Office 365 planner

I was very excited to see Microsoft announce the Office 365 planner after rumours had abounded. You can read the Microsoft blog post here:

https://blogs.office.com/2015/09/22/introducing-office-365-planner/

Introducing Office 365 Planner 2

The reason I am excited (and should every IT Reseller) is that it offers yet another revenue stream opportunity. Why? It would be hard for me to find a I business that I deal with that doesn’t need some form of project management and need help doing just that.

Yes, you can do project management in SharePoint but SharePoint but be somewhat intimating for businesses still migrating from the old world of files and folders. A dedicated ‘planner’ app in Office 365 makes so much sense and open up so much opportunity.

What I also find interesting is the look as you can see from the above image taken from the Microsoft blog post. It looks very much like Delve, which I think is great. This is an indication of the direction Microsoft is heading with the whole Office 365 product. I wrote an article a while back about important I believe Delve is, which you can review here:

Delve should be the center of your Office 365 universe

Another point (and opportunity to note) is there is that every plan includes a OneNote notebook, much like Office 365 groups. I am a huge fan of OneNote and user it every day on every device I have. OneNote again is a huge opportunity got resellers to demonstrate how much productive customers can be if they start using OneNote in their business.

Although the Office 365 planner isn’t available yet, it will be soon along we a whole raft of updates and improvements. Office 365 just keeps getting better and better, for customers and resellers!

Setting Partner of record in Office 365

A little while ago I wrote a post on how to set the partner of record in Office 365.

Since then, the Office 365 billing interface has changed so here’s an updated tutorial on how to set the partner of record in Office 365 tenant.

You’ll firstly need to login to the Office 365 web portal as an administrator with the appropriate rights.

Once you have logged onto the web console navigate to the Office 365 admin center using the app launcher. Towards the middle of this menu you will find a heading Billing which you will need to expand.

Below the Billing heading you should find an option Subscriptions which you need to select.

Now what actually appears here depends on what licenses you have in the Office 365 tenant but at first glance of the above screen shot the location to enter your partner of record is no very obvious. You may see a link in the lower right but in this case you don’t see anything.

You need to select the More Actions pull down in the top left as shown above. When you do this a menu will appear.

In this menu option you will find the option Add partner of record.

Selecting this will slide an options screen from the right hand side of the page as shown above.

You can then enter you Microsoft Partner ID in that field and select the Check ID button.

if you have completed all the partner pre-requisites you should see that your organisation has been located and is displayed in all green indicating everything is good.

You now need to go to the bottom of this slide and Save the changes and apply that partner to this tenant.

When you do that, administrators in the tenant will be sent a confirmation email like that shown above indicating that a new partner of record has been set.

Remember, what you see in the subscriptions area may vary depending on what licenses have been added to the tenant. Some licenses don’t support partner of record (i.e. Open). However, hopefully this makes it easy for you to set partner of record on those subscriptions that support it so you can start receiving commissions.

Using the SharePoint Online Term Store

One of the benefits that SharePoint provides is the ability to ‘tag’ information using metadata. This can greatly reduce the structure you use, especially when it comes to documents. Thus, instead of creating a deep and complex folder structure you use metadata to tag the files into the same categories as you would typically use for folders. Doing so make navigation and searching much easier.

The easiest way to achieve this to simply add a column to the location in a SharePoint site as the above video of mine demonstrates.

The draw back to this is that column is only available in that SharePoint item, it can’t be used in other lists and libraries.

The next option is to create a Site Column, which is exactly the same as an individual list column EXCEPT it can be used anywhere throughout the whole SharePoint site. I’ll cover that in another blog because I want to focus on a solution that is even more available and powerful than Site Columns.

The Term Store provides you the ability to have nested metadata fields across every SharePoint Site you are using. As you can see from the above screen shot, the Term Store is not just a one dimensional list like an added column is, it is hierarchical.

You get to the Term Store but logging into the Office 365 web portal as an administrator and then navigating to the SharePoint admin center. Then, from the menu on the left, you should see a option term store. When you select that, you should see the screen shown above.

Like many things in Office 365 no user has the ability to edit the Term Store, so the first thing you need to do is add your user details to the Term Store Administrators box in the lower right of the screen and save the changes.

If you don’t do that then you won’t be able to edit or add to the Term Store. You know you are able to do this when you hover over an entry and a small down arrow appears to the right. Selecting that arrow will then reveal a menu like that shown above.

The example that I’ll user here is creating a standard taxonomy (i.e. metadata structure) to cover locations (i.e. countries, states, cities, etc).

At the very top level of your Term Store, select the down arrow and from the menu that appears select New Group.

That will create a folder at the bottom of your. In this case give it the name, Locations.

Select the arrow to the right of this and then New Term Set from the menu that is displayed as shown above.

In this case I will call the New Term Store Country.

Keep repeating this process to build out the taxonomy (i.e. tagging structure you desire).

Now go into a item in SharePoint, in this case a Document Library. Add a column and when asked for the Column type select Managed Metadata at the bottom of the list of options, as shown above.

Scroll down the page and locate the Term Set Settings area. You should now see the hierarchy you saw in the SharePoint admin center.

You can now expand the structure and locate the term to select the place to start the selections for that field from. Here I have selected Australia so I get all the states below this only.

Now if you edit the properties of an item in that list you will see the new field and a tag icon to the right indicating that it is using managed metadata.

This is where it gets cool. If I type n.s.w. in it gets rejected. Although n.s.w. is ‘correct’ as value for the state it isn’t in the format we defined in our taxonomy, so it is unacceptable. This can ensure that the data that is entered into SharePoint is consistent.

If I however start typing the name of a state I am automatically prompted with the correct value. I just need to click on the suggested entry to complete.

Alternatively, if I select the two tags to the right of the selection field I am given a view of my hierarchy from the initial location I selected previously when creating the column.

Again, all I need to is select the option I want from the list.

Now you’ll see the file has been tagged appropriately for with a location as shown above. I can sort and filter as I normally would on this field inside the SharePoint list.

If I now for example change the term from NSW to N.S.W.

I see the term has also changed for that document.

Hopefully this article gives you some idea of the power of the SharePoint Term Store and managed metadata. There is so much more you can do with the Term Store than I have been able to show here, so I encourage you to go and do some exploring and see how the Term Store can be used to create flatter and more organised structures in your SharePoint Online environment.

Office 365 Identity options comparisons

Office 365 has three basic identity models that you can elect to implement. Each model uses a combination of Azure Active Directory for cloud based identity and Windows Server Active Directory for on-premises identity. The cloud only model for example, only uses Azure Active Directory (AD), while the synchronized identity model combines both Azure AD and Windows Server Active Directory, while the federated model solely uses on premises Windows Active Directory. Each has advantages and disadvantages which we’ll now cover.

The most basic identity model is the cloud only identity. This is where a users identity information is managed, maintained and mastered in Office 365. All changes need to be made to user information via the Office 365 admin web portal. The benefit of the cloud only model of identity is that no on-premises equipment or configuration is required and can therefore be accomplished anywhere access to Office 365 is available either via a browser or PowerShell. The disadvantage is that a user may require different credentials to login to their desktop, other cloud services and Office 365. This means, in essence, there is no single sign on (SSO) with the user having to remember the login for each service.

The next identity model is what is known as synchronised identity. Here user properties such as name, email address and so on are copied (or synced) from a local directory (typically Windows Active Directory) to Office 365. This is accomplished through the use of synchronisation software which today typically means Azure AD Connect.

There have been a number of iterations of this synchronization software which initially started life out as DIRSYNC. The problem with DIRSYNC was that although it could copy user object information it could not copy the users password from on-premises to Office 365. This meant that the password would have to be manually set in Office 365 to match the password on-premises. Thus, with DIRSYNC it was entirely possible for on-premises password to differ from Office 365 which was very confusing for users.

The next iteration of the synchronisation software was called Azure AD sync. This included all the features of its predecessor, DIRSYNC, but now incorporated the synchronisation of secure password hashes.

This meant that now not only was a users details synchronised from on-premises but so was an encrypted version of their password. With Azure AD sync in place users on-premises password was now automatically replicated in Office 365.

The current iteration of the synchronisation software is called Azure AD Connect and brings all the benefits of Azure AD Connect but with additional features to allow things like the integration across multiple Active Directory Forests, integration with other third party directories on premises as well as better integration into the cloud.

The synchronised model copies the users details and password hash to Office 365. It however, is not a bi-directional sync, Azure AD Connect (and the previous synchronisation tools) copies from on-premises to Office 365, over writing anything that may already exist there. They do not copy back from Office 365 to a local directory.

The synchronised model requires synchronisation software to be running on a server in the local network. Best practice is to run this synchronisation software on a member server but Azure AD Connect does support being installed on a domain controller while previous versions of sync tools did not.

See my previous articles on installing the various sync tools:

Azure AD Connect tools – the basics –https://blog.ciaops.com/2015/07/azure-ad-connect-toolthe-basics.html

Azure AD Sync Services tool – the basics –https://blog.ciaops.com/2015/06/azure-ad-sync-services-toolthe-basics.html

Windows Azure Active Directory Sync tool (DIRSYNC) – the basics – https://blog.ciaops.com/2013/10/windows-azure-active-directory-sync.html

The final identity model extends on the synchronisation model by adding Active Directory Federation Services (AD FS) to establish a trust between on premises AD and Office 365. This means that when a user requests an Office 365 services, Office 365 queries the local AD via AD FS to confirm the provided user credential. If the local AD confirms the identity a security token is passed back to Office 365 authenticating the user identity so that Office 365 can then allow the user access to the services.

A federated identity model requires the installation of an AD FS farm on premises, which is a role available on a Windows Server. This farm must be installed on member servers within the existing network. AD FS also requires third party certificates to be installed and maintained. Also, if the business requires users to roam outside the organisation and continue to access Office 365 it will also need to install a secure AD FS proxy farm to handle these external requests from outside its network.

Thus, if a user inside the network needs access to Office 365 services they are authenticated via the internal AD FS and the local AD. If an external user needs to access Office 365 services they do so via the AD FS proxy, which connects securely to the internal AD FS server and then to the local AD.

The challenge with federated identity is that the local AD, AD FS farm and AD FS proxy farm need to be available at all times to provide authentication. If they aren’t then no user login to Office 365 is possible because Office 365 can’t verify the identity of any users because it can’t access the local AD. Best practice is therefore to install these in a load balanced environment which means multiple servers.

The advantage that federated identity provides is that once users are logged on to their local AD they are not prompted again for separate Office 365 credentials. Because Office 365 has established a trust with the local AD, all Office 365 services are provided by credential pass through. This basically means a user isn’t prompted to access Office 365 because they have already logged into their local AD and Office 365 already trusts this. This provides users with a single sign in (SSO) experience.

Each of the models can easily be incorporated into any Office 365 but the most cost effective solution for environments with an existing AD infrastructure is the synchronised model as it generally does require the additional equipment that the federated model does.

You should therefore select the simplest Office 365 model for your needs. It is also possible to change between the models if required but getting it right up front can save a lot of extra configuration down the track. So plan your Office 365 identity requirements early and provide the best login experience for your users.

LepideMigrator for Office 365 file migrations

A while back I wrote a post about migrating from Companyweb (SharePoint on SBS) to Office 365. You can review that post at:

Migrating from Companyweb to Office 365 SharePoint

which concluded that using third party tools to do the migration to SharePoint Online is a much easier process that any other option. The drawback with most third party tools is that they are quite expensive, especially for smaller businesses (generally talking thousands).

I have always been on the hunt for a suitably priced SMB SharePoint migration tool and recently was contacted by Ajit from Lepide who kindly provided me with a copy of the LepideMigrator for documents software.

You basically set up your source locations.

Then your SharePoint destinations, which can include SharePoint Online.

You can then migrate or copy from source to destination. What you might also notice here is that there is a Migration Analyser option.

SharePoint does have some limitations around certain file names, file lengths, etc. This can prove frustrating if you are trying to a bulk move of files and one of these conditions causes your traditional file copy via a mapped drive to bomb.

The built in migration analyser will test your source for all these known condition and alter you if problems exist. That way you can identify and take action on problem files BEFORE you migrate.

If you need to do SharePoint to SharePoint migrations, say from previous versions of SharePoint to SharePoint Online it will do this as well. It can also read and display things like the permissions of your destination as well as match securities during SharePoint to SharePoint migrations which is really handy.

Now for the best part. The cost of this tool is only USD $349 for a one year subscription of a single seat license. You can add additional seats for USD $175 and each subscription includes free support and maintenance. That is outstanding value for what the tool does, especially when compared to other offerings.

I think the LepideMigrator for documents software is an excellent choice for small and more cost conscious businesses looking to move data into SharePoint online, whether from a file system or from something like Companyweb. They also have a reseller program that provides further benefits.

With the LepideMigrator for documents software I successfully migrated files from a local hard disk to a SharePoint Online Document Library, a complete site from a SharePoint 2010 hosted environment to SharePoint Online and finally across different SharePoint Online tenants. That probably covers the majority of what most smaller business need when they move their files to Office 365.

Lepide also have a number of other products that, based on what I have seen with the SharePoint tool, I also suggest you go and check out.

Once again, thanks to Ajit from Lepide for reaching out and letting me test a full version of their software so I could report to you.

So, if you have a need to migrate information to SharePoint Online I really suggest you check out the LepideMigrator for documents. It is the most cost effective tool I have currently found, especially for smaller, and more budget constrained, businesses.

A mobile device must have

A while back I wrote an article about how I use OneNote. You can find it here:

One of the ways I use OneNote

It showed how to get a personal OneNote notebook up and running with Office 365 and access it on all your devices. It also detailed the process that I use to create my shared ‘Daybook’ notebook which I basically use as a replacement for a traditional pad and pen.

One of the must have add-ons for OneNote in my books is Office Lens from Microsoft. The way Microsoft tout it is as a OneNote scanner for your pocket.

You start by downloading the Office Lens app on your mobile device:

Here for Android

Here for iOS

Here for Windows Phone

Once you have the app on your device you can use it capture things like business cards, white boards and even documents. To do this you simply use the Office Lens app to take a picture of the information. Once captured you can then save it in a variety of locations, including OneNote.

The way I use it is to capture expenses when travelling as you can see in the above screen shot. Here, I’ve taken a picture of a petrol receipt using Office Lens on my mobile and then uploaded that to my cloud shared OneNote notebook. This then makes that available to every device automatically thanks to the syncing wonders of OneNote.

When I return to my desktop, I can bring up the same OneNote notebook and view the receipt. Even better, I can use OneNote pages and sections to categorise the information so I know for example which trip it was part of. Even better, the information inside the receipt has been made searchable. Thus, as the highlight in the above screen shot demonstrates, I have searched for the text ‘invoice’ and OneNote found and highlighted that text inside the receipt (i.e. inside a picture I took on my mobile device!).

Can you imagine how much easier it would be to record all your casual receipts like this? Once they are captured with Office Lens, they can be uploaded to you OneNote notebook saved in the cloud. There they are not only backed up and saved, they are also searchable and easily ordered if required.

It really is amazing at how well Office Lens works with receipts and whiteboards. Combined with cloud based OneNote notebooks it creates a great system for not only capturing but also retaining and organising information for individuals and also for businesses. Image a system where travelling staff can capture their receipts directly into OneNote so they can be processed quickly by admin staff back in the Office.

Think of how much time it takes you or your staff to do paper based expense reports now. Think of all the space consumed by those paper expense reports. Also, what happens to the receipts after they have been processed? How long do they need to be retained for tax purposes? Many receipts are printed on thermal paper which fades over time. That is not good if they need to be retained.

Having a digital copy has so many benefits and combined with cloud based notebooks like OneNote, it can greatly increase the productivity of your staff and your business. The best bit is that both OneNote and Office Lens are already free and if you have Office 365 or OneDrive.com (also free) you can take advantage of cloud synced notebooks to share the information between devices or between a team.

So if you enjoyed my previous OneNote article and are using OneNote synched notebooks, now you can take your productivity to the next level by using Office Lens. You can get even more done in your day by making the capture, retention and sharing of information simple and digital.

Azure AD Editions feature comparison

One of key technologies I tell people, especially resellers and IT Pro to be more aware of is Azure Active Directory. However, many ask where should they start with the product?

The first things to understand is that there are different editions:

Free – The Free edition of Azure Active Directory is part of every Azure subscription. There is nothing to license and nothing to install. With it, you can manage user accounts, synchronize with on-premises directories, get single sign-on across Azure, Office 365, and thousands of popular SaaS applications like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more.
Basic – Azure Active Directory Basic edition provides application access and self-service identity management requirements for task workers with cloud-first needs. With the Basic edition of Azure Active Directory, you get all the capabilities that Azure Active Directory Free has to offer, plus group-based access management, self-service password reset for cloud applications, Azure Active Directory application proxy (to publish on-premises web applications using Azure Active Directory), customizable environment for launching enterprise and consumer cloud applications, and an enterprise-level SLA of 99.9 percent uptime.
An administrator with Azure Active Directory Basic edition can also activate an Azure Active Directory Premium trial.
Premium – With the Premium edition of Azure Active Directory, you get all of the capabilities that the Azure Active Directory Free and Basic editions have to offer, plus additional feature-rich enterprise-level identity management capabilities explained below.

(Click to enlarge)

And that obviously the features differ between them as the above table highlights. Theses links point you to the most salient information on Azure AD.

Azure Active Directory features and capabilities

Azure Active Directory editions

Azure Active Directory pricing

i have written lots of posts on Azure AD, especially how it integrates with Office 365 and you’ll find these at:

I finally get Azure – https://blog.ciaops.com/2014/04/i-finally-get-microsoft-azure.html

Great Azure demo [VIDEO] – https://blog.ciaops.com/2014/03/great-azure-intro-demo.html

Introduction to Azure [VIDEO] – https://blog.ciaops.com/2014/12/introduction-to-azure.html

Add a custom domain to Azure – https://blog.ciaops.com/2014/08/add-custom-domain-to-azure.html

Enabling your Office 365 Azure AD – https://blog.ciaops.com/2015/01/enabling-your-office-365-azure-ad.html

Azure AD Connect tools – the basics – https://blog.ciaops.com/2015/07/azure-ad-connect-toolthe-basics.html

Azure AD Sync Services tool – the basics – https://blog.ciaops.com/2015/06/azure-ad-sync-services-toolthe-basics.html

Configuring an Azure Single Sign On portal – https://blog.ciaops.com/2015/02/configuring-azure-sso-portal.html

Creating a single Sign on portal using Azure [VIDEO] – https://blog.ciaops.com/2015/03/creating-single-sign-on-portal-using.html

Enabling self-service password resets in Office 365 – https://blog.ciaops.com/2015/02/enabling-self-service-password-resets.html

Creating a Domain Controller in Azure – https://blog.ciaops.com/2015/07/creating-domain-controller-in-azure.html

Upgrading an Azure virtual machine – https://blog.ciaops.com/2014/09/upgrading-azure-virtual-machine.html

Restricting remote access to an Azure virtual machine – https://blog.ciaops.com/2014/08/restricting-remote-access-to-azure.html

Azure desktop backup – https://blog.ciaops.com/2014/12/azure-desktop-backup.html

Azure VM backups – https://blog.ciaops.com/2015/06/azure-vm-backups.html

Connect Windows 10 to Azure AD – https://blog.ciaops.com/2015/07/connect-windows-10-to-azure-ad.html

So hopefully that gives people enough information to at least get started on the journey of learning Azure AD.

I plan to of course write lots more about Azure AD so stay tuned.