Azure RMS behavior on SharePoint Online

What will the user see if he puts a Azure RMS protected file on SharePoint online?

Setup:

Azure RMS account and document owner: hsh@haukeberg.com
SharePoint Online accont: hhauk@microsoft.com
Document shared with hhauk@microsoft.com read only
Do not worry about language (you can get this software in your language)

Here is what happens:

protected file in SPO — In a sharepoint site

RMS blocker — IRM (Azure RMS) disclamer. So NO Office webapps

file opening prompt — Normal open prompt

configuring — Checking for RMS client (you must have this)

opening prompt for creds — If you are not logged in, you need to do so

my premissions — Your current access credentials

denied access — If yo do not have access then the owner will get this mail.

May 30, 2016 0

MDM enrollment with Azure AD Join

This is how you both join Azure AD and enroll for MDM. Your admin need to have configured Automatic MDM enrollment into intune over at http://manage.windowsazure.com for this to work.

3 - notification — Disclamer from Windows

4 - login — Note how my icon and text have been pulled Down from Office 365

6 - custom policy approvment screen — Customizable Policy template for Your org

8 - spell check — Despite the translation error, all is okay now.

May 25, 2016 0

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords there are one thing you need to do.

First;

ADAL for Exchange Online is Off by default turn it on here: How to turn on ADAL for Exchange Online

Allow scripting
- ```
Set-ExecutionPolicy RemoteSigned
```

Run Windows Powershell and Connect to Office 365.

```
$UserCredential = Get-Credential
```

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential

$UserCredential -Authentication Basic -AllowRedirection

```
Import-PSSession $Session
```

Check if ADAL is on
- ```
Get-OrganizationConfig | fl *Oauth*
```

If ADAL is off, here is how to enable it

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Close Your session
- ```
Remove-PSSession $Session
```

Now, for me I had to wait 48 hours for this to work. I also installed a fresh Version of Office 2016 Click to Run from Office 365

Second;

Enable Azure MFA for your user in http://portal.office.com

Click here to see: This is how Outlook Click to Run behaves with Azure MFA turned on

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover — Without modern auth enabled on Office 365 and Outlook your users will be stuck here

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

May 25, 2016 0

Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account — User needs to Select Office 365 for Azure MFA

2 - add user — User needs just now to enter his UPN, it can not be username

3 - autodiscover looks for your account — If it fails here then Autodiscover is broken.

4 - enter password — Observe that the mail app has pulled Down my Company details including logo and custom text

5 - Azure AD MFA calls — Right now yor phone would ring or you would get a sms/app challenge

7 - policies — Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security

8 - mail recieved — You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down

May 23, 2016 0

Azure AD password reset Windows Phone 10 behavior

What happens on your Windows Phone when you reset your Azure AD Password?

This happens on Windows Phone 10 Outlook:

wp_ss_20160523_0003 — You get a settings out of date notification

wp_ss_20160523_0002 — There is a triangle next to your account. Click it

wp_ss_20160523_0004 — Password dialog box

wp_ss_20160523_0001 — Type your password

May 23, 2016 0

Outlook 2016 behavior when you ENABLE Azure MFA

**Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.**

Spoiler warning: Nothing happens, YET.

Here is how Outlook 2016 behaves when you activate Azure MFA for your Account.

2 - fresh outlook 2016 — Fresh Outlook boot

May 20, 2016 0

Add my Machine to Azure AD out of the box

If you are setting up a new machine and you have Office 365, Azure AD, Intune or CRM why not Azure AD join it and get all the benefits!?

8 - Azure AD Enrollment — or who manages your PC?

6 - Azure AD Enrollment — Supports ADFS ofcourse

11 - Azure AD Enrollment — notice here who Printer, Network Drives and WiFi settings have been pushed!

Here is the whole thing in a Sway:

May 18, 2016 4

Weekly Report from Cloud App Discovery

Once you have set up the Cloud App Discovery feature then the service will send admins a weekly report with new apps and a one-button click to start managing them.

Here is what I used last week:

weekly digest — If you click manage appliation then users may log onto these apps with their Azure AD creds

May 9, 2016 0

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Tag

Azure AD

Azure RMS behavior on SharePoint Online

MDM enrollment with Azure AD Join

Enable Azure MFA on Outlook 2016 with ADAL for Exchange Online

First;

Allow scripting

Run Windows Powershell and Connect to Office 365.

Check if ADAL is on

If ADAL is off, here is how to enable it

Close Your session

Second;

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

Outlook 2016 behavior when you ENFORCE Azure MFA

Azure MFA on Windows 10 Native Mail Client

Azure AD password reset Windows Phone 10 behavior

Outlook 2016 behavior when you ENABLE Azure MFA

**Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.**

Add my Machine to Azure AD out of the box

Weekly Report from Cloud App Discovery

Howie Tweets

Follow Blog via Email

Paste life: Ctrl+C -> Ctrl+V

Tag

Azure AD

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

First;

Allow scripting

Run Windows Powershell and Connect to Office 365.

Check if ADAL is on

If ADAL is off, here is how to enable it

Close Your session

Second;

Thanks to MS Exchange Org for some great tutorials. http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

Nyttig? Vis det til flere!

Like this:

Follow Blog via Email

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

**Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.**