We get to work with the newest and coolest software all the time. One of the biggest selling point of Office 365 is the constant stream of new features and functionality. New builds of Exchange Online are pushed into Office 365 daily, therefore new features can show up at any time.

These constant updates do come at a cost. To date, the documentation for Office 365 has not kept up with the pace of change in the service. New features and functionality are often added into Office 365 with little to no documentation. This often means that we need to figure them out on our own.

Cross-forest permissions have long been one of the more difficult aspects of an Exchange Hybrid migration. Ensuring mailbox permissions are preserved can be a major undertaking.

Exchange Hybrid migrations did not support any sort of cross-forest mailbox permissions at first. After a couple of years Microsoft made it possible for full access permissions to work cross-premises.

Recently Microsoft has improved the cross-forest permissions story for Exchange Hybrid migrations. In this blog post, I’ll give you the information you need to set the different permissions in your Exchange Hybrid deployment.

As more IT services move to the cloud, the need for better security features will only increase. People want to be able to log in hassle-free, but organizations need strong authentication security. The fastest way for this move to cloud service to fail is going to be though a large security breach. Microsoft is aware of all these facts, and they are putting a lot of work into ensuring that logging into their cloud servers is both easy and secure.

Microsoft has been investing in security and identity features for Azure Active Directory. These new features are becoming Generally Available (GA) within Azure Active Directory. In this blog post I’m going to delve into some of the new identity protection features in Azure Active Directory.

In any IT organization there are administrative tasks that need powerful admin privileges. It's a good security practice that accounts should have the fewest permissions necessary, and only for the period of time they need them. But managing the temporary assignment of admin permissions becomes time consuming. As a result, many organizations assign them on a permanent basis, which is not ideal.

Furthermore, auditing the assignment of administrative permissions is a challenging task. Many of us have used custom scripts and third party reporting tools to keep track of permissions.

Recently I've been working on a project to package about 1500 applications for distribution through SCCM. To gather the information I need, I wrote a 50-question survey for a few hundred people to answer. The challenge was to get this survey to a large audience and turn the results into actionable information.

There are a variety of services available online for running surveys. This customer is using Office 365, so I wanted to make use of their existing resources. Today, Office 365 has two solutions for running surveys:

Conditional Access is a premium feature of Azure Active Directory that allows administrators to specify conditions under which users can authenticate into other cloud services. With conditional access, you can specify that a certain set of users can only authenticate to specific applications from specific IPs for example.

The hard part about conditional access is that it takes a lot of work to configure and test the policies. Ensuring that you know how a policy is going to affect your users is critical. In this blog post I’m going to look at a new tool in the Conditional Access line that helps with this problem. "Azure-Active Directory-Conditional Access-What If" gives administrators a new way to test Conditional Access policies to see what the effect of applying those policies will be.

There are several general practices that can help improve the chances of rolling out Microsoft Exchange updates successfully.

Administrators apply updates to correct issues, but there are times a patch itself will break the system. There is no single way to update and -- if things do not go as planned -- recover Exchange. Every organization has different versions and configurations for the messaging platform. Every Microsoft patch is different.

Some administrators let the memories of a bad patch linger and put off Exchange updates. Here are some tips to make this necessary chore less of a traumatic experience.

There are many ways you can manage and control the way your end-users connect to Office 365. Intune, and Azure Active Directory Premium are add-on feature sets for your Office 365 subscription that give you advanced controls for managing client access scenarios, but some customers want a lower level of control that they can implement without having to buy add-on licenses.

In this blog post, I am going to explore some new Client Access Rules that have recently been added into Exchange Online.

When disaster strikes and the Exchange Server crashes without a valid backup, an admin can make things far worse by making a hasty attempt to get the platform back online without careful planning.

Don't rush in and start immediate repairs with the command-line tool eseutil. While eseutil is a powerful tool for Exchange database repair work, use it wrong and it can make matters worse. Admins must understand the different functions of eseutil and when their use is appropriate.

The 70-345 exam for Exchange Server 2016 requires a significant investment of time and energy. Before you step onto the certification path, make sure there is a payoff down the road.

Ignite is Microsoft’s major conference for new announcements and training aimed at IT professionals. This year Ignite took place in Orlando, Florida the week of September 25th. I wasn’t able to make it to Orlando to be onsite for the conference this year, but it’s not that difficult to follow new announcements from Ignite from anywhere in the world.

In this blog post I’m going to give an overview of some of the announcements from Ignite around identity and authentication management for MS cloud services that caught my attention. I learned a lot by watching recorded sessions, hopefully I can pass some of that on here.

If there is anything consistent about Office 365, it's change. Not only do the services that you use all the time change constantly, but there are also new services added to Office 365 on a regular basis. Microsoft wants to build Office 365 into a complete business productivity suite, and they are doing that by making sure all your bases are covered.

Of course, the downside to this constant evolution of Office 365 is that someone needs to invest the time and effort into learning what the new services are, and what they do. The good news for your organization is that you work there, and you’re taking the time to read this blog.