Terminal Services and Office 365

*** Updated 26 March 2013 *** Please see the blog post Remote Desktop Services in Office 365 for details on the fact that Terminal Services with Office 365 is only available in conjunction with Office Volume Licensing.

*** Update 18 March 2013 *** Please see the blog post More on Terminal Services and Office 365 for details on how Terminal Services is only available for certain plans.
One of the most asked questions I see around Office 365 by resellers is ‘Can I run Office Professional Plus that comes with Office 365 on a Terminal Server?’. ~~At the moment there are two answers.~~
For Wave 14 (older version of Office 365 – prior to Feb 27th 2013) Office Professional Plus 2010 was only available with the E3 and E4 SKUs. However, even if you purchased these plans, the version of Office Professional Plus 2010 that came with them was not licensed to run on a Terminal Server. What many people don’t realize is that this version of Office Professional Plus 2010 is not licensed to run under ANY remote condition according to:
http://download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/Licensing_Microsoft_Office_Professional_Plus_for_Office_365.docx
where it says the following:
“Contrary to the software licensed under desktop application licenses for Microsoft Office, Office Professional Plus for Office 365 may not be deployed on a server or desktop and accessed remotely from another desktop. Customers may only use Office Professional Plus for Office 365 locally. Remote Use Rights are not available under Office Professional Plus for Office 365 licenses.”
Reading that says to me that not only can’t Office Professional Plus 2010 from Office 365 (Wave 14) be installed on a Terminal Server but you can also NOT access it remotely if you have it installed on your desktop. You can ONLY use Office Professional Plus 2010 from Office 365 if you are physically at the keyboard.
For the recently released version of Office 365 (Wave 15) that now includes Office Professional Plus 2013 via a number of plans (P2, M, E3 and E4) remote access rights ~~are very different~~.
As Aidan Finn points out at:
http://www.aidanfinn.com/?p=14147
Great news for customers of Office 365. When you get your free bundled Office 2013, you’ll be entitled to use it on Remote Desktop Services (aka Terminal Services). In other words, if your company is into server-based computing, you’re going to save money.
You can find out the specifics in the Microsoft Product Usage Rights (PUR) document. Under Office 365ProPlus:

Each user to whom you assign a User SL may activate the software for local or remote use on up to five concurrent OSEs.
The Licensed User may also use the software activated by another user under a different User SL.
Each user may also use one of the five activations on a network server with the Remote Desktop Services (RDS) role enabled.
You may allow other users to remotely access the software solely to provide support services.

~~Now this solves the issue about whether an Office 365 Office Professional Plus users is licensed for Remote Desktop Services (they are) but~~ it still leaves an issue with actually installing Office 2013 Professional Plus on a Terminal Server.
If you attempt to install Office 2013 ‘click to run’ on a Terminal Server you will get an error as outlined in this KB Article:
http://support.microsoft.akadns.net/kb/2810023
The article outlines how the ‘click to run’ version of Office 2013 is designed this way. So, if you only have Office 2013 Professional Plus from Office 365 (which are ‘click to run’ versions) how you actually get Office 2013 installed on a Terminal Server?
From what I can determine, if you want to do the installation of Office 2013 software on a Terminal Server you’ll need to shell out for an additional version of Office 2013 that allows installation on a Terminal Server. The available versions that support this are either Full Packaged Product (FPP) or Volume Licensing (VL).
You should also consider that Volume Licensing (VL) is not that difficult to purchase as all you need is a total of 5 licenses of any eligible Microsoft products I believe (and there are lots of cheap ones), one of which could be Office 2013 Professional Plus.
Now, it would be nice if you could obtain a version of Office Professional Plus 2013 via Office 365 that WOULD install on a Terminal Server and that may still come (fingers crossed) but for now the whole remote desktop scenario is so much better with this new version of Office 365. Still some minor additional cost and hassle but again SO MUCH better that what it used to be. Kudos to Microsoft for listening and making the change.

New Office 365 bootcamp in Sydney

The latest version of Office 365 (Wave 15) is now available and there are some big changes. You’ll find not only new features and capabilities but also new plans and offerings.
If you use or resell Office 365 then this bootcamp is for you. After attending you’ll be clear on not only exactly what is available but also how to make the most from all the new features.
This bootcamp will take you beyond just Exchange, SharePoint, Lync and Office and will introduce you to new Office 365 offerings like Project Online. if you have never used Office 365 in depth before, this bootcamp is for you. If you resell Office 365 this bootcamp is for you. If you thought you knew Office 365 then this bootcamp is for you.
Sign up today at:
http://ciaops090513.eventbrite.com.au/
If you use the promotional code EARLYBIRD before April 1 you’ll receive a $50 discount off the standard entry of $299 inc. Further discounts are available to CIAOPS SharePoint and Office 365 Guide subscribers, see the latest newsletter for details.
More information and testimonials of previous bootcamps can be found at:
http://www.ciaops.com/bootcamp
I hope to see you there on the day.
Image – http://www.utsa.edu/today/images/graphics/bootcamp.jpg

Microsoft acquires two factor provider

One of the criticisms levelled at Office 365 is that it doesn’t easily support two factor authentication. Basically this means that when you log into a system with an id and password you require another form of identification to gain access. This second factor is normally provided by a token that generates a number you enter during login.
Two factor provides an much greater level of security because it means that anyone trying to access your system need more than just a password (which could be captured by a key logged on a PC you are using). A good example of this is the PayPal security key that I have blogged about previously.

When you access PayPal you are asked for the security key number that appears when you press the key. So without this physical key you can’t gain access to PayPal services.
Now this is all well and good if you always remember to have your security key with you. But what happens if you don’t and you need to access your system? The solution is to use a software token. That is a piece of software on a device you have with you (a tablet or mobile for example) that allows you to generate the required key. A great example of this is Google Authenticator which I use with all my Google accounts as well as Lastpass. If I need to access my Google information or retrieve a password from Lastpass I simply run the Google Authenticator program on my iPad and enter the number it provides (along with my password and id) to gain access.
Even something as simple as Google Authenticator can prove technically challenging for some, so a final option is to use an SMS text message to provide the required key. As I mentioned, Microsoft has been a little late to the game but that should all change now that they have acquired Phonefactor.

Hopefully we’ll soon be able to use two factor authentication with Office 365 to provide additional security and overcome the tendency for users to implement poor passwords. It also looks like you’ll be able to use these with on premise Microsoft software but I reckon it’ll come to the cloud first.
I’ll keep my eyes peeled for when it becomes available and let you know.

More free reseller Windows 8 and Office 365 exam cram training

I am please to announced that Microsoft Australia has extended the full 2 day exam cram training session on the following exams:
Day 1 – 74-324: Administering Office 365 for Small Business
Day 2 – 70-687: Configuring Windows 8
to:
Brisbane

Day 1 – Tuesday 14th May (74-324: Administering Office 365 for Small Business)
Day 2 – Wednesday 15th May (70-687: Configuring Windows 8)

You can register here –
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032549551&Culture=en-AU&community=0
It is important to note that this training in not like my normal bootcamps. These days are specifically focused on helping attendees pass the appropriate Microsoft certification exams so they are eligible to attain the Microsoft Small Business Competency. Thus, to get the most from this training you should be at least familiar with Windows 8 and Office 365.
I hope you are able to attend and I look forward to meeting you on the day but remember to book early as there is only a limited number of places available at each venue.

Now is the time to start looking at Office 365 federated identity

One of the most difficult things to implement for cloud based systems is the concept of federated identity and Single Sign On (SSO). This means that a user only needs one set of credentials to log into the cloud or the local network. It also means that when they log in somewhere they are seamlessly logged into everything else they need.
Many local network users have taken for granted the fact that when they log into their local network (say Small Business Server) they are logged into the local machine, given access to files on the server, allowed to browse the Internet and more, all from a a single login.
Now, when users information is relocated to other systems, like the cloud, single sign on becomes much more challenging because you now have two (or more) completely separate systems that must trust each other first before they can share credentials between them. In the Office 365 world this was handled by Active Directory Federated Services (ADFS). When configured, this basically allowed the local network to ‘trust’ the cloud so users information could be passed securely between them.
Problem is that ADFS is really not a small business solution. It requires additional on site hardware as well a involved configuration process which was generally beyond most SMB resellers. Don’t get me wrong, ADFS is not impossible to implement in SMB but it certainly wasn’t a few clicks of the wizard.
For that reason, we have generally not seen a lot of Single Sign On (SSO) in SMB, yet there has been growing demand for a simpler solution. Personally, I now think we are about cross the Rubicon where SSO is a requirement. In that respect I would be suggesting NOW is the time to start looking at how to implement federation and SSO with cloud based systems. Sure, there aren’t a lot of solutions out there and many are complex but I think this will all change rapidly very soon. Get in early I say to lead the pack going forward.
So, my advice to SMB resellers and IT Professionals is to put aside what you have heard about ADFS and SSO and start investigating what they can offer. Have a look at third party options and two factor authentication. Most importantly keep you ear to ground on what changes are happening in the industry and be especially watchful of what Microsoft will bring to the table in the near future to greatly ease the pain of SSO in SMB.

Office 2013 transferability made clearer

There are plenty of changes around Office 2013 licensing along with questions about what happens with previous editions, what’s allowed and what’s not. Here’s a nice table that summarizes everything quite nicely.

More information is contained in the blog post:

http://blogs.office.com/b/office-news/archive/2013/02/19/office-2013-and-office-365-installations-and-transferability.aspx

There is more to Office 365 than just suites

I have started to come across more and more people who don’t seem to realise that you can purchase individual Office 365 components. This means if you just want basic email you can purchase Exchange Online Plan 1 (from around $4 per user per month) or if you want email with advanced features like Legal Hold and unlimited inbox then you can go for Exchange Online Plan 2 (from around $8 per user per month). The same holds true for SharePoint, Lync and even Office on the desktop (yes you can purchase just the latest Office desktop software via Office 365).

Typically, if you needs extend beyond just a single product, say email and collaboration, then that’s when the value of a suite becomes apparent but importantly, you don’t necessarily have to start there. Let’s say you just want basic email, you could purchase Exchange Online Plan 1. Then a few months down the track you get bitten by the SharePoint bug (if you haven’t yet you will), you can simply add that to your current Exchange Plan 1 in Office 365.

The individual components of Office 365 are currently offered under the Enterprise (E) licenses. Currently the cheapest suite offering is the Small Business and Professionals license (P) which offers the basic plans of Exchange, SharePoint and Lync (but no Office) rolled into a single package. The good thing about this P licenses is that it is great value for what you get. The bad thing is that it is not as flexible as the Enterprise or E plans. This means you can’t add features to the P license (say kiosk workers).

For that reason, it is my opinion that most businesses should only consider E licenses for the simple fact that it provides far more flexibility with the ability to easily add and remove features for individual users. P Plans are great provided the business is not planning to change much and is unlikely to want additional functionality.

I would still caution people about P plan even if they think they are unlikely to change. Why? Because chances are a change of circumstance will dictate a need to change down the track. If they have locked themselves into a P plan then migration is not easy. A good example is where a business decides on a P plan solely based on price. Down the track, if they find they need inboxes greater than the current 25GB limit in a P plan they can not simply add to their current offering as doing so is unsupported on P Plans. However, if they were instead over on an Enterprise (E) plan it would be simple process to effect this upgrade, even for just a single user.

For example, here’s the link to just the Exchange Online plans in Office 365

http://www.microsoft.com/en-us/office365/exchange-online.aspx#PlansAndPricingTable

If you are in Australia you’ll find them at:

http://www.telstra.com.au/business-enterprise/business-products/t-suite-software/microsoft-office-365/index.htm#mos

My experience with ANY technology is that you want to provide the maximum amount of flexibility because situations change. This should be EXACTLY the same when it comes to choosing Office 365 for your business. My advice is to just start with what you need and grow from there. This generally means moving to Enterprise (E) plans from the get go. They may be a little more expensive than the P plans but having that flexibility is well worth any small incremental cost. Trust me, you’ll find out what I mean if you don’t.