Patience is a virtue

I was doing some shifting of domains and emails into Office 365 and came up against a few ‘unique’ issues I thought I’d share.

When I tried to move one domain into Office 365 I was told by the Office 365 DNS wizard that the domain was already in use by another Office 365 tenant! The message I received was:

domain.com was already added to a different Office 365 tenant domain.onmicrosoft.com.

Sign in to that account as an admin, and remove domain domain.com. Then come back here and try adding domain.com to this account again.

If you can’t sign in to domain.onmicrosoft.com as an admin, try resetting your admin password.

Say what?? How could this be I wondered? Then I remembered. I’d use that that email domain to send an Azure Rights Management document to. When the recipient attempted to open that document they were prompted to create a login in Azure Rights Management because the email account wasn’t already on Office 365. The login that they create for Rights Management is actually an Azure AD login. If it is the first time an email from this domain has logged into Rights Management then a new Azure AD tenant is established with this domain and the email address being the global administrator effectively.

This process of creating a ‘free’ Azure AD by a non-Office 365 email account is known as Azure Self Service signup and you can read more about what happens here:

What is Self-Service Signup for Azure?

Ok, so now I know how the domain came to already be associated with an Office 365 tenant but how the hell do I release it?

Luckily, I could remember the password for the Azure Rights Management user so I logged into the Office 365 console with that login. Sure enough, there was the custom domain. Easy enough to remove right? Not quite.

When I attempt to remove the custom domain from this tenant I get prompted that it is already in use by a user. Ok, ok. So I go back to the only user in the tenant (the one that set all this up for Azure Rights Management) and I swap the primary login back to domain.onmicrosoft.com. Good to go right?

Again, no so fast. Now I get, when trying to remove the domain, that the domain is as an alias or used with Skype. Hmm.. as this tenant has effectively no mailbox or Skype licences how do I check or change these?

PowerShell to the rescue! I use the script from the bottom of this post (thanks Bittitan):

https://community.bittitan.com/kb/Pages/How%20do%20I%20remove%20a%20domain%20from%20Office%20365.aspx

to quickly remove every alias that ends in domain.com.

Phew, now I can finally remove the domain from the ‘free’ Azure AD Rights Management tenant.

I now go through the normal process of adding the custom domain back into tenant with the Office 365 licenses I’m trying to build. All good so far. Now I license and create a user. Still all good. However, when I visit the new users mailbox on the web I’m greeted with a message like:

Hang on, we’re not quite ready

It looks like your account, user@domain.com, was created 1 hour ago. It can take up to 24 hours to set up a mailbox.

Click here to sign out.

X-Clientld: 2040134E67C145408AAEA2B206CE6183
request-id: ab7e2c74-b653-4f79-96d9-a5bca84f3a75
X-Auth-Error: OrgIdMaiIboxRecentlyCreatedException
X-FEServer: ME 1 PR01CA0033
X-BEServer: SYXPROI MB0976
Date: 12/31/2016 AM

Fewer details…

Check again

Hmmm..not good. Now I start wondering what’s going to happen to the inbound mail to this mailbox? I’ve shifted the DNS records so it will be flowing into the tenant, but will it end up in the mailbox? Lost? Or just be bounced? The unknown is freaking me out.

So I go into the Office 365 Administration area and check the user details and license. All good. I see that the mailbox exists in the Exchange admin area. All good. I turn on archiving for this mailbox and it works, however when I return to the mailbox on the web, same please wait message.

After about 10 minutes of clicking the Check again link I decided that a watched kettle never boils and I go away to do other things.

An hour later I return and get the same result when I try again. However, when I go into the usage statistics of the mailbox in I see that it actually has a small amount of data in it now. I assume this is inbound mail. My assumption is thus, that the mailbox is in fact accumulating inbound email even if I can’t get to it. A small ray of sunshine appears in the clouds of despair.

I also try and connect up a local version of Outlook 2016 to the mailbox, but no joy there either.

I then consider logging a support call via the portal, however when I attempt to do this the only option I’m given is for a phone call back. For some reason there is no email option?? Not wanting to inflict my impatience on others and risk being told to wait the period the message says in plain English in front of my eyes (i.e. the bleeding obvious), I defer logging a support call to further down the track, beyond the 24 hour period (but not a second beyond that!).

Deciding that the best thing is to do what the screen says and wait up to 24 hours and see if it sorts itself out, I head off to other distractions. That however doesn’t prevent me from checking the mailbox at the 3, 6 and 9 hour mark, all with the same result. Damm, this is not looking good!

At the 10 hour mark I try the mailbox again on the web and it looks like it is going to open (I get the ‘preparing Outlook’ screen) but alas same result. However, when I try to connect to the mailbox using my local version of Outlook now I get a connection and can see new emails! Yeah! Things are looking up. Thank you spirit of 2017.

With desktop Outlook connecting to my mailbox I begin to import the emails saved from the previous hosting configuration via PST. Although slow, the process is working. I now check the usage size of this mailbox and it is increasing. So two pluses there. A few minutes later I can now access the mailbox via the web browser. Halleluiah, technology be praised. Never doubted it for a second (rrrrrrright…..).

Thus, long story short. If you are moving an existing account from one Office 365 tenant to another (even if the original doesn’t have a mailbox) beware you may get the delay message shown previously when attempting to access the mailbox. Importantly if you do, don’t panic. Just wait it out. In my case it took 10 hours to come right, but like the message on the screen actually says, it could take up to 24 hours. However, if you check the usage of the mailbox in question and it is increasing, this would indicate that the mailbox is working an receiving emails and provide solace during your extended waiting period.

As they say, patience is a virtue and a virtue I am still perhaps yet to fully learn!

My Stuff

This post is aimed at bringing the links to everything I have out there on the Internet together into a single place. Here we go.

About me

Summary – http://about.me/ciaops
Website – http://www.ciaops.com/about
Email – director@ciaops.com
Skype for Business – admin@ciaops365.com

Social Media

Linkedin – http://www.linkedin.com/in/ciaops
Twitter – https://www.twitter.com/directorcia
Facebook – http://www.facebook.com/ciaops
Google Plus – https://plus.google.com/+RobertCrane

Free Stuff

Regular technical and business information, tutorials, walk throughs, learnings, upcoming courses and more.

Blog – http://blog.ciaops.com

Here you’ll find plenty of video tutorials on SharePoint and Office 365

YouTube – http://www.youtube.com/user/directorciaops

Documentation, presentations, SharePoint Guide and more are here for free download.

Docs.com – http://docs.com/ciaops

Documentation for SharePoint on premises, especially the free versions and those that came with SBS.

Windows SharePoint Guide (Server 2010) – https://doc.co/xQqg6t
Windows SharePoint Guide (MOSS 2007) – https://doc.co/KEJDX7
Windows SharePoint Guide (Foundation 2013) – https://doc.co/RRgeas https://doc.co/RRgeas
Windows SharePoint Guide (WSS) – https://doc.co/vEHSTm

Slideshare – http://www.slideshare.net/directorcia

Whitepapers and superseded documentation lives here.

Downloads – http://www.ciaops.com/downloads

Need to Know podcasts – http://ciaops.podbean.com

You can subscribe using iTunes or Stitcher.

20 part Getting Started with SharePoint email course –http://bit.ly/cia-gs-spo

After the course complete this morphs into my Office 365 newsletter.

Office 365 and Azure Technical Email Newsletter –http://eepurl.com/bFYpEX

Commercial stuff

This stuff helps pay for free stuff above so I appreciate your support for my paid work.

CIAOPS Online training academy –http://www.ciaopsacademy.com

Access to the private CIAOPS community for technical support, product discounts and access to the best Office 365 and Azure information

CIAOPS Patron – http://patreon/ciaops

Lots of courses on Office 365, PowerShell, Azure, SharePoint and the like.

Publications – http://www.ciaops.com/publications/
Lulu store – http://www.lulu.com/spotlight/ciaops

Designed to help technology companies become cloud service providers

CIAOPS SharePoint Services –http://www.ciaops.com/storage/flyers/SharePoint-Services.pdf
CIAOPS Office 365 Services –http://www.ciaops.com/storage/flyers/Office365-Services.pdf

General Interest

Australian Battlefields of World War 1 France –http://www.anzacsinfrance.com/
Anzacs in France (Twitter) – https://twitter.com/anzacsif

This accounts sends a tweet to commemorate a significant dates from the Australian battles in France during World War 1.

Kiva Loan portfolio – http://www.kiva.org/lender/robert5824
Goodreads (reading list) feed – https://www.goodreads.com/user/show/708903-robert
The why – https://www.youtube.com/watch?v=pOFcUNIQuUU

Need to Know podcast–Episode 124

Marc and I are join by another Mark in this episode (just in case things weren’t confusing enough on this podcast already!). Mark O’Shea joins us to talk about Microsoft Intune and where it fits into today’s IT landscape. Mark shares with us what Microsoft Intune is, how it can be purchased and what role it plays for IT Pros.

You’ll also get our latest Microsoft cloud news at the top of the show to keep you up to date with everything happening in the Microsoft Cloud-verse.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-124-mark-oshea/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Mark O’Shea – @Intunedin

Marc Kean – @marckean

Robert Crane – @directorcia

Marc’s Azure news

New CIAOPS VPN online course

Azure VPN performance

New OneDrive for Business client coming for all

Copy from OneDrive for Business to Team Sites now available

Integration of Flow and PowerApps into Team Sites

If This Then That

Zapier

New OneDrive for Business admin console rolling out

InTunedin

Microsoft Intune

Microsoft Intune features

Microsoft Intune pricing

Microsoft EMS

Azure VPN performance

I’ve be working a lot recently with Azure VPNs thanks to the development of my new online course:

CIAOPS Azure VPN course

One of options you need to select when you create a new Azure VPN gateway is the SKU.

With all the VPNs I had been working with I’d always just left the option set as Standard but then I wondered whether selecting another VPN SKU made any real difference?

I therefore set out to do some basic testing of the performance of the different Azure VPN SKUs to get an indication of what differences, if any, there was between them.

The place to start if you want more information about Azure VPN Gateways is here:

About VPN Gateway

In my case, I started with 6.9GB of data, composed of a number of large PST files (100 – 500MB each) that I would copy between local and Azure VM’s via an Azure VPN.

I kept the VMs at both ends the same and only recreated the VPN gateway as needed, with a different SKU each time. I did all the transfers using drag and drop from Windows Explorer.

You can see the speed test results from the link that I had my local VM connected to the Internet with.

After copying the 6.9GB of data up from the local VM to Azure and then back down from Azure my results showed that there was no appreciable difference in performance between any of the Azure VPN SKUs. The time taken to upload or download the data was identical at around 12 minutes or around 720 seconds. That is about 9.81 MB/s in my maths (6.9 x 1,024)/720 up and down.

When you look at the quoted VPN gateway throughput you find that Basic and Standard are around 100Mbps, while High Performance is 200Mbps. However, as the Microsoft notes:

“The VPN throughput is a rough estimate based on the measurements between VNets in the same Azure region. It is not a guaranteed throughput for cross-premises connections across the Internet. It is the maximum possible throughput measurement.”

So, based on my rudimentary tests, I didn’t see any difference in performance based on the different VPN SKU’s.

Where a major difference surfaces is price. If you go to the Azure pricing calculator and calculate the monthly cost of the different VPN SKUs you find that to run for a full month the Basic VPN SKU costs AU$34.11.

The Standard SKU costs AU$180.05 (428% higher) and

the High Performance SKU costs AU$464.34 (12,610% higher than the Basic SKU).

Based on my rudimentary transfer tests, and provided you don’t need some of the additional features of the more advanced VPN SKUs (such as additional IPSec tunnels) then I have to say that probably for most cases, the Basic VPN SKU is more than adequate. Thus, from what I can determine, the Basic Azure VPN SKU is the most cost effective option.

However, I’m sure when you get lots of varied traffic, with different file sizes and a more typical work environment the more advanced Azure VPN SKUs shine but as I said, from I see, the Basic SKU is a great place to start when you want to connect your environment securely to Azure.

The other value that I’ll share with you is the fact that creating a VPN Gateway using the Azure Resource Manager (ARM) portal takes about 40 minutes. It is easy enough to change the Azure VPN SKU you use over time but remember that, if you do want to change the Gateway SKU, you’ll need to delete the existing Gateway and create a new one. And that will take about 40 minutes to complete.

In summary, my take aways from this rudimentary testing of the different Azure VPN SKUs is that, in the SMB world, a Basic VPN SKU appears to be the most cost effective, unless you need some specific advanced VPN features. It is also easy enough to upgrade the Azure VPN Gateway at any time but doing so requires about 40 minutes of creation time.

So, for about AU$35 per month (excluding traffic costs out of Azure of course) you can get a secure VPN connection from Azure to your on premises infrastructure, and that ain’t expensive at all for the flexibility it provides!

Office 365 branding using Azure Resource Manager

When most people login to Office 365 they see the above standard branding.

What you may not know is that you can, in fact, customise this branding to look much more enticing as shown above.

This branding is accomplished via the Azure portal. I detailed how to do this a while back:

Office 365 tenant branding

Such configuration needed to be carried out using the older, Azure Service Manager (ASM) portal.

Luckily, the ability to brand Office 365 tenants is now available in the new Azure Resource Manager (ARM) portal in preview. Here’s the process.

You’ll need to have previously enabled the Azure management portal from your Office 365 tenant. You should always do this as part of your Office 365 tenant enablement process because there are so many additional cool features (like branding) that you get access to. If you haven’t enabled your Office 365 Azure AD subscription then the steps to do this are here:

Once you have completed that process you’ll be able to login to the Azure Resource Manager (ARM) portal at:

https://portal.azure.com

using your administrator Office 365 credentials.

When you do so, you should see something like the screen above.

From the list of items on the left hand side of the window you should find one called Azure Active Directory. If you can’t, simply search for the service and when you have found it in the available list as shown above, simply select it.

This should then open the above blade, where you can see information, such as users, from your Office 365 tenant displayed.

From the options available, on the left, locate and select Company branding as shown above.

This will open another blade to the right as shown above. In here select the link Configure company branding now.

A further blade will open to the right and you’ll be presented with all the branding options for your tenant.

All the details about these options can be found here:

Add company branding to your sign-in and Access Panel pages

The most important section you’ll need, is the one telling you the image sizes required. That section is located at the bottom of the page under the heading – Customizable elements.

The first option you can brand is the large image on the left hand side of the login page. The maximum image size here is 1420 x 1200 pixels, with a maximum file size of 500KB.

Simply select an image file from your local machine and you’ll see a preview as shown above.

The next option to customise is the Banner logo, which is located above where the user enters their credentials on the Office 365 login page. The maximum image size here is 60 x 280 pixels, with a maximum file size of 10KB.

Again, simply select an image file from your local machine and you’ll see a preview as shown above.

You can then customise the User name hint if desired (generally not recommended), as well as a some Sign-in page text which appears in the lower left of the login screen, under the users login credentials.

If you scroll down, you’ll see some additional options that you can customise if desired.

When complete, simply Save your changes and they will be applied to the tenant, which in this case means the login now looks like:

You can of course return at any point and edit these settings and update or remove them if desired. My experience is that when you do make changes, it may take 10 – 15 minutes for you to actually see the branding changes appear in your tenant, so be patient.

Office 365 is built on Azure Active Directory which means it provides a whole range of extras that most people don’t know about. A good overview article can be found here:

I’ve also got a presentation you can download here:

Office 365 Azure AD

Office 365 Azure—Robert Crane Docs.com

https://docs.com/d/embed/D25193685-5871-8149-4450-000618648953%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

So take a few moments to brand your Office 365 tenant. It is quick and easy to do and really helps drive adoption for your users because it becomes a much more personal experience.

Remember, every Office 365 tenant has the ability to be branded. The only thing missing in my books, is the ability to do all this via a PowerShell script. Hopefully, now the Office 365 branding options have come to the new Azure Resource Manager (ARM) portal, the ability to brand via a script isn’t far away.

CIAOPS Azure VPN course

I’ve just uploaded a new online technology training course to the CIAOPS Academy. This one is focused on Azure VPNs. You will find the course here:

http://ciaops-academy.teachable.com/p/azure-vpn/

The course will show you how to configure:

– Azure Point to Site VPNs

– Service Manager Site to Site VPNS

– Resource Manager Site to Site to VPNS

– Connections between Azure VNets using VPNs

– and VNet peering

Each lesson contains a video tutorial as well as a number of resources for your continued learning.

You can purchase the course individually or you can purchase access to the complete course catalogue that covers any new courses created as well. You can also select from many other stand alone courses on Azure, Office 365 and more.

I’ll be adding more courses soon so stay tuned to further updates from the CIAOPS Academy.

Make ‘less’ your first resolution

As we approach the end of another year, many people’s mind now turn to creating resolutions for the New Year. This is a very commendable thing to do, however the reality is that most fail to follow through with such resolutions and I have an idea as to why this might be.

The majority of resolutions that people make are additive. This means that they are things are in addition to what they are already doing. Herein lies the seeds of failure I would suggest, because the most important resolutions initially are subtractive ones.

The reasons why subtractive goals are more important is because they promote focus and build the resolution muscles. How is this you make well ask? Well, if you firstly go through your life and look at what you can eliminate or minimise there is no doubt that such processes are ‘hard’. Why is that? Over time you have accumulated all this ‘’extra’ stuff and you psychologically attach value to that accumulation even though that is logically invalid. In short, because you already have it, you think that is ‘worth’ something and thus, should be retained.

Let me give you an example of what I mean. How many time have you cleaned up your desk, closet, garage, etc. and come across an item that you honestly know no longer provides value and really should be eliminated? However, the internal dialogue steps in to tell you ‘not to throw this out because you may need it’ or ‘you just never know when situation X may arise when you will need this’. Pretty common eh? We’ve all been there haven’t we?

In these situations, your will power to eliminate and focus simply hasn’t been strong enough to over come the historical belief that the item still has value. However, conversely, it much easier to add ‘stuff’ isn’t? This because there is no historical baggage with the item or desire in question. You want because you don’t have so adding is easy you believe. The problem is that by adding without making room, you are adding more mental ‘load’ and spreading yourself thinner. Doing so greatly increases your chances of failure, not of just one item but of the whole system. In short, there comes a time when you are simply juggling too many items and they all fall out of the sky.

So, if your ability to eliminate is not strong then you are going to accumulate far more than you really need. Sound familiar? The solution therefore lies in exercising your elimination muscles first. The trick if to do the unpleasant and hard stuff first, when your resolution is at its strongest. Only when the hard tasks are complete should you move onto the easier tasks of addition. If you are unable to eliminate the truly unnecessary, then you are unlikely to keep any resolutions you add. It is really as simple as that.

The constant addition of items and resolutions increases the distraction and removes our focus. The more you have, the more that you need to maintain and more mental energy you devote to maintaining these. Eliminating give you focus, it makes you truly prioritise not only what is important but what is actually required rather than potentially useful. It allows you to devote your precious and limited energy you have to what truly matters, rather than a sea of unnecessary and irrelevant material.

So before you go making new resolutions, start with the resolution of elimination. If you can’t master that one simple one then your chances of mastering anything else are slim indeed. Only the resolution of elimination will set you free and allow you to achieve your goals. So, go forth and eliminate this New Year. I think be you’ll be surprised at how focused you’ll become.

Pricing a VM as an SMB share

I posted a recent article on pricing a 1TB file share using Azure that you can find here:

Clarification on Azure SMB file share transactions

The estimated cost for that was AU$115.35 per month.

Let’s repeat the exercise but this time price up the share in Azure using a virtual machine (VM) for storage.

I’m going to use the DS1_V2 machine as my base for two reasons. Firstly, it is low power, which is what we want if we are simply using it as a file share and secondly this machine supports premium storage, which I’ll also look at pricing as an option.

If I now price this using the Azure pricing calculator (and remembering that a DS2_V2 is the same as a D1_V2 in the calculator) I come up with an estimate of AU$139.30 per month.

However, this is just for the host machine. I now need to add additional storage of at least 1TB to host the file share.

You can see when I select basic storage (HDD) and 300,000 (i.e. 3 units) transactions as before, for 1TB of additional storage. This comes to a total of AU$104.36 for storage alone.

The total of the VM and storage here is AU$243.66.

Now, let’s say I select premium storage (SSD) for this additional 1TB rather than basic.

The first thing you’ll notice is that you are no longer charged for transactions, just a flat storage cost of AU$172.17.

I need to select the P30 to give me at least 1TB of storage. I could of course use multiple disks striped together but one big disk works out cheaper anyway. Thus, the total cost of the VM + premium storage is AU$311.47 per month. This is about a 28% premium over the basic storage option above.

So let’s now say I want to go with the cheapest VM (host) available. That would be an A0 machine as shown above. However, choosing an A0 machine now means I don’t have premium storage available as an option.

That means my additional storage option is back to AU$104.36, giving me a total cost of AU$131.84. Which is about a 50% discount on the basic storage option and 58% discount on the premium storage option.

So in terms of pure cost, Azure SMB file shares wins out at AU$115.34 while the cheapest VM share option is AU$131.34. However, in terms of flexibility the VM is probably the winner because:

1. You can potentially run other processes on the VM.

2. The VM supports low level NTFS permissions inside the share which the Azure file solution currently doesn’t.

3. It is easy to upgrade the base VM and add more storage if required.

But wait, there is still something else that hasn’t yet been considered here. How do you access the share?

With an Azure SMB File share you simply map a drive on any modern machine by running a command but how would an end user map a drive with a VM?

For an end user to easily map a drive letter to an Azure VM they are typically going to need to have in place a site to site VPN from on premises to Azure.

As you can see from above the cost of a standard Azure VPN gateway is AU$180.05 per month. There is also the need to factor transfers out of Azure (you don’t pay for data into Azure, only out from). Let’s say that half of our data (i.e. 500GB) is transferred per month out of Azure. That leaves the total cost of the VPN gateway to be AU$267.06.

The inclusion of the VPN gateway now inflates our original DS1_V2 scenario with basic storage to a cost of AU$510.71 which is much more expensive than the initial Azure SMB file share option considered previously. However again, a VPN to Azure is going to provide a huge amount of flexibility when it comes to the infrastructure going forward.

So what this means is that as a pure stand alone file share solution the Azure SMB file share option is going to be typically the most cost effective. However, in terms of an overall shift of on premises infrastructure to the cloud, the VM share option is going to provide the flexibility and growth capability that you are going to want.

Which should you choose? In reality, both. Why? The scenario for most SMB customers is a desire to move the majority, if not all of their infrastructure, to the cloud. However they are not going to do it all immediately. It will be a process undertaken over time. Thus, an Azure SMB file share makes good sense initially but in the long run a VM share solution is probably the most effective solution.

The great thing is that because everything is Azure you can set all of this up under one tenant and add and remove components as you need over time and only be billed for what you consume. That’s the real flexibility here. Azure gives you a range of tools that you can use to solve just about any infrastructure challenge. That’s why it needs to be part of your toolbox!

Yes, there are lot more ‘if’s and but’s’ than if you simply went out and purchased an on premises NAS for storage but that doesn’t give you the flexibility for what is ultimately the end game of migrating infrastructure to the cloud now does it?

We live in a world where everyone wants more options. SMB resellers also need to get comfortable with the fact that there is really no end to a ‘migration’ because it simply continues on in other forms. That should be music to IT resellers ears as it means growing demand by customers for assistance and the opportunity to generate more revenue.

Yes, the world may be different and pricing may be a little more involved than it used to be but there is no beating the flexibility that is now available thanks to Azure.