Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Open Search
Category

Office

Microsoft Office and Office 365

What Azure Rights Management Tells You!

A colleague of mine, Ilya  sendt out a Azure RMS protected document. Here is what it looks like for a user of Azure RMS when sharing documents.

http://portal.azurerms.com

Observe the insight and control you have over the information, and at a moments notice you can withdraw access to the document.

The Yellow lines are the last names which have been removed for privacy.

Summary page
Summary page
Global Map View
Wherein the world
Zoomed view USA
Zoomed in on USA
List view
Just a list of everyone
timeline
When did they open it?

 

Notification settings
Get notified once someone opens the document
0

Removing user access to Azure RMS documents

Scenario:

You share a Azure RMS protected document with one user lg@haukeberg.com. If you now remove that user and add Samsung@haukeberg.com

-> What happens?

NOTHING.

Each share on the file creates a new instance in Azure RMS, hence if you want to remove user lg@haukeberg.com access you need to revoke access to the document completly.

Note: once you revoke access to a document, all the users will loose access.

Hence if the user lg@haukeberg.com quits and you revoke access to a document which also Samsung@haukberg.com has access to then both loose access.

version protection
Observe the individual shared versions of the file

 

Workaround would be to always share a document with as few as possible each time.

0

Azure RMS behavior on SharePoint Online

What will the user see if he puts a Azure RMS protected file on SharePoint online?

Setup:

  • Azure RMS account and document owner: hsh@haukeberg.com
  • SharePoint Online accont: hhauk@microsoft.com
  • Document shared with hhauk@microsoft.com read only
  • Do not worry about language (you can get this software in your language)

Here is what happens:

protected file in SPO
In a sharepoint site
RMS blocker
IRM (Azure RMS) disclamer. So NO Office webapps
file opening prompt
Normal open prompt
configuring
Checking for RMS client (you must have this)
opening prompt for creds
If you are not logged in, you need to do so
proper creds
Modern login
mfa challenge
MFA gateway for access
my premissions
Your current access credentials
denied access
If yo do not have access then the owner will get this mail.

 

 

0

Enable Azure MFA on Outlook 2016 with ADAL for Exchange Online

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords there are one thing you need to do.

First;

ADAL for Exchange Online is Off by default turn it on here: How to turn on ADAL for Exchange Online

 

  1. Allow scripting

    • Set-ExecutionPolicy RemoteSigned

  2. Run Windows Powershell and Connect to Office 365.

    • $UserCredential = Get-Credential
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential
    • $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session

  3. Check if ADAL is on

    • Get-OrganizationConfig | fl *Oauth*

  4. If ADAL is off, here is how to enable it

    • Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

  5. Close Your session

    • Remove-PSSession $Session
 Now, for me I had to wait 48 hours for this to work. I also installed a fresh Version of Office 2016 Click to Run from Office 365

Second;

Enable Azure MFA for your user in http://portal.office.com

Click here to see: This is how Outlook Click to Run behaves with Azure MFA turned on

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

 

 

0

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover
Without modern auth enabled on Office 365 and Outlook your users will be stuck here

 

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

2 - modern auth prompt3 - mfa prompt in outlook 2016

 

0

Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account
User needs to Select Office 365 for Azure MFA
2 - add user
User needs just now to enter his UPN, it can not be username
3 - autodiscover looks for your account
If it fails here then Autodiscover is broken.
4 - enter password
Observe that the mail app has pulled Down my Company details including logo and custom text
5 - Azure AD MFA calls
Right now yor phone would ring or you would get a sms/app challenge
6 - account added
Thats it
7 - policies
Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security
8 - mail recieved
You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down

 

 

0

Outlook 2016 behavior when you ENABLE Azure MFA

Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.

Spoiler warning: Nothing happens, YET.

Here is how Outlook 2016 behaves when you activate Azure MFA for your Account.

1 - mfa on
AZURE MFA portal
2 - fresh outlook 2016
Fresh Outlook boot

3 - add account4 - user entered5 - searching for autodiscover

6 - credential popup
Normal login
7 - enter pwd
standard password
8 - success
success
9 - read email
mail approved

 

 

 

0

Education Licenses and Administration Licenses on same tenant

Hey, are you a municipality, county or another complex organization? Do you have education users and corporate users and want all of them to be in the same Azure AD?

Good news for you. It’s possible!

edu and corp
And I have here Both E3 and Education (E1) for students.

Here is how you do it.

  1. You do not have Office 365/EMS or Azure AD

    • Create a EDUCATION trial here: NORWEGIAN TRIAL ENGLISH TRIAL
    • Add your education domain to verify EDU status
    • Buy EDU Licenses and The CORP licenses should also be in the same list under “Purchase Services”

  2. You have a CORP tenant that you need EDU licenses on.

    • Email your License supplier hand have them reach out to your local Microsoft Education Team.
    • The local MSFT EDU team can tag your tenant as EDU. YOu need to provide them with your tenant name: e.g. MYTENANT.onmicrosoft.com
    • Wait 48 hours after the MSFT EDU team has submitted the request.

Here is proof that it works:

buy
I can select between EDU and CORP plans

Limitations,risks and warnings.

  1. Risks include students having access to the entire GAL
    • Do a GAL segregation please.
  2. Volume License plans – it has not been tested and no one knows how exactly it will pan out with the agreement you have. So be warned the deployment of licenses may take a LOOOOOOONG time.
  3. You do this at your own risk at the moment and there is no guarantee it will work in the end either.
  4. This scenario works fine when you buy licenses in the portal (MOSP) shown. The problems arrive when you use a partner which sells you licenses. And that applies for most of you.

Some benefits:.

  1. Only need 1 AD with 1 Azure AD Connect
  2. 1 ADFS environment
  3. 1 portal
  4. 1 GAL or Two 🙂

 

 

0

Adding a Success Plan Owner to Fasttrack

In order to be eligible for the adoption funds you need to have a success plan owner on your success plan and that owner need to be from the customer email-domain.

Here is how you as a PARTNER can do it:

1
Find the success plan and make sure it is all 100%
2
Click on 1. Business Case and wait for page to load. Then click teams

 

3
Make sure you have these roles

 

4
If you are missing Success Plan Owner , click add and add him.

 

5
Now go back up to the success plan and click the gear icon and Edit members

 

6
If you do not see a customer plan owner click add/edit members

 

7
Select the customer owner from the drop down list

 

8
Now you are ready to submit your offer request. Click on Offers and continue or “Learn more”

 

9
Associate the success plan which now has a owner

 

10
Attach any aditional files and click submit.

 

Customer Success Plan Owner now has to approve the project in the fasttrack portal.

0

Blog at WordPress.com.

Up ↑