Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

office 365

Hvordan få Uendelig Office 365 Education Lisenser

Hvis du er en kvalifisert skolekunde av Microsoft så kan du hente ned uendelig antall Office 365 Education lisenser for fakultet og student. Det er anbefalt å skille mellom lærer og elev/student. Noe funksjonalitet er avhengig av at lisensen er riktig.

Naviger til https://portal.office.com

Trykk på “Fakturering” og velg “Kjøp tjenester”

Husk å merk av for “Planer for Utdanning

kjøp planer

Hvis du ikke har kjøpt de før så havner de litt lengere ned på listen. Jeg har kjøpt det før så hos meg står det “Kjøpt” og jeg må trykke på de tre prikkene for å hente flere eller konvertere til “uendelige lisenser

kjøp flere

Trykk på “Endre lisensantall

kjøp eller hent flere

Velg så “Send inn” og du vil nå få uendelig lisenser for Office 365 A1 (Education)

få uendelig lisenser

Du får en oversikt over lisensene dine under “Fakturering” og “Abonnementer

Advertisements

Giving Microsoft Classroom to teachers and students

Once you have gotten Microsoft Classroom licenses you need to make sure that licenses are applied correctly to the teachers and students. Microsoft uses the Office 365 licenses to identify if you are a teacher or student. In case you are using school data sync (SDS) then this will be taken care of there.

Here is the right license assignment you need:

Teachers:

  • Microsoft Classroom
  • Office 365 Education for Faculty

larerlisenserStudents:

  • Microsoft Classroom
  • Office 365 Education for Students

elev-lisenser

Now, log on as a teacher and start making classes.

create-a-assignment

 

Azure MFA enrollment experience

If you want to enroll for Azure MFA the users need to go through these steps. When you enforce or enable MFA the user will be prompted for MFA enrollment. This is best done in a browser.

First the user need to access any of our endpoint e.g. http://portal.office.com

creds
Office 365 custom logo login

 

mfa prompt
Office 365 MFA enabled

 

input mfa method
Office 365 MFA input phone number

 

contact options
Office 365 mfa methods

 

 

sms
You will get a text message with a code to enter

 

wp_ss_20160902_0001
code on phone

 

Office 365 app password during enrollment
Use this app-password on your native iOS or Android device or old Outlook 2010 instead of your normal password.

 

 

Additional Office 365 MFA options
Press cancel if you feel done. or just navigate to the indended site. e.g. http://portal.office.com

 

Extended Office 365 MFA options
all your MFA options

 

Azure AD access panel for MFA
The user access panel

Here are all of the pictures in a Sway:
https://sway.com/2fNqmpbe5O17F5Ev

Removing user access to Azure RMS documents

Scenario:

You share a Azure RMS protected document with one user lg@haukeberg.com. If you now remove that user and add Samsung@haukeberg.com

-> What happens?

NOTHING.

Each share on the file creates a new instance in Azure RMS, hence if you want to remove user lg@haukeberg.com access you need to revoke access to the document completly.

Note: once you revoke access to a document, all the users will loose access.

Hence if the user lg@haukeberg.com quits and you revoke access to a document which also Samsung@haukberg.com has access to then both loose access.

version protection
Observe the individual shared versions of the file

 

Workaround would be to always share a document with as few as possible each time.

Azure RMS behavior on SharePoint Online

What will the user see if he puts a Azure RMS protected file on SharePoint online?

Setup:

  • Azure RMS account and document owner: hsh@haukeberg.com
  • SharePoint Online accont: hhauk@microsoft.com
  • Document shared with hhauk@microsoft.com read only
  • Do not worry about language (you can get this software in your language)

Here is what happens:

protected file in SPO
In a sharepoint site
RMS blocker
IRM (Azure RMS) disclamer. So NO Office webapps
file opening prompt
Normal open prompt
configuring
Checking for RMS client (you must have this)
opening prompt for creds
If you are not logged in, you need to do so
proper creds
Modern login
mfa challenge
MFA gateway for access
my premissions
Your current access credentials
denied access
If yo do not have access then the owner will get this mail.

 

 

Conditional Access Behavior on Outlook 2016

If you enable conditional Access in Intune then Your devices will have to be enrolled with Intune in order to read mail. If they are not enrolled or otherwise compliant they will be blocked.

-You can relax these demands as you see fit, but that would kinda defeat its purpose.

This is how Outlook behaves

1 - autodiscover
Add Your account as usual
2 - modern auth prompt
Modern Auth Prompt
4 - conditional access required
Conditional Access checkpoint

This user will not be allowed to Complete the mail setup.
Note that you have to enable ADAL on Exchange Online and use Outlook 2013-2016 With ADAL in order for this to work. Click here to se how to set up Exchange Online with ADAL

How to enroll Your Windows 10 Machine in Intune to get back mail?

Click here for the MDM enrollment instructions without Azure AD join.

or here

for MDM enrollment instructions with Azure AD Join

Enable Azure MFA on Outlook 2016 with ADAL for Exchange Online

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords there are one thing you need to do.

First;

ADAL for Exchange Online is Off by default turn it on here: How to turn on ADAL for Exchange Online

 

  1. Allow scripting

    • Set-ExecutionPolicy RemoteSigned
  2. Run Windows Powershell and Connect to Office 365.

    • $UserCredential = Get-Credential
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential
    • $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session
  3. Check if ADAL is on

    • Get-OrganizationConfig | fl *Oauth*
  4. If ADAL is off, here is how to enable it

    • Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
  5. Close Your session

    • Remove-PSSession $Session
 Now, for me I had to wait 48 hours for this to work. I also installed a fresh Version of Office 2016 Click to Run from Office 365

Second;

Enable Azure MFA for your user in http://portal.office.com

Click here to see: This is how Outlook Click to Run behaves with Azure MFA turned on

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

 

 

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover
Without modern auth enabled on Office 365 and Outlook your users will be stuck here

 

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

2 - modern auth prompt3 - mfa prompt in outlook 2016

 

Blog at WordPress.com.

Up ↑

%d bloggers like this: