Enabling your Office 365 Azure AD access

Many don’t realise that Office 365 identity is built on top of Azure Active Directory. This means that every Office 365 tenant is using Azure Active Directory. What many also don’t realise is that you can easily access the Azure Active Directory by simply enabling it from your Office 365 Admin console. Here’s how you do this.

Navigate to the Office 365 Admin, in this case by selecting the Admin icon from the app launcher.

In the lower left of this window, under the Admin section, you should find the Azure AD link as shown above. Select this.

You’ll now be taken to a screen like that shown above, where you sign up to Azure.

You’ll need to enter your details (name, email, country, etc). You’ll also need to specific a mobile phone which a verification code can be sent to.

Once all the details are entered and you have complete the verification via mobile phone select the Sign up button.

You’ll notice here that you don’t need to put in any credit card details like you do when you sign up for a free trial. This is because you are getting the free Azure Active Directory Edition only.

You’ll see your request begin to process.

After a short while you should see a screen like that shown above. You can see that what you have signed up for is Access to Azure Active Directory.

It will take a few minutes to complete the provisioning.

When processing is complete you’ll see the above screen. Select the Start managing my service link to proceed.

You should then see the new Azure Resource management portal as shown above.

If you look in the billing area of this tenant you will see that you have no subscriptions as shown above. You can of course add a paid subscription to this to enable all the other Azure features. This is in fact the recommended way to deploy Azure IaaS services for SMB I would suggest. Office 365 first, and then add a paid Azure subscription to that free Azure tenant you get as part of Office 365. That way all the users and resources are in one location. Even if you plan to do Azure IaaS initially, always get an Office 365 subscription first. All you need is a single Exchange Online Plan 1 Kiosk license for around AU$3 to get the Azure tenant.

The only area that you can configure currently is the Azure Active Directory.

In there you should now see a list of your Office 365 users.

You can administer and work with tenant users from Azure or Office 365 (as well as PowerShell in both environments).

So you have now enabled the free Azure Active Directory Edition that comes as part of every Office 365 subscription. To read more about the different Azure Active Directory Editions see:

https://msdn.microsoft.com/en-us/library/azure/dn532272.aspx

You’ll also find the Microsoft documentation on this here:

My software and services

Previously, I detailed the hardware that I used in my work:

My gear

In this article I’ll look at the software and services I use most.

To start with, I use Windows 10 professional on all my desktop machines and Windows Storage Server 2008 on my WD Sentinel DX4000 NAS. I have upgraded all my immediate families machines to Windows 10 without any issues as well. We are therefore a Windows 10 family through and through.

Unsurprisingly, I used Office 365 for things such as a email, OneDrive for Business, Skype, Office desktop software and the like. What maybe somewhat surprising is that, although I have access to a free Office 365 tenant from Microsoft as a partner, I don’t use this in production. I have a completely separate paid tenant for my business.

Why is that, you may ask? The main reason is that I use my Microsoft Office 365 tenant for demonstrations and testing. I don’t want production data appearing when I do demos to customers and prospects. Having to two separate tenants means complete separation of the data.

I of course use all the standard Microsoft Office desktop software such as Outlook, Word, Excel, PowerPoint, etc however, the key application from the suite for me is OneNote. OneNote is my go to Swiss Army knife for just about everything digital. I use it to capture all sort of data. I even use it as a diary as I have detailed previous here:

One of the ways I use OneNote

The reason OneNote is key is because:

1. Just about everything I put in there us searchable

2. It is freely available across all platforms.

3. All my information is synced and accessible on all devices.

4. It is available on the web or offline if needed.

Another key service I use everyday along with Office 365 and OneNote is Azure. Typically, I use it for running up virtual machines that I test various things with but I also use it to backup my local data as well as that of other members of my family using Azure Backup.

Azure desktop backup

There is just so much that can be done with Azure. I haven’t even scratched the surface of what I could use it for. I see Azure becoming a larger and large part of what I do every day.

I use Lastpass to keep my passwords and private information secure. It allows me to do things like generate and store unique passwords for each website that I sign up for. It is also available across all browsers on my machine (including Microsoft Edge).

For a subset of my local data that I wish to remain secure I use Truecrypt to create encrypted volumes. All my my Windows 10 machines run with full disk encryption thanks to Bitlocker, but stuff like financial and customer data I keep inside Truecrypt volumes for that extra layer of security. I understand that Truecrypt is no longer maintained and may have some very minor security flaws, but for how and why I use it, it is more than adequate.

To capture my desktop for my online training academy or my YouTube channel I use Camtasia.

To compose and publish blog articles I use Open Live Writer.

To keep track of where I spend my time on my desktops I use RescueTime.

For improved email productivity I use Microsoft FindTime and Boomerang.

For chat and web meetings I use Skype for Business from Office 365. I encourage anyone to connect up to me via my address = admin@ciaops365.com. Chat is generally always faster at resolving things than traditional email.

For protection, apart from the standard Windows 10 tools, I use Malware Bytes.

Inside my browsers I typically have the following plugins:

– Lastpass which provides automated insertion of web site credentials.

– Nosili which provides productivity enhancement thanks to background sounds. My favourite is rain.

– Pushbullet which connects alerts from my Android phone to my dekstop browser and allow me to share information easily between them.

– GetPocket which allows me to save and categorise websites URLs, which I then typically read at a later time. Has its own dedicated mobile that I can use on any device.

– The Great Suspender which puts unused tabs in Chrome to ‘sleep’ to save memory.

I use the automation sites If This Then That and Zapier to automate many different tasks. A good example of one of these is automatically publishing to various social media sites.

For my Office 365 and Azure email newsletters I use Mailchimp.

My preferred public social networks for business, in order are:

1. Twitter

2. Linkedin

3. Facebook

I also use Yammer extensively but for more specialised roles and thus don’t consider it really a ‘public’ social network, more a private one.

YouTube is also something I use daily for business and pleasure. It use for both education and marketing as well as entertainment, thanks largely to the XBox YouTube app. Just wish they’d hurry up and bring the Amazon Prime Video app to the Xbox here in Australia so I can watch The Grand Tour from my bean bag.

I use a lot of other software and services but the above are the main ones I use pretty much everyday that I’m at my desk.

I am always looking for ways to improve my productivity and effectiveness with software and services. If you therefore have something you can recommend to me please don’t hesitate to let me know what it is.

My gear

I thought I’d take a moment and share with you the main hardware items I use, and what role each plays.

Surface Pro 4 – My main desktop machine for all my day to day work. With 16 GB of RAM it allows me to run Hyper V machines to typically test the connection of on premises environments to Azure and Office 365.

Surface Pro 3 – My travelling machine for presentations and work on the road. It is also a backup machine to the Surface Pro 4, if for any reason my main machine has issues. Not quite as powerful as the Surface Pro 4 but a really great machine to travel with.

Surface Pro 1 – For many years my original main desktop machine. It is now being repurposed into a dedicated ‘Office 365/Windows 10 Azure AD joined’ machine that will live the full integrated experience. It will be the demo machine I used to test out the integrations between client and the Microsoft Cloud.

Mac Book Pro – Starting to show its age but still allows me to understand the emotional fuss people make about these machines (my experience is that they are no better or worse than PCs really). I typically use this machine on the weekend so I get to experience what being a ‘normal’ end user is like. I still don’t have much Mac experience and that makes it extremely annoying actually getting technical stuff done on this machine. However, at least I can test how these Apple desktops work with Office 365.

Ipad 2 – Getting a bit long in the tooth now and mainly used as my test device for connection of iOS to Office 365. All the Microsoft apps are on there and I use it to understand better how iOS works with Office 365. Also, a very handy travelling machine when you just need to check and reply to a few emails. Much more suited to my stubby fingers when it comes to email.

Nexus 5 – Another device that is beginning to seem slower than it actually is. In the world of Office 365 I need to understand how Android connects to Office 365 and what apps are available, hence this ‘pure’ Google device. It has all the Microsoft software installed, including the Next screen launcher. This is also my go to podcast device simply because it is the smallest portable device I have. This phone is also a backup in case my main Windows 10 phone has any issues. It also doubles as a secondary Wi-Fi hotpot in case of Internet connectivity issues.

Lumia 950 XL – My main day to day phone running Windows 10. Does everything I need and more. Love it. My only criticism is that it is perhaps too large for my stumpy fingers, the 950 probably would have been ergonomically a better bet upon reflection. I use this to make calls, send texts, read emails and function as a Wi-Fi hotspot when other Internet connection options are inadequate. It is my office when I can only use the one hand.

Microsoft display dock – Connects to the Lumia 950 XL to provide power as well as the continuum feature where the phone can act as a desktop. I really think this configuration is the way forward and am looking forward to the rumoured Surface phone.

Kensington USB 3.0 Docking Station sd3500v – This allows my main machine to connect to multiple monitors, standard LAN connectivity and a variety of USB connections as well as audio. Simply one connection to Surface Pro 4 and many connections out.

WD Sentinel DX4000 – My on premises NAS to hold all my local files. Also holds things such as videos, ISOs, etc that are too large for realistic storage in the Cloud. The server run Windows Storage Server and doesn’t do much else than act as a big file share for all my machines but it has a RAID configuration which is great protection for my data.

Rode NT-USB microphone – My ‘high quality’ audio device for doing podcasts as well as meetings.

Plantronics wired headsets – I have two of these, one for my desktop and one for the road. Great quality and sound.

Acer CB281HK 4K 28” monitor – All my machines, when they are on my desktop, connect to at least a second screen (my main Surface Pro 4 connects to dual monitors). The best of these is this Acer model. Clear, sharp and huge. Great for work but also leisure.

Amazon Kindle – Still to my mind the best dedicated device I own. I use it everyday and love the way it looks and feels as well as how well it does what it does. The charge lasts for ages, you can use it anywhere. It is clean, smart and functional. It is one of the devices that I can truly say has changed the way I function, and for the better.

Fitbit – When I’m not travelling I wear a Charge HR. My aim is to achieve 10,000 steps a day but my main reason for using this device is to monitor my sleep patterns. I’m trying to improve my sleep in order to boost my daily productivity and this device helps me do that along with so much else. This is the perfect device to help you keep your fitness commitments.

Xbox 360 – Apart from being slaughtered by foul mouthed nine year olds in Call of Duty constantly while providing some much needed frustration release and hand eye-coordination training, I spend most of my time on this device watching YouTube, especially Microsoft content.

Of course, I have various other gadgets spread around the place but the above list are the main items I use and recommend.

What’s your list?

MVP for 2017

It is with a great deal of humility and pride that I can report that Microsoft has once again recognised my community contributions with its Most Valuable Professional (MVP) award for 2017 in the Office Servers and Services.

This is now my sixth consecutive award and just as special as the first. This recognition is however not possible without the support of so people who follow and support what I do, especially those that take the time to read this blog. To each and every one of you I say thanks again.

I’ll be sure to work hard again to bring you more information about Office 365 and Azure. However, all of that wouldn’t be possible without Microsoft making such great products and making them available to people like me. I look forward eagerly to what they’ll be bringing out in 2017. It is going to be another very exciting year for Microsoft and being in the Microsoft ecosystem.

Being an MVP is great and unique honour. Being part of a community of really smart and passionate technology people who are also MVPs is truly inspiring and I hope to live up to their dedication and enthusiasm. I congratulate all those who where also awarded the same MVP recognition today.

But again, I thank Microsoft for this honour and will work hard to live up top the expectations it sets again for 2017.

Patience is a virtue

I was doing some shifting of domains and emails into Office 365 and came up against a few ‘unique’ issues I thought I’d share.

When I tried to move one domain into Office 365 I was told by the Office 365 DNS wizard that the domain was already in use by another Office 365 tenant! The message I received was:

domain.com was already added to a different Office 365 tenant domain.onmicrosoft.com.

Sign in to that account as an admin, and remove domain domain.com. Then come back here and try adding domain.com to this account again.

If you can’t sign in to domain.onmicrosoft.com as an admin, try resetting your admin password.

Say what?? How could this be I wondered? Then I remembered. I’d use that that email domain to send an Azure Rights Management document to. When the recipient attempted to open that document they were prompted to create a login in Azure Rights Management because the email account wasn’t already on Office 365. The login that they create for Rights Management is actually an Azure AD login. If it is the first time an email from this domain has logged into Rights Management then a new Azure AD tenant is established with this domain and the email address being the global administrator effectively.

This process of creating a ‘free’ Azure AD by a non-Office 365 email account is known as Azure Self Service signup and you can read more about what happens here:

What is Self-Service Signup for Azure?

Ok, so now I know how the domain came to already be associated with an Office 365 tenant but how the hell do I release it?

Luckily, I could remember the password for the Azure Rights Management user so I logged into the Office 365 console with that login. Sure enough, there was the custom domain. Easy enough to remove right? Not quite.

When I attempt to remove the custom domain from this tenant I get prompted that it is already in use by a user. Ok, ok. So I go back to the only user in the tenant (the one that set all this up for Azure Rights Management) and I swap the primary login back to domain.onmicrosoft.com. Good to go right?

Again, no so fast. Now I get, when trying to remove the domain, that the domain is as an alias or used with Skype. Hmm.. as this tenant has effectively no mailbox or Skype licences how do I check or change these?

PowerShell to the rescue! I use the script from the bottom of this post (thanks Bittitan):

https://community.bittitan.com/kb/Pages/How%20do%20I%20remove%20a%20domain%20from%20Office%20365.aspx

to quickly remove every alias that ends in domain.com.

Phew, now I can finally remove the domain from the ‘free’ Azure AD Rights Management tenant.

I now go through the normal process of adding the custom domain back into tenant with the Office 365 licenses I’m trying to build. All good so far. Now I license and create a user. Still all good. However, when I visit the new users mailbox on the web I’m greeted with a message like:

Hang on, we’re not quite ready

It looks like your account, user@domain.com, was created 1 hour ago. It can take up to 24 hours to set up a mailbox.

Click here to sign out.

X-Clientld: 2040134E67C145408AAEA2B206CE6183
request-id: ab7e2c74-b653-4f79-96d9-a5bca84f3a75
X-Auth-Error: OrgIdMaiIboxRecentlyCreatedException
X-FEServer: ME 1 PR01CA0033
X-BEServer: SYXPROI MB0976
Date: 12/31/2016 AM

Fewer details…

Check again

Hmmm..not good. Now I start wondering what’s going to happen to the inbound mail to this mailbox? I’ve shifted the DNS records so it will be flowing into the tenant, but will it end up in the mailbox? Lost? Or just be bounced? The unknown is freaking me out.

So I go into the Office 365 Administration area and check the user details and license. All good. I see that the mailbox exists in the Exchange admin area. All good. I turn on archiving for this mailbox and it works, however when I return to the mailbox on the web, same please wait message.

After about 10 minutes of clicking the Check again link I decided that a watched kettle never boils and I go away to do other things.

An hour later I return and get the same result when I try again. However, when I go into the usage statistics of the mailbox in I see that it actually has a small amount of data in it now. I assume this is inbound mail. My assumption is thus, that the mailbox is in fact accumulating inbound email even if I can’t get to it. A small ray of sunshine appears in the clouds of despair.

I also try and connect up a local version of Outlook 2016 to the mailbox, but no joy there either.

I then consider logging a support call via the portal, however when I attempt to do this the only option I’m given is for a phone call back. For some reason there is no email option?? Not wanting to inflict my impatience on others and risk being told to wait the period the message says in plain English in front of my eyes (i.e. the bleeding obvious), I defer logging a support call to further down the track, beyond the 24 hour period (but not a second beyond that!).

Deciding that the best thing is to do what the screen says and wait up to 24 hours and see if it sorts itself out, I head off to other distractions. That however doesn’t prevent me from checking the mailbox at the 3, 6 and 9 hour mark, all with the same result. Damm, this is not looking good!

At the 10 hour mark I try the mailbox again on the web and it looks like it is going to open (I get the ‘preparing Outlook’ screen) but alas same result. However, when I try to connect to the mailbox using my local version of Outlook now I get a connection and can see new emails! Yeah! Things are looking up. Thank you spirit of 2017.

With desktop Outlook connecting to my mailbox I begin to import the emails saved from the previous hosting configuration via PST. Although slow, the process is working. I now check the usage size of this mailbox and it is increasing. So two pluses there. A few minutes later I can now access the mailbox via the web browser. Halleluiah, technology be praised. Never doubted it for a second (rrrrrrright…..).

Thus, long story short. If you are moving an existing account from one Office 365 tenant to another (even if the original doesn’t have a mailbox) beware you may get the delay message shown previously when attempting to access the mailbox. Importantly if you do, don’t panic. Just wait it out. In my case it took 10 hours to come right, but like the message on the screen actually says, it could take up to 24 hours. However, if you check the usage of the mailbox in question and it is increasing, this would indicate that the mailbox is working an receiving emails and provide solace during your extended waiting period.

As they say, patience is a virtue and a virtue I am still perhaps yet to fully learn!

My Stuff

This post is aimed at bringing the links to everything I have out there on the Internet together into a single place. Here we go.

About me

Summary – http://about.me/ciaops
Website – http://www.ciaops.com/about
Email – director@ciaops.com
Skype for Business – admin@ciaops365.com

Social Media

Linkedin – http://www.linkedin.com/in/ciaops
Twitter – https://www.twitter.com/directorcia
Facebook – http://www.facebook.com/ciaops
Google Plus – https://plus.google.com/+RobertCrane

Free Stuff

Regular technical and business information, tutorials, walk throughs, learnings, upcoming courses and more.

Blog – http://blog.ciaops.com

Here you’ll find plenty of video tutorials on SharePoint and Office 365

YouTube – http://www.youtube.com/user/directorciaops

Documentation, presentations, SharePoint Guide and more are here for free download.

Docs.com – http://docs.com/ciaops

Documentation for SharePoint on premises, especially the free versions and those that came with SBS.

Windows SharePoint Guide (Server 2010) – https://doc.co/xQqg6t
Windows SharePoint Guide (MOSS 2007) – https://doc.co/KEJDX7
Windows SharePoint Guide (Foundation 2013) – https://doc.co/RRgeas https://doc.co/RRgeas
Windows SharePoint Guide (WSS) – https://doc.co/vEHSTm

Slideshare – http://www.slideshare.net/directorcia

Whitepapers and superseded documentation lives here.

Downloads – http://www.ciaops.com/downloads

Need to Know podcasts – http://ciaops.podbean.com

You can subscribe using iTunes or Stitcher.

20 part Getting Started with SharePoint email course –http://bit.ly/cia-gs-spo

After the course complete this morphs into my Office 365 newsletter.

Office 365 and Azure Technical Email Newsletter –http://eepurl.com/bFYpEX

Commercial stuff

This stuff helps pay for free stuff above so I appreciate your support for my paid work.

CIAOPS Online training academy –http://www.ciaopsacademy.com

Access to the private CIAOPS community for technical support, product discounts and access to the best Office 365 and Azure information

CIAOPS Patron – http://patreon/ciaops

Lots of courses on Office 365, PowerShell, Azure, SharePoint and the like.

Publications – http://www.ciaops.com/publications/
Lulu store – http://www.lulu.com/spotlight/ciaops

Designed to help technology companies become cloud service providers

CIAOPS SharePoint Services –http://www.ciaops.com/storage/flyers/SharePoint-Services.pdf
CIAOPS Office 365 Services –http://www.ciaops.com/storage/flyers/Office365-Services.pdf

General Interest

Australian Battlefields of World War 1 France –http://www.anzacsinfrance.com/
Anzacs in France (Twitter) – https://twitter.com/anzacsif

This accounts sends a tweet to commemorate a significant dates from the Australian battles in France during World War 1.

Kiva Loan portfolio – http://www.kiva.org/lender/robert5824
Goodreads (reading list) feed – https://www.goodreads.com/user/show/708903-robert
The why – https://www.youtube.com/watch?v=pOFcUNIQuUU

Need to Know podcast–Episode 124

Marc and I are join by another Mark in this episode (just in case things weren’t confusing enough on this podcast already!). Mark O’Shea joins us to talk about Microsoft Intune and where it fits into today’s IT landscape. Mark shares with us what Microsoft Intune is, how it can be purchased and what role it plays for IT Pros.

You’ll also get our latest Microsoft cloud news at the top of the show to keep you up to date with everything happening in the Microsoft Cloud-verse.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-124-mark-oshea/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Mark O’Shea – @Intunedin

Marc Kean – @marckean

Robert Crane – @directorcia

Marc’s Azure news

New CIAOPS VPN online course

Azure VPN performance

New OneDrive for Business client coming for all

Copy from OneDrive for Business to Team Sites now available

Integration of Flow and PowerApps into Team Sites

If This Then That

Zapier

New OneDrive for Business admin console rolling out

InTunedin

Microsoft Intune

Microsoft Intune features

Microsoft Intune pricing

Microsoft EMS

Azure VPN performance

I’ve be working a lot recently with Azure VPNs thanks to the development of my new online course:

CIAOPS Azure VPN course

One of options you need to select when you create a new Azure VPN gateway is the SKU.

With all the VPNs I had been working with I’d always just left the option set as Standard but then I wondered whether selecting another VPN SKU made any real difference?

I therefore set out to do some basic testing of the performance of the different Azure VPN SKUs to get an indication of what differences, if any, there was between them.

The place to start if you want more information about Azure VPN Gateways is here:

About VPN Gateway

In my case, I started with 6.9GB of data, composed of a number of large PST files (100 – 500MB each) that I would copy between local and Azure VM’s via an Azure VPN.

I kept the VMs at both ends the same and only recreated the VPN gateway as needed, with a different SKU each time. I did all the transfers using drag and drop from Windows Explorer.

You can see the speed test results from the link that I had my local VM connected to the Internet with.

After copying the 6.9GB of data up from the local VM to Azure and then back down from Azure my results showed that there was no appreciable difference in performance between any of the Azure VPN SKUs. The time taken to upload or download the data was identical at around 12 minutes or around 720 seconds. That is about 9.81 MB/s in my maths (6.9 x 1,024)/720 up and down.

When you look at the quoted VPN gateway throughput you find that Basic and Standard are around 100Mbps, while High Performance is 200Mbps. However, as the Microsoft notes:

“The VPN throughput is a rough estimate based on the measurements between VNets in the same Azure region. It is not a guaranteed throughput for cross-premises connections across the Internet. It is the maximum possible throughput measurement.”

So, based on my rudimentary tests, I didn’t see any difference in performance based on the different VPN SKU’s.

Where a major difference surfaces is price. If you go to the Azure pricing calculator and calculate the monthly cost of the different VPN SKUs you find that to run for a full month the Basic VPN SKU costs AU$34.11.

The Standard SKU costs AU$180.05 (428% higher) and

the High Performance SKU costs AU$464.34 (12,610% higher than the Basic SKU).

Based on my rudimentary transfer tests, and provided you don’t need some of the additional features of the more advanced VPN SKUs (such as additional IPSec tunnels) then I have to say that probably for most cases, the Basic VPN SKU is more than adequate. Thus, from what I can determine, the Basic Azure VPN SKU is the most cost effective option.

However, I’m sure when you get lots of varied traffic, with different file sizes and a more typical work environment the more advanced Azure VPN SKUs shine but as I said, from I see, the Basic SKU is a great place to start when you want to connect your environment securely to Azure.

The other value that I’ll share with you is the fact that creating a VPN Gateway using the Azure Resource Manager (ARM) portal takes about 40 minutes. It is easy enough to change the Azure VPN SKU you use over time but remember that, if you do want to change the Gateway SKU, you’ll need to delete the existing Gateway and create a new one. And that will take about 40 minutes to complete.

In summary, my take aways from this rudimentary testing of the different Azure VPN SKUs is that, in the SMB world, a Basic VPN SKU appears to be the most cost effective, unless you need some specific advanced VPN features. It is also easy enough to upgrade the Azure VPN Gateway at any time but doing so requires about 40 minutes of creation time.

So, for about AU$35 per month (excluding traffic costs out of Azure of course) you can get a secure VPN connection from Azure to your on premises infrastructure, and that ain’t expensive at all for the flexibility it provides!