Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

ems

End-user signup for Azure Self Service Password Reset

If you want to enable a user for Self Service Password Reset the user need to navigate to one of these endpoints and register his/her phone as a second factor.

Endpoints:

  1. This endpoint verifies your phone and enrolls the user in SSPR: http://aka.ms/ssprsetup
    It does not change your password!
  2. This endpoint resets your password and enrolls the user if his or her phone number is already stored on the user. http://aka.ms/sspr (which points here: http://passwordreset.microsoftonline.com)

 

Here is a screen dump of what the user will have to do:

log-in-to-office-365
Standard Login
routed-to-account-setup-in-azure-ad
You get routed to or enrollment service
verify-phone-number-in-azure-ad
asks to verify your phone (if it is already there) if not you have to enter your phone number
if-phone-is-not-registered
If your phone is not registered in azure AD you see this

 

call-to-verify-azure-ad
Call goes fastest

microsoft-calling-phone

one-factor-is-completed
In Azure AD you select how many factors your users need to setup. I have selected 1
myapps-in-azure-after-registration
This is where you end up

What Azure Rights Management Tells You!

A colleague of mine, Ilya  sendt out a Azure RMS protected document. Here is what it looks like for a user of Azure RMS when sharing documents.

http://portal.azurerms.com

Observe the insight and control you have over the information, and at a moments notice you can withdraw access to the document.

The Yellow lines are the last names which have been removed for privacy.

Summary page
Summary page
Global Map View
Wherein the world
Zoomed view USA
Zoomed in on USA
List view
Just a list of everyone
timeline
When did they open it?

 

Notification settings
Get notified once someone opens the document

Did I travel, Azure Identity Protection say so

Got a medium warning in Azure IDP, it says my account have been out traveling.

what
Did I moved fast between two geographical location?

 

specificsrisk eventsuser

What can I do now?

  1. Just reset password (solve)
  2. Prompt for MFA regardless (mitigate)

tools to remidiate

This is how Azure figured it out:

http://manage.windowsazure.com keeps a track on logins for each user. London is not Oslo…

location

Removing user access to Azure RMS documents

Scenario:

You share a Azure RMS protected document with one user lg@haukeberg.com. If you now remove that user and add Samsung@haukeberg.com

-> What happens?

NOTHING.

Each share on the file creates a new instance in Azure RMS, hence if you want to remove user lg@haukeberg.com access you need to revoke access to the document completly.

Note: once you revoke access to a document, all the users will loose access.

Hence if the user lg@haukeberg.com quits and you revoke access to a document which also Samsung@haukberg.com has access to then both loose access.

version protection
Observe the individual shared versions of the file

 

Workaround would be to always share a document with as few as possible each time.

AzureAD knows which SaaS services you REALLY use

In Azure AD you have this service called Cloud App Discover. It consist of an agent you install on a local machine and a web service which polls the data and visualizes it.

Take a look at this:

azure ad knows
Azure Cloud App Discovery Report

This service is a great way to discover what your employees/users/students/family really uses and how much they use it. e.g. You have bought Google apps, but your users use OneDrive or Box.

You can read more here: https://azure.microsoft.com/nb-no/documentation/articles/active-directory-cloudappdiscovery-whatis/

I did not know I even used all these services. And best of all you can manage them with Azure AD which means you can use your Office 365 credentials to logon to these services.

apps
Here are the aggregated results for all agents and all users. Click on the numbers to access the data.

 

Here is how you set up cloud discovery on a local machine:

settings
Click Settings
manage agent
Click Manage Agent
download agent
Click “Download”
local files
You get a ZIP package with a CERT file. Click the MSI file.

Remember that if you want to distribute this application you need to include the CERT file as well.

Adding a Success Plan Owner to Fasttrack

In order to be eligible for the adoption funds you need to have a success plan owner on your success plan and that owner need to be from the customer email-domain.

Here is how you as a PARTNER can do it:

1
Find the success plan and make sure it is all 100%
2
Click on 1. Business Case and wait for page to load. Then click teams

 

3
Make sure you have these roles

 

4
If you are missing Success Plan Owner , click add and add him.

 

5
Now go back up to the success plan and click the gear icon and Edit members

 

6
If you do not see a customer plan owner click add/edit members

 

7
Select the customer owner from the drop down list

 

8
Now you are ready to submit your offer request. Click on Offers and continue or “Learn more”

 

9
Associate the success plan which now has a owner

 

10
Attach any aditional files and click submit.

 

Customer Success Plan Owner now has to approve the project in the fasttrack portal.

Easy way to claim Fasttrack adoption funding

  1. http://fasttrack.microsoft.com
  2. Click Log In in top right corner
  3. Click the Sign in button again and Sign in with your Office 365/Azure AD account (you must have this)
  4. Wait for the site to load all the menus, takes some seconds
  5. Click “Search for a customer

    search for custoemr
    Search for a customer
  6. Then seach for the customer name. Green ball means that Fasttrack center is engaged, red pyramid means that we have not engaged the customersearch results
  7. Click the customer and click “Add me
  8. Now click on Offers and find the “FY16 EMS Adoption Offer” and click “Learn more
  9. If you have the competency to claim funds then click “Create Request” and start to fill out.

Deploy Office 2016 ProPlus from Office 365 with Microsoft Intune

You can use Microsoft Intune agent to distribute and deploy quietly Office 2016 ProPlus bits to any Windows PC you manage with the agent.

Here is what you do:

  1. Download the Office Deployment Toolkit https://www.microsoft.com/en-us/download/details.aspx?id=49117
  2. Install it and you get two files. Setup.exe and Configuration.xml
  3. Configure the configure.xml with something like this:
    • <Configuration>
        <Add OfficeClientEdition="32" Branch="Current">
          <Product ID="O365ProPlusRetail">
            <Language ID="en-us" />
          </Product>
        </Add>
      <Display Level="None" AcceptEULA="True" />
      </Configuration>
  4. Upload the exe file and select to include other files in the folder.
  5. Add the command line argument to /configure configuration.xml
  6. Deploy the software to the target groups.
  7. Make sure that your computer is in that target group
  8. Wait for Office to Install
Magic will happen on the client device. It must be logged in as an Administrator for this to work.
9
get all files
1012
wifi acitivty system
Under installation the wifi starts working in the background
Resource manager office click to run
You can see that Office Click to Run is going in the background.

 

Extending an Intune, EMS or Office 365 Trial

Need more time to decide?

Thats okay, if your trial is about to run out simply:

  1. Log on to http://portal.office.com  as an Administrator
  2. Navigate to: Billing->Subscriptions
  3. Find the trial you want to extend and click it
  4. Click Extend and enter a credit card. (It will not be charged)
  5. Click Submit

That’s it, 30 more days

subscriptions

ems licenses extend trial

 

Blog at WordPress.com.

Up ↑

%d bloggers like this: