With the influx of cloud services integrating with on-premises products, many Exchange administrators wonder what...
Read MoreThe move to the cloud often means that we need to learn new ways to manage access to cloud based resources. The methods of delegating administrative control we are accustomed to on-premises are often no longer applicable to cloud-based resources.
Office 365 has long had built in admin roles that can be used to delegate levels of permissions to administrators. The screenshot below shows the current built in admin roles available in Office 365.
Read MoreAs Exchange administrators we tend to think about servers, networks, and datacenters. While all that is important, the end-users think of email as the client experience. In other words, is Outlook running nicely, or is it running slowly?
One of the biggest factors that influences Outlook performance is caching.
Read MoreWe get to work with the newest and coolest software all the time. One of the biggest selling point of Office 365 is the constant stream of new features and functionality. New builds of Exchange Online are pushed into Office 365 daily, therefore new features can show up at any time.
These constant updates do come at a cost. To date, the documentation for Office 365 has not kept up with the pace of change in the service. New features and functionality are often added into Office 365 with little to no documentation. This often means that we need to figure them out on our own.
Read MoreCross-forest permissions have long been one of the more difficult aspects of an Exchange Hybrid migration. Ensuring mailbox permissions are preserved can be a major undertaking.
Exchange Hybrid migrations did not support any sort of cross-forest mailbox permissions at first. After a couple of years Microsoft made it possible for full access permissions to work cross-premises.
Recently Microsoft has improved the cross-forest permissions story for Exchange Hybrid migrations. In this blog post, I’ll give you the information you need to set the different permissions in your Exchange Hybrid deployment.
Read MoreAs more IT services move to the cloud, the need for better security features will only increase. People want to be able to log in hassle-free, but organizations need strong authentication security. The fastest way for this move to cloud service to fail is going to be though a large security breach. Microsoft is aware of all these facts, and they are putting a lot of work into ensuring that logging into their cloud servers is both easy and secure.
Microsoft has been investing in security and identity features for Azure Active Directory. These new features are becoming Generally Available (GA) within Azure Active Directory. In this blog post I’m going to delve into some of the new identity protection features in Azure Active Directory.
Read MoreIn any IT organization there are administrative tasks that need powerful admin privileges. It's a good security practice that accounts should have the fewest permissions necessary, and only for the period of time they need them. But managing the temporary assignment of admin permissions becomes time consuming. As a result, many organizations assign them on a permanent basis, which is not ideal.
Furthermore, auditing the assignment of administrative permissions is a challenging task. Many of us have used custom scripts and third party reporting tools to keep track of permissions.
Read MoreRecently I've been working on a project to package about 1500 applications for distribution through SCCM. To gather the information I need, I wrote a 50-question survey for a few hundred people to answer. The challenge was to get this survey to a large audience and turn the results into actionable information.
There are a variety of services available online for running surveys. This customer is using Office 365, so I wanted to make use of their existing resources. Today, Office 365 has two solutions for running surveys:
Read MoreConditional Access is a premium feature of Azure Active Directory that allows administrators to specify conditions under which users can authenticate into other cloud services. With conditional access, you can specify that a certain set of users can only authenticate to specific applications from specific IPs for example.
The hard part about conditional access is that it takes a lot of work to configure and test the policies. Ensuring that you know how a policy is going to affect your users is critical. In this blog post I’m going to look at a new tool in the Conditional Access line that helps with this problem. "Azure-Active Directory-Conditional Access-What If" gives administrators a new way to test Conditional Access policies to see what the effect of applying those policies will be.
Read MoreThere are several general practices that can help improve the chances of rolling out Microsoft Exchange updates successfully.
Administrators apply updates to correct issues, but there are times a patch itself will break the system. There is no single way to update and -- if things do not go as planned -- recover Exchange. Every organization has different versions and configurations for the messaging platform. Every Microsoft patch is different.
Read MoreSome administrators let the memories of a bad patch linger and put off Exchange updates. Here are some tips to make this necessary chore less of a traumatic experience.
Read MoreThere are many ways you can manage and control the way your end-users connect to Office 365. Intune, and Azure Active Directory Premium are add-on feature sets for your Office 365 subscription that give you advanced controls for managing client access scenarios, but some customers want a lower level of control that they can implement without having to buy add-on licenses.
In this blog post, I am going to explore some new Client Access Rules that have recently been added into Exchange Online.
Read MoreI have long been interested in encryption. I started off my IT career in the United States Marine Corps where I had a Top-Secret security clearance and frequently worked with classified message traffic. During this time, I learned a lot about the rules of encryption and security. Most of what I learned, however, is that encryption is incredibly hard to do correctly.
Read MoreIn a previous series of blog posts, I started exploring Azure Resource Manager (ARM) as a tool for automating the deployments of resources within Azure. ARM is, as far as I can tell, a great tool. The problem with using ARM is its complicated to use. I can’t claim to have really mastered the art of deploying resources in Azure with ARM myself. Hopefully in the fairly near future I'll have an Azure project that will force me to figure out the more advanced features and functionality for ARM.
Read MoreWhen disaster strikes and the Exchange Server crashes without a valid backup, an admin can make things far worse by making a hasty attempt to get the platform back online without careful planning.
Don't rush in and start immediate repairs with the command-line tool eseutil. While eseutil is a powerful tool for Exchange database repair work, use it wrong and it can make matters worse. Admins must understand the different functions of eseutil and when their use is appropriate.
Read More