Configuring the Windows Web Server role and assigning a certificate

I’ve detailed the different Office 365 Identity options previously. I’ve also detailed how to install Azure AD Connect (which replaces both Azure AD Sync and DIRSYNC) and why it is necessary for both synchronised and federated Office 365 identities.

What I plan to cover in upcoming articles is how to establish federated identities (i.e. ADFS) for Office 365. I’ll break these down into a number of posts and then bring everything together as a single point of reference at the end.

This post will take you through the initial process of configuring the pre-requisites on the ADFS server. This means installing the Windows Server Web Server role and assigning a certificate to this Windows Web Server.

Prior to the steps here, I already have established a domain controller (DC) on the network. The local domain is called I have already successfully installed and configured Azure AD Connect on this DC. I am successfully synchronising user information from the local Active Directory (AD) to Office 365 via Azure AD Connect. I have also installed and configured the custom domain into my Office 365 tenant. This ensures that the UPN of the local AD matches those in Office 365. I have also assigned the appropriate Office 365 licenses for active users.

I have also added a separate member server (called CIAOPS365-ADFS) to this domain that will function as the ADFS server. I am now ready to configure the pre-requisites for ADFS which is the Windows Web Server role and an SSL certificate. The Web Server on this machine will be configured to respond to the URL for clients on the local network. Clients outside the domain (i.e. external) will use an ADFS proxy which will be configured later on after the ADFS server has been configured.


Launch the Server Manager Dashboard as shown above.


In the top right hand corner select the Manage menu item and then Add Roles and Features from the menu that appears.


This will launch the Add Roles and Feature Wizard as shown above.

Select Next to continue.


Ensure that Role based or feature based installation is selected, then select Next to continue.


Select the ADFS server name from the list of servers displayed. Typically, that should be the only server that appears. Select Next to continue.


Scroll down the list of roles until you locate Web Server (IIS) and select this.


This will pop up a dialog shown above. No configuration is required, so simply select the Add Features button to continue.


You’ll be return to the list of roles and you should now see that Web Server (IIS) is selected as shown above. Select Next to continue.


No additional options need to be made. Select Next to continue.


Select Next to continue.


No additional options need to be made. Select Next to continue.


Select the Install button.


The wizard will now install and configure Internet Information Services (IIS) on the server. This process should only take a few minutes and not require the server to be rebooted.


Ensure the installation process completed successfully then select the Close button to complete wizard.


In the top right of the Server Manager Dashboard you should see a message flag. if you select this you should receive confirmation that the Web Server role has been successfully installed.


In the Server Manager Dashboard, select the Tools option in the top right and then Internet Information Services (IIS) from the menu that appears.


Select the server name in the right pane. Then from the icons in the middle pane double click Server Certificates.


In the top of the right pane select Create Certificate Request.


Use the FQDN of the server (i.e. as the Common name.

Complete the remaining fields with the information from the organisation. Select Next to continue.


Leave the Cryptographic service provider set to Microsoft RSA SChannel Cryptographic provider. However, ensure that the Bit length is set to 2048.

Select Next to continue.


Enter a file location to write the server key and select Finish to complete the process.


If you look at the file created you should see that it is simply a text file like that shown above.


You now need to take that certificate request information to your certificate provider and use it to request a certificate.

In this case I am using Digicert which allows me simply to copy and paste the text from the server certificate request directly into a web page, nominate which web server it came from (in this case IIS 8.0) and complete the certificate request.


In short order, you should receive confirmation that the certificate has been approved and in this case I am sent the certificate files as an attachment.


Copy the certificate files to the server and check to see that the files include a .CER file, which is the actual certificate.


Return to to the IIS Manager and in the top right now select Complete Certificate Request.


Provide the location to the certificate file received from the certificate authority in the first field.

For the friendly name enter the FQDN of the server (here

Leave the certificate store as Personal and select OK.


When this process completes you should see the new certificate listed as shown above.


On the left hand pane of the IIS Manager, drill down and select Default Web Site.

Now on the right hand pane select the Bindings option towards the top.


Select the Add button in the top right of the dialog that appears.


Change the Type field to https.

Leave the Host name field blank.

In the SSL certificate area select the certificate that was added from the certificate authority (here, Then select OK to complete the configuration.


You should now see an entry for https on port 443 displayed in the bindings as shown above.

Select the Close button.

You now need to create an entry in the DNS for the local domain so that requests to will be directed to the web server on this machine.


Open DNS management on the domain controller. navigate to the Forward Lookup Zones for the local domain (here

Right mouse click on an empty location in the right panel and select he option to Add a new A record.

In the name field enter the first part of the common name you used when requesting the certificate (here adfs). The local domain will be appended to this name to create the FQDN of the server (here This needs to generally match the common name on the certificate generated from the certificate authority.

Enter the IP address of the ADFS server on which IIS has just been installed. Then select Add Host button to complete the process.


To ensure everything is working as expected try and ping the FQDN of the ADFS server (here You should receive a resolution to the IP address of the ADFS server, although the actual ping may time out due to firewall configurations. The important thing is that the name is resolved to the IP address of the ADFS server.

If that is successful, open up a web browser on the domain controller and navigate to the FQDN of the ADFS server (here . Ensure you use https to verify that SSL and the certificate are operational. If they are you should be greeted with the default IIS web page as shown above.

If you then examine the certificate you should be able to verify that it is valid and issued by the certificate authority you used above.

Now that a secure Web Server has been configured on the ADFS machine, the next steps is to add the ADFS role to this same server. This will be the subject of an upcoming post so stay tuned.

In defence of the humble Like

I’ve seen a few discussions of late where questions have been raised about the relevance of social media ‘Likes’. Some feel that it isn’t necessary or relevant and conveys no value in the context it appears, especially when it comes to business social networks such as Yammer. Hopefully here, I can shed some light on why, in fact, social media ‘Likes” are a very important part of the business communications fabric going forward and how they should always be encouraged.

Social media represents a monumental shift in the way people communicate online. Initially email was the primary method, but that is being replaced rapidly by social media. Why? Email is typically one to one or maybe one to a few at most, while social media is about making information public so everyone can see it.

How does that make social media valuable, especially inside a business I hear you ask. Stop and think about all the emails you have received recently. I’ll pretty much bet that 90% of them don’t need to be private at all. I’ll also bet that at least one other person would receive value from the information in those emails if they were made public.

The simple problem with business emails is that they silo information. They lock away information that others may benefit from to do their job or complete their tasks. However, if that information is made public, others can find that information, then use and build on it. They can take such information and add further value to it with their own input and again share that publically. The more people who see the information the more value it has as per Metcalfe’s law.

So sharing rather than siloing has value, that is why social media networks are fundamentally important to businesses. The problem is that many people in management positions have little exposure or experience with social media and thus fail to comprehend its adoption within a business. They base their judgements of social media on what they see on public social networks like Facebook and wrongly equate this to exactly what they would see inside a business social network.

I would contend that most businesses are not using email correctly anyway. They are using ineffectively and inefficiently. Why? Because few people in a business have ever been trained on the effective use of email have they? Thus, without proper training, people use it in a way that makes sense to them NOT in a way that makes sense for the business. Look at how much time people actually spend managing their email rather than actually getting work done. Business social media is no different. If people aren’t given appropriate guidance and training on the correct method to use any business social media tools they will revert to using in a way that they know, i.e. just like they use their personal Facebook.

Hopefully, you’ll appreciate that by implementing effective guidance and training business enterprise networks can be a highly efficient methods of sharing knowledge within a business and allowing everyone to have access to that information to do a better job. However, where does this concept of ‘Likes’ add value?

Here’s an analogy for you. When I do a presentation to a room of people hopefully at the end I get some acknowledgment that the information I presented was valuable to those in attendance. How is that conveyed? Applause. The more applause and the louder it is the more valuable people have found the content. Such applause is a indication to those nearby of the value of what I presented. If they weren’t present, loud applause would indicate greater value and may prompt them to pay more attention to future topics or perhaps review a recording if it was available.

Thus, each person’s applause is an indication of their ‘Like” of the what they have seen. The more people that applaud, the more ‘Liked’ the information was. Attendees are still free to approach the speaker and thank them personally afterwards or ask for more information but it is not practical for everyone to do that is it? Thus, applauding is the socially acceptable way of showing appreciation.  One might argue that applause doesn’t have much value because it doesn’t convey very much or provide value, however if that was the case why do people still applaud performances today? Humans have been performing to crowds for years and the use of applause doesn’t show any signs of decline does it?

So, ‘Likes’ are an easy method of providing recognition of the information supplied. Remember, each person only gets to ‘Like’ something once. Thus, it is also like a vote. The more votes, the more value the information has. If you see something on social media that has lots of ‘Likes’ you are probably going to pause and review that item in curiosity aren’t you? That system of voting is then an unconscious method of rating information and bringing it to then attention of those who may not have seen it.

Here’s where ‘Likes’ become even more powerful. Lurking beneath all social networks are machine learning algorithms that attempt to determine the relevancy of all the information inside a network for each individual. When you look at your social network feed you are viewing what the algorithm believes is most important for you to see. The more ‘Liked’ information is the more of a signal it is to the algorithm that this information should be given priority in peoples feed. So not only are you making a judgement to view information when you see many ‘Likes’ so is the algorithm behind the social network which is attempting to prioritise relevant information for each user of the network.

This is one of the crucial points about embracing the value of social media. Those who haven’t grown up with it or embraced it struggle to understand why they see some stuff and not other stuff. They come from a world of email where each message came into their inbox and remained there for review. A social network relies on a algorithm to determine what is most relevant. It relies on signals, inputs and interactions with others inside that network to determine relevancy for each user. In essence it delivers a customised view of the information for each user. Truly productive people DON’T NEED to see everything, they just NEED to see what is most relevant. That is what a social network delivers.

To provide this customised view of the breadth of information inside a social network the algorithm relies heavily on signals and one of the most important signals is ‘Likes’. That is why you should be using them. You should be looking to help the algorithm and your network understand what is relevant by casting your vote (i.e. ‘Like’) for the material you see. You can certainly contribute more than mere applause to what you see by adding further to what is there, but in essence by applauding (i.e. ‘Liking’ ) it you are telling everyone in your network, including the algorithm, that to you this information has value. Your ‘Like’ helps add value to your social network. It is about the network as a collective benefiting, not just the individual.

In my experience there is a very clear delineation between those who understand social media and those who don’t. If the first thing you check when you get up is your emails, then unfortunately you don’t. Today’s modern information worker understand the value of social, understands the value of team, understands the benefits of sharing and thus goes to their social network first each and every day. They trust the network to help them get their job done. They trust the network will deliver the information they need. They understand the network is there to support them. They trust those inside the network and the algorithm to make relevancy decisions for them so they can get on with their jobs without the need to review everything.

Business social networks are tools they need to be used appropriately. If people are not given guidance with tools they will start using a screwdriver as a hammer ‘because it does the job’. Technology is no different. The secret to effective use is guidance and training. That will then unleash far more power than could have every been envisioned within an organisation. Thus, used correctly, the humble social media ‘Like’ has the ability to transform something obscure into something that truly has value, for the business and the individual. So please make sure you ‘Like’ this post!

Questions about Office 2016 via Office 365

Here are some common questions that I see out there about Office 2016 via Office 365.

Q. Am I required to upgrade from Office 2013 on my desktop to Office 2016 if my Office 2013 was installed from Office 365?

Yes, however you have 12 months to complete that transition. That means you must upgrade your Office 365 Office 2013 to Office 2016 by the 22nd of September 2016. After that date any existing Office 365 Office 2013 installation will reverted to “reduced functionality mode”, basically read only.

Q. Will existing Office 2013 installations from Office 365 automatically be upgraded without user interaction?

No. Users will not have their version of Office 2013 on the desktop automatically upgraded to Office 2016 without their input. Typically, they will need to upgrade from the portal or via an administration installation using the Office 2016 Deployment toolkit.

However, according to the Office 2016 Q and A:

If your admin does not manage your installations and updates an automatic upgrade will occur for Office 2013 users. When your automatic upgrade is ready for you to install, you’ll receive a notification that appears on the menu bar in one of your Office applications (for example, Word, Excel, PowerPoint, or OneNote). When this notification appears follow the steps to update to the current version of Office.

If your Office 365 for business admin manages your Office installations your admin will need to manage your updates to Office 2016.

This is along the lines of the Windows 10 upgrade process. Notification will be received that an Office update is available but users will need to follow the steps in the notification to upgrade.

Q. Can you downgrade from Office 2016 to Office 2013 with Office 365?

No. Only Volume Licensing of Office directly has downgrade rights. Office 365 purchased via Open does not provide downgrade rights for Office.

Q. Can I obtain Office 2016 from Office 365 from DVD media or downloading an ISO?

No. Office 2016 from Office is deployed using ‘Click-to-run’ technology that delivers software directly from the Internet. An administrator can use the Office 2016 Deployment toolkit to create deployment repositories on a network if required.

Q. Can I install Office 2016 from Office 365 in a Remote Desktop environment (i.e. on a Terminal Server)?

Yes, provided you have Office from Office 365 under an E (Enterprise) SKU. If you do then you use the Office 2016 Deployment toolkit to do that. For more information about Office in an RDS environment see my previous post:

Installing Office 365 pro Plus on an RDS server – updated

Q. When can I get access to Office 2016 software from Office 365?

The ability to install the latest software is being rolled out across Office 365 tenants in a staged manner. If you wish to ensure have access to the latest Office 365 abilities ensure you have Office 365 First Release enabled. You will then find Office 2016 preview available to first release tenants.

To find out when your tenant will receive Office 2016 from Office 365 review:

How do I update Office to Office 2016 using Office 365 for Business?

The table before from the Office 2016 wiki details when the upgrades are available depending on your version of Office 2016

Office 365 plans or versions

Upgrade timeline

Default Update branch

More Information about how to upgrade

Office 365 Business plans (Small Business Premium, Business, Business Premium)

Available now for new installations.

Automatic upgrades will occur in Q4 of 2016.

Current Branch

See How do I update Office to Office 2016 using Office 365 for business?

Office 365 ProPlus SKU(Enterprise, Midsize, Education)

Planned for the first quarter of 2016.

Current Branch for Business*

Where can I find information about updating Office 365 ProPlus to the Office 2016 version?

*ProPlus can be configured to use Current Branch if desired. See the

Configure the update branch to be used by Office 365 ProPlus section from here.

First Release

Available now.

First Release for Current Branch for Business

More information about First Release for Office

Office 365 Home, Personal, or University.


How do I get my Office 365 upgrade to Office 2016?
Note this does not apply to business products.

For more information about the different update branches or how to deploy a specific branch see Overview of update branches for Office 365 ProPlus.

Thus, if you are on an Enterprise SKU of Office 365 you will not typically see Office 2016 being rolled out until early 2016 according to the above table because these SKUs are automatically on the Current Branch for Business update regime. You can however, shift Enterprise licenses to the Current branch update regime so that they will receive an update to Office 2016 before the end of the year. If you want it earlier than that you will need to be on first release.

To configure the update branch for an Office 365 ProPlus installation, you can use the latest version of the Office Deployment Tool or the latest version of the Group Policy Administrative Templates files (ADMX/ADML) for Office 2016.

Q. How will Office 2016 fro Office 365 updates be handled going forward?

Office 2016 from Office 365 will move to a similar update methodology approach that Windows 10 has adopted. This means that updates (security and features) will be pushed out on a regular basis via a number of different update ‘branch’ offerings. Different SKUs will be on different ‘branches’ as detailed in the above table. To better understand how Office 2016 updates are going to function review:

Overview of update branches for Office 365 ProPlus

and this video from Microsoft:

Q. What other information is available about Office 2016 from Office 365?

Prepare to update Office 2016 Pro Plus to the Office 2016 version

Q. Can I have both Office 2013 and Office 2016 from Office 365 on the same machine?


Q. Are any Office 2013 applications removed during the installation of Office 2016 that are not upgraded?

Yes. If you have InfoPath from Office 2013 ProPlus installed it will be removed during the upgrade. It will however still be available for download from the software section of the Office 365 portal.

SharePoint Designer 2013 will also be removed during the Office 2016 upgrade process. It again can be installed from the software page in the office 365 portal.

Versions of Visio Pro 2013 and Project Pro 2013 will also be removed from the computer during an upgrade. You won’t be able to reinstall them after the Office 2016 installation. You will need to install the 2016 versions of Visio Pro for Office 365 and Project Pro for Office 365 on a computer with the Office 2016 version of Office. This removal only happens when you manually update to Office 2016. It is recommended that you wait for the automatic update to update all office applications on the desktop, including Visio and Project.

See – “We need to remove some older apps” error for more information about existing apps being removed during the Office 2016 upgrade.

Q. Do users have be local administrators to install Office 2016 from Office 365?

Yes. Per:

Deploy Click to Run for Office 365 products

Users must be local administrators on their computers to install Click-to-Run for Office 365 products.

If users in your organization are not local administrators on their computers, you can use one of the following methods to install Click-to-Run for Office 365 products for users:

  • Have an administrator log on to the user’s computer and install Click-to-Run for Office 365 products.

  • Use a software distribution product, such as Microsoft System Center Configuration Manager.

  • Use Group Policy computer startup scripts.

See me do my thing, virtually


I’ve got a number of sessions at the upcoming Office 365 conference in Seattle. Now they have opened the opportunity to attend one day of the conference virtually!

By attending virtually you’ll be able to watch a number of sessions on the opening day and you can view these on the event schedule:

On that day I’ll be presenting:

Riding the big data wave with Excel and Power BI

Big data is one of fastest growing IT segments thanks to the dawn of the Internet of Things (IoT). However, data along does not provide value alone. The value proposition comes by turning data into information using tools like Excel and Power BI. This session will show you how to quickly and easily use the advanced features of Excel such as Pivot Tables, Power Query, Power Maps and more. It will then show you how to pull data from various sources into Power BI and create interactive dashboards. It will highlight the business opportunity for data analysis and reporting that is now available from the tools provided in every Office 365 subscription. You’ll learn how to create unique IP around business intelligence that will mean more money in your pocket as the demand for data analysis grows in every segment of the market.


Office 365 Identity management/SSO

There is more to identity with Office 365 and Azure than just logging into a web page. There is also the ability to implemented synchronized and federated identity that integrates Office 365 with local on premises solutions like Active Directory to allow single sign on. Configuring these options is relatively straight forward once you understand the model and know what the right option is for you. This session will provide you with a deep dive into the Microsoft identity options and how to configure each one. It will cover products such as DIRSYNC, AD SYNC Services, AD Connect and even Yammer DIRSYNC!

I’m doing some more session over the other days but by attending virtually you’ll get access to the complete first (and major day) of the conference. You’ll not only be able to watch live but you’ll also be able to view a recording if the live session happens to be in the middle of night (as it will be for many in Australia).

So, if you wanna see me (and others) do our thing and talk about office 365 you should sign up to be a virtual attendee.

Office 365 planner

I was very excited to see Microsoft announce the Office 365 planner after rumours had abounded. You can read the Microsoft blog post here:

Introducing Office 365 Planner 2

The reason I am excited (and should every IT Reseller) is that it offers yet another revenue stream opportunity. Why? It would be hard for me to find a I business that I deal with that doesn’t need some form of project management and need help doing just that.

Yes, you can do project management in SharePoint but SharePoint but be somewhat intimating for businesses still migrating from the old world of files and folders. A dedicated ‘planner’ app in Office 365 makes so much sense and open up so much opportunity.

What I also find interesting is the look as you can see from the above image taken from the Microsoft blog post. It looks very much like Delve, which I think is great. This is an indication of the direction Microsoft is heading with the whole Office 365 product. I wrote an article a while back about important I believe Delve is, which you can review here:

Delve should be the center of your Office 365 universe

Another point (and opportunity to note) is there is that every plan includes a OneNote notebook, much like Office 365 groups. I am a huge fan of OneNote and user it every day on every device I have. OneNote again is a huge opportunity got resellers to demonstrate how much productive customers can be if they start using OneNote in their business.

Although the Office 365 planner isn’t available yet, it will be soon along we a whole raft of updates and improvements. Office 365 just keeps getting better and better, for customers and resellers!

Enable the Power BI developer tools

if you want more control over the visualisation you can create in PowerBI take a look at the new developer tools.

You enable these by signing into your PowerBI environment and appending:


to the end of the URL.

The browser should refresh.


That will reveal a new menu option under the COG called Dev Tools.


A new tab will open and you’ll see the developer environment.

Take a look at the above video to see what’s involved in getting started with this environment.

A bit geeky I know and not for everyone but it should reinforce the point how important software (i.e. coding) skills are fast becoming. It should also highlight the opportunities that abound in this new environment and how easy it is to get started.

Last call out for this months free webinar


As last shout out for those interested in attending a monthly free ‘Ask Us’ webinar this Thursday the 17th of September at 12.30pm Sydney time. You can register at:

The webinar will cover some frequently asked cloud questions, provide updates from the online world and then open the floor for questions from attendees. If you have anything you want an answer to when it comes to products like Office 365 this is the place to ask.

The sessions generally include a lot of great information and real world interactive demonstrations so you can see exactly what’s going on. That we believe has real value.

Although we’d be disappointed, if you can’t attend this month then watch out for the next webinar. We run them every month.

All these webinars are recording for our Cloud Business Blueprint community members so they can watch them on demand directly from within the members forum when it suits them. However, they remain free for anyone to attend and ask any question they want when it comes to the cloud.

I hope to see you on the webinar on Thursday.

Hurry, price to rise soon

I am proud to say that the Cloud Business Blueprint community is fast approaching its second anniversary. I’d firstly like to take the opportunity to thank every existing Cloud Business Blueprint community member. Without you Cloud Business Blueprint wouldn’t be the success that it is.


Since it started out, we have kept adding more content for community members. The above screen shot shows you that we currently have over 150 videos available for community members to view on demand. That’s over 4.5GB of video footage available to help community members learn more about both the technical and business aspects of being a modern cloud provider.

But the information doesn’t stop there, we have a members forums where we answer both business and technical answers. It is place where other cloud resellers can share their challenges and help other members of the community through their experience.

Inside the Cloud Business Blueprint Community is also a raft of documentation, whitepapers and re-brandable content you can take and use with your own customers, all included in the monthly subscription price.

With all this success we are now looking to take the Cloud Business Blueprint community to the next level. This, combined with the significant amount of content that is now part of the community, means that we’ll soon be raising the entry price. However, if you subscribe before the price increase in November you’ll remain on the old rate for the life of your subscription.

Remember, there is no long term commitment, you can cancel at any time without question but I’m confident once you see all the content that is available and the new stuff that we are constantly adding you’ll realise how much time it is going to save you building your business and resolving technical issues.

You’d be hard pressed to find another dedicated environment like this that specifically brings together the best cloud providers from around the world and allows them to build their technical skills, business knowledge and share with others from all around the globe.

If you like the free content that I provide in various places and want to support the work that I do and gain access to the premium content I provide, then the Cloud Business Blueprint community is for you. Remember, join now to lock in the existing subscription price before he increase with no commitments. You can sign up today at:

I look forward to welcoming you inside the Cloud Business Blueprint community as we move into our third year.