving.)

2. By default, on all plans, the in-place email archive is disabled for all users. An administrator must enable it before it can be accessed.

3. The in-place email archive contents are stored ONLY in the cloud. They are never synced to a desktop like the Inbox is.

4. The in-place archive folders are only available with the Outlook version in the Professional Plus SKU. Other versions of Outlook will not display the archive folders. See:

for more details.

5. Plans that include Exchange Online Plan 2 (E3, E4) have an unlimited archive. Plans that have Exchange Online Plan 1 (P1, P2, M, E1) have a limit of 50GB of storage between the Inbox and the Archive. For example, in Exchange Online Plan 1 you could have a 25GB Inbox and a 25GB Archive, or a 10GB Inbox and 40GB archive. With Exchange Plan 1 the total size of the Inbox combined with the in-place archive cannot exceed 50GB.

This is the process you need to enable the in-place archive via the portal.


You can see that the above mailbox only currently has an Inbox and no archive.


First step is to login to the Office 365 portal as an administrator and select Admin in the top right corner of the window. From the menu that appears select Exchange.


Select the mailbox you wish to enable the in-place email archive. From the information in the right hand side panel select Enable under the In-Place Archive heading.


Select yes to enable the in-place archive.


After a few minutes (the process is not instantaneous) a new folder will appear in your Outlook (web and on the desktop) called In-Place Archive – <name> as shown above.

The archive is now ready to use. Users can drag and drop items in there and email policies (user and organizational) can now utilize that folder.


As an administrator, if you again look at the mailbox, under in-place archive you will see an option Details. Selecting that will show you a window like that shown above providing details of the mailbox. Remember, this options vary depending on the Exchange Online plan the mailbox is subscribed for.

You can of course do the same thing with PowerShell. To configure PowerShell access to Office 365 see:

then use the command:

Enable-Mailbox –Identity user@domain -Archive

The Windows 8 upgrade dilemma

I see a lot (and I mean a lot) of angst about upgrading to Windows 8. Some even take it as a personal affront that Microsoft has personally targeted them and made their next PC upgrade experience poor. What really amazes me the most is the total lack of logic and pragmatism when it comes to any upgrade these days. Technology is developed by humans, therefore it is never ‘prefect’. Adapt and deal with it. Look for the positive rather than dwelling on the negatives all the time. Further than that, I would suggest that I have never seen more self-absorbance from all sides in this debate.
So let’s get one thing straight right up front. Technology changes. We went from DOS to Windows 95 and the world didn’t end. We went from Windows 2000 to Windows XP and the world didn’t end. An so on and so on. The big difference now is because technology is so ingrained in society, changes affect so many more people. The other major difference is the voracious appetite of the media in the quest for eyeballs. Bad news attracts a lot more readers than good news now doesn’t it? Sensationalism and emotion are the aim these days with the media. Why? It is not about necessarily reporting fact, it is about getting eyeballs for the advertising dollar. Thus, poetic license and exaggeration have become the accepted tools to enamour this, with none more prevalent than in the technology industry.
This approach by the media places many technology companies, like Microsoft, constantly under siege. This directly impacts the way they conduct business and how they deal with external parties. They need to work harder to overcome the exaggerations and innuendos that are so much part of the media reporting we see every day. Unfortunately, dealing with this simply reinforces the initial media portrayals and the whole thing becomes a non stop downward spiral where everyone loses out.
So let’s return to the Windows 8 upgrade question and some of my own personal experience with a family member who I upgraded from a Windows XP to Windows 8 machine recently. Prior to the upgrade there was significant trepidation by the user about moving to Windows 8 simple because of the ‘perceived’ issues. Now a few months after the upgrade what is the result? A very positive and happy end user. How was this achieved? What was the magic formula? In a word – training.
Once the new Windows 8 machine arrived and was set up I spent not more than 10 minutes showing the user how to do their old stuff and some of the great new features. That gave them the confidence to at least start using the device. When I returned a few days later to resolve any further issues I found that the user had already downloaded a number of games from the Windows 8 store and was happy playing them, all by themselves.
Sure, there are still a few issues and frustrations now and then, but that happens with ANY technology. The main point is that by providing some initial training at the commencement the user had the confidence to at least start.
This to me is what is missing with technology these days. Training! Too many suppliers, resellers, providers, bosses, employers, organizations simply EXPECT their users to know all this new stuff. The assumption is that they use technology everyday themselves so why should the business waste time and money on training? Wrong, wrong and wrong. If a user is afraid or unsure about using something, they won’t. As they struggle they will become more and more frustrated and blame the technology rather than their lack of knowledge. This then reinforces all the ‘negative’ things they have heard from other untrained users.
As I said earlier, technology is about change. Thus, if you use technology you also need to change. This means you need training. Whether you do that yourself freely from Internet resources or pay, it doesn’t matter. If you use technology you need to have constant training because things never stay the same.
Most people don’t need hours and hours of intense deep dive training they simply need a bridge between what they already know and what is offered by the new technology. Some people are happy to develop this bridge themselves, most need assistance but look around, where do the majority of people get this bridge from? It is generally never provided so they struggle and without such a technology bridge they will never traverse to understand the new technology.
In summary, I would say – technology is about change, get used to it. Companies that sell technology are businesses, they are in this to make money and they need to be looking 3 – 5 years down the track to provide return for their shareholders. What might seem bad today can morph into the fantastic down the track. To improve technology adoption there needs to be better and easier training provided. Most importantly businesses and individuals need to be WILLING to invest (time and money) in training to make the most of what technology provides. They need to willing to be constantly making this investment in training, because you know what? Technology waits for no person!

Wednesday, October 23, 2013

What is SkyDrive Pro

I see a lot of questions out there about what SkyDrive Pro actually is. I have documented it before but here’s some updated links and information.
SkyDrive Pro is part of SharePoint Online (via Office 365) or SharePoint Server 2013 on premise. Here I will deal exclusively with SharePoint Online and as such referring to it as SkyDrive Pro Online.

SkyDrive Pro Online is designed for personal storage of documents in the ‘cloud’ and is available with all Office 365 plans that include SharePoint Online.
What is SkyDrive Pro?
[VIDEO] – SkyDrive Pro
By default it includes 25GB of storage space per licensed user which can be upgraded currently to a maximum of 100GB per user.
There is also free SkyDrive Pro client sync software for:
Windows 8
This client allows you to access SkyDrive Pro Online documents on your device.

For Windows devices, this client, also provides the ability to maintain an local (off line) copy that is sync’ed with SkyDrive Pro Online.
Sync libraries using SkyDrive Pro
Store, sync and share your content
Store, sync and share your content [PDF]
- SkyDrive Pro is completely different from SkyDrive.
- SkyDrive Pro is ONLY available via SharePoint 2013 on premise or from Office 365.
- SkyDrive Pro Online is designed as a per user personal document storage area which starts with 25GB of space per licensed user.
- SkyDrive Pro Online storage can be increased up to 100GB per user.
- SkyDrive Pro client is available on various platforms and allows easy access to SkyDrive Pro Online documents from devices.
- SkyDrive Pro includes built anti-virus and anti-malware protection.
- SkyDrive Pro is a personal SharePoint Document Library.

Monday, October 21, 2013

BPOSExtranetFlag feature missing

In a previous post I wrote about how you can create a site template in SharePoint that you can reuse over and over. Unfortunately, that was not the case recently.

When recently attempting to create a new site using an old template the following message was displayed.


What this basically means is that a SharePoint feature was available when the template was created but is no longer available when the template is is used at some later date. This is because when you create a SharePoint template it has a look at the current environment and remembers what features where enabled.

Normally you see this when you create a template in one site collection and then move it to another site collection which doesn’t have the same features enabled. Strange thing in this case is that the template was begin used in the same site collection in which it was created. Also, nothing had changed in the site in relation to features so this error was puzzling.

Biggest problem was that a new sub-site could be not created from this template due to the missing feature. The even bigger issue was I couldn’t locate where this feature was in SharePoint to try and enable it

Now, given the name of the feature BPOSExtranetFlag, I had a suspicion that it referred to something that had been removed after upgrade of Office 365 (as BPOS was the original name for Office 365). Was that then something Microsoft removed?

Before we get into the why let’s cover off how I managed to resolve the issue. Now what basically needs to be done is for the SharePoint template file to be modified so that the reference to the BPOSExtranetFlag can be removed. A SharePoint template file is saved as a .WSP extension, but if you rename it to a CAB file and use an unzip program you can get to the files inside. Rather messy.

A better option is here from Office 365 MVP Rene Modery:

Basically, you can strip out the reference using a PowerShell, which I used. The new template was uploaded to the site and everything worked as expected now.

Beyond this however, the cause of this issue gives me concern. Why? Well I don’t have confidence any more in recommending to people they create SharePoint site templates. Why? Because they may find down the track that they can’t use them because a features has been removed by Microsoft without their knowledge.

The only information I can find about what happens with Office 365 updates is here:

and unfortunately it doesn’t mention anything about the BPOSExtranetFlag feature being removed. Without this I don’t have the confidence to create templates because the underlying structure could change rendering my templates unusable. Sure, I can solve the problem using PowerShell but that’s not something average users can do is it?

There needs to be a better solution here from Microsoft. Either allow templates to be created WITHOUT the inclusion features somehow or provide some simple tool (maybe via the SharePoint apps store) that can remove depend features from templates.

For the time being I therefore recommend that instead of creating templates you create a blank subsite you wish to have as a template and leave it empty and template it as you need it. That way, with the original site still present, your template will always work. If you create a template and delete the original site (like what happened in this case) you’ll either have to use PowerShell or recreated your original site. Not fun either way.

Thursday, October 17, 2013

Saving a SharePoint Online site as a template


Let’s say that you’ve created a SharePoint Online site that you want to save and potentially re-use elsewhere, or even in another Office 365 tenant. You can save all the structure and potentially all the data by creating a site template. Here’s how you do that.


Select the cog in the top right of the site to display the menu shown above. From this menu select Site Settings.


In site settings select Save site as template from under the Site Actions heading on the right.


Now give your site template a File Name, a Template Name and a Template Description.

You will also notice that you can check the option to Include Content if you wish. With this unchecked the template will only contain the structure of your site i.e. the document libraries, lists, look and feel, etc. However, if you check this option then all the data within these libraries, lists, calendars, etc will also be included.


If everything went to plan then you should see a message confirming that the template has been created and stored in the solution gallery.

You can access the solution gallery by selecting the hyperlink on the page or at any stage using via the Site Settings option as detailed previously. Here I’ll select the hyperlink to navigate directly to the gallery.


In the solution gallery you should find your newly created template (with the NEW icon next to it) plus any existing templates.

This gallery holds solutions (templates and custom code) that is available across the entire Site Collection.

What happens if you want to migrate this new template to a completely different site collection? Easy.


Firstly, click on the template name and save the download to your local machine.


Navigate to the solutions gallery in the destination Site Collection and select the Upload Solution button from the Ribbon Menu. Locate the file you just downloaded from the source solution gallery (it will have a .WSP extension typically) and upload it into the destination.


Once uploaded you’ll see the Activate Solution dialog window displayed as shown above. You are unable to use solutions until they have been ‘activated’. To do this simply press the Activate button on the Ribbon menu.


You should now see that the template is Activated.


Now if you go and create a new site anywhere in the Site Collection and select the Custom tab in the Template Selection you should see the template name you uploaded as shown above.

If you use this template you will get a new site based off the original template that you created (also potentially with the data it contained if you selected that as well).

You can of course create a new site based off a template at the root of a Site Collection using the method I detailed previously at:

Easy Office 365 feature comparison

Here’s a handy site that allows you to quickly compare the features across Office 365 plans. You’ll find it at:!


Simply select the options that you want at the top, then the service and finally the plan. The resulting list below will list all the features and whether they are available in your selection.


Pretty handy eh? And you know what? I can see it is all built using SharePoint lists. Even cooler!

Wednesday, October 16, 2013

Bad guys just keep winning

The number of incidents I am seeing of people being infected with the Cryptolocker continues to escalate. Now before I launch into this rant here is information about the nasty:
so you have been warned.
But how the hell can this be happening? How the hell can these sorts of things still get through and cause mayhem and destruction? Having lived through Nimda, Code Red, Melissa, Conficker and more, why is this all happening over and over again? Simple, technology is making it easier for the bad guys not harder. Am I the only one who acknowledges this fact?
I have written many, many times about how vulnerable society has become by creating such a dependence on technology. For example:
here -
here -
here -
and here -
but to name just a few.
And yet, the world seems to be again brought to its knees by a clever piece of code that is able to slip past all the ‘so-called’ filters, scanners, protection mechanisms and what not that are supposedly put in place. How is that? How can people still be clicking links and attachments they know nothing about? And why is everyone paying so much for what seems like so little protection? Is all this supposed ‘security’ actually making things worse by providing people with a false sense of security?
Simple, the weakest link is the wet-ware behind the keyboard (i.e the human being). People simple don’t have any concept of the security risk they face on ANY device that is connected to the Internet or that receives email. And you know what? That is just about every single technology device we have today. EVERY SINGLE ONE. What is being to educate people about IT security. Not much from what I can see. That is the REAL problem here.
The modern world continues to place its unmitigated faith in the march of technology, obvious to the underlying risks and fragility it is creating. It also lives with this naive assumption that whatever is done on the Internet is also anonymous. They likewise jump up and down when they find out that the NSA is monitoring email traffic. Like DUH, emails have ALWAYS been sent in the clear so ANYONE could read them, DUH. It demonstrates how removed from technology the average person is. They happily use technology but have no IDEA how it works. That is always a dangerous recipe.
It makes NO difference where your information is. In your Office or in the cloud, if you are connected to the Internet you are vulnerable, full stop. The problem is others are also on the Internet so if you get infected then there’s a chance you’ll infect them. We are now more than ever all connected together and what happens in one place can have a huge impact thousands of miles away INSTANTANEOULSY.
To me most of this anti virus software and filtering is a complete and utter waste of time. Don’t get me wrong, I have a certain set of tools and programs I use but my main weapon to remain secure is to concentrate on scaring the crap out of everyone I know (especially my family), constantly reinforcing what maladies will befall them if they click on something they shouldn't. Does that make them paranoid? You bet it does, but you know what? I am pretty sure none of them are going to get infected with this latest virus because they are more scared of me than this virus. Sometimes that’s what you gotta do keep people secure.
So what’s the point of this post? Firstly, it is to express my utter disbelieve in the existing security ‘industry’ that charges users billions of dollars every year and yet somehow fails to protect them. Is the problem the software or those charged with maintaining them? Hmmm… I could go on but secondly, it is to say that these problems are only going to continue because we are not dealing with the root cause - the idiots who click on unknown attachments and files sent to them. Here’s my golden IT security rules for idiots that MUST be followed under pain of death:
1. Backup, backup, backup. That’s not being repetitive it means back your stuff up at least 3 times.
2. If it seems too good to be true then it is. That means, that if there is any doubt then there should be no doubt.
3. If you don’t know, then ask.
I long for the day when society takes IT security seriously and develops solutions to EDUCATE people on how they vulnerable they really are every time they access the Internet. Am I being paranoid, I sure am, because you know why? Only the paranoid survive when it comes to security. I’m paranoid and I’m proud of it. That is why the machines I look after don’t get infected. Sure, there is never 100% surety when it comes to dealing with human beings but you know what? Paranoia goes a lot further in my books than most of this other ‘so called’ protection I see out there today.

Why You Should Move from Dropbox to SkyDrive Pro

I have just done an article for the Box Free IT site on why SkyDrive Pro is much better option than file sharing services like Dropbox. You’ll find the full article at:
Let me know what you think!

Tuesday, October 15, 2013

Review–Targus rotating case for iPad

Full disclosure – the review unit was supplied by Mobilezap. You can find this device and others at the Mobilezap category page at:

You snap your iPad easily into the plastic holder inside the case and then you can use it on the go or at your desktop, all with this case.
What I really like about this case is the fact you can easily rotate the iPad and use it as a stand both in landscape and in portrait. It is quiet sturdy so it makes an excellent addition to any desktop environment. You can then swivel it around and use the case like a normal folio when you are on the road.

I also like the quality of the case, which is typical of Targus products. It has a nice leather feel to it on the outside and the inside is felt lined. The case has a number of ridges into which you can prop the device when you want to use it on your desktop to get just the right viewing angle along with an elastic strap to prevent the case swinging open when you are travelling.
It would have been nice if the case was a little thinner and perhaps had a locking mechanism to prevent the iPad from swivelling unexpectedly. As a business user I’d also like to see more storage locations in these types of cases. Somewhere for business cards and notepaper would be great, although this unit does a pen holder which is handy.
Overall a great unit for your iPad, high quality and suitable for the desk or out on the road.

Monday, October 14, 2013

Sharing of infected files

In my last post I noted how Office 365 prevents you from uploading infected files. I got to wondering what happens when the other file sharing services try and share an infected file.


If I try and attach an infected file directly from my local machine to an email in Google Apps it is detected as shown above, which is good, and prevents that file being attached.


But since I can also attach from Google Drive as well, I can attach the infected file (since I can upload into Google Drive as my last post highlighted). This is not good.


Now you’ll see that with Google Apps the attachment is really shared via a link rather than attaching the actual file from what I see. Any email system worth its salt will detect and quarantine an attachment that contains a virus, so let’s just eliminate from our considerations. But, if instead I send a link to an infected document what happens? I know the email will reach the users (because it isn’t infected).


So here’s what the user sees. If I click the link to the file I see:


Now if I try and download I get:


That’s good, but remember here I am dealing with a .com file that includes a virus.

So let’s assume I am a little more cunning in my attempts to infect a user I place the infected file inside a ZIP archive. What happens?


As you see, Dropbox allows me to send a public link to the encrypted file where anyone can download it. This means that your only defence typically here is now the local anti virus software which we know all users always keep up to date right? (if you believe that then you live in world of unicorns, leprechauns and perpetual rainbows). Not good!


Now if I share the same ZIP file using Google Drive and attempt to download it from the File menu.


It is blocked like before which is good, BUT look at this:


If I download it from the drop down option at the end of the file


It downloads! Not good, especially give this the default that users see when they view the link provided. I also find it strange that one way you get one result (i.e. blocked file) while the other way you don’t. Strange.

So what’s the moral here? Best bet is don’t let the file get up to file sharing platform in first place, which is why I reckon Office 365 is a much better bet when you start digging into what can happen as I have done briefly here.

All file sharing systems are not created equal.

SkyDrive Pro includes anti virus protection

I’m seeing a lot of people out there getting hit with all sorts of viruses coming through file sharing programs because you know what? They simply don’t provide any protection but they are really easy to use.

For example when I upload the eicar antivirus test file to Dropbox look what happens:


Dropbox allows the file to be uploaded and stored. Now, if a user opens this file they run the risk of being infected.


So what happens if you attempt the same thing with Google Apps? Guess what? It also let’s the virus be uploaded and stored.

This highlights how great most file sharing applications are a virus delivery mechanisms now doesn’t it?


However, when we come to Office 365 SkyDrive Pro and SharePoint we receive the above notification telling us that our file is infected and won’t be uploaded! Now that’s protection.

Viruses and malware are so much a part of todays landscape, problem is, so are easy file sharing utilities. Most of these file sharing utilities don’t even do the most basic security checks to ensure the files uploaded are clean. Office 365 is different. It is is protected by Forefront Protection for email, SharePoint and SkyDrive Pro. To my mind that makes it some much better than the alternatives, because it automatically protects users.

If you want to understand the difference between file sharing options and Office 365 then look no further than inbuilt virus and malware protection. When I pay for a file sharing and collaboration solution I want the one with built in security. That is Office 365 and SkyDrive Pro.

Friday, October 11, 2013

Great video of Microsoft mobile platform options

Here’s a good video that demonstrates the capabilities of Microsoft software such as Office, Lync, Yammer, etc across a number of different platforms including Windows, iOS and Android.

It is interesting to see how you can share information from the cloud using Office 365 as the glue to bind all these applications and users together.

Aston Martin uses Office 365

Here’s another nice promo video talking about the benefits Aston Martin has received since going Office 365.

Wednesday, October 9, 2013

Windows Azure Active Directory Sync tool (DIRSYNC) – the basics

I thought that I’d do some posts on DIRSYNC and how it works with Office 365 as there seems to be plenty of confusion out there about it. DIRSYNC is pretty simple in reality so let’s kick things off with the basics of installing DIRSYNC, we’ll get into the more advanced stuff later.

Windows Azure Active Directory Sync tool (DIRSYNC) is an application that provides one way synchronization from a company’s on premise Active Directory (AD) to Windows Azure Active Directory. This tool allows a limited set of user objects (including logins and passwords) to be copied to Office 365 so that the information in Office 365 is identical to that in the on premise AD.

Activating the Directory Synchronization (DIRSYNC) tool should be considered a long term commitment to co-existence. Once you have activated Directory Synchronization, you can only edit synchronized objects using the on-premise management tools.

A local network administrator needs to install the DIRSYNC tool on only one member server computer in an organization’s on premise network. To complete this process they will also need to have global administrative rights on the Office 365 tenant they are seeking to synchronize to.

The computer used for Directory Synchronization must meet the following requirements:

- It must be joined to the on premise Active Directory. It must be able to connect to all of the other Domain Controllers (DCs) for all of the forest.

- It cannot be a domain controller (thus can’t be run on SBS).

- It must run on a supported 64 bit Windows Server system which is:

o 64 bit version of Windows Server 2008 R2 SP1 Standard, Enterprise or Datacenter

o 64 bit version of Windows Server 2012 Standard or Datacenter

- It must run Microsoft .NET Framework version 3.5 SP1 and .NET Framework version 4.0

- It must run Windows PowerShell.

- It must be located in an access controlled environment.

When you install the Directory Sync tool, the configuration wizard will create a service account called MSOL_AD_SYNC in the standard Users organizational unit (OU) that will be used to read from the on premise AD and write to Windows Azure AD. The MSOL_AD_SYNC is given the following permissions:

- Replicate directory Changes

- Replicate Synchronization

- Replicating Directory Changes All

Enabling Directory Synchronization

The first step in the process to configure Directory Synchronization between an on premise AD and an Office 365 tenant is to login to the Office 365 tenant as a global administrator and then select users and groups from the menu on the left hand side.


This should display a list active users, however above this you will find the option Active Directory ® synchronization. Select the Set up link to commence the configuration process.


You will then be taken to the above list of steps as shown above.

After reading the documentation concerning synchronization using the link Learn how to prepare for directory synchronization you need to ensure that you have any custom domains already configured and verified.

The next step in the process is to select the Activate button for option 3 Activate Active Directory synchronization.


You will then be prompted to confirm the activation of AD Synchronization by pressing the Activate button.


When you are returned to the list of steps you will note that option 3 now indicates that Active Directory synchronization is activated as shown above.


You may see the above message that Active Directory synchronization if being activated. This process may take up to 24 hours to complete.

Installing DIRSYNC

You will then need to download and install the AD Synchronization software (DIRSYNC). Once downloaded, you launch the application to commence the installation process.


If the machine on which you attempt to install DIRSYNC is not joined to an AD domain you will receive the above error and be unable to proceed further.


Click the Next button to commence the installation process.


Select I accept radio button and then press the Next button to continue.


Here you alter the default installation directory if desired. It is recommended that you leave it with its default setting and press the Next button to continue.


You should now see the components being installed. This may take a few minutes to complete.


When complete, you will receive a message like that displayed above to indicate the process is now complete.

Press the Next button to continue.


You can elect whether to commence the DIRSYNC configuration process, which is selected by default.

When you have made your choice press the Finish button to complete the DIRSYNC installation.


Press the Next button to commence the configuration wizard.


Enter the details for your Office 365 tenant global administrator and press Next to continue. Office 365 needs to be accessible during this process.


If you have only just activated Directory Synchronization in the Office 365 portal, as previously noted, you may have to wait up to 24 hours for the activation to complete. If you don’t you will receive an error like that shown above and will have no option but to wait for the activation to complete.


You now need to enter the details of an enterprise administrator for your local Active Directory and press the Next button to proceed.


You now receive the option to enable Hybrid Deployment. In most cases you want to leave this option unchecked and press the Next button to proceed.


Next, you can elect whether you want the passwords from your local Active Directory accounts synchronized with accounts in Office 365. Normally you would check this option and press the Next button to proceed.


You will now see DIRSYNC being configured. This may take a few minutes and you need to wait until this process is complete.


When the configuration is complete, press the Next button to continue.


You will now be given the opportunity to synchronize the local AD user properties to your Office 365 tenant. In most cases you will leave this option checked and select the Finish button to complete the DIRSYNC configuration.


You’ll now see a dialog providing you information about how to verify that everything is synchronizing as expected. This will be covered next so press the OK button to close the dialog.


If you now login to your Office 365 tenant as an administrator and then select users and groups from the menu on the left hand side you should see a list of all your users.

If you look closely at the status of most users you will find that it says Synced with Active Directory. Select any of these users to view their properties.


You should find that users synchronized from your local Active Directory are not automatically assigned a license. You need to do this manually via the console or via PowerShell. Don’t forget that you can have multiple licenses in Office 365 tenants and DIRSYNC has no way of knowing what license you want to assign to what user.


To verify that synchronization is taking place correctly at any stage, navigate to the on the member server you installed DIRSYNC:

C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell

Then double-click miisclient program.


You should see the Synchronization Service Manager appear as shown above. You will also probably notice some initial synchronization activity in the top window.


To check that information is being correct copied to Office 365 edit a user properties in your local Active Directory that you know is synchronized to Office 365. In this case the Job Title field has been updated to the string Marketing Manager for the user Lewis Collins.

Save these changes.

The next step is to force an immediate synchronization. To do this navigate to:

C:\Program Files\Windows Azure Active Directory Sync

And run dirsyncconfigshell.psc1


In the PowerShell window that appears type:


And press the Enter key to execute the command.


If you now return to the Synchronization Service Manager you should see additional synchronization activities are displayed.


If you select one of these items you will notice a list of statistics down in the lower left hand window. On the Updates line there is a hyperlink, select this to view more details.


In this case we see that the update refers to the user that was modified in the local Active Directory.

You can select this line and then select the Properties button in the bottom left for further information.


In the Connector Space Object Properties window you should details about the user, including the field that was updated in Active Directory.

This confirms that DIRSYSNC has processed the changed and sent it successfully to Office 365.


If you now login to Office 365 as an administrator and navigate to the list of active users again and then select the modified users (here Lewis Collins).


To verify the change in this case, select the details tab on the left menu under the user name and you should see the information shown above.

Under additional details you will find that the Job Title field in Office 365 is now the same as that in the local Active Directory, therefore verifying that DIRSYNC has worked successfully.