The new Azure AD Connect built in user filter: adminDescription.

14th of July, 2016 / / 7 Comments

tl;dr

Really? I need to shorten an already short post? Well, you’re welcome Generation-Y.

  • New Azure AD Connect user filter
  • Inbound rule
  • Leverages ADDS attribute: adminDescription
  • Add in a value with a prefix of User_ or Group_ to filter out that object

***

Azure AD Connect, like previous version of the directory synchronisation application, is able filter users, groups or contacts that are synchronised to Azure AD / Office 365 through a number of methods. The Microsoft Azure documentation page – –

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-configure-filtering/

[Keep reading] “The new Azure AD Connect built in user filter: adminDescription.”

Driving innovation & user experience using Kano model

27th of June, 2016 / / No Comments

How often are you asked to jump straight into design without doing any research? Well, it happens to me quite often. Reason – lack of time or budget.

No matter how tight the budget or timeline is, I always recommend to do some research beforehand. And  if “how to do it in a cheap and efficient way?” your question, then here is how:

I stumbled upon Kano model in my MBA book – an incredible technique used by many businesses to discover, classify and integrate consumer needs into the products and services they offer.… [Keep reading] “Driving innovation & user experience using Kano model”

Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector

23rd of June, 2016 / / 5 Comments

Back in March, my colleague Darren Robinson published this post which nicely explains how to use Søren Granfeldt’s FIM/MIM PowerShell MA to manage SharePoint Online profiles. While Darren’s post covers everything you need to connect to SPO and manage user profiles via FIM/MIM, some of your clients may prefer to use the Microsoft equivalent for reasons of perceived support and product quality. This post will cover off what is required to get the Connector up and running.… [Keep reading] “Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector”

Office365 & Windows 10 Profile Pictures

20th of June, 2016 / / 2 Comments

At a customer recently, we were asked if we could provide a non-technical way of controlling profile pictures for both Office 365 and Windows 10. So straight away I thought, time for some PowerShell. I came up with the solution of having a number of shares on a server, which can be permission’d as required…

.\Source – for adding images
.\Replace – if a user wanted to change their picture
.\Remove – if a user opted out of the profile picture setup

As this was a new setup, I requested that they name the images UPN.jpg,… [Keep reading] “Office365 & Windows 10 Profile Pictures”

Powershell Status Reporting on AAD Connect

6th of June, 2016 / / 1 Comment

Recently, I had a customer request the ability to quickly report on the status of two AAD Connect servers.

Since these two servers operate independently, it is up to the administrator to ensure the servers are healthy and they are operating in the correct configuration modes with respect to each other.

Typically, if you’re going to spend money operating two AAD connect servers, it make sense they both are enabled with their import cycles but only one runs in ‘Normal’ mode (i.e.… [Keep reading] “Powershell Status Reporting on AAD Connect”

Change ring tone behaviour with a Sonus SBC and SIP trunk provider

27th of May, 2016 / / 2 Comments

I recently had an issue with calls originating from a SIP trunk provider to Skype for Business Server(s) that needed to change who supplied the ring back tone. This would have been a much simpler process with ISDN, but SIP trunks are a much more involved PSTN connection. If you’re having problems with ring back this should help provide a quick troubleshooting step to expose a problem in this area. This article specifically describes what to change in Skype for Business and Sonus 1000/2000 SBC to get the desired outcome with a SIP trunk.… [Keep reading] “Change ring tone behaviour with a Sonus SBC and SIP trunk provider”

Configuring Proxy for Azure AD Connect V1.1.105.0 and above

24th of May, 2016 / / 8 Comments

My colleague David Ross has written a previous blog about configuring proxy server settings to allow Azure AD Sync (the previous name of Azure AD Connect) to use a proxy server.

Starting with version 1.1.105.0, Azure AD Connect has completely changed the configuration steps required to allow the Azure AD Connect configuration wizard and Sync. Engine to use a proxy.

I ran into a specific proxy failure scenario that I thought I’d share to provide further help.… [Keep reading] “Configuring Proxy for Azure AD Connect V1.1.105.0 and above”

Configuring Intune Service to Service Connector for Exchange Online with a Service Account

4th of May, 2016 / / 2 Comments

If you are considering the use of Intune Conditional Access with Exchange Online it is generally recommended that you configure the Intune Service to Service Connector.  While it is not mandatory, it does provide your Intune Administrators the ability to report on the effectiveness of the Conditional Access Policies on your mobile ActiveSync clients within your Exchange Online environment.  In addition, if you wanted to enforce the use of the Outlook iOS/Android app using Exchange ActiveSync policies, as per my previous blog post here, setting up the connector would allow you to configure the ActiveSync access rules straight from the Intune Admin Portal.… [Keep reading] “Configuring Intune Service to Service Connector for Exchange Online with a Service Account”

WPAD and Proxy Auth Cause Exchange HCW to Fail

4th of May, 2016 / / No Comments

A recent conversation with a colleague reminded me of an issue I’ve faced a number of times (and forgotten to blog about) when running the Exchange Hybrid Configuration Wizard (HCW) on Exchange 2010 or 2013 in an environment where Web Proxy Autodiscovery Protocol (WPAD) is used.

The Problem

The most common scenario where I’ve seen this come into play is along the lines of this:

  1. WPAD is used to distribute Proxy.PAC to client machines
  2. Customer permits direct connection from Exchange servers to Internet
  3. From an elevated command prompt, run “netsh winhttp reset proxy” to ensure a direct connection
  4. Change Internet Options settings from “Automatically detect settings” to “Disabled”
  5. Browse to a site restricted by the proxy to confirm proxy bypass is working
  6. Can connect to Exchange Online using Remote PowerShell
  7. Run the HCW but it fails with the following error in the logs:
    ERROR : System.Management.Automation.RemoteException:
[Keep reading] “WPAD and Proxy Auth Cause Exchange HCW to Fail”

Enforcing Outlook App in Exchange Online and Intune Conditional Access

29th of April, 2016 / / 25 Comments

[UPDATE 23/11/16] Microsoft have announced a new method of doing what I describe in this blog post.  Matt Shadbolt from the Intune Engineering team has a nice blog post that describe how to use this new process, based on Intune MAM policies.  The below information is still useful though if you want to do more specific restrictions (e.g. iOS vs Android native clients).

What is Intune Conditional Access?

Intune Conditional Access is a pretty neat feature that allows administrators to enforce compliance policies to devices prior to allowing them access to sync their mail with Exchange Online.  … [Keep reading] “Enforcing Outlook App in Exchange Online and Intune Conditional Access”