Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Tag

office 365

Enable Azure MFA on Outlook 2016 with ADAL for Exchange Online

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords there are one thing you need to do.

First;

ADAL for Exchange Online is Off by default turn it on here: How to turn on ADAL for Exchange Online

 

  1. Allow scripting

    • Set-ExecutionPolicy RemoteSigned
  2. Run Windows Powershell and Connect to Office 365.

    • $UserCredential = Get-Credential
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential
    • $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session
  3. Check if ADAL is on

    • Get-OrganizationConfig | fl *Oauth*
  4. If ADAL is off, here is how to enable it

    • Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
  5. Close Your session

    • Remove-PSSession $Session
 Now, for me I had to wait 48 hours for this to work. I also installed a fresh Version of Office 2016 Click to Run from Office 365

Second;

Enable Azure MFA for your user in http://portal.office.com

Click here to see: This is how Outlook Click to Run behaves with Azure MFA turned on

Thanks to MS Exchange Org for some great tutorials.
http://www.msexchange.org/articles-tutorials/office-365/exchange-online/exchange-online-identity-models-authentication-demystified-part7.html

 

 

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover
Without modern auth enabled on Office 365 and Outlook your users will be stuck here

 

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

2 - modern auth prompt3 - mfa prompt in outlook 2016

 

Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account
User needs to Select Office 365 for Azure MFA
2 - add user
User needs just now to enter his UPN, it can not be username
3 - autodiscover looks for your account
If it fails here then Autodiscover is broken.
4 - enter password
Observe that the mail app has pulled Down my Company details including logo and custom text
5 - Azure AD MFA calls
Right now yor phone would ring or you would get a sms/app challenge
6 - account added
Thats it
7 - policies
Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security
8 - mail recieved
You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down

 

 

Extending an Intune, EMS or Office 365 Trial

Need more time to decide?

Thats okay, if your trial is about to run out simply:

  1. Log on to http://portal.office.com  as an Administrator
  2. Navigate to: Billing->Subscriptions
  3. Find the trial you want to extend and click it
  4. Click Extend and enter a credit card. (It will not be charged)
  5. Click Submit

That’s it, 30 more days

subscriptions

ems licenses extend trial

 

Configuring Conditional Access to Exchange Online (365) with Intune

You can configure Microsoft Intune to block devices that do not comply with a “standard” access to Office 365 Exchange Online email.

Here is how:

  1. http://manage.microsoft.com in a silverlight browser.
  2. Create a Compliance Policy
  3. Policy->Compliance Policy->Create New
compliance policy
I will demand a password of minimum 6 digits and 1 minutes before screenlock.
Setting the Conditional Access and blocking Exchange Active Sync
  1. Policy->Conditional Acces->Exchange Online Policy
  2. Click following:
    • Activate Policy for Conditional Access
    • Select Specific Platforms
    • Check iOS (my rules will now only apply here, rest can read email.
    • Check: Require Compliance for Mobile Device
    • Select “Block access to e-mail for devices not supported by Intune”
    • Select “All users”
    • Select “No exception users”

The iOS users will now have to enroll in order to read email and when they do they need to set a 6 digit password.

Caution with using Active Sync only:

  1. If the user has allready configured email, he might not be blocked.
  2. If the user has been associated with that device earlier, he might not be blocked.

Enrollment procedure:

  1. Enter Your email in the native mail client by going to settings
  2. You recive an email with instructions on how to get access to your mail.
Follow that instruction.

 

Office 365 Førsteutgivelse til alle eller noen få?

I Office 365 så kan du velge selv om din tenant skal få ny funksjonalitet i øyeblikket den blir tilgjengelig. Denne innstillingen er under Tjenesteinnstillinger->Oppdateringer

admin update

Du kan velge at alle på din tenant får dette eller kun noen

select people

Dersom du allerede er medlem av “First Release” for tenanten så får du et varsel dersom du ønsker nå å kun ha det på for enkelte brukere, trykk Ja her.

move from entire.

Nå kan du velge personer fra Azure Active Directory som skal få teste den nyeste funksjonaliteten straks den er klar.

select a few

 

Quick eAgreements guide for Microsoft Open Value Subscription

Microsoft-Office-365-Logo

If it is the first time you buy licenses on a Volume agreement from Microsoft you have to Sign that agreement. Luckily you can do that digitally. That service is called eAgreements.

NOTE: Despite that you are buying the licensens from your partner and he might have “support” for you this is still something that you have to do and should do yourself. Because the agreement is direct between you and Microsoft. The partner can do it but he would have to impersonate you.

Step 1. You get an email (if you dont, contact the partner. But 99% of the time you have gotten the email and it is either in spam or you have deleted/lost it)

Subject: Handling påkrevd: Microsoft-lisensavtalen er klar for elektronisk signering{~00000000:1~}

Looks like this:email

Step 2: Click the link and log in with a Microsoft Account (Live ID)
Please note here: Do not use your personal live ID, create one for your organization and save it somewhere everyone can access it.

Step 3: Scroll down and Check: “I Confirm” and check the box “I hereby confim…”
Insert your name EXACTLY as it says to the right of the box
Insert your Job title
Click Submit

kontrakt

Thats it, you have signed.

done

Next step is to log in to VLSC and activate your licenses.

Koble fra / Fjerne Microsoft Intune fra Office 365

mdm authority

Dersom du har koblet Intune til Office 365 så må du bruke Intune til å styre dine MDM og devices. Min Intune Konto har nå gått ut og når jeg koblet til en mobiltelefon til Office 365 eposten sin så fikk jeg feilmelding på mobilen under sync. Dette skjedde fordi sync policy’en lå i intune og siden intune var deaktivert så ville ikke han sende ut sikkerhetspolicy’en.

Svaret her var å fjerne policyen i Intune, vente på at Intune skulle synce med Office 365 (kan ta noen minutter) og så synce kontoen på nytt.

Nå i fremtiden må jeg koble vekk Intune fra Office 365 og det gjøres slik:

Dersom du ikke vil bruke Microsoft Intune så kan du koble vekk Intune slik:

  1. Kontakt Microsoft support og skriv:
    “Please reset or remove Intune as my MDM authority”
  2. logg inn på http://manage.microsoft.com
  3. Gå til Admin
admin
4. Velg Mobile Device Management
mdm
5. Når Support har resatt MDM Authority så kan du sette den på nytt.
intune

Hentet fra Peter Daalmans [MVP] http://configmgrblog.com/2015/05/14/hey-my-mdm-authority-is-set-to-office-365-in-microsoft-intune/

Office 365 Online Services Activation Email

So you bought Office 365 Online Service? Grats! a new and modern way of using Office is just some clicks away 🙂

This Applies to:

Open Value Subscription
Open Value
EES
EAS

Once you partner has ordered the License you will get this email from Microsoft to start the Activation. This is something you have to do yourself or forward this email to your partner. Your partner can only help if he as an Admin Account on your Tenant.

Remember that this email is sendt to a named individual within your organization. Microsoft and Partners call this individual as the Notices and Online Contact. This person has been defined when you first accepted your license agreement. If this person has quit or you can not get access to his inbox you have to contact the partner which in turn have to contact the Distributor to get this changed. The Distributor has to log what we call a CLT Ticket to change this. This change may take a day or two.

THE SAMPLE EMAIL

—————————————-

From: Microsoft Licensing [mailto:MicrosoftLicensing@e-mail.microsoft.com]

Subject: Aktivering av Microsoft elektroniske tjenester

Velkommen til Microsoft-volumlisensiering   ​

Du mottar denne meldingen fordi du er oppført som administrator for volumlisensavtalen, som organisasjonen nylig signerte med Microsoft.

Klikk her for å komme i gang med dine elektroniske tjenester.  —– Click on “Her” to start the activation

Hvis du ønsker å behandle alle volumlisenskjøpene, inkludert elektroniske tjenester og programvarekjøp, går du inn på servicesenteret for Microsoft-volumlisensiering. På servicesenteret for Microsoft-volumlisensiering kan brukerne i organisasjonen sikkert vise dine kjøpsavtaler og annen informasjon, vise volumlisensbestillinger, laste ned programvare og mye mer. Hvis du ikke har brukt servicesenteret for Microsoft-volumlisensiering før, må du registrere deg for å få tilgang til avtalene. ​

Kontakt din Microsoft-partner hvis du trenger hjelp.  ​

Takk for at du er kunde hos Microsoft.

Tilbakemelding PersonvernerklæringVilkår for bruk | Varemerker © 2015 Microsoft

The trick is to click the three letter button that says: HER

Below is a screenshot of the email you need to look for.

welcome email

Blog at WordPress.com.

Up ↑

%d bloggers like this: