Microsoft Enterprise Technologies http://blogs.perficient.com/microsoft Perficient is proud to be partnered with Microsoft Fri, 06 Mar 2015 15:22:46 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.1 Copyright © Microsoft Community 2011 gserafini@gmail.com (Microsoft Enterprise Technologies) gserafini@gmail.com (Microsoft Enterprise Technologies) 1440 http://www.perficient.com/About/~/media/Images/About/perficient_logo_small.jpg Microsoft Enterprise Technologies http://blogs.perficient.com/microsoft 144 144 Perficient is proud to be partnered with Microsoft Microsoft Enterprise Technologies Microsoft Enterprise Technologies gserafini@gmail.com no no Advanced Content Targeting using SharePoint Search http://blogs.perficient.com/microsoft/2015/03/advanced-content-targeting-using-sharepoint-search/ http://blogs.perficient.com/microsoft/2015/03/advanced-content-targeting-using-sharepoint-search/#comments Fri, 06 Mar 2015 14:01:26 +0000 http://blogs.perficient.com/microsoft/?p=26081 There are various ways to achieve content targeting in a content management system. In SharePoint, some common terms which are associated with this feature are Audience Targeting, Security Trimming, Metadata etc. Today I am going to share an example which we recently implemented for our customer and which required advanced targeting rules.

Scenario

An internal portal accessed by employees and contractors in three dozen locations comprising of countries and/or regions. Authoring takes place in a separate content site and content is rendered on a publishing site. All content is targeted with three important profile attributes -

a. Location (comprises of country and their region)

b. Role

c. Business Unit

Each piece of content or even a link takes user to the publishing site keeping authoring unexposed to the end user. What this means to search is

a. Customizing search results URL to point to publishing

b. Customizing hover preview to display publishing pages

c. And most importantly the results should be targeted based on user profile properties (mentioned above)

Solution

In order achieve the above, we designed a custom solution extending content by search web part. This solution inserts a query token into the content search web part which filters the indexed content with logged in user’s profile attributes (Location, Role, Business Unit). (Credit goes to my colleague Ryan Selley for developing this robust solution)

First we’ll map managed properties to crawled properties for the taxonomy terms used to tag content.

mp

Then we’ll create the custom web part in Visual Studio by extending content by search.

wp1

Then we’ll Generate a custom query variable to insert in the search query box.

wp2

Build this custom query token with logged in user’s profile properties in the BuildTAQuery()

wp4

This is how the query text looks in the search web part

wp5

With this token in place your content is now targeted on the user’s profile attributes. The logged in user will now only see content which has been tagged to their location, role, and business unit.

Happy targeted coding!

]]>
http://blogs.perficient.com/microsoft/2015/03/advanced-content-targeting-using-sharepoint-search/feed/ 0
Office 365 – Microsoft’s “Cloud-First” Strategy In Action http://blogs.perficient.com/microsoft/2015/03/office-365-microsofts-cloud-first-strategy-in-action/ http://blogs.perficient.com/microsoft/2015/03/office-365-microsofts-cloud-first-strategy-in-action/#comments Wed, 04 Mar 2015 03:46:06 +0000 http://blogs.perficient.com/microsoft/?p=26075 For the past year, we’ve heard Satya Nadella’s “cloud-first, mobile-first” vision from Microsoft. Some joke that they both can’t be “first” but let’s just call it priority “1A” and “1B”.

I see it every day in Office 365. Exchange Online has nearly a bi-weekly addition of features while the on-premises version lags behind. It makes sense too that at some point, Microsoft will have to decide that “feature X” will go into the next version of Exchange as there needs to be some incentive to purchase the next version. Meanwhile, the “evergreen” service of Exchange Online continues to receive updates.

In the past 24 hours, two examples popped up demonstrating this priority.

Example #1

The first was in regards to the Exchange Online feature called “Clutter”. Given the machine learning dependencies, this feature only exists in Exchange Online today and likely will not make it into the on-premises version of Exchange.

On Monday evening, a conversation popped up in the “Office 365 Network” on Yammer with essentially some complaints about Microsoft sending communications to Exchange Online users about Clutter. Within 24 hours, a Program Manager from Microsoft was responding to the questions and dialog continued, explaining some of the rational behind the behavior. A couple hours later, a feature announcement was released describing new admin functionality for Clutter: “Making Clutter in Office 365 even better“.

Now maybe the timing was just right as Microsoft obviously had been planning the admin features and it was even a roadmap item. Regardless, the access to the Office 365 team via Yammer and their prompt response is unprecedented in my opinion, nothing I’ve seen from any on-premises products. When you watch the Yammer conversations, you really get the sense that Microsoft is listening. If your organization uses Office 365, you should definitely be hooked into the Office 365 Network on Yammer.

Example #2

On the same day, the Exchange Team published a blog post (“Want more control over Sent Items when using shared mailboxes?“) about new functionality for shared mailboxes and sent items. It’s a pretty commonly requested feature that existed in Exchange 2010 and disappeared in Exchange 2013.

The release date for this functionality in Office 365 was stated as “now” or “very soon”. For on-premises Exchange 2013, it will come as part of CU9.

Microsoft has a release cadence of approximately 3-4 cumulative updates (CUs) per year. The current release of Exchange 2013 is CU7 with CU8 probably arriving in the next month or two which puts CU9 probably 6 months or more away. Then you have the usual delays before on-premises customers test and deploy the latest cumulative update (since we’ve all been burned before by being early adopters) and realistically most organizations aren’t running CU9 for probably 7-8 months.

So that’s your delta right now, about 7-8 months and by that point, we’ll have moved on and started talking about the next version of Exchange.

Summary

There are examples of Microsoft’s “cloud-first” strategy everywhere, look no further than the Office 365 Roadmap for great examples of what’s to come. While these two examples may seem somewhat minor compared to some of the blockbuster features available in the cloud, they demonstrate the agility of the cloud service and why migrating to Exchange Online will be your last mail migration.
 
Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.


]]>
http://blogs.perficient.com/microsoft/2015/03/office-365-microsofts-cloud-first-strategy-in-action/feed/ 0
Free Microsoft Training with the “Know it. Prove it.” Challenge http://blogs.perficient.com/microsoft/2015/03/free-microsoft-training-with-the-know-it-prove-it-challenge/ http://blogs.perficient.com/microsoft/2015/03/free-microsoft-training-with-the-know-it-prove-it-challenge/#comments Tue, 03 Mar 2015 17:00:51 +0000 http://blogs.perficient.com/microsoft/?p=26046 Know It. Prove It. 28 days to rock your tech skills.Microsoft Virtual Academy held the “Know it. Prove it.” 28-day challenge during the month of February 2015. The challenge was a month-long learning binge with 8 challenge tracks to choose from. Along with more than 55,000 people around the globe; I rocked the challenge during the month of February and leveled up my skills. As an overachiever, I actually completed 2 challenges and learned a lot. Even though the challenge is technically over, you can still commit to and complete these challenges, so there’s still plenty of time if you haven’t started one yet.

What is Microsoft Virtual Academy?

The Microsoft Virtual Academy is a website that provides Free webcast training on pretty much all of Microsoft’s technologies. The site has been around for years, and has quite the extensive catalog of content ranging from Beginner topics to more advanced topic with Windows Server, Azure, SharePoint, Visual Studio and even game development. Even though this site has been around for years, there’s still a lot of IT professionals that don’t know about it. The “Know it. Prove it.” challenge has definitely brought a lot of visibility to this great resource that all IT professionals can easily take advantage of.

Did I mention it’s completely Free?

What is the “Know It. Prove It.” Challenge

The “Know It. Prove It.” Challenge ran for the month of February 2015; only a short 28 days. Each challenge track is made up of content designed to take only 1 hour a day to complete.

Know It. Prove It. Challenge TracksThe Challenge tracks are:

  1. Cloud Development - everything Azure (there’s a lot!)
  2. Game Development – 2D and 3D game development for Windows 8
  3. Mobile Development – building Windows Store apps with C# and Cross-Platform development with Xamarin & Visual Studio
  4. Web Development – building apps with HTML5, JavaScript, CSS3, jQuery, ASP.NET MVC and Bootstrap
  5. Hybrid Cloud – Windows Server 2012, Azure and cloud automation
  6. Identity & Access Management – Windows Server 2012 Active Directory, Windows 8.1 Security, Azure VPN & RemoteApp
  7. Office 365 – Office 365, Exchange Online, SharePoint Online, Lync Online, Active Directory Federation and more
  8. SharePoint – SharePoint 2013 configuration, management and development

There’s a challenge track for you, whether you’re an IT Pro or a Developer.

My Experience

Luckily, I found out about the “Know it. Prove it.” challenge at the end of January, so I was actually able to start 2 days early. Actually on that first day, I binged for about 6 hours of the Web Development challenge. Due to this head start I decided to take on both the Web Development and SharePoint challenges. I really had to push through at times (stay up late, get up early, etc) but I persevered and completed both challenges.

My Completed Challenges

Tip Saving Tip: I actually played some of the videos at 2x speed so I could get through them more quickly.

As I progressed through the challenges I alternated between the two so I wouldn’t get burned out from an overload of 1 topic. This also helped me retain more of the knowledge transfer by only doing approximately 1 hour of each challenge per day.

After going through both the Web Development and SharePoint Challenges, I must say that the content is amazing! These are high quality webcasts authored by subject matter experts. While I only went through 2 of the 8 challenges, I have absolutely no doubt that the rest are just at top notch as these two.

In case you’re interested, here’s a link to my Microsoft Virtual Academy profile, listing the courses that I’ve completed:
http://www.microsoftvirtualacademy.com/Profile.aspx?alias=685961

Challenge Results

The overall challenge results are amazing! There were over 55,000 people who signed up for “Know It. Prove It.” with over 39,000 who signed up for at least 1 challenge. Of those people that signed up, there were over 53,000 challenges started; which means thousands of people started multiple challenged!

Andrew Parsons is the one running the challenge, and he posted an end of “Know It. Prove It.” blog post summarizing these results. Here’s the exact numbers he posted:

So, the numbers. You know what’s amazing? People were still signing up for Know it. Prove it. right up until the end (and even today we saw hundreds sign up!). A lot of you finished your challenges in the last week. And even more of you managed to finish at least one course in their challenges. So, just how many are we talking about?

  • 55,425 people signed up for Know it. Prove it.
  • 39,197 KiPi participants signed up for at least one challenge.
  • 8,880 KiPi participants completed a course.
  • 4,641 KiPi participants completed an entire challenge.

Over 55,000 people? That’s crazy! And almost three quarters of you went on to sign up for a challenge? That’s amazing! And more than four and a half thousand people completed an entire challenge, filling up their little badge all green? I. AM. IMPRESSED.

Oh, and the other number I’ve referred to previously? There were over 53,000 challenges started. 14,000 extra challenges. That means, thousands of you did more than one challenge!

Another amazing thing about the challenge is the number of people from countries all over the world who participated. Additionally, along with Andrew, I am super impressed. Not just with the challenge and it’s participants, but also with Andrew Parsons who put together an amazing challenge. WAY TO GO, ANDREW!

Click here for the full challenge results post.

You can still rock your skills!

Even though the “Know It. Prove It.” challenge has technically ended, you can still take part as the challenges and content are still available at the link below:

http://www.microsoftvirtualacademy.com/knowitproveit

While the content will remain on the Microsoft Virtual Academy website, the “Know It. Prove It.” Challenge will only be available until March 25, 2015. Here’s what Andrew Parsons posted about the Challenge availability:

So, as I mentioned, I highly encourage you to add your challenge courses to your MVA Learning Plan. When we hit March 25, we’re going to shut down Know it. Prove it. for a while. That’s because there’s something new coming and we need to make space for it. But it also means you won’t have easy access to those courses unless you add them to your Learning Plan.

Did you start and/or complete a challenge?

If you’ve started or completed a challenge, or even are just starting one now, I’d love to hear from you! Please post a comment on this post.

]]>
http://blogs.perficient.com/microsoft/2015/03/free-microsoft-training-with-the-know-it-prove-it-challenge/feed/ 0
Office 365 – Azure AD Sync: Did You Know? http://blogs.perficient.com/microsoft/2015/03/office-365-azure-ad-sync-did-you-know/ http://blogs.perficient.com/microsoft/2015/03/office-365-azure-ad-sync-did-you-know/#comments Tue, 03 Mar 2015 16:00:59 +0000 http://blogs.perficient.com/microsoft/?p=25918 brain_gears_shutterstock_wordpressIt’s been about six months since “Azure AD Sync” (often called “AADSync”) was made generally available with the intended purpose to replace the previous DirSync tool. In addition to an overhaul under the hood, AADSync brought with it new features such as support for multiple Active Directory forests.

If you’re configuring Directory Synchronization for the first time, it is recommended to use AADSync instead of DirSync. If you have an existing DirSync environment, you might find that AADSync fills some requirements that DirSync does not.

Below are 10 quick little tidbits you might not have known about Azure AD Sync.

What’s in a Name?

Aside from “Azure AD Sync / AADSync” being a tongue-twister for consultants, I’ve found that it’s not uncommon for there to be confusion about what AADSync is. While it has “Azure” in the name, it’s still a locally installed product running on a server in your environment. It’s not a cloud service, it’s an updated version of the DirSync product you’re probably familiar with. Yes, that server could technically be running in Azure IaaS but now we’re just playing word games.

Upgrading from DirSync / FIM

Running DirSync or FIM with the Office 365 MA today? There is a migration process for you although it’s basically just installing the new AADSync product and disabling the old sync product. You can technically install them on the same server but given it’s probably on a virtual server, I prefer to install side-by-side on another virtual machine. If you’re feeling real cautious, create a new service account in the tenant and disable the old one at the time of cutover. Microsoft has a little guidance on the migration process: Moving from DirSync or FIM to Azure Active Directory Sync

Forcing a Synchronization

If you’ve been running DirSync for any length of time, your fingers are well trained at typing the command “Start-OnlineCoexistenceSync“. In some odd decision that seems to be a step backwards, you force a sync in AADSync using a command-line utility and not PowerShell. Yes, a command-line utility.

To force a sync, navigate to “C:\Program Files\Microsoft Azure AD Sync\Bin” and run:

DirectorySyncClientCmd.exe delta” for a delta sync and…
DirectorySyncClientCmd.exe initial” for a full sync


Not sure of the logic here, hopefully this is changed at some point and this is moved back into PowerShell.

Undocumented PowerShell Module

Despite the requirement to use the command-line to force a sync, there is in fact a PowerShell module for AADSync; the name of the module is “ADSync” (yes, one “A”). There appears to be 61 commands in the module, unfortunately there is almost no documentation on the syntax. You can gain insight into the syntax for some of the commands by exporting out your sync rules when configuring filtering.

Forcing a Password Sync

Like DirSync, the Password Sync process happens out-of-band from the general sync process. While the article “How to Use PowerShell to Trigger a Full Password Sync in Azure AD Sync” sounds encouraging, you’re currently presented with these detailed instructions:

You can sync password by using the PowerShell module and these instructions: How to Use PowerShell to Trigger a Full Password Sync in Azure AD Sync

Sync Rules Editor

Hidden in “C:\Program Files\Microsoft Azure AD Sync\UIShell” is “SyncRulesEditor.exe” which allows you to customize the synchronization rules. The interface is a bit “Resource Kit like” but it’s very powerful and mandatory in any type of complex multi-forest environment.

When to Use Full SQL

With DirSync, the guidance was always to use SQL when you had more than 50,000 objects in your Active Directory. With AADSync, this number is now 100,000 objects although it’s an estimate and the true limitation is the 10 GB database size limit with the embedded SQL Server Express. SQL Server 2008 to SQL Server 2014 is supported if you exceed the object limit.

Skipping the Initial Sync

Almost never do I select the option to kick off a sync during the initial configuration. I usually want to work on creating some filters and such to test out the process before I’m creating thousands and thousands of objects. If you skip the initial sync, you should be aware that the scheduled sync process (running as a task in the Windows Task Scheduler) will be disabled. So if you want the 3 hour scheduled sync to occur, you’ll need to go enable the task called “Azure AD Sync Scheduler”.

Service Account Permissions

If you install AADSync with the intention of using “Password Sync”, “Password Writeback” or “Exchange Hybrid”, you should be aware that the necessary permissions are not assigned in Active Directory. Those permissions are called out in the installation instructions: Install the AADSync Service.

Azure Active Directory Connect

…and after all this, Microsoft has a new tool coming for Directory Synchronization. I see it as more of a wizard of sorts but the idea is to make installing AADSync and AD FS easier for organizations to deploy. The plan appears for the new tool, “Azure AD Connect“, to actually replace AADSync although I suspect AADSync is just bundled in the install. I’m not real excited about this product just yet, what we have today seems to work. Trying to use a wizard-based application to remotely install AD FS on servers via WinRM (including machines in a DMZ) seems like we’re trying to make it too simplified and ultimately less flexible. I envision spending more time troubleshooting WinRM and firewall rules than it would normally take me to deploy an AD FS farm. Time will tell, this product is currently in preview with release expected later this year.
 
Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.


]]>
http://blogs.perficient.com/microsoft/2015/03/office-365-azure-ad-sync-did-you-know/feed/ 0
Webinar: How the Microsoft Cloud Helps @PIH Improve Global Health http://blogs.perficient.com/microsoft/2015/02/webinar-how-the-microsoft-cloud-helps-pih-improve-global-health/ http://blogs.perficient.com/microsoft/2015/02/webinar-how-the-microsoft-cloud-helps-pih-improve-global-health/#comments Fri, 27 Feb 2015 17:33:24 +0000 http://blogs.perficient.com/microsoft/?p=25946 Many nonprofits (and cerpihtainly other organizations as well) would likely share the same sentiment as Partners In Health (PIH) – due to the mission at hand, resource allocation, more often than not, prioritizes the needs of people over systems. It’s not all that surprising that this can lead to disbanded communication systems. Systems that, over time, become expensive to maintain and increasingly deficient.

This was the situation Partners In Health faced, and they are solving it by migrating to Office 365. PIH is a Boston-based nonprofit that delivers high-quality health care and serves impoverished communities around the world. Through the move to Office 365, they now have a single, reliable platform for colleague interactions and can more effectively focus on the mission, improving the quality of health and meeting the needs of underserved populations.

More from a recent news release:

Deployment of Office 365 across sites in Africa, Haiti, Mexico, Peru, Russia and the U.S. will further Partners In Health’s mission to provide a preferential option for the poor in health care. It will also enhance cross-site communication and collaboration as the organization responds to the Ebola outbreak in West Africa. Cloud-based storage allows documents to be accessed at any time from any device in any setting, including those where bandwidth is limited. With a common email platform, information may be shared seamlessly among colleagues, partners and all others involved in the fight against illness and poverty.

This migration included including a transition to Exchange Online for company-wide communication, Azure-hosted ADFS for identity management, and SharePoint Online for document storage and collaboration.

We’re fortunate to have assisted PIH with this deployment, and are excited to host a webinar next week, on Wednesday, March 4 at 1 p.m. CT, How Partners In Health Is Using the Microsoft Cloud to Improve Global Health.

During the session, PIH’s CIO Dave Mayo, as well as Kent Larson and David Chapman from Perficient, will share details around the challenges the organization faced prior to moving to Office 365 and how the Microsoft Cloud has impacted their ability to share information and collaborate across the globe, even in the most remote locations. They’ll also discuss how change management played an important role in a successful deployment.

For more about PIH or to make a contribution to help the organization transform global health, visit www.pih.org.

 

]]>
http://blogs.perficient.com/microsoft/2015/02/webinar-how-the-microsoft-cloud-helps-pih-improve-global-health/feed/ 0
What To Call Your My Site http://blogs.perficient.com/microsoft/2015/02/what-to-call-your-my-site/ http://blogs.perficient.com/microsoft/2015/02/what-to-call-your-my-site/#comments Thu, 26 Feb 2015 12:00:21 +0000 http://blogs.perficient.com/microsoft/?p=25679 Use “Your” instead of “My” when labeling things that are considered belonging to a user!

Possessive pronoun labels on a website (or computer) should be considered part of communication from the website to the user, as that fits the mental model most people construct subconsciously when reading text on a website. The website is communicating to you, the user. Years of consistent usage has trained us to understand that “My” means something that belongs to me, the user, so we are not completely confused when we see “My”. However, it does come with a small cognitive load penalty, as the user has to do a little thinking to understand what is meant.

The word “My” has been replaced by “Your” as a label from most popular websites over the years. Amazon uses “Your Account” instead of “My Account”, and Microsoft changed “My Computer” in Windows XP to just “Computer” in Windows 7 and now “This PC” in Windows 8. Many sites that present content specific to the individual user will even display your name as the modifier, like “Matt’s Account”.

my_computer computer7 this_pc

One concept that has resisted the change is the “My Site” in SharePoint. Microsoft has eliminated the use of “My” in the front-end labels in SharePoint 2013 and Office 365, although on the back-end the feature is still called “My Site”. Additionally, the default URL associated with the feature is still “my”, leading to many SharePoint instances that still include the word in the URL and nowhere else. Your default profile page is “Person.aspx” and the text cues refer to the content as “your profile”, so clearly somebody gets it. Microsoft recommends a separate web application for the My Site Host, and a managed path for all the personal site collections, so you have 2 labels you need to come up with in order to properly deploy your my site- see how confusing “your my site” looks?

“Your” does not make sense in this case as the sites are not just for you but also for others to access. I recommend “people” as the subdomain for your my site web application, with “personal” (or just “p”) as the managed path for the personal site collection. This way you end up with a nice URL like “people.perficient.com/Person.aspx” or “people.perficient.com/personal/matt_connolly/documents”. Those of us on the implementation side can help by referring to these sites as “personal sites”, even while we continue activate the My Site feature as administrators.

If you don’t follow my recommendations on naming your my site, at least, I implore you to drop the word “my” everywhere you can!

My References:

 

]]>
http://blogs.perficient.com/microsoft/2015/02/what-to-call-your-my-site/feed/ 0
Office 365 – The Limitations of Alternate Login ID http://blogs.perficient.com/microsoft/2015/02/office-365-the-limitations-of-alternate-login-id/ http://blogs.perficient.com/microsoft/2015/02/office-365-the-limitations-of-alternate-login-id/#comments Tue, 24 Feb 2015 16:00:23 +0000 http://blogs.perficient.com/microsoft/?p=25718 Back in April of 2014, Microsoft announced a feature called “Alternate Login ID” (sometimes referred to as “Alternative Login ID”). The idea was that instead of changing the UPNs in your on-premises Active Directory, you could use a different value to authenticate to Office 365 and sync that value to the cloud as your login.

At the time of release, I wrote an article (“Office 365 – Configuring AD FS & DirSync with an Alternate Login“) that covered the necessary configuration to use Alternate Login ID. It seemed like a very viable option for organizations that had dependencies on their current UPNs and would not be able to easily change their UPNs. In the past 10 months, that article has been one of the more popular articles that I’ve written so I wanted to follow it up with an update based on information that we now know today.

The Previous 10 Months…

While Alternate Login has been touted by some, even at Microsoft, as the magical answer to your UPN woes, I’ve been hesitant to recommend it. In my opinion, this feature is for when you absolutely cannot change your UPNs, not when an organization “doesn’t want to” or hasn’t taken the time to investigate dependencies on the current UPNs. We’re all familiar with the phrase “bleeding edge” and even though the feature is almost a year old, there are still some limitations being discovered. However, for some organizations, it is the only solution which is fine as long as you understand the footnotes that come with it.

What We Know Today

When the feature was first released, there was a bit of a vague reference to incompatibilities with Intune and to “contact your Account representative for more information”. Eventually there were some concerns that came up regarding Exchange hybrid environments, I first saw some chatter about this on Yammer and then in an article by Steve Goodman.

Fast forward to February 2015 and Microsoft has now added the following text to the wiki page for Alternate Login ID:

This update was made on February 17th, the previous version of the article just gave a warning about Autodiscover in Exchange hybrid under the “may impact various other Azure AD and Office 365 scenarios” section. The same information was added at some point to the TechNet page for this feature: Configuring Alternate Login ID.

The language seems a bit stronger now saying that the feature is not compatible.

Issues We’re Aware Of

Below are a list of items that we know have issues with implementing Alternate Login ID. That’s not to say that you shouldn’t use it if there are not alternatives, but it really should be the last resort and you should be ready to communicate these issues to your end users.

Intune
I don’t have much background on this one other than it’s been there since the original feature release. The notes have always said: “If you are an Intune customer using the SCCM Connector, there may be additional configuration required”. That tells me there’s some kind of issue but perhaps someone more involved with Intune can help fill in the details.

Exchange Hybrid Autodiscover: Domain Joined
The primary issue here is the mismatch between credentials that are valid on-premises and credentials that are valid in the cloud. In an Exchange Hybrid environment, the Autodiscover records still point to the on-premises Exchange where a user authenticates and then performs an Autodiscover lookup. If the user has a cloud mailbox, the user is then redirected to Office 365 where another Autodiscover lookup is done, with authentication, and then the Autodiscover response is returned. The problem that occurs is that different credentials are necessary for on-premises (which doesn’t know anything about Alternate Login ID) and the cloud (which expects the Alternate Login ID).

For domain joined machines, the logged in credentials are sufficient to authenticate to the on-premises Exchange and then the user receives the usual single prompt to authenticate to Exchange Online. The only difference you’ll notice here is that the prompt for Office 365 has the wrong credentials populated in the login box and you need to enter your Alternate Login ID.

Exchange Hybrid Autodiscover: Non-Domain Joined
For non-domain joined machines, the user is presented with prompts for both on-premises and the cloud without knowing which platform the prompt is for. The result is that while it’s technically possible to navigate the login prompts, it’s unlikely that your users will know what credentials to provide during what prompt.

Where this really becomes difficult to know what account to use is when you have on-premises Public Folders that you’ve made accessible by cloud mailbox users. The proxy mailbox for the on-premises Public Folders is returned as part of the cloud Autodiscover response and at some point when opening Outlook, you’re expected to enter the on-premises credentials. I would say that this configuration is nearly unusable.

Exchange Hybrid Autodiscover: Mac
When using the new “Outlook for Mac”, the credential mismatch of Alternate Login ID will cause Outlook to fail during the automatic account setup. The user will need to manually configure Outlook to use the target of “https://outlook.office365.com/EWS/Exchange.asmx”.

Office ProPlus
The behavior here is somewhat odd. When a user is using Alternate Login ID, Office ProPlus will install and show activated under that user’s account in the cloud however in the local applications, it will show you logged in under your on-premises UPN.

The result is that you won’t see the links to your OneDrive for Business within the Office applications and the OneDrive for Business Sync Client will not be setup. While you are able to sign out of the on-premises UPN and sign in with your Alternate Login ID, I question if Office ProPlus would go into “reduced functionality mode” after a period of time if left logged in with the on-premises account.

Remote Connectivity Analyzer
Not that this is a critical issue but the Remote Connectivity Analyzer Autodiscover test does not know how to handle Alternate Login ID with Exchange Hybrid due to the double authentication prompt.

Azure Application Proxy
As noted by the commenter below, the new Azure Application Proxy has a footnote stating: “The UPNs in Azure Active Directory must be identical to the UPNs in your on-premises Active Directory in order for preauthentication to work. Make sure your Azure Active Directory is synchronized with your on-premises Active Directory.” This means Alternate Login ID is not compatible in this situation.

Third-Party Identity Providers (IDPs)
Microsoft has a program for tested third-party IDPs called “Works with Office 365 – Identity”. Part of this program is a list of tested providers along with any exceptions that might be known with those products. Listed in the notes for this program is that “Use of Sign-in by Alternate ID to UPN is also not tested in this program”. So basically your mileage may vary when using Alternate Login ID with any of these third-party IDPs.


In addition to the above known issues, it would be reasonable to have concerns about future compatibility with features like the upcoming authentication change to Active Directory Authentication Library (ADAL).

Concerns with AADSync

When Alternate Login ID was released, the new AADSync did not exist yet. The configuration for DirSync, as outlined in my article, was relatively straight-forward but took some effort and investigation.

Today, we have the new AADSync tool which is replacing DirSync. This tool provides a, perhaps too easy way, to enable Alternate Login ID during installation. It’s very likely that someone installing AADSync wouldn’t necessarily know that they were enabling this feature based on how the configuration options are presented.

During installation, you are asked what you would like the “userPrincipalName” in the cloud to be matched to in your on-premises Active Directory. Should you change this value from the default to something like “mail”, you are now using Alternate Login ID from a Directory Synchronization perspective (although you still need to configure AD FS).

The “Learn more about user matching” link in the installer doesn’t provide much additional guidance, it takes you to a page that says:

The userPrincipalName attribute is the user’s login ID in Azure AD. By default the userPrincipalName attribute in ADDS is used. If this attribute is not routable or not suitable as the login ID a different attribute, such as mail, can be selected in the installation guide.


No warning, however, of any potential limitations to come…

Summary

  • Alternative Login ID allows you to use a value other than the on-premises UPN to authenticate to Office 365.
  • The feature should be used when you “can’t change UPNs”, not when you “don’t want to”.
  • There are a list of known “limitations” with using Alternative Login ID that you should be aware of should you decide to implement it.
  • AADSync provides an easy way to implement Alternate Login ID, possibly without the installer knowing they are doing so.

 
Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.


]]>
http://blogs.perficient.com/microsoft/2015/02/office-365-the-limitations-of-alternate-login-id/feed/ 4
Azure Search: Scoring Profiles http://blogs.perficient.com/microsoft/2015/02/azure-search-scoring-profiles/ http://blogs.perficient.com/microsoft/2015/02/azure-search-scoring-profiles/#comments Tue, 24 Feb 2015 12:00:21 +0000 http://blogs.perficient.com/microsoft/?p=25675 Introduction

When a search query is submitted to the index, each document that is returned has a search scoreazuresearch_configure1_5_searchtile which is an indicator of its relevance in the current search query and context. The higher the score, the more relevant the item and therefore, the higher it is ranked on a scale of high to low.

In Azure Search, you can tweak the calculation of a search score through an index modification called a scoring profile. A common usage of scoring profiles is Geo-search, which allows you to automatically boost items which are closer to the location of the user. You can also simply boost by pushing newer documents to the top of your search results, or in some cases boost some older documents. It all depends on what your business needs are.

You can configure as many scoring profiles as you would like in your search index, but you can only specify one profile at a time when running a query.

Scoring Profiles vs. Managed Property Weighting and XRANK

For the SharePoint Devs out there getting into Azure Search, Scoring Profiles is a lot like Managed Property Weighting combined with XRANK in SharePoint. However, I find that Azure Search gives you control that allows you too really customize your boosting in ways that SharePoint cannot. Most of your boosting control comes in how you define your scoring profiles in your index, which allows you to really clean up your query on the front end without having to use XRANK. For example, to achieve a simple Geo-search, you would only need to provide the scoring profile and the current location as parameters in your search query.

As a further bonus, you can configure as many different scoring profiles as you would like, giving you full control of how your query gets processed. While in SharePoint, you can only configure a single set of relevancy rules without using XRANK, in Azure Search you can configure as many as you would like and specify which one you would like to use at the time. This way you can specify different weights for different fields (managed properties) when your business needs change without having to completely clobber the back-end index. 

In Conclusion…

Having the ability to change scoring profiles as your user navigates through different portions of your website gives you a great flexibility. You can control a lot of what occurs in your search queries by modifying the scoring profiles in the index, rather than piece together complex queries. It is simply a cleaner way of making things happen.

Stay tuned for some physical examples! For a detailed msdn article, please go here.

]]>
http://blogs.perficient.com/microsoft/2015/02/azure-search-scoring-profiles/feed/ 0
Customer Experience Drives Digital Transformation – Webinar 2/25 http://blogs.perficient.com/microsoft/2015/02/customer-experience-drives-digital-transformation-webinar-225/ http://blogs.perficient.com/microsoft/2015/02/customer-experience-drives-digital-transformation-webinar-225/#comments Mon, 23 Feb 2015 20:21:39 +0000 http://blogs.perficient.com/microsoft/?p=25664 Digital Transformation tenenhance-customer-experience-and-loyaltyds to have a slightly different meaning to different people, depending on how you ask.  Whether it’s cloud, customer experience, eCommerce, integration, CRM, digital marketing, mobile, collaboration, analytics or Big Data, most would agree, however, that digital transformation enables businesses to “see” their customers better and add value throughout the lifecycle.

There’s a reason that the first topic we will be covering in Perficient’s Digital Transformation webinar series (following the initial webinar which can be viewed here)  is, “How Customer Experience Drives Digital Transformation.”  The customer experience is often the driving factor, the catalyst, in digital transformations, as mentioned on i-SCOOP:

Although digital transformation is not just about customer-facing functions, it’s clear that in many transformation projects, the customer experience is a key driver and catalyst. In more IT-oriented projects, the same goes for the user experience and user adoption. Actual usage and adoption in fact is essential to make such projects succeed.

When I think of customer experience and digital transformation, I immediately think of Sitecore. Sitecore is all about customer experience management and its .NET based platform – with many integrations—including Dynamics AX, Microsoft’s ERP platform, etc. — provide a single, connected experience and allow marketers to create great brand experiences with every customer who engages digitally. Things like persona development and personalized content make them a no-brainer in reaching consumers in the digital age.

Regardless of your platform preference, join us on Wednesday, February 25, at 1 p.m. CT to learn how and why you should give customer experience more thought, no matter where you currently are in your digital transformation initiative.

]]>
http://blogs.perficient.com/microsoft/2015/02/customer-experience-drives-digital-transformation-webinar-225/feed/ 0
New Additions to the Office 365 Family http://blogs.perficient.com/microsoft/2015/02/new-additions-to-the-office-365-family/ http://blogs.perficient.com/microsoft/2015/02/new-additions-to-the-office-365-family/#comments Sat, 21 Feb 2015 01:11:25 +0000 http://blogs.perficient.com/microsoft/?p=25641 I’ll keep this post short and sweet in honor of Friday!

Now if you are an avid follower of Microsoft, you got to agree that the most fascinating news (other than stock news) about the company is their shift to the cloud with platforms and products like Azure and Office 365. With so much exciting features coming through it’s tough to keep track. We at Perficient here, have the privilege to work with the latest greatest and keep you updated with the same. The three new features which caught my attention last week provide a great enhancement to user experience, be it mobile or desktop. I discuss them briefly here

Office on iOS

Office 365 Message Encryption Viewer – This app allows you to open mail attachments and send back an encrypted reply. Microsoft verifies your identity to ensure you are who you say you are. Get a one time pass code on your phone.

image1

image2

Information Rights Management (IRM)

This allows you to secure your information by encrypting it and applying an intelligent policy. This is an integral part of Office 365 trust center. Allows only internal and/or external people to“act” on your documents. Plus you have capability to sync these protected document to One Drive for Business. Access it on your phone, desktop, or tablet. (read my post here for how One Drive for Business plays on your phone).

Branding

 Portal Sign In Page and Access Panel

Newly introduced sign in page and access panel allows company branding. OK, got to admit it’s not a whole lot but it does the job. You come in to your company sign in page and see custom image and text. Below you see the desktop and mobile versions for the sign in page.

Branding

Keep in mind, this is not the same as Office 365 portal branding. Users will see a branded sign in page when they visit a service with a tenant-specific URL such as https://outlook.com/contoso.com, or https://mail.contoso.com. If they visit a service with non-tenant specific URLs (such as https://mail.office365.com) they will see a non-branded sign in page. The sign in page will refresh to show your branding once users have entered their user ID or selected a user tile. Picture below shows you what is customizable on the sign in page and access panel

SignIn

Self Service password reset

Self-service password reset for end users is only available when you enable Azure AD Premium or Basic. Below is an extremely helpful information from office 365 team.

Sign-in-page-branding-3 (1)

Table

Outlook for iOS

Conversation View – Outlook organizes your email into conversations, where all messages with the same subject line are grouped together. To toggle your selection go to Settings > Organize Mail by Thread

Swipe gestures come natural when on a smartphone. I’m always amazed at how my toddlers use these gestures way more comfortably than I still do. Outlook lets you personalize these swipe gestures to match your unique preferences. Previously only available on iOS, this feature is now also available on Android. I’ve included various images of how all these features lay out on an iPhone – Conversation thread, Archive, Swipe Gestures, Clear Cache (one of my favorites)

O1

 

O4

 

O3

 

O2

 

O5

 

O6

 

 

 

(Source: Office 365 team blog, MSDN, Technet)

 

 

 

]]>
http://blogs.perficient.com/microsoft/2015/02/new-additions-to-the-office-365-family/feed/ 0