Office 365: To Federate or Not to Federate… that is the Question

Yesterday, Microsoft released a new version of their ‘DirSync’ utility (http://technet.microsoft.com/en-us/library/dn246918.aspx) which up until yesterday provided a basic ‘copy’ of your local Active Directory accounts (Active Directory Domain Service or ‘AD DS’) from your premises to the MS Cloud directory (referred to as ‘Azure Active Directory’) for Office 365 (and other Cloud apps such as Team Foundation Service (TFS Online).

This blog is written for those considering moving to Office 365 (or have moved to Office 365) but haven’t identified any other application in the organisation apart from Office 365 that requires Active Directory Federation Services and SAML/WS.Federation… [Keep reading] “Office 365: To Federate or Not to Federate… that is the Question”

SharePoint Online 2013 – Setting Default Account for Organization Browser

Earlier this week I have received a requirement to make use of the SharePoint OOTB Organization Browser that needs to set the default root account to be a specific user…well, there are plenty of blogs on using custom JS in MOSS or Sharepint 2010 for this purpose – glad that this hasn’t changed in SharePoint 2013. But this is SharePoint Online which adds some challenges:

  • The username is no longer in the format of Domain/LoginName
  • It is using claims based authentication through ADFS

Below are the steps you can follow to set the default account on the SharePoint Organization Browser.… [Keep reading] “SharePoint Online 2013 – Setting Default Account for Organization Browser”

SharePoint Online Web Service Authentication using WCF Client-side behaviour

With the release SharePoint in 2013 and the ever increasing numbers taking up the SharePoint Online offering, it’s a good time to start looking at some of the challenges when moving to these platforms.

SharePoint has traditionally been a presentation technology with its own unique SharePoint development model utilising SharePoint designer and custom Web Part development. With the latest release, SharePoint 2013 that development model has been challenged by a new autonomous development model where the complexities and constraints of SharePoint as a development and deployment platform has been replaced by a service oriented integration platform for multiple independently hosted applications.… [Keep reading] “SharePoint Online Web Service Authentication using WCF Client-side behaviour”

Use SkyDrive Pro as a SharePoint Content Replicator

What’s in a name?

SkyDrive Pro might be the worst named of all of the products to come out of Microsoft in a while. I sometimes think about the meetings that must happen in Redmond, Developers on one side of the room and Marketing on the other.

Marketing: “Yeah it’s just like SkyDrive where you can store all your files but more corporate because it links to SharePoint”
Development: “Huh? But it doesn’t have anything to do with SkyDrive”
Marketing: “Yeah but SharePoint is moving to the cloud and SkyDrive is in the cloud so it’s the same isn’t it?”… [Keep reading] “Use SkyDrive Pro as a SharePoint Content Replicator”

Office 365 Preview and Windows Azure Active Directory Rights Management

Recently I was asked to implement an Office 365 Preview for Enterprises tenant that would demonstrate the new functionality provided by Windows Azure Active Directory Rights Management (AADRM). Windows Azure Active Directory is the cloud identity management service that underpins Office 365 and many other Microsoft cloud products; you can read more about it here.

Rights Management Services (RMS) are a feature set that allows for the protection of information, regardless of where it goes or who it is sent to.… [Keep reading] “Office 365 Preview and Windows Azure Active Directory Rights Management”

Office 365 – Converting mailboxes to shared mailboxes

Office 365 introduces the concept of a shared mailbox. Shared mailboxes are free, as long as they are under 5GB in size.

There is plenty of documentation that describes the process to create a new shared mailbox, but how do you convert an existing licensed mailbox to a shared mailbox?

I have read through a number of Office 365 community forum threads that ask this question and provide a variety of methods to achieve this.… [Keep reading] “Office 365 – Converting mailboxes to shared mailboxes”

Office 365 – PowerShell Setup

PowerShell is the most important tool for Office 365 management and I find it helpful to have everything  just one click away. The following steps will give you a desktop shortcut to launch an Office 365 PowerShell session with the cmdlets loaded.

1. Install the Microsoft Online Service Sign-in Assistant and Azure Active Directory Module for Windows PowerShell available here

2. Save the following script to c:\o365.ps1:

[code language=”PowerShell”]
$Cred = Get-Credential
Import-Module MSOnline
Connect-MsolService -Credential $cred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange… [Keep reading] “Office 365 – PowerShell Setup”

Office 365 Smart Links

So you’re using Federated Identities with SharePoint Online…

You may have noticed that every 1-2 days you have to re-authenticate to SharePoint Online.  This is the result of an Office 365 security feature that defines a 10 hour SharePoint cookie expiration. This authentication behavior is different to BPOS SharePoint Online, where users would be prompted to authenticate one time only. If you have come from BPOS, this change in SharePoint authentication behavior is probably undesirable. If you were excited about a transparent ‘single sign-on’ experience with AD FS 2.0 and Office 365, you might even be a little disappointed.… [Keep reading] “Office 365 Smart Links”

Office 365 – AD FS 2.0 with multiple domains and subdomains

AD FS 2.0 Update Rollup 1 allows a single ADFS farm to support multiple top level domains for Office 365 federated authentication. Unfortunately, the default claim rules generated with RU1 do not support multiple top levels domains with subdomains.

“If however, you have multiple top level domains (@contoso.com and @fabrikam.com) and these domains also have sub domains (@sales.contoso.com and @sales.fabrikam.com) the “SupportMultipleDomain” switch will not work for the sub domains and these users will not be able to login.”

[Keep reading] “Office 365 – AD FS 2.0 with multiple domains and subdomains”

Configuring ASP.NET 4.5 for Windows Azure Active Directory

Yesterday, the Active Directory team announced the Developer Preview of Windows Azure Active Directory (AD). Windows Azure AD is Identity Management as a Service. Today, it is the identity provider for Office 365, Dynamics CRM Online, and Windows Intune. The Developer Preview enables developers to implement Web Single Sign-On (SSO) for Software as a Service, and line-of-business, and cloud applications.

With the new announcement, Vittorio Bertocci published a deep-dive article that describes Web SSO with Windows Azure AD.… [Keep reading] “Configuring ASP.NET 4.5 for Windows Azure Active Directory”