Running Hybrid Configuration Wizard (HCW) for the first time

Hybrid Configuration Wizard (HCW)

Every time when i have to implement a Hybrid Scenario or HCW at a customer i caught myself of using a different blog as a safety guidance. I do this so i do not make a mistake or forget something during the configuration of  the Hybrid Configuration Wizard. Here are some things you should consider before moving forward and configuring this peace of software.

There are two useful blogs that i have found so far which cover the load. Both of these blogs cover the same solution.

Code two and Practical 365

But before running the Hybrid configuration wizard you should think about what kind of hybrid scenario you would like to have and maintain. Do you go for the short or Long term Hybrid

Hybrid exchange

Short or Long term Hybrid

At the last Techsummit conference in Amsterdam Michael von Hybrid had a great session about this. You can find his Techsummit slides here. Since i have seen this session I am always discussing these topics with the customer so they know what they can expect from their Exchange Hybrid scenario. And they know how to manage their environment in a hybrid situation.

Want to read my other blogposts?

Please follow and like us:

How to disable Office Groups and Teams creation the right way.

Why disable groups/ teams creation

Some companies want to permit access to group and our teams creation. There can be many reasons for this. For instance you want to disable the creation of groups and teams to be more in control over these features.

To do this the right way it is recommended that only certain users are able to create groups and teams. In order to perform this it is rather recommended to create a Universal Security Group (which is mail enabled). This group will be used only for group and team creation.

First steps

As mentioned before it is recommended to create a Universal Security Group (which is mail enabled). When you have Azure AD Connect in place you should create this group on-premise and sync this over to Azure AD. That means that you management will maintain On-premise.

You can also create this group in Azure AD itself. If that is your way to go you should just create a security group in Azure AD. Please understand that your management will be in AzureAD/ Office 365.

The Script

To disable the group/ teams creation you can run the script bellow from the Azure AD PowerShell module

$Settings = Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq ‘Group.Unified’}
If ( !( $Settings)) {
# No Group.Unified object found, create new settings object from template
Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq ‘Group.Unified’} | Select-Object -ExpandProperty Values
$Template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq ‘Group.Unified’}
$Template | Select-Object -ExpandProperty Values
$Settings = $Template.CreateDirectorySetting()
}
$Settings[‘EnableGroupCreation’] = ‘false’
$Settings[‘AllowToAddGuests’] = ‘false’
$Settings[‘GroupCreationAllowedGroupId’] = ( Get-AzureADGroup -SearchString ‘Office365GroupTeamsAdmins‘).ObjectId
If ( Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq ‘Group.Unified’} ) {
Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq ‘Group.Unified’} | Set-AzureADDirectorySetting -DirectorySetting $Settings
}
Else {
New-AzureADDirectorySetting -DirectorySetting $Settings
}

And make sure there is a Synced universal mail enabled security group with the name Office365GroupTeamsAdmins. Because  the user must be in the group Office365GroupTeamsAdmins to create groups and teams so all other users are not permitted.
Thanks to Michel de Rooij for this script
Please follow and like us:

Monitor Windows AD and Azure AD Health with Microsoft OMS

What is Microsoft Operation Management Suite (OMS)

Oms (Microsoft Operations Management Suite) is Microsoft’s cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. In this case we will use OMS to monitor and sort of “manage” Azure AD connect and Azure AD identities.

Before we start with OMS

Bore we start there are some requirements.

  1.  We need a Valid OMS Subscription – OMS has different level of subscriptions. It is depending on the OMS services you use and amount of data you uploaded. Ther is a free version which provides 500mb daily upload and 7-days of data retention.
  2. Direct Connection to Azure AD
  3. Domain Administrator Account in order to install the agent in the domain controllers we need to have Domain Administrator privileges.
  4. Global admin account to perform some actions in Azure AD

How to enable OMS as an AD Solutions 

Log in to OMS https://login.mms.microsoft.com/signin.aspx?ref=ms_mms as OMS administrator

Click on Solution Gallery

By default, AD Assessment solution is enabled. In order to enable AD Replication Status  click on the tile from the solution list and then click on Add.

Install OMS Agents 
Next step of the configuration is to install monitoring agent in domain controllers and get them connected with OMS.
1. Log in to the domain controller as domain administrator
2. Log in to OMS portal
3. Go to Settings > Connected Sources > Windows Servers > click on Download Windows Agent (64bit). it will download the monitoring agent to the system.
4. Once it is download, double click on the setup and start the installation process.
5. In first windows of the wizard click Next to begin the installation.
6. In next window read and accept the licenses terms.
7. In next window, we can select where it should install. If there is on changes click Next to Continue.
8. In next window, it asks where it will connect to. In our scenario, it will connect to OMS directly.
9. In next window, it asks about OMS Workspace ID and Key. it can be found in OMS portal in Settings > Connected Sources > Windows Servers. if this server is behind proxy server, we also can specify the proxy setting in this window. Once relevant info provided click on Next to continue.
 10. In next window, it asks how I need to check agent updates. It is recommended to use windows updates option. Once selection has made, Click Next.
11. In confirmation page, click Install to begin the installation.
12. Follow same steps for other domain controllers.
13. After few minutes, we can see the newly added servers are connected as data source under Settings > Connected Sources > Windows Servers

How to view analyzed Data

After a few minutes, OMS will start to collect data and virtualize the findings. To view this data, log in to OMS portal and click on relevant solution gallery tile in home page. You will find your analysed/ assessed servers there. You also get a quick overview and some recommendations for these servers.
Once click on the tile it brings you to a page where it displays more details about its findings. You will get a nice overview with all the collected data and it even provides you some fixes

 How to collect Windows logs for Analysis

Using OMS, we also can collect windows logs and use OMS analyzing capabilities to analyze those. When this enabled, OMS space usage and bandwidth usage on organization end will be higher. In order to collect logs,
1. Log in to OMS portal
2. Go to Settings > Data > Windows Event Logs
3. In the box, you can search for the relevant log file name and add it to the list. We also can select which type of events to extract. Once selection is made click Save.
After few minutes, you can start to see the events under log search option. In their using queries we can filter out the data. Also, we can setup email alerts based on the specific events.
*source http://www.rebeladmin.com/
Please follow and like us:

Retention Policy and Litigation hold

Most of the times Security is unfamiliar terrain when it comes down to Litigation hold and Retention Policies. In this blog post i will explain when to use Litigation hold and when it is best to use the Retention policy in Office 365.

Litigation Hold

When you search on Technet or Google for litigation hold you will find millions of results. But Actually it is quit simple. Litigation Hold is actually another expression for Legal Hold. When you translate this into Office 365 you will use this function. For instance when a user is leaving the company and you need to preserve the Mailbox for 30 years or even longer.

If you activate or use litigation hold you can already check this from you GDPR Checklist because this is one of the requirement.  Office 365 offers a rich set of in-place eDiscovery capabilities to identify relevant data. in-place Discovery including  for instance, search, hold, analyze and export. These tools will help you quickly to meet the investigative, legal, and regulatory requirements regarding GDPR.

To activate Litigation hold you can simply run the following command from the Exchange online powershell module

Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigationHoldDuration Unlimited

*note it can take up to 60 minutes before this function is completely activated.

Retention Policy

Since some time compliance is one of Microsoft’s main focuses in Office 365. You need to know how to use these Office 365 features, so that next time you encounter legal, industry regulations or internal policies, you know what to do.

A retention policy is mainly used to preserve content for a specific period of time or indefinitely. Due to regulatory, legal, or business requirement. You can enable Retention policies on most of the Office 365 services like Onedrive, Exchange and since a short period even Groups and possibly even Teams.

You can configure the retention policies quiet easy using the wizard. You can find this in the Security and Compliance menu of the Office 365 admin Center.

So when do you use Litigation hold and when to use a retention Policy

When use Litigation hold to Legally hold a complete mailbox (it will be stored between the soft deleted mailboxes). You use the Retention Policy when you want to preserve Content of one of the Office 365 services.

And yes the configuration of these compliance settings really depends on the situation of you company or client.

Please follow and like us:

Office 365 Hybrid migration error: StalledDueToTarget_DiskLatency

The error that you get refers to : ‘StalledDueToTarget_DiskLatency’

StalledDueToTarget_DiskLatency

To be straight to the point this is an issue where you can do nothing about. Link
When you get the message StalledDuetoTarget_DiskLatency . This means that it has to do with the Exchange Online servers and not with the On-premises infrastructure, so there is nothing you can do locally.

In this case the only thing you can do is open a case with Microsoft. When you have done this ask them what can be the cause of this error from the target side (Office 365).

It would be a good idea to open a case with them mentioning the error (StalledDuetoTarget_DiskLatency) and ask them if they can perform a change that might improve the migration speed.

Click here to read other posts for more Exchange related posts.

Please follow and like us:

Restore Office 365 Video Portal Hub

Office 365 changes al the time, I tried to see if I could Disable the Video Portal, to test what happens if you delete de Video Portals.

En my Tenant Admin for SharePoint settings I disabled the Video Portal:

Disable Office 365 Video Portal

I saw my Video app disappear from the App Launcher. Now it is time to delete the site collections.

So at this point I am a Tenant Admin, and I want to clean my Site Collections. The Video Portal creates a few SharePoint Site Collections and one of them is named Hub. This is the main Site Collection for the Video Portal where all your videos are shown.

So I Delete the Video Portal Hub Site Collection. and delete it from the Recycle bin.

Now it is time to recreate this Site Collection? I turned the Video Portal back on using the setting above. I hoped that it would recreate the Hub but that didnt help. Only the Video App in the launcher came back with a nice 404 Page Not Found

The Solution for this issue is to go to the url Bellow

Http://tenant.sharepoint.com/_layouts/15/videoredirect.aspx

This will recreate the hub Site Collection.

Please follow and like us:

Finding the ID for the Site Template in SharePoint online

Finding the ID for you custom template can be hard if you don’t know how to do it.

For this step I prefer to use Google Chrome, Chrome is easier in finding code than IE.

Navigate true the Tenant admin to the site which you want to use as you custom template (when you have saved this this will appear in the TAB custom).

Example https://tenantname.sharepoint.com/_layouts/15/newsbweb.aspx

When you navigate to this URL you will see the section to select a template:

Now as this is open in google chrome right click on your template and click ‘Inspect Element’

You will need to expand the following code and press inspect element.

Once you have expanded the code you will receive the ID associated to the template.

So in my case ‘TestTemplate’ ID is “{6E9A9064-9174-4BEC-9A95-FEF99F7D1CFC}#TestTemplate

Keep in mind you must use the entire code including the name of the template itself and the “{ }”

Please follow and like us:

How to hide the OneDrive Synclink from Navigation and Library’s

A common question that I am asked on a daily basis is how can we hide ‘One Drive’ or ‘Newsfeed’ from the Top Navigation bar?

Well Thanks to an update a few month’s back it’s now extremely simple to do so:

Browse to:

https://companyname-admin.sharepoint.com/_layouts/15/online/TenantSettings.aspx

HideOneDrive

Scroll down to the bottom of your page  Save your changes and you are done

You can also remove Onedrive sync fuctionality from a Document library or another app.

Go to the sitesettings of the library you are in.

3

Select Search and offline availability. And change the Download to offline clients to NO.

searc

offline

Please follow and like us:

Building your first Office 365 Video portal

Microsoft has recently added the Video portal to Office 365.

To turn on the Preview option please follow this blog post:

video5

Your video page will start to load for the first time so this may take a while (about 10minutes)

video4

video3

Once Completed you will receive this nice Welcome Message , click Let’s go

One of the first things to note is the URL of the Video Portal

https://yourtenant.sharepoint.com/portals/hub/xxxx

video2

So let’s create our first Channel

Click the Create Channel Button , Give your channel a name and color:

Click Create

video1

Once created you can now upload videos and share with your Security Groups, SharePoint Groups or even unauthenticated users(everyone).

If you have some movies you can also use Sharegate to migrate you movie files to the Microsoft Video portal.

For more information you can check this blog From Jasper Oosterveld about Next gen Portals.

You can also check this Blog of Benjamin Niaulin.

Please follow and like us:

Set up a Projectmanagent site in SharePoint online

There are several ways to run projects. The way i explain this is a proof of concept what i recommend for my customers.

First of al you select the site collection where you will manage your projects. I recommend the that you create a new (private) site collection (https://yourtentant.sharepoint.com/sites/Projects). As site collection you choose Publishing Portal.

2

After you created the site collection you wil be guided back to the site collection overview. It kan take some time untill the site collection is provisioned.

Setting up the project page

When you start setting up your project page. i recommend you give every project a subsite. When you do this every project wil get the following apps.

– Onenote
– Email mailbox (you need to add this app separately)
– Tasks
– Timeline
– Documents

*example
The engineer or technician can synchronize that one project where he is working on. When he uses this feature he will have all the information he needs to work on this project.

To build a subsite go to the site collection you just made and select the little kamrad and select Content from site.

In this site collection you start with a creating a subsite. This subsite needs to be a project site.

4

When you start to create project subsites remember you always create the subsites under the Project site collection.

*Example
visio

The fun part is that you can really start to collaborate with your team on projects. For example you can create tasks and sync them with you project team. When you do this the tasks of that project site will also be shown in you Outlook. another nice feature is that you can open the Timeline on the SharePoint project site with Microsoft Projects. When you use this you can easily add resources en tasks to the Projects SharePoint site.

If you have any questions please leave a comment bellow!

Please follow and like us: