Category: Office365


Yammer and Office 365 groups

Advertisements

“Regarding Azure, it has nothing to do with users or products; you buy upfront a ‘monetary commitment’ and you pick and choose platform(s)/storage/MS apps from the MS cloud environment, so you should see Azure as a ‘Cloud services’ sort of instance which you pay as per you use.

In order to achieve this, we need an Azure Subscription assigned to an O365 account  as it is described here:

https://docs.microsoft.com/en-us/azure/billing/

https://docs.microsoft.com/en-us/azure/billing/billing-use-existing-office-365-account-azure-subscription

Pricing list described here:

https://azure.microsoft.com/en-us/pricing/details/functions/

Example of services:

Key vault

Azure functions

Storage account with queue

 

Manage monetary commitments:

https://ea.azure.com 

 

Presentations and how-tos:

https://1drv.ms/b/s!Am0e5elsDFPqh-0aW7dYRKY-InN5yg

Change the tenant of a subscription: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

Azure and resources access: https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/getting-started/azure-resource-access

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-data-storage-eu

There are four main options on how you can configure SSO:

 

http://www.interlink.com/blog/entry/active-directory-federation-services-adfs-vs-password-sync

 

Monitoring SPO (and Onedrive!) performance and slowness:

https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online

https://docs.microsoft.com/en-us/office365/enterprise/diagnosing-performance-issues-with-sharepoint-online?redirectSourcePath=%252fen-us%252farticle%252f3c364f9e-b9f6-4da4-a792-c8e8c8cd2e86

  • The F12 tool bar network monitor or using third-party tool like fiddler or equivalent

  • SharePoint Online response header metrics (SPRequestDuration and X-SharePointHealthScore)

     SharePoint response header information

  1. Ensure that you have the F12 tools installed. For more information on downloading and installing these tools, see What’s new in F12 tools.

  2. In the F12 tools, on the Network tab, press the green play button to load a page.

  3. Click one of the .aspx files returned by the tool and then click DETAILS.Shows details of the response header
  4. Click Response headers.

    Diagram showing the URL of the response header

Azure AD B2B resources

https://docs.microsoft.com/fr-fr/azure/active-directory/b2b/what-is-b2b

  • The partner uses their own identities and credentials; Azure AD is not required.
  • You don’t need to manage external accounts or passwords.
  • You don’t need to sync accounts or manage account lifecycles.

Managing externals:

https://predica.pl/blog/guests-in-the-cloud-how-to-safely-manage-external-users-using-azure-ad-b2b/

SharePoint Online Azure AD B2B – Custom email invites for users using PowerShell

Powershell to invite B2B users:

https://github.com/Azure/azure-docs-powershell-azuread/blob/master/azureadps-2.0/AzureAD/New-AzureADMSInvitation.md

https://www.adamfowlerit.com/2017/03/azure-ad-b2b-powershell-invites/

https://justidm.wordpress.com/2017/05/07/azure-ad-b2b-how-to-bulk-add-guest-users-without-invitation-redemption/

External sharing:

with SPO: https://docs.microsoft.com/en-us/sharepoint/external-sharing-overview

with OneDrive: https://docs.microsoft.com/en-us/onedrive/manage-sharing

with MS Teams: https://docs.microsoft.com/en-us/microsoftteams/let-your-teams-users-communicate-with-other-people

Sharing and collaboration:

https://docs.microsoft.com/en-us/office365/enterprise/office-365-inter-tenant-collaboration

B2B Collaboration in Hybrid Identity Scenario

B2B Collaboration in Hybrid Identity Scenario – Part II

Introduction to device management in Azure Active Directory:

https://docs.microsoft.com/fr-fr/azure/active-directory/devices/overview

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#getting-devices-under-the-control-of-azure-ad

As a rule of a thumb, you should use:

  • Azure AD registered devices:
    • For personal devices
    • To manually register devices with Azure AD
  • Azure AD joined devices:
    • For devices that are owned by your organization
    • For devices that are not joined to an on-premises AD
    • To manually register devices with Azure AD
    • To change the local state of a device
  • Hybrid Azure AD joined devices for devices that are joined to an on-premises AD
    • For devices that are owned by your organization
    • For devices that are joined to an on-premises AD
    • To automatically register devices with Azure AD
    • To change the local state of a device

How to Setup: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

c

Azure AD registered devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#azure-ad-registered-devices

 

Hybrid Azure AD joined devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#hybrid-azure-ad-joined-devices

 

To configure Hybrid Azure AD joined devices, kindly visit the link:

https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual-steps

 

Azure AD joined devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#azure-ad-joined-devices

 

Azure AD Join vs Azure AD Device Registration:

https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/

 

Manage devices:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#manage-devices

 

Device management tasks:

https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#device-management-tasks

 

Configure On-Premises Conditional Access using registered devices:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises

 

 

ProxyAddress attribute is used by different applications and it can store different type of user addresses (sip, smtp, x500).

If you sync accounts with non-verified domain to O365, those addresses can be replaced with the default onmicrosof.com domain.

Some interesting reading regarding this topic:

ADConnect not Syncing ProxyAccount for email Alias from on Premise AD to Azure AD

https://social.msdn.microsoft.com/Forums/azure/en-US/3226e41c-1db1-4299-9f24-0179e05fac09/adconnect-not-syncing-proxyaccount-for-email-alias-from-on-premise-ad-to-azure-ad-i-am-using?forum=WindowsAzureAD

List of attributes that are synced by the Azure Active Directory Sync Tool

https://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

A mail user who has proxy addresses that use non-verified domains isn’t synced in an Exchange hybrid deployment

https://support.microsoft.com/en-us/help/3124148/a-mail-user-who-has-proxy-addresses-that-use-non-verified-domains-isn

Wrong domain address when synchronizing from on premise AD

https://social.msdn.microsoft.com/Forums/azure/en-US/7ddc1885-850d-487f-bf40-a91f1f5d15c8/wrong-domain-address-when-synchronizing-from-on-premise-ad?forum=WindowsAzureAD

Azure AD Connect sync: Attributes synchronized to Azure Active Directory

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized

Disabling SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

Note: dont forget to reboot the WAP and ADFS servers to take effect

To test SSL/TLS and much more you can use the free online tool from Qualys:

https://www.ssllabs.com/ssltest/index.html

 

https://support.office.com/en-us/article/Hybrid-Modern-Authentication-overview-and-prerequisites-for-using-it-with-on-premises-Skype-for-Business-and-Exchange-servers-ef753b32-7251-4c9e-b442-1a5aec14e58d