Microsoft Enterprise Technologies Perficient is proud to be partnered with Microsoft Fri, 13 Mar 2015 21:32:21 +0000 en-US hourly 1 Copyright © Microsoft Community 2011 (Microsoft Enterprise Technologies) (Microsoft Enterprise Technologies) 1440 Microsoft Enterprise Technologies 144 144 Perficient is proud to be partnered with Microsoft Microsoft Enterprise Technologies Microsoft Enterprise Technologies no no Advanced Content Targeting in SharePoint – Part 2 Fri, 13 Mar 2015 15:58:04 +0000 This post is a continuation of my previous blog post explaining advanced content targeting using SharePoint search. We saw earlier how to implement a custom token for the logged in user which filters incoming content in the search index based on the user’s profile attributes. Today we are going to look into creating display templates to render custom result URLs. Before we begin let’s refresh our memory with the scenario here


An internal portal accessed by employees and contractors in three dozen locations comprising of countries and/or regions. Authoring takes place in a separate content site and content is rendered on the publishing site. All content is targeted with three important profile attributes -

a. Location (comprises of country and their region)
b. Role
c. Business Unit

Each piece of content/link takes the user to the publishing site keeping authoring unexposed to the end user. What this means for search results is

1. The results should be targeted based on user profile properties (mentioned above)
2. Customizing search results URL to point to publishing site
3. Customizing hover preview to display publishing pages (instead of the authoring site content pages)
4. Customizing Control template to implement custom paging


In the previous post we covered #1 above. This post will focus on #2.

By default all the search results points the user to the actual authoring pages which is (in this case) sitting in a separate site. Because the authoring site (usually) does not have any branding or targeting enabled, we do not want our users to lose their place in the navigation. In order to avoid that we came up with top level category pages with each of them having sub category sections which render page content from the authoring site. So in essence the publishing site URL for any piece of content will look like this:[categoryname].aspx#[subcategory]. The hash tag in the URL is to enable anchor links (bookmark) feature. It’s not relevant in this context so we’ll leave it out.

1. We declare the managed property mappings – Here we used RefinableString0 and RefinableString1 to map the category and sub category metadata fields.


2. Build a custom linkURL



3. This leads us to the html section to render the linkURL


4. And this is how the result URL look like


]]> 0
Office 365 – The Magic Behind The Hybrid Config Wizard (2010) Tue, 10 Mar 2015 15:00:04 +0000 Configuring Exchange hybrid prior to the Hybrid Configuration Wizard (HCW) is just a distant memory at this point. The process that was a painfully long configuration was greatly simplified with the release of the HCW with SP2 for Exchange 2010 back in May 2011.

As much as the HCW has made my job easier, I’m always a bit hesitant about black box processes. Since an early age, I’ve always been one that needed to know how things work under the hood.

So what does the wizard do?

What does it change?

What is the impact?

If you submitted a change control request stating that you’re going to “run the hybrid wizard”, you’re probably being asked these same questions.

For those that are implementing Exchange hybrid on a regular basis, what the wizard does should not be a mystery at this point. If you’re new to Exchange hybrid, I’ve outlined below the individual commands run by the wizard and areas where there might be potential risk.

My Process

I gathered this data by running the HCW on an Exchange server using the “-verbose” switch. I’ve excluded anything that was just a “Get-” command and pulled out only the commands where a change is being made. When you run the HCW, you’ll find the log file in “C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\“.

This was done on an Exchange 2010 SP3 UR8 server, it’s possible that the HCW changes with updates and it has slightly changed over the years.

Six Stages

There essentially are six stages of the Exchange 2010 HCW:
  • Check Prerequisites
  • Configure Legacy Exchange Support
  • Configure Recipient Settings
  • Creating Organization Relationships
  • Configuring Organization Relationship Settings
  • Configure Mail Flow
Within each section, there are commands run in the tenant or on-premises, I’ve outlined those in the sections below.

Stage 1: Check Prerequisites

Nothing is actually changed in this stage. As the name implies, it’s a prerequisite check where you’ll see a lot of “Get-” commands in the log but no actual changes.

Stage 2: Configure Legacy Exchange Support

This stage is executed if you have Public Folders in your environment.

The command below is executed in the on-premises environment to create a folder in the Public Folder hierarchy called “OU=EXTERNAL (FYDIBOHF25SPDLT)”. This folder is used for sharing of free/busy information cross-premises when you have Exchange 2003 in the environment.


Stage 3: Configure Recipient Settings

All of the commands in this stage are run in the on-premises environment.

First, the “coexistence domain” ( is setup as a remote domain and an accepted domain in the on-premises environment.

New-RemoteDomain -Name 'Hybrid Domain -' -DomainName ''
Set-RemoteDomain -Identity 'Hybrid Domain -' -TargetDeliveryDomain 'True'
New-AcceptedDomain -DomainName '' -Name ''

The coexistence domain is then added to the email addresses policies that contain the SMTP domains selected in the wizard and those email address policies are applied.

Set-EmailAddressPolicy -Identity [Recipient Policy] -EnabledEmailAddressTemplates [Proxy Addresses] -ForceUpgrade 'True'
Update-EmailAddressPolicy -Identity [Recipient Policy]

Potential Risk: If you’ve added Exchange 2010 to your environment to facilitate Exchange hybrid but your mailboxes are on a legacy version of Exchange (especially Exchange 2003), this is one to watch. Check out my post “Migrating From Exchange 2003? – Watch Those Address Policies!” for potential concerns about email addresses not compliant with your email address policies.

Stage 4: Creating Organization Relationships

In this stage, commands are run both on-premises and in the tenant in order to setup the trust with the Microsoft Federation Gateway (if you don’t have one already). Organization Relationships are also created between on-premises and the cloud to support free/busy between the two environments. These commands should have virtually no impact in your environment.

These are run on-premises:

Set-Federationtrust -RefreshMetadata -Identity 'Microsoft Federation Gateway'
Set-FederatedOrganizationIdentifier -DelegationFederationTrust 'Microsoft Federation Gateway' -AccountNamespace '' -Enabled 'True'
New-OrganizationRelationship -Name 'On Premises to Exchange Online Organization Relationship' -TargetApplicationUri '' -TargetAutodiscoverEpr '' -Enabled 'True' -DomainNames [SMTP Domains]

These are run in the tenant:

Set-FederatedOrganizationIdentifier -DefaultDomain ''
New-OrganizationRelationship -Name 'Exchange Online to on premises Organization Relationship' -TargetApplicationUri '' -TargetAutodiscoverEpr '' -Enabled 'True' -DomainNames [SMTP Domains]

Stage 5: Configuring Organization Relationship Settings

In this stage, commands are run both on-premises and in the tenant in order to enable the MRS Proxy (for mailbox moves) and configuration of the Organization Relationship for OWA redirection and free/busy. These commands should have virtually no impact in your environment.

These are run on-premises:

Set-WebServicesVirtualDirectory -Identity 'SERVER\EWS (Default Web Site)' -MRSProxyEnabled 'True'
Set-OrganizationRelationship -MailboxMoveEnabled 'True' -FreeBusyAccessEnabled 'True' -FreeBusyAccessLevel 'LimitedDetails' -ArchiveAccessEnabled 'True' -MailTipsAccessEnabled 'True' -MailTipsAccessLevel 'All' -DeliveryReportEnabled 'True' -TargetOwaURL '' -Identity 'On Premises to Exchange Online Organization Relationship'
Add-AvailabilityAddressSpace -ForestName '' -AccessMethod 'InternalProxy' -UseServiceAccount 'True' -ProxyUrl ''

These are run in the tenant:

Set-OrganizationRelationship -FreeBusyAccessEnabled 'True' -FreeBusyAccessLevel 'LimitedDetails' -MailTipsAccessEnabled 'True' -MailTipsAccessLevel 'All' -DeliveryReportEnabled 'True' -Identity 'Exchange Online to on premises Organization Relationship'

Stage 6: Configure Mail Flow

This stage configures the SMTP connectors in the on-premises environment and in Exchange Online Protection (EOP) in the tenant. These commands should have virtually no impact in your environment unless you are currently using EOP Standalone in which case there could be an impact to mail routing.

The commands below are run on-premises. A send connector called “Outbound to Office 365″ is created it send messages with your coexistence domain ( to EOP using TLS. A receive connector is created that is restricted to the source IPs for EOP. The remote domain for your coexistence domain is then configured so that the appropriate out-of-office (OOF) is sent cross-premises.

New-SendConnector -Name 'Outbound to Office 365' -AddressSpaces [Coexistence Domain] -SourceTransportServers [Servers] -Fqdn '' -RequireTLS 'True' -TLSAuthLevel 'DomainValidation' -TLSDomain '' -ErrorPolicies 'DowngradeAuthFailures'
New-ReceiveConnector -Server 'SERVER' -Name 'Inbound from Office 365' -RequireTLS 'True' -PermissionGroups 'AnonymousUsers' -Fqdn '' -TLSDomainCapabilities '' -Bindings [] -RemoteIPRanges [EOP IP Addresses] -AuthMechanism 'Tls'
New-RemoteDomain -Name 'Hybrid Domain -' -DomainName ''
Set-RemoteDomain -Identity 'Hybrid Domain -' -TrustedMailInbound 'True'
Set-RemoteDomain -Identity 'Hybrid Domain -' -TrustedMailOutbound 'True' -TargetDeliveryDomain 'True' -AllowedOOFType 'InternalLegacy' -AutoReplyEnabled 'True' -AutoForwardEnabled 'True' -DeliveryReportEnabled 'True' -DisplaySenderName 'True' -NDREnabled 'True' -TNEFEnabled 'True'

The commands below are run in the tenant. The remote domains in the cloud configured similar to the on-premises domains and then the hybrid mail flow is set. The “-CentralizedTransportEnabled” parameter here is dependent upon the option you selected during the wizard. When this is “True”, this means that messages from cloud users to the Internet are sent back on-premises as opposed to being sent direct from EOP to the Internet recipient.

New-RemoteDomain -Name 'Hybrid Domain -' -DomainName ''
Set-RemoteDomain -Identity 'Hybrid Domain -' -TrustedMailOutbound 'True' -AllowedOOFType 'InternalLegacy' -AutoReplyEnabled 'True' -AutoForwardEnabled 'True' -DeliveryReportEnabled 'True' -DisplaySenderName 'True' -NDREnabled 'True' -TNEFEnabled 'True'
New-RemoteDomain -Name 'Hybrid Domain -' -DomainName ''
Set-RemoteDomain -Identity 'Hybrid Domain -' -TrustedMailInbound 'True'
Set-HybridMailflow -SecureMailEnabled 'True' -CentralizedTransportEnabled 'False' -OnPremisesFQDN '' -CertificateSubject '' -InboundIPs [X.X.X.X] -OutboundDomains [SMTP Domains]

What About Exchange 2013?

The HCW process in Exchange 2013 is slightly different in a couple areas. Look for a similar analysis of that process in a future post.

Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.

]]> 0
Webinar Recap: @PIH Uses Office 365 for Global Collaboration Tue, 10 Mar 2015 00:06:21 +0000 Last week,Partners In Health Office 365 we were very fortunate to have one of our customers, Partners In Health (PIH), join us for a webinar. If you are not familiar with PIH, it’s a Boston based non-profit global healthcare organization with a mission to provide a preferential option for the poor in healthcare. PIH works with sister organizations that are based in settings of poverty to bring the benefits of modern medical science to those most in need, and also, to serve as an antidote to disappear.

Dave Mayo is a 25 year veteran of the technology industry, and for the last two years, Dave has been leading technology for Partners in Health. Together with Kent Larson, Director within Perficient’s Microsoft practice, and David Chapman, Director of Change Management within our Management Consulting practice, the three speakers spoke about the global deployment of Office 365 at PIH.

Many successful non-profits run lean, and PIH is no exception. Putting money back into the field for ten years equated to ten years of neglected technology. As Dave stated during the session, the non-profit organization was using decade-old hardware, which was failing, and failing fast. This was also spread across three email platforms. To add to that, email is mission critical for PIH… essentially a life and death type of application. PIH chose to partner with Microsoft and implement Office 365. Together, Perficient and Partners In Health have worked to successfully deploy Office 365 in some of the most remote areas of the world – think Malawi, Liberia, Rwanda.

It was a fantastic session from start to finish, and I encourage anyone interested to check out the replay here. You can also review the case study, which focuses on the Change Management aspect of the project.

To learn more about Partners In Health, visit

]]> 0
Managing the Skype Client UI in Skype for Business Mon, 09 Mar 2015 19:06:28 +0000 With Microsoft officially announcing that they will be upgrading Office365 to utilize the Skype for Business back-end, administrators will need to begin to take actions to prepare themselves and their users for the impact of this update.

Note: Since Skype for Business (hereafter, S4B) hasn’t been released to GA yet, this information is still pre-release and subject to change!

A few important things you should begin planning for:

Skype for Business will be provided as an update package to existing Lync 2013 clients

S4B will still remain “lync.exe” from an executable perspective and maintain the same major version number as Lync 2013. This greatly helps admins because Windows QoS policies should not need to be re-tooled and application whitelists will not need to be updated. Microsoft has not yet set a release date on the client update but an official announcement is likely to come soon.

Can I use Lync 2013 with a S4B Server?

The simple answer to this is “Yes!”. Lync 2013 clients will absolutely work when your user account is homed to a S4B pool. Remember that any new features of a S4B pool will not be presented to your user account until you update your client software from the Lync 2013 UI.

How do I control the UI presented to users?

This is a multi-faceted answer but largely boils down to two major points:

  1. If your Lync 2013 client has the latest S4B client update and your user account is homed on a S4B pool, upon first sign-in your client will automatically switch to the new S4B UI.
  2. If your Lync 2013 client has the latest S4B client update and your user account is homed on a S4B pool, you can override the automatic UI behavior by setting the EnableSkypeUI parameter within the Client Policies.

The EnableSkypeUI parameter, when set to $FALSE, ensures that the Lync 2013 UI is always used by any clients connecting to a S4B pool. This parameter is the only method you can use to ensure that the new Skype UI is not presented to users and can be controlled in a targeted fashion to help organizations manage a staged rollout of the new UI. I’ve included a table below that describes the various different combinations of clients, servers, and resulting client UI:

Client PlatformServer PlatformClient UI
Lync 2010Lync Server 2013Lync 2010
Lync 2010Skype for Business ServerLync 2010
Lync 2013Lync Server 2013Lync 2013
Lync 2013 (no S4B update)Skype for Business ServerLync 2013
Lync 2013 (S4B update)Skype for Business ServerSkype for Business
Lync 2013 (S4B update & EnableSkypeUI=FALSE)Skype for Business ServerLync 2013
Lync 2013 (S4B update & EnableSkypeUI=TRUE)Skype for Business ServerSkype for Business
Lync 2013 (S4B update & EnableSkypeUI=NULL)Skype for Business ServerSkype for Business
Skype for BusinessSkype for Business ServerSkype for Business
Skype for Business (EnableSkypeUI=FALSE)Skype for Business ServerLync 2013
Skype for Business (EnableSkypeUI=TRUE)Skype for Business ServerSkype for Business
Skype for Business (EnableSkypeUI=NULL)Skype for Business ServerSkype for Business

How does this effect Lync Online users?

Microsoft exerts total control over all policies and pools within Lync Online and have begun notifying customers that pending S4B upgrades will be coming within the next 90 days. Some organizations may not be ready to begin rolling out the new S4B UI but because Microsoft controls the pool upgrade process within Office365, there are limited options in controlling the client UI. Lync Online customers cannot customize Client Policies and all current Lync Online policies have a value of NULL for the EnableSkypeUI parameter. With the EnableSkypeUI parameter being NULL, clients will invoke the new UI if they have obtained the latest client update. At the current time there is no other recourse for Lync Online customers to prevent the Skype UI from being displayed, other than restricting the rollout of the latest client updates. I do believe that Microsoft will begin publishing additional client policies to allow organizations to disable the Skype UI, but customers will need to keep examining available client policies within Lync Online to discover which policies will be available:

Get-CsClientPolicy | Select Identity,EnableSkypeUI

What else should I know?

Microsoft continues to update TechNet with information regarding the upcoming Office365 updates. I strongly urge customers to examine the TechNet website for additional information and as always, I’ll update this post (or create additional posts) to reflect new changes as they are announced!

]]> 3
Advanced Content Targeting using SharePoint Search Fri, 06 Mar 2015 14:01:26 +0000 There are various ways to achieve content targeting in a content management system. In SharePoint, some common terms which are associated with this feature are Audience Targeting, Security Trimming, Metadata etc. Today I am going to share an example which we recently implemented for our customer and which required advanced targeting rules.


An internal portal accessed by employees and contractors in three dozen locations comprising of countries and/or regions. Authoring takes place in a separate content site and content is rendered on a publishing site. All content is targeted with three important profile attributes -

a. Location (comprises of country and their region)

b. Role

c. Business Unit

Each piece of content or even a link takes user to the publishing site keeping authoring unexposed to the end user. What this means to search is

a. Customizing search results URL to point to publishing

b. Customizing hover preview to display publishing pages

c. And most importantly the results should be targeted based on user profile properties (mentioned above)


In order achieve the above, we designed a custom solution extending content by search web part. This solution inserts a query token into the content search web part which filters the indexed content with logged in user’s profile attributes (Location, Role, Business Unit). (Credit goes to my colleague Ryan Selley for developing this robust solution)

First we’ll map managed properties to crawled properties for the taxonomy terms used to tag content.


Then we’ll create the custom web part in Visual Studio by extending content by search.


Then we’ll Generate a custom query variable to insert in the search query box.


Build this custom query token with logged in user’s profile properties in the BuildTAQuery()


This is how the query text looks in the search web part


With this token in place your content is now targeted on the user’s profile attributes. The logged in user will now only see content which has been tagged to their location, role, and business unit.

Happy targeted coding!

]]> 0
Office 365 – Microsoft’s “Cloud-First” Strategy In Action Wed, 04 Mar 2015 03:46:06 +0000 For the past year, we’ve heard Satya Nadella’s “cloud-first, mobile-first” vision from Microsoft. Some joke that they both can’t be “first” but let’s just call it priority “1A” and “1B”.

I see it every day in Office 365. Exchange Online has nearly a bi-weekly addition of features while the on-premises version lags behind. It makes sense too that at some point, Microsoft will have to decide that “feature X” will go into the next version of Exchange as there needs to be some incentive to purchase the next version. Meanwhile, the “evergreen” service of Exchange Online continues to receive updates.

In the past 24 hours, two examples popped up demonstrating this priority.

Example #1

The first was in regards to the Exchange Online feature called “Clutter”. Given the machine learning dependencies, this feature only exists in Exchange Online today and likely will not make it into the on-premises version of Exchange.

On Monday evening, a conversation popped up in the “Office 365 Network” on Yammer with essentially some complaints about Microsoft sending communications to Exchange Online users about Clutter. Within 24 hours, a Program Manager from Microsoft was responding to the questions and dialog continued, explaining some of the rational behind the behavior. A couple hours later, a feature announcement was released describing new admin functionality for Clutter: “Making Clutter in Office 365 even better“.

Now maybe the timing was just right as Microsoft obviously had been planning the admin features and it was even a roadmap item. Regardless, the access to the Office 365 team via Yammer and their prompt response is unprecedented in my opinion, nothing I’ve seen from any on-premises products. When you watch the Yammer conversations, you really get the sense that Microsoft is listening. If your organization uses Office 365, you should definitely be hooked into the Office 365 Network on Yammer.

Example #2

On the same day, the Exchange Team published a blog post (“Want more control over Sent Items when using shared mailboxes?“) about new functionality for shared mailboxes and sent items. It’s a pretty commonly requested feature that existed in Exchange 2010 and disappeared in Exchange 2013.

The release date for this functionality in Office 365 was stated as “now” or “very soon”. For on-premises Exchange 2013, it will come as part of CU9.

Microsoft has a release cadence of approximately 3-4 cumulative updates (CUs) per year. The current release of Exchange 2013 is CU7 with CU8 probably arriving in the next month or two which puts CU9 probably 6 months or more away. Then you have the usual delays before on-premises customers test and deploy the latest cumulative update (since we’ve all been burned before by being early adopters) and realistically most organizations aren’t running CU9 for probably 7-8 months.

So that’s your delta right now, about 7-8 months and by that point, we’ll have moved on and started talking about the next version of Exchange.


There are examples of Microsoft’s “cloud-first” strategy everywhere, look no further than the Office 365 Roadmap for great examples of what’s to come. While these two examples may seem somewhat minor compared to some of the blockbuster features available in the cloud, they demonstrate the agility of the cloud service and why migrating to Exchange Online will be your last mail migration.
Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.

]]> 0
Free Microsoft Training with the “Know it. Prove it.” Challenge Tue, 03 Mar 2015 17:00:51 +0000 Know It. Prove It. 28 days to rock your tech skills.Microsoft Virtual Academy held the “Know it. Prove it.” 28-day challenge during the month of February 2015. The challenge was a month-long learning binge with 8 challenge tracks to choose from. Along with more than 55,000 people around the globe; I rocked the challenge during the month of February and leveled up my skills. As an overachiever, I actually completed 2 challenges and learned a lot. Even though the challenge is technically over, you can still commit to and complete these challenges, so there’s still plenty of time if you haven’t started one yet.

What is Microsoft Virtual Academy?

The Microsoft Virtual Academy is a website that provides Free webcast training on pretty much all of Microsoft’s technologies. The site has been around for years, and has quite the extensive catalog of content ranging from Beginner topics to more advanced topic with Windows Server, Azure, SharePoint, Visual Studio and even game development. Even though this site has been around for years, there’s still a lot of IT professionals that don’t know about it. The “Know it. Prove it.” challenge has definitely brought a lot of visibility to this great resource that all IT professionals can easily take advantage of.

Did I mention it’s completely Free?

What is the “Know It. Prove It.” Challenge

The “Know It. Prove It.” Challenge ran for the month of February 2015; only a short 28 days. Each challenge track is made up of content designed to take only 1 hour a day to complete.

Know It. Prove It. Challenge TracksThe Challenge tracks are:

  1. Cloud Development - everything Azure (there’s a lot!)
  2. Game Development – 2D and 3D game development for Windows 8
  3. Mobile Development – building Windows Store apps with C# and Cross-Platform development with Xamarin & Visual Studio
  4. Web Development – building apps with HTML5, JavaScript, CSS3, jQuery, ASP.NET MVC and Bootstrap
  5. Hybrid Cloud – Windows Server 2012, Azure and cloud automation
  6. Identity & Access Management – Windows Server 2012 Active Directory, Windows 8.1 Security, Azure VPN & RemoteApp
  7. Office 365 – Office 365, Exchange Online, SharePoint Online, Lync Online, Active Directory Federation and more
  8. SharePoint – SharePoint 2013 configuration, management and development

There’s a challenge track for you, whether you’re an IT Pro or a Developer.

My Experience

Luckily, I found out about the “Know it. Prove it.” challenge at the end of January, so I was actually able to start 2 days early. Actually on that first day, I binged for about 6 hours of the Web Development challenge. Due to this head start I decided to take on both the Web Development and SharePoint challenges. I really had to push through at times (stay up late, get up early, etc) but I persevered and completed both challenges.

My Completed Challenges

Tip Saving Tip: I actually played some of the videos at 2x speed so I could get through them more quickly.

As I progressed through the challenges I alternated between the two so I wouldn’t get burned out from an overload of 1 topic. This also helped me retain more of the knowledge transfer by only doing approximately 1 hour of each challenge per day.

After going through both the Web Development and SharePoint Challenges, I must say that the content is amazing! These are high quality webcasts authored by subject matter experts. While I only went through 2 of the 8 challenges, I have absolutely no doubt that the rest are just at top notch as these two.

In case you’re interested, here’s a link to my Microsoft Virtual Academy profile, listing the courses that I’ve completed:

Challenge Results

The overall challenge results are amazing! There were over 55,000 people who signed up for “Know It. Prove It.” with over 39,000 who signed up for at least 1 challenge. Of those people that signed up, there were over 53,000 challenges started; which means thousands of people started multiple challenged!

Andrew Parsons is the one running the challenge, and he posted an end of “Know It. Prove It.” blog post summarizing these results. Here’s the exact numbers he posted:

So, the numbers. You know what’s amazing? People were still signing up for Know it. Prove it. right up until the end (and even today we saw hundreds sign up!). A lot of you finished your challenges in the last week. And even more of you managed to finish at least one course in their challenges. So, just how many are we talking about?

  • 55,425 people signed up for Know it. Prove it.
  • 39,197 KiPi participants signed up for at least one challenge.
  • 8,880 KiPi participants completed a course.
  • 4,641 KiPi participants completed an entire challenge.

Over 55,000 people? That’s crazy! And almost three quarters of you went on to sign up for a challenge? That’s amazing! And more than four and a half thousand people completed an entire challenge, filling up their little badge all green? I. AM. IMPRESSED.

Oh, and the other number I’ve referred to previously? There were over 53,000 challenges started. 14,000 extra challenges. That means, thousands of you did more than one challenge!

Another amazing thing about the challenge is the number of people from countries all over the world who participated. Additionally, along with Andrew, I am super impressed. Not just with the challenge and it’s participants, but also with Andrew Parsons who put together an amazing challenge. WAY TO GO, ANDREW!

Click here for the full challenge results post.

You can still rock your skills!

Even though the “Know It. Prove It.” challenge has technically ended, you can still take part as the challenges and content are still available at the link below:

While the content will remain on the Microsoft Virtual Academy website, the “Know It. Prove It.” Challenge will only be available until March 25, 2015. Here’s what Andrew Parsons posted about the Challenge availability:

So, as I mentioned, I highly encourage you to add your challenge courses to your MVA Learning Plan. When we hit March 25, we’re going to shut down Know it. Prove it. for a while. That’s because there’s something new coming and we need to make space for it. But it also means you won’t have easy access to those courses unless you add them to your Learning Plan.

Did you start and/or complete a challenge?

If you’ve started or completed a challenge, or even are just starting one now, I’d love to hear from you! Please post a comment on this post.

]]> 0
Office 365 – Azure AD Sync: Did You Know? Tue, 03 Mar 2015 16:00:59 +0000 brain_gears_shutterstock_wordpressIt’s been about six months since “Azure AD Sync” (often called “AADSync”) was made generally available with the intended purpose to replace the previous DirSync tool. In addition to an overhaul under the hood, AADSync brought with it new features such as support for multiple Active Directory forests.

If you’re configuring Directory Synchronization for the first time, it is recommended to use AADSync instead of DirSync. If you have an existing DirSync environment, you might find that AADSync fills some requirements that DirSync does not.

Below are 10 quick little tidbits you might not have known about Azure AD Sync.

What’s in a Name?

Aside from “Azure AD Sync / AADSync” being a tongue-twister for consultants, I’ve found that it’s not uncommon for there to be confusion about what AADSync is. While it has “Azure” in the name, it’s still a locally installed product running on a server in your environment. It’s not a cloud service, it’s an updated version of the DirSync product you’re probably familiar with. Yes, that server could technically be running in Azure IaaS but now we’re just playing word games.

Upgrading from DirSync / FIM

Running DirSync or FIM with the Office 365 MA today? There is a migration process for you although it’s basically just installing the new AADSync product and disabling the old sync product. You can technically install them on the same server but given it’s probably on a virtual server, I prefer to install side-by-side on another virtual machine. If you’re feeling real cautious, create a new service account in the tenant and disable the old one at the time of cutover. Microsoft has a little guidance on the migration process: Moving from DirSync or FIM to Azure Active Directory Sync

Forcing a Synchronization

If you’ve been running DirSync for any length of time, your fingers are well trained at typing the command “Start-OnlineCoexistenceSync“. In some odd decision that seems to be a step backwards, you force a sync in AADSync using a command-line utility and not PowerShell. Yes, a command-line utility.

To force a sync, navigate to “C:\Program Files\Microsoft Azure AD Sync\Bin” and run:

DirectorySyncClientCmd.exe delta” for a delta sync and…
DirectorySyncClientCmd.exe initial” for a full sync

Not sure of the logic here, hopefully this is changed at some point and this is moved back into PowerShell.

Undocumented PowerShell Module

Despite the requirement to use the command-line to force a sync, there is in fact a PowerShell module for AADSync; the name of the module is “ADSync” (yes, one “A”). There appears to be 61 commands in the module, unfortunately there is almost no documentation on the syntax. You can gain insight into the syntax for some of the commands by exporting out your sync rules when configuring filtering.

Forcing a Password Sync

Like DirSync, the Password Sync process happens out-of-band from the general sync process. While the article “How to Use PowerShell to Trigger a Full Password Sync in Azure AD Sync” sounds encouraging, you’re currently presented with these detailed instructions:

You can sync password by using the PowerShell module and these instructions: How to Use PowerShell to Trigger a Full Password Sync in Azure AD Sync

Sync Rules Editor

Hidden in “C:\Program Files\Microsoft Azure AD Sync\UIShell” is “SyncRulesEditor.exe” which allows you to customize the synchronization rules. The interface is a bit “Resource Kit like” but it’s very powerful and mandatory in any type of complex multi-forest environment.

When to Use Full SQL

With DirSync, the guidance was always to use SQL when you had more than 50,000 objects in your Active Directory. With AADSync, this number is now 100,000 objects although it’s an estimate and the true limitation is the 10 GB database size limit with the embedded SQL Server Express. SQL Server 2008 to SQL Server 2014 is supported if you exceed the object limit.

Skipping the Initial Sync

Almost never do I select the option to kick off a sync during the initial configuration. I usually want to work on creating some filters and such to test out the process before I’m creating thousands and thousands of objects. If you skip the initial sync, you should be aware that the scheduled sync process (running as a task in the Windows Task Scheduler) will be disabled. So if you want the 3 hour scheduled sync to occur, you’ll need to go enable the task called “Azure AD Sync Scheduler”.

Service Account Permissions

If you install AADSync with the intention of using “Password Sync”, “Password Writeback” or “Exchange Hybrid”, you should be aware that the necessary permissions are not assigned in Active Directory. Those permissions are called out in the installation instructions: Install the AADSync Service.

Azure Active Directory Connect

…and after all this, Microsoft has a new tool coming for Directory Synchronization. I see it as more of a wizard of sorts but the idea is to make installing AADSync and AD FS easier for organizations to deploy. The plan appears for the new tool, “Azure AD Connect“, to actually replace AADSync although I suspect AADSync is just bundled in the install. I’m not real excited about this product just yet, what we have today seems to work. Trying to use a wizard-based application to remotely install AD FS on servers via WinRM (including machines in a DMZ) seems like we’re trying to make it too simplified and ultimately less flexible. I envision spending more time troubleshooting WinRM and firewall rules than it would normally take me to deploy an AD FS farm. Time will tell, this product is currently in preview with release expected later this year.
Did you find this article helpful?

Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.

Looking to do some more reading on Office 365?

Catch up on my past articles here: Joe Palarchio.

]]> 0
Webinar: How the Microsoft Cloud Helps @PIH Improve Global Health Fri, 27 Feb 2015 17:33:24 +0000 Many nonprofits (and cerpihtainly other organizations as well) would likely share the same sentiment as Partners In Health (PIH) – due to the mission at hand, resource allocation, more often than not, prioritizes the needs of people over systems. It’s not all that surprising that this can lead to disbanded communication systems. Systems that, over time, become expensive to maintain and increasingly deficient.

This was the situation Partners In Health faced, and they are solving it by migrating to Office 365. PIH is a Boston-based nonprofit that delivers high-quality health care and serves impoverished communities around the world. Through the move to Office 365, they now have a single, reliable platform for colleague interactions and can more effectively focus on the mission, improving the quality of health and meeting the needs of underserved populations.

More from a recent news release:

Deployment of Office 365 across sites in Africa, Haiti, Mexico, Peru, Russia and the U.S. will further Partners In Health’s mission to provide a preferential option for the poor in health care. It will also enhance cross-site communication and collaboration as the organization responds to the Ebola outbreak in West Africa. Cloud-based storage allows documents to be accessed at any time from any device in any setting, including those where bandwidth is limited. With a common email platform, information may be shared seamlessly among colleagues, partners and all others involved in the fight against illness and poverty.

This migration included including a transition to Exchange Online for company-wide communication, Azure-hosted ADFS for identity management, and SharePoint Online for document storage and collaboration.

We’re fortunate to have assisted PIH with this deployment, and are excited to host a webinar next week, on Wednesday, March 4 at 1 p.m. CT, How Partners In Health Is Using the Microsoft Cloud to Improve Global Health.

During the session, PIH’s CIO Dave Mayo, as well as Kent Larson and David Chapman from Perficient, will share details around the challenges the organization faced prior to moving to Office 365 and how the Microsoft Cloud has impacted their ability to share information and collaborate across the globe, even in the most remote locations. They’ll also discuss how change management played an important role in a successful deployment.

For more about PIH or to make a contribution to help the organization transform global health, visit


]]> 0
What To Call Your My Site Thu, 26 Feb 2015 12:00:21 +0000 Use “Your” instead of “My” when labeling things that are considered belonging to a user!

Possessive pronoun labels on a website (or computer) should be considered part of communication from the website to the user, as that fits the mental model most people construct subconsciously when reading text on a website. The website is communicating to you, the user. Years of consistent usage has trained us to understand that “My” means something that belongs to me, the user, so we are not completely confused when we see “My”. However, it does come with a small cognitive load penalty, as the user has to do a little thinking to understand what is meant.

The word “My” has been replaced by “Your” as a label from most popular websites over the years. Amazon uses “Your Account” instead of “My Account”, and Microsoft changed “My Computer” in Windows XP to just “Computer” in Windows 7 and now “This PC” in Windows 8. Many sites that present content specific to the individual user will even display your name as the modifier, like “Matt’s Account”.

my_computer computer7 this_pc

One concept that has resisted the change is the “My Site” in SharePoint. Microsoft has eliminated the use of “My” in the front-end labels in SharePoint 2013 and Office 365, although on the back-end the feature is still called “My Site”. Additionally, the default URL associated with the feature is still “my”, leading to many SharePoint instances that still include the word in the URL and nowhere else. Your default profile page is “Person.aspx” and the text cues refer to the content as “your profile”, so clearly somebody gets it. Microsoft recommends a separate web application for the My Site Host, and a managed path for all the personal site collections, so you have 2 labels you need to come up with in order to properly deploy your my site- see how confusing “your my site” looks?

“Your” does not make sense in this case as the sites are not just for you but also for others to access. I recommend “people” as the subdomain for your my site web application, with “personal” (or just “p”) as the managed path for the personal site collection. This way you end up with a nice URL like “” or “”. Those of us on the implementation side can help by referring to these sites as “personal sites”, even while we continue activate the My Site feature as administrators.

If you don’t follow my recommendations on naming your my site, at least, I implore you to drop the word “my” everywhere you can!

My References:


]]> 0