Understanding Outlook Auto-Mapping

Auto-mapping is an Exchange & Exchange Online feature, which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client. The setting is configurable by an Administrator when Full Access permissions are assigned for a user. Once enabled, the periodic Autodiscover requests from the Outlook client will determine which mailboxes should be mapped for a user. Any auto-mapped mailboxes with be opened by the Outlook client in a persistent state and cannot be closed by the user.… [Keep reading] “Understanding Outlook Auto-Mapping”

Modern Authentication updates for Office 2013 (MSI-based)

Earlier this year, Office 2013 Modern Authentication using the Active Directory Authentication Library (ADAL) moved to public preview. The steps to take part in the preview and to prepare the Office 2013 software are well documented, particularly by one of my fellow Kloudies (see Lucian’s blog here).

However, you may find that despite creating the registry keys and installing the required updates, Modern Authentication is still not working – something I recently encountered with MSI-based installations of Office 2013 SP1 in a Windows 7 SOE.… [Keep reading] “Modern Authentication updates for Office 2013 (MSI-based)”

Office 365 SSO: Configuring multiple Office 365 tenants to use a single AD FS instance

Q: Can multiple Office 365 tenants use a single AD FS instance to provide SSO?

A: Yes


  • Office 365 tenant 1 is configured with the domain contoso.com
  • Office 365 tenant 2 is configured with the domain sub.contoso.com
  • Single Active Directory Forest with multiple UPNs configured (contoso.com and sub.contoso.com)
  • Single AD FS instance including an AD FS Proxy/Web Application Proxy published with the name sts.contoso.com
  • Two instances of Azure ADConnect configured with container filtering to ensure users are only synchronised to a single tenant

Configuring SSO

The Federation Trust for Tenant 1 is configured by establishing a Remote PowerShell session (with the Azure Active Directory Module loaded) and running the standard ‘Convert-MsolDomainToFederated’ cmdlet:

[code]Convert-MsolDomainToFederated -DomainName contoso.com… [Keep reading] “Office 365 SSO: Configuring multiple Office 365 tenants to use a single AD FS instance”

Using a Proxy with Azure AD Sync Services

In this blog I am going to cover some tips and tricks for using Azure AD Sync Services with a proxy… including the specific URLs required for whitelisting, the proxy settings used during the installation, configuration and running of the tool, and a workaround for apps that do not support authenticating proxies.

URL Whitelisting

It is generally recommended to whitelist all the Office 365 URLs to bypass proxy infrastructure as this provides the best performance and avoids issues with applications that are not compatible with an authenticating proxies (OneDrive for Business client installations, Exchange Hybrid services, Azure AD Sync Services and so on…).… [Keep reading] “Using a Proxy with Azure AD Sync Services”

Azure Active Directory Synchronization Services: How to Install, Backup & Restore with full SQL

Microsoft recently released the latest version of the Directory Synchronisation tool; Azure Active Directory Synchronisation Services (AADSync). The “one sync to rule them all” is likely going to be your first choice for synchronising identities to the Microsoft cloud.

Installing and configuring the tool is relatively straight forward for the majority of deployments and this process is well documented at the Microsoft Azure Documentation Centre. If your organisation has a large number of identities (100,000+), Microsoft recommends deploying the AADSync tool with a full installation of SQL.… [Keep reading] “Azure Active Directory Synchronization Services: How to Install, Backup & Restore with full SQL”

Office 365 – Converting mailboxes to shared mailboxes

Office 365 introduces the concept of a shared mailbox. Shared mailboxes are free, as long as they are under 5GB in size.

There is plenty of documentation that describes the process to create a new shared mailbox, but how do you convert an existing licensed mailbox to a shared mailbox?

I have read through a number of Office 365 community forum threads that ask this question and provide a variety of methods to achieve this.… [Keep reading] “Office 365 – Converting mailboxes to shared mailboxes”

Office 365 – PowerShell Setup

PowerShell is the most important tool for Office 365 management and I find it helpful to have everything  just one click away. The following steps will give you a desktop shortcut to launch an Office 365 PowerShell session with the cmdlets loaded.

1. Install the Microsoft Online Service Sign-in Assistant and Azure Active Directory Module for Windows PowerShell available here

2. Save the following script to c:\o365.ps1:

[code language=”PowerShell”]
$Cred = Get-Credential
Import-Module MSOnline
Connect-MsolService -Credential $cred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange… [Keep reading] “Office 365 – PowerShell Setup”

Office 365 Smart Links

So you’re using Federated Identities with SharePoint Online…

You may have noticed that every 1-2 days you have to re-authenticate to SharePoint Online.  This is the result of an Office 365 security feature that defines a 10 hour SharePoint cookie expiration. This authentication behavior is different to BPOS SharePoint Online, where users would be prompted to authenticate one time only. If you have come from BPOS, this change in SharePoint authentication behavior is probably undesirable. If you were excited about a transparent ‘single sign-on’ experience with AD FS 2.0 and Office 365, you might even be a little disappointed.… [Keep reading] “Office 365 Smart Links”

Office 365 – AD FS 2.0 with multiple domains and subdomains

AD FS 2.0 Update Rollup 1 allows a single ADFS farm to support multiple top level domains for Office 365 federated authentication. Unfortunately, the default claim rules generated with RU1 do not support multiple top levels domains with subdomains.

“If however, you have multiple top level domains (@contoso.com and @fabrikam.com) and these domains also have sub domains (@sales.contoso.com and @sales.fabrikam.com) the “SupportMultipleDomain” switch will not work for the sub domains and these users will not be able to login.”

[Keep reading] “Office 365 – AD FS 2.0 with multiple domains and subdomains”