My gear

I thought I’d take a moment and share with you the main hardware items I use, and what role each plays.

Surface Pro 4 – My main desktop machine for all my day to day work. With 16 GB of RAM it allows me to run Hyper V machines to typically test the connection of on premises environments to Azure and Office 365.

Surface Pro 3 – My travelling machine for presentations and work on the road. It is also a backup machine to the Surface Pro 4, if for any reason my main machine has issues. Not quite as powerful as the Surface Pro 4 but a really great machine to travel with.

Surface Pro 1 – For many years my original main desktop machine. It is now being repurposed into a dedicated ‘Office 365/Windows 10 Azure AD joined’ machine that will live the full integrated experience. It will be the demo machine I used to test out the integrations between client and the Microsoft Cloud.

Mac Book Pro – Starting to show its age but still allows me to understand the emotional fuss people make about these machines (my experience is that they are no better or worse than PCs really). I typically use this machine on the weekend so I get to experience what being a ‘normal’ end user is like. I still don’t have much Mac experience and that makes it extremely annoying actually getting technical stuff done on this machine. However, at least I can test how these Apple desktops work with Office 365.

Ipad 2 – Getting a bit long in the tooth now and mainly used as my test device for connection of iOS to Office 365. All the Microsoft apps are on there and I use it to understand better how iOS works with Office 365. Also, a very handy travelling machine when you just need to check and reply to a few emails. Much more suited to my stubby fingers when it comes to email.

Nexus 5 – Another device that is beginning to seem slower than it actually is. In the world of Office 365 I need to understand how Android connects to Office 365 and what apps are available, hence this ‘pure’ Google device. It has all the Microsoft software installed, including the Next screen launcher. This is also my go to podcast device simply because it is the smallest portable device I have. This phone is also a backup in case my main Windows 10 phone has any issues. It also doubles as a secondary Wi-Fi hotpot in case of Internet connectivity issues.

Lumia 950 XL – My main day to day phone running Windows 10. Does everything I need and more. Love it. My only criticism is that it is perhaps too large for my stumpy fingers, the 950 probably would have been ergonomically a better bet upon reflection. I use this to make calls, send texts, read emails and function as a Wi-Fi hotspot when other Internet connection options are inadequate. It is my office when I can only use the one hand.

Microsoft display dock – Connects to the Lumia 950 XL to provide power as well as the continuum feature where the phone can act as a desktop. I really think this configuration is the way forward and am looking forward to the rumoured Surface phone.

Kensington USB 3.0 Docking Station sd3500v – This allows my main machine to connect to multiple monitors, standard LAN connectivity and a variety of USB connections as well as audio. Simply one connection to Surface Pro 4 and many connections out.

WD Sentinel DX4000 – My on premises NAS to hold all my local files. Also holds things such as videos, ISOs, etc that are too large for realistic storage in the Cloud. The server run Windows Storage Server and doesn’t do much else than act as a big file share for all my machines but it has a RAID configuration which is great protection for my data.

Rode NT-USB microphone – My ‘high quality’ audio device for doing podcasts as well as meetings.

Plantronics wired headsets – I have two of these, one for my desktop and one for the road. Great quality and sound.

Acer CB281HK 4K 28” monitor – All my machines, when they are on my desktop, connect to at least a second screen (my main Surface Pro 4 connects to dual monitors). The best of these is this Acer model. Clear, sharp and huge. Great for work but also leisure.

Amazon Kindle – Still to my mind the best dedicated device I own. I use it everyday and love the way it looks and feels as well as how well it does what it does. The charge lasts for ages, you can use it anywhere. It is clean, smart and functional. It is one of the devices that I can truly say has changed the way I function, and for the better.

Fitbit – When I’m not travelling I wear a Charge HR. My aim is to achieve 10,000 steps a day but my main reason for using this device is to monitor my sleep patterns. I’m trying to improve my sleep in order to boost my daily productivity and this device helps me do that along with so much else. This is the perfect device to help you keep your fitness commitments.

Xbox 360 – Apart from being slaughtered by foul mouthed nine year olds in Call of Duty constantly while providing some much needed frustration release and hand eye-coordination training, I spend most of my time on this device watching YouTube, especially Microsoft content.

Of course, I have various other gadgets spread around the place but the above list are the main items I use and recommend.

What’s your list?

MVP for 2017

It is with a great deal of humility and pride that I can report that Microsoft has once again recognised my community contributions with its Most Valuable Professional (MVP) award for 2017 in the Office Servers and Services.

This is now my sixth consecutive award and just as special as the first. This recognition is however not possible without the support of so people who follow and support what I do, especially those that take the time to read this blog. To each and every one of you I say thanks again.

I’ll be sure to work hard again to bring you more information about Office 365 and Azure. However, all of that wouldn’t be possible without Microsoft making such great products and making them available to people like me. I look forward eagerly to what they’ll be bringing out in 2017. It is going to be another very exciting year for Microsoft and being in the Microsoft ecosystem.

Being an MVP is great and unique honour. Being part of a community of really smart and passionate technology people who are also MVPs is truly inspiring and I hope to live up to their dedication and enthusiasm. I congratulate all those who where also awarded the same MVP recognition today.

But again, I thank Microsoft for this honour and will work hard to live up top the expectations it sets again for 2017.

Patience is a virtue

I was doing some shifting of domains and emails into Office 365 and came up against a few ‘unique’ issues I thought I’d share.

When I tried to move one domain into Office 365 I was told by the Office 365 DNS wizard that the domain was already in use by another Office 365 tenant! The message I received was:

domain.com was already added to a different Office 365 tenant domain.onmicrosoft.com.

Sign in to that account as an admin, and remove domain domain.com. Then come back here and try adding domain.com to this account again.

If you can’t sign in to domain.onmicrosoft.com as an admin, try resetting your admin password.

Say what?? How could this be I wondered? Then I remembered. I’d use that that email domain to send an Azure Rights Management document to. When the recipient attempted to open that document they were prompted to create a login in Azure Rights Management because the email account wasn’t already on Office 365. The login that they create for Rights Management is actually an Azure AD login. If it is the first time an email from this domain has logged into Rights Management then a new Azure AD tenant is established with this domain and the email address being the global administrator effectively.

This process of creating a ‘free’ Azure AD by a non-Office 365 email account is known as Azure Self Service signup and you can read more about what happens here:

What is Self-Service Signup for Azure?

Ok, so now I know how the domain came to already be associated with an Office 365 tenant but how the hell do I release it?

Luckily, I could remember the password for the Azure Rights Management user so I logged into the Office 365 console with that login. Sure enough, there was the custom domain. Easy enough to remove right? Not quite.

When I attempt to remove the custom domain from this tenant I get prompted that it is already in use by a user. Ok, ok. So I go back to the only user in the tenant (the one that set all this up for Azure Rights Management) and I swap the primary login back to domain.onmicrosoft.com. Good to go right?

Again, no so fast. Now I get, when trying to remove the domain, that the domain is as an alias or used with Skype. Hmm.. as this tenant has effectively no mailbox or Skype licences how do I check or change these?

PowerShell to the rescue! I use the script from the bottom of this post (thanks Bittitan):

https://community.bittitan.com/kb/Pages/How%20do%20I%20remove%20a%20domain%20from%20Office%20365.aspx

to quickly remove every alias that ends in domain.com.

Phew, now I can finally remove the domain from the ‘free’ Azure AD Rights Management tenant.

I now go through the normal process of adding the custom domain back into tenant with the Office 365 licenses I’m trying to build. All good so far. Now I license and create a user. Still all good. However, when I visit the new users mailbox on the web I’m greeted with a message like:

Hang on, we’re not quite ready

It looks like your account, user@domain.com, was created 1 hour ago. It can take up to 24 hours to set up a mailbox.

Click here to sign out.

X-Clientld: 2040134E67C145408AAEA2B206CE6183
request-id: ab7e2c74-b653-4f79-96d9-a5bca84f3a75
X-Auth-Error: OrgIdMaiIboxRecentlyCreatedException
X-FEServer: ME 1 PR01CA0033
X-BEServer: SYXPROI MB0976
Date: 12/31/2016 AM

Fewer details…

Check again

Hmmm..not good. Now I start wondering what’s going to happen to the inbound mail to this mailbox? I’ve shifted the DNS records so it will be flowing into the tenant, but will it end up in the mailbox? Lost? Or just be bounced? The unknown is freaking me out.

So I go into the Office 365 Administration area and check the user details and license. All good. I see that the mailbox exists in the Exchange admin area. All good. I turn on archiving for this mailbox and it works, however when I return to the mailbox on the web, same please wait message.

After about 10 minutes of clicking the Check again link I decided that a watched kettle never boils and I go away to do other things.

An hour later I return and get the same result when I try again. However, when I go into the usage statistics of the mailbox in I see that it actually has a small amount of data in it now. I assume this is inbound mail. My assumption is thus, that the mailbox is in fact accumulating inbound email even if I can’t get to it. A small ray of sunshine appears in the clouds of despair.

I also try and connect up a local version of Outlook 2016 to the mailbox, but no joy there either.

I then consider logging a support call via the portal, however when I attempt to do this the only option I’m given is for a phone call back. For some reason there is no email option?? Not wanting to inflict my impatience on others and risk being told to wait the period the message says in plain English in front of my eyes (i.e. the bleeding obvious), I defer logging a support call to further down the track, beyond the 24 hour period (but not a second beyond that!).

Deciding that the best thing is to do what the screen says and wait up to 24 hours and see if it sorts itself out, I head off to other distractions. That however doesn’t prevent me from checking the mailbox at the 3, 6 and 9 hour mark, all with the same result. Damm, this is not looking good!

At the 10 hour mark I try the mailbox again on the web and it looks like it is going to open (I get the ‘preparing Outlook’ screen) but alas same result. However, when I try to connect to the mailbox using my local version of Outlook now I get a connection and can see new emails! Yeah! Things are looking up. Thank you spirit of 2017.

With desktop Outlook connecting to my mailbox I begin to import the emails saved from the previous hosting configuration via PST. Although slow, the process is working. I now check the usage size of this mailbox and it is increasing. So two pluses there. A few minutes later I can now access the mailbox via the web browser. Halleluiah, technology be praised. Never doubted it for a second (rrrrrrright…..).

Thus, long story short. If you are moving an existing account from one Office 365 tenant to another (even if the original doesn’t have a mailbox) beware you may get the delay message shown previously when attempting to access the mailbox. Importantly if you do, don’t panic. Just wait it out. In my case it took 10 hours to come right, but like the message on the screen actually says, it could take up to 24 hours. However, if you check the usage of the mailbox in question and it is increasing, this would indicate that the mailbox is working an receiving emails and provide solace during your extended waiting period.

As they say, patience is a virtue and a virtue I am still perhaps yet to fully learn!

My Stuff

This post is aimed at bringing the links to everything I have out there on the Internet together into a single place. Here we go.

About me

Summary – http://about.me/ciaops
Website – http://www.ciaops.com/about
Email – director@ciaops.com
Skype for Business – admin@ciaops365.com

Social Media

Linkedin – http://www.linkedin.com/in/ciaops
Twitter – https://www.twitter.com/directorcia
Facebook – http://www.facebook.com/ciaops
Google Plus – https://plus.google.com/+RobertCrane

Free Stuff

Regular technical and business information, tutorials, walk throughs, learnings, upcoming courses and more.

Blog – http://blog.ciaops.com

Here you’ll find plenty of video tutorials on SharePoint and Office 365

YouTube – http://www.youtube.com/user/directorciaops

Documentation, presentations, SharePoint Guide and more are here for free download.

Docs.com – http://docs.com/ciaops

Documentation for SharePoint on premises, especially the free versions and those that came with SBS.

Windows SharePoint Guide (Server 2010) – https://doc.co/xQqg6t
Windows SharePoint Guide (MOSS 2007) – https://doc.co/KEJDX7
Windows SharePoint Guide (Foundation 2013) – https://doc.co/RRgeas https://doc.co/RRgeas
Windows SharePoint Guide (WSS) – https://doc.co/vEHSTm

Slideshare – http://www.slideshare.net/directorcia

Whitepapers and superseded documentation lives here.

Downloads – http://www.ciaops.com/downloads

Need to Know podcasts – http://ciaops.podbean.com

You can subscribe using iTunes or Stitcher.

20 part Getting Started with SharePoint email course –http://bit.ly/cia-gs-spo

After the course complete this morphs into my Office 365 newsletter.

Office 365 and Azure Technical Email Newsletter –http://eepurl.com/bFYpEX

Commercial stuff

This stuff helps pay for free stuff above so I appreciate your support for my paid work.

CIAOPS Online training academy –http://www.ciaopsacademy.com

Access to the private CIAOPS community for technical support, product discounts and access to the best Office 365 and Azure information

CIAOPS Patron – http://patreon/ciaops

Lots of courses on Office 365, PowerShell, Azure, SharePoint and the like.

Publications – http://www.ciaops.com/publications/
Lulu store – http://www.lulu.com/spotlight/ciaops

Designed to help technology companies become cloud service providers

CIAOPS SharePoint Services –http://www.ciaops.com/storage/flyers/SharePoint-Services.pdf
CIAOPS Office 365 Services –http://www.ciaops.com/storage/flyers/Office365-Services.pdf

General Interest

Australian Battlefields of World War 1 France –http://www.anzacsinfrance.com/
Anzacs in France (Twitter) – https://twitter.com/anzacsif

This accounts sends a tweet to commemorate a significant dates from the Australian battles in France during World War 1.

Kiva Loan portfolio – http://www.kiva.org/lender/robert5824
Goodreads (reading list) feed – https://www.goodreads.com/user/show/708903-robert
The why – https://www.youtube.com/watch?v=pOFcUNIQuUU

Need to Know podcast–Episode 124

Marc and I are join by another Mark in this episode (just in case things weren’t confusing enough on this podcast already!). Mark O’Shea joins us to talk about Microsoft Intune and where it fits into today’s IT landscape. Mark shares with us what Microsoft Intune is, how it can be purchased and what role it plays for IT Pros.

You’ll also get our latest Microsoft cloud news at the top of the show to keep you up to date with everything happening in the Microsoft Cloud-verse.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-124-mark-oshea/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Mark O’Shea – @Intunedin

Marc Kean – @marckean

Robert Crane – @directorcia

Marc’s Azure news

New CIAOPS VPN online course

Azure VPN performance

New OneDrive for Business client coming for all

Copy from OneDrive for Business to Team Sites now available

Integration of Flow and PowerApps into Team Sites

If This Then That

Zapier

New OneDrive for Business admin console rolling out

InTunedin

Microsoft Intune

Microsoft Intune features

Microsoft Intune pricing

Microsoft EMS

Azure VPN performance

I’ve be working a lot recently with Azure VPNs thanks to the development of my new online course:

CIAOPS Azure VPN course

One of options you need to select when you create a new Azure VPN gateway is the SKU.

With all the VPNs I had been working with I’d always just left the option set as Standard but then I wondered whether selecting another VPN SKU made any real difference?

I therefore set out to do some basic testing of the performance of the different Azure VPN SKUs to get an indication of what differences, if any, there was between them.

The place to start if you want more information about Azure VPN Gateways is here:

About VPN Gateway

In my case, I started with 6.9GB of data, composed of a number of large PST files (100 – 500MB each) that I would copy between local and Azure VM’s via an Azure VPN.

I kept the VMs at both ends the same and only recreated the VPN gateway as needed, with a different SKU each time. I did all the transfers using drag and drop from Windows Explorer.

You can see the speed test results from the link that I had my local VM connected to the Internet with.

After copying the 6.9GB of data up from the local VM to Azure and then back down from Azure my results showed that there was no appreciable difference in performance between any of the Azure VPN SKUs. The time taken to upload or download the data was identical at around 12 minutes or around 720 seconds. That is about 9.81 MB/s in my maths (6.9 x 1,024)/720 up and down.

When you look at the quoted VPN gateway throughput you find that Basic and Standard are around 100Mbps, while High Performance is 200Mbps. However, as the Microsoft notes:

“The VPN throughput is a rough estimate based on the measurements between VNets in the same Azure region. It is not a guaranteed throughput for cross-premises connections across the Internet. It is the maximum possible throughput measurement.”

So, based on my rudimentary tests, I didn’t see any difference in performance based on the different VPN SKU’s.

Where a major difference surfaces is price. If you go to the Azure pricing calculator and calculate the monthly cost of the different VPN SKUs you find that to run for a full month the Basic VPN SKU costs AU$34.11.

The Standard SKU costs AU$180.05 (428% higher) and

the High Performance SKU costs AU$464.34 (12,610% higher than the Basic SKU).

Based on my rudimentary transfer tests, and provided you don’t need some of the additional features of the more advanced VPN SKUs (such as additional IPSec tunnels) then I have to say that probably for most cases, the Basic VPN SKU is more than adequate. Thus, from what I can determine, the Basic Azure VPN SKU is the most cost effective option.

However, I’m sure when you get lots of varied traffic, with different file sizes and a more typical work environment the more advanced Azure VPN SKUs shine but as I said, from I see, the Basic SKU is a great place to start when you want to connect your environment securely to Azure.

The other value that I’ll share with you is the fact that creating a VPN Gateway using the Azure Resource Manager (ARM) portal takes about 40 minutes. It is easy enough to change the Azure VPN SKU you use over time but remember that, if you do want to change the Gateway SKU, you’ll need to delete the existing Gateway and create a new one. And that will take about 40 minutes to complete.

In summary, my take aways from this rudimentary testing of the different Azure VPN SKUs is that, in the SMB world, a Basic VPN SKU appears to be the most cost effective, unless you need some specific advanced VPN features. It is also easy enough to upgrade the Azure VPN Gateway at any time but doing so requires about 40 minutes of creation time.

So, for about AU$35 per month (excluding traffic costs out of Azure of course) you can get a secure VPN connection from Azure to your on premises infrastructure, and that ain’t expensive at all for the flexibility it provides!

Office 365 branding using Azure Resource Manager

When most people login to Office 365 they see the above standard branding.

What you may not know is that you can, in fact, customise this branding to look much more enticing as shown above.

This branding is accomplished via the Azure portal. I detailed how to do this a while back:

Office 365 tenant branding

Such configuration needed to be carried out using the older, Azure Service Manager (ASM) portal.

Luckily, the ability to brand Office 365 tenants is now available in the new Azure Resource Manager (ARM) portal in preview. Here’s the process.

You’ll need to have previously enabled the Azure management portal from your Office 365 tenant. You should always do this as part of your Office 365 tenant enablement process because there are so many additional cool features (like branding) that you get access to. If you haven’t enabled your Office 365 Azure AD subscription then the steps to do this are here:

Once you have completed that process you’ll be able to login to the Azure Resource Manager (ARM) portal at:

https://portal.azure.com

using your administrator Office 365 credentials.

When you do so, you should see something like the screen above.

From the list of items on the left hand side of the window you should find one called Azure Active Directory. If you can’t, simply search for the service and when you have found it in the available list as shown above, simply select it.

This should then open the above blade, where you can see information, such as users, from your Office 365 tenant displayed.

From the options available, on the left, locate and select Company branding as shown above.

This will open another blade to the right as shown above. In here select the link Configure company branding now.

A further blade will open to the right and you’ll be presented with all the branding options for your tenant.

All the details about these options can be found here:

Add company branding to your sign-in and Access Panel pages

The most important section you’ll need, is the one telling you the image sizes required. That section is located at the bottom of the page under the heading – Customizable elements.

The first option you can brand is the large image on the left hand side of the login page. The maximum image size here is 1420 x 1200 pixels, with a maximum file size of 500KB.

Simply select an image file from your local machine and you’ll see a preview as shown above.

The next option to customise is the Banner logo, which is located above where the user enters their credentials on the Office 365 login page. The maximum image size here is 60 x 280 pixels, with a maximum file size of 10KB.

Again, simply select an image file from your local machine and you’ll see a preview as shown above.

You can then customise the User name hint if desired (generally not recommended), as well as a some Sign-in page text which appears in the lower left of the login screen, under the users login credentials.

If you scroll down, you’ll see some additional options that you can customise if desired.

When complete, simply Save your changes and they will be applied to the tenant, which in this case means the login now looks like:

You can of course return at any point and edit these settings and update or remove them if desired. My experience is that when you do make changes, it may take 10 – 15 minutes for you to actually see the branding changes appear in your tenant, so be patient.

Office 365 is built on Azure Active Directory which means it provides a whole range of extras that most people don’t know about. A good overview article can be found here:

I’ve also got a presentation you can download here:

Office 365 Azure AD

Office 365 Azure—Robert Crane Docs.com

https://docs.com/d/embed/D25193685-5871-8149-4450-000618648953%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

So take a few moments to brand your Office 365 tenant. It is quick and easy to do and really helps drive adoption for your users because it becomes a much more personal experience.

Remember, every Office 365 tenant has the ability to be branded. The only thing missing in my books, is the ability to do all this via a PowerShell script. Hopefully, now the Office 365 branding options have come to the new Azure Resource Manager (ARM) portal, the ability to brand via a script isn’t far away.

CIAOPS Azure VPN course

I’ve just uploaded a new online technology training course to the CIAOPS Academy. This one is focused on Azure VPNs. You will find the course here:

http://ciaops-academy.teachable.com/p/azure-vpn/

The course will show you how to configure:

– Azure Point to Site VPNs

– Service Manager Site to Site VPNS

– Resource Manager Site to Site to VPNS

– Connections between Azure VNets using VPNs

– and VNet peering

Each lesson contains a video tutorial as well as a number of resources for your continued learning.

You can purchase the course individually or you can purchase access to the complete course catalogue that covers any new courses created as well. You can also select from many other stand alone courses on Azure, Office 365 and more.

I’ll be adding more courses soon so stay tuned to further updates from the CIAOPS Academy.