Lync Online Certificates Upgraded
As part of our ongoing commitment to security we are making a change to our SSL certificate chain that will require our customers and partners to take action before June 1st, 2013
. Lync Online Servers currently use the GTE CyberTrust Global Root and beginning on June 1st, 2013 will migrate to the Baltimore CyberTrust Root. The new root certificate uses a stronger key length and hashing algorithm which ensures we remain consistent with industry-wide security best practices for trusted root certificates. If your services does not accept certificates chained to both the GTE CyberTrust Global Root and the Baltimore CyberTrust Root, please take action prior to June 1st, 2013 to avoid certificate validation errors.
While we seek to minimize the need for customers to take specific action based on changes we make to Lync Server, we believe this is an important security improvement. Here you can download the Baltimore CyberTrust Root
Here is how you can verify your service will not be affected by this change:
If you perform Windows Updates regularly: Validate that the new Baltimore Root cert is already present in the “(LocalComputer) Trusted Root Certification Authorities” cert store on each Server.
If you do not perform Windows Updates regularly and/or new Baltimore Root cert is not appearing in cert trusted root store: Perform Windows Update for this requirement or import the Baltimore Root to each Microsoft facing Server.
Check your Certificates
In this session we tried to cover, Office 365 Identities, DirSync (how it works, how to debug) , ADFS (how it works, how to debug) and how to use ADFS & WAAD with your own websites.
All the sessions from Techdays Belgium 2013 can be found on this page: Click here
Make sure to check out our session and one I still find a-must-see is the “Troubleshooting Federation & ADFS” from John Craddock, one of the masters of federation. Click here
to see his session.
Since the release of Office 365 Wave 15 (or the blue tenant like some people like to call it), people have been talking about the removal of E2 as a license. The plan behind it is a noble one: Giving your customers more functionalities for less money. So people who needed EDIT right in the webapps were in Office 365 Wave 14 obliged to go to an E2 which was more expensive than the E1. In the new tenant the plan was to give at least EDIT rights. So no more Web Apps with only READ rights. Which in my opinion is a good decision.
But some weeks ago, just after the release of Wave 15, I've noticed in the Portal that E1 AND E2 were available. In my opinion that was/is a recipe for disaster. Luckily they had the same price and what appeared to be same functionalities. So what could go wrong. I bought some E1s for a customer and guess what, they had READ rights on the Web Apps. Recipe - disaster - check.
But starting from 23/03/2013 the new E1-E2 are the same in functionalities. So from now on you can buy E1s instead of E2s without any problems. If you should have them, don't hesitate to contact me.
So another Licensing disaster avoided ..
GO TEAM OFFICE 365 :)
Since the moment that Microsoft took over Skype rumors started to reach the world about Office 365 (Lync Online) and Skype federation. Like my fellow Office 365 MVP Loryan Strant in his blog already stated http://thecloudmouth.com/2013/01/25/looks-like-skype-is-already-taking-over/
Microsoft doesn't talk about IM with live id but talks about federation with public IM: Skype. So we can state: if works.
But how does it works? Do we enter our Skype name in our Lync client? That would have been easy, but no it takes some extra steps. In this blog I'll provide a step by step post on how this federation works.
To make it really easy: Lync Online cannot federate with Skype unless your Skype User is connected to a Live ID. So we need live id connection to have a Skype federation, which makes sense of course. This is important to understand because if your users do not have this connection available, the federation will not work ...
Step 2: if you have Skype account (which is the case I this scenario) select I have a Skype account.
Step 3: enter your Skype name and password
Step 4: Merge your accounts
Step 5: try and smile
I've entered my live id account in Lync and try to connect with a voice call and you see in the printscreen that Skype takes the call.
What works and what doesn't?
In my test only voice worked. IM, Video, Sharing desktop, didn't work.
It’s January of the New Year 2013. We all make new plans, things we want to do better in our personal and professional live. If you are a consultant like me, you have to be on edge, have to be in touch with the newest cutting edge technology and things of who you think that will become common good in the near or distant future.
So what will 2013 bring for our businesses? And no the answer is not cloud. Cloud is already out there, cloud is a common good, if partners are not investing in cloud solutions there are running more than 2 years behind and in this fast changing world they’ll become an endangered species.
Depending on what market segment you are in, these are the things I believe will make the difference in 2013.
If your main market is in SMB, the focus will be on standardization, consolidation and cloudification (if there is such a word) of the IT infrastructure. They want the same level of professionalism in their IT like an enterprise. The scale and budget to do so is many times smaller and so innovation becomes the key to save money. But they need the same SLA’s and services that enterprises need. Think about Windows Azure as an IAAS, the possibilities that the system offers is almost endless. But if your story stops there, you’ll put your customer in a lot of pain. Going cloud is more than putting your servers into the cloud. Another technology that I personally want to see in SMB is SharePoint 2013. And believe me there is a market for SP solutions in SMB. The problem is -and blame of you, local IT farmers- that nobody within the typical SMB partners is willing to invest in SharePoint. Big SharePoint companies do not focus on SMB, let’s be honest. If you can sell a project of 50 days instead of 5 days, in the end it’s all about the money. But don’t be mistaken, SMBs know what is out there and they are going to ask in 2013 for SharePoint and SharePoint online.
If your main market is in Corporate or Enterprise, I think the main difference with SMB will be that a lot of those companies don’t want to go completely in the cloud (yet). I admire those you are willing and actually doing the walk and not only talking the talk. But I really believe in the hybrid setup. And I truly think that’s the reason why Microsoft has a significant edge over it competitors. Allowing a hybrid setup just gives you more possibilities to start with cloud solutions without to having to do a complete cold turkey migration. Allow hybrid environments makes customer adjust their environment to the cloud possibilities. This is only the technological side of the story. In our business, people often forget what the impact is on a big organization in terms of processes, rules, functionalities, responsibilities …
Next one, identity, think about it, there is nothing that we want more than protection of our identity, privacy … both very sensitive data. But we still want to logon to all kinds of sites with the same username & password. We already see it on a lot of website, login in with facebook, login in with twitter. We want single sign on, that is always up and running, always usable. Is Windows Azure Active Directory the solution to that? Being able to log on different systems with your Microsoft Online ID (or federated id), is that the way to go, I don’t know, but I know that the possibilities in that product are promising. It is problem where the Identity Providers Community is working on for a long, long time. I think 2013 will be the year where the direction of the path will be determined.
These are the things I think will definitely have a breakthrough in 2013. Of course there will be other, but it’s all about where your focus lays and how your strategy will cover that …
I do look forward this very interesting year ...
After the bpos to Office 365 migration, it is time for the educational institutes to go through the process of transitioning from live@edu to their new Offie365 environment. But is the name transition the correct word for the journey we are going to –together with partners, students, teachers, staff- undertake?
To know the exact answer we have to check the timeline and functionalities that live@edu currently has. Not so long ago we had a real migration of live@edu going from the Hotmail mail functionalities to Exchange functionalities. Mailboxes were moved around on servers, the possibility of data loss was definitely existing, down time was almost inevitable. It is in that statement were the first motivation for the blog post title lays. The underlying mail system of live@edu and Office 365 is actually the same. Even more so, the mailboxes will not leave the current live@edu servers, they will stay on the same servers, on the same rack, on the same software – Exchange 2010 SP1. This means for the end users that the possibility of data loss and down time is –almost- 0%. I think that knowing this, a lot of statements of relieve will be uttered.
But if the mailboxes don’t change of platform or move around on servers what will be happen? To really understand what will happen, it is necessary that you know what services live@edu contains. First of all we make a difference between IT-managed and self-managed services. The IT managed part of live@edu is the mailbox services and is thanks to the Exchange functionalities behind it, completely manageable by the IT Department. Skydrive, Live Messenger are services provided by Microsoft as a part of live@edu but are completely managed by the end user. The only part where the IT Department is responsible for, is the user provisioning for those services. Since those services are not included in Office 365, what will happen will them? The secret lays in the type of user accounts both systems support.
The account system of live@edu was completely based upon live accounts. The kind of accounts we all know very well because almost every consumer based service of Microsoft uses live accounts. Office 365 on the other hand, use Microsoft Online User Account, completely different to live accounts. During the upgrade of Office 365, the live accounts of the existing users will be split into two parts. The first part is the remains of the live account with still access to Skydrive and Messenger, but disconnected from any possibility of Single Sign On to the Educational Organization. The second part is a new account on the Office 365 platform with a new password (Starting from January 2013, password copy from live@edu to Office 365 will be available) that end users need to change at their first logon. So existing live@edu users will still have their live account and a new Office 365 account. Those users will have both the functionalities of Office 365 and live@edu. New users won’t have those functionalities unless you use some kind of 3rd party software like #loryan.
So, to end with, upgrading from live@edu to Office 365, holds no risk of data loss and down time of the mail service. Existing users will have all the functionalities of live@edu and Office 365. In my book this is an upgrade since the end user will have more functionalities.
Follow my next blog posts on live@edu to Office 365 to be ready for the upgrade …
One of my customers had the following questions:
I have a sister company xxxx.com and I want those users to have an emailaddress from my company yyyy.com that automaticly forwards all the emails send to firstname.lastname@example.org to email@example.com without any extra costs.
So assigning a new mailbox with forward rules was out of the question.
Then I found this interesting article: http://community.office365.com/en-us/wikis/exchange/how-to-forward-email-in-office-365.aspx
Especially Part 2 was of interest to me.
In my case:
New-MailContact Support –ExternalEmailAddress firstname.lastname@example.org
$obj = Get-MailContact email@example.com
Get-MailContact Support | Set-MailContact -EmailAddresses $obj.EmailAddresses
To verify this, we will run this command:
Get-MailContact Support | fl *emailaddress*
Within a few weeks, the new server Edition of Microsoft will be released. One of the things that struck me the most is that there will not be a Small Business Server anymore. You can choose to implement an Windows 2012 Essentials.
In that version there is no Exchange version available. You can connect to Office 365 or to an on prem Exchange Environment. In this the next few printscreens I will show how easy it is. You can download Windows 2012 essentials EVAL http://www.microsoft.com/en-us/server-cloud/windows-server-essentials/default.aspx:
I'm not going to cover how to install and setup the Essentials but believe me, it was easy.
Once you've installed the W2012E you will receive a dashboard where are the configuration has to be done.
We select the EMAIL
Click on Integrate with Office 365
In this screen you need to choose if you have an Office 365 or not. If you don't have one you can create one starting from the next screen.
When done click next. And sign in with an administrator account. I prefer to use here an onmicrosoft.com user. When something goes wrong with your account, this one will always work.
To make everything work fine concerning passwords, W2012E will activate Strong Password Policy ..
And done ...
Time to test. Let's go to the Users Tab. And create a new user.
One final note: in this scenario there isn't any SSO provided. But password are synced. So if you change a password on the AD, it will go through to Office 365.
I just love to speak about Office 365. You are always welcome to join one of my sessions and give me feedback ...
June 28th: Data Security and Data Compliancy in Office 365 ... Click here to read all the details on the community site.
July 5th: SharePoint Online Features. Click here to read all the details on the UK Usergroup Site.
July 10th: WPC Toronto: Office 365 and Lawyers
July 11th: WPC Toronto: Office 365 and Real Estate
As I mentioned in my previous post, the next 2 weeks I'll be testing the Nokia Lumia 900 in my "daily" use.
So this morning I wanted to use my phone as a GPS system. Nokia provided their phones with Nokia Drive. If you want to rate a gps app, you need to compare it against a real gps system like tomtom. So I activated my TomTom and my Nokia Drive.
First thing that I've noticed: out of the box the nokia does not have any navigation voices. Personally I'm not a big fan of some voice who is telling you what to do, but I think one boring computervoice could be added to Nokia Drive. And as far I've seen, there are no possibilities to download one via 3G network, only of wifi.
Second thing is that you need to online (dataconnection) to get a good mapsetting and to search for destionations. After activation of my 3G network it worked like a charm. Speed limits were displayed nicely and correctly. I took -on purpose- the wrong road today and in a blink of an eye I got a new route. So it was fast too. The landmarks along the road are really helpfull to get you orientated. You can download the maps so that they are available offline, but that again needs to be done with a wifi connection.
Third: It was possible to make a phone call while navigation. Since I don't had/have a navigation voice, I don't know how the call and the nav voice would have interfered with each other. But I worked perfectly at my setup.
Fourth: its big, HD screen is such a nice feature here.
What it doesn't have:
- If you are looking for fuel, parking, ... and there is one along the road, you'll find it. But if you want to search for one. unfortenately it doesn't do that, unless you know the name.
- Traffic Control
Conclusion Nokia Drive: will it replace my TomTom Go: no not at this time. Will I use it when I left my TomTom at home: Yes! 100% - Nokia Drive is not -yet- full blown GPS system with all the features of a TomTom, but I don't know if that should be the main purpose of Nokia Lumia. It's a backup system, if you are stuck in a city without a gps system, thank you Nokia Drive.