Lync 2013 Platform Options

Lync support various deployment models and this Poster is for the BDMs and Architects, and it describes the available platform options for Lync 2013. Customers can choose from Lync Online with Office 365, Hybrid Lync, Lync Server on-premises and Hosted Lync.
 

The poster includes details of each architectural option, including the most ideal scenarios for each, the license requirements and IT Pro responsibilities

Download the Poster: Lync 2013 Platform Options

Microsoft Lync Server 2013 Documentation Help File Updated

Microsoft Team released the updated Lync Server 2013 Technical Documentation Help file.

Download the latest copy from Microsoft download center.

Microsoft Lync Server 2013 Documentation Help File

Sky Drive becomes One Drive Soon...

Everyone would have been now aware about this hot topic in the IT industry with Microsoft decision to rename their renowned Cloud Storage Space "Sky Drive" as "One Drive".

I found many tweets and article posted out in the Internet on this topic and Microsoft Officially created a blog and updated over this change and also Windows IT Pro forum wrote the first article that covers all the related topics in a nutshell.

Check out the official blog here : OneDrive for Everything in Your Life

Review the Windows IT Pro post here : SkyDrive to become OneDrive

Also read the new post over One Drive for Business : Microsoft Also Announces OneDrive for Business

Update: On Feb 19 Microsoft officially announced the availability of  OneDrive and Former SkyDrive customers will soon be migrated to One drive for more information review the below official announcement.

OneDrive is Now Available Worldwide: Free Cloud Storage for Microsoft, iOS, and Android Devices

Directory Based Edge Blocking Now Available!

I earlier wrote a post on Directory Based Edge Blocking for EOP when Microsoft team updated that this feature will soon be added to the EOP and today Microsoft Team updated the EHLO blog with the availability of Directory Based Edge Blocking for EOP and the changes it incurred in comparison with its predecessor FOPE.

It's good that Microsoft team reviewed the customer concerns and added this feature at the earliest as most of the Organizations are already in the phase of moving to EOP from FOPE, This Transition did not happen along with the Wave 15 Service Upgrade in O365 with most of the tenants. DBED is one of the best feature of FOPE which largely reduced the amount of unwanted Mail flow inside the Organization by filtering the Emails sent from external users using the Directory  information Synchronized from On premise AD and thus maintaining a healthier Mail Flow inside the Organization, and this new feature Addition adds more value to the EOP as a standalone service and also a good new for the O365 customers who are using this feature and also for the one who are yet to adopt this feature along with EOP.

Review the Complete post below for more information

In Deployment: Directory Based Edge Blocking for Exchange Online Protection

Lync Licensing Overview

Understanding Lync Licensing plays a vital role for any Administrator and Organizations choose to deploy either Lync On premises or Lync Online based on their requirement in terms of both Infrastructure design and Business needs, Licensing plays the key part on the deployment which eventually defines the investment that Organization is going to pay the Product vendor for utilizing their service and plan their budget accordingly.

Lync is now one of the robust Unified Communication solution accepted by Major Organizations and getting adopted everywhere now in the IT Infrastructure and Microsoft made their Licensing model flexible according to the needs of the customer based on the features they require in their product for both On premises and Cloud.

Recently I reviewed this excellent post from Lync Support Turkey blog by Lync MVP where this Licensing model is explained clearly along with the available features and the Licensing differences in a nutshell. And this blog  made me write this post in here to share this vital information with readers.

Lync Licensing

Also you can download the Licensing Guide from the below link obtained from the parent blog post above.

Lync Licensing Guide

Additionally, for Exchange Server Licensing have a look at my earlier post below

Importance of Exchange Server Client Access Licenses

Release of the Updated Lync Connectivity Analyzer

Today Microsoft Team released the updated Lync Connectivity Analyzer software and this release contains some bug fixes and also assist us in verifying our Lync Environment Configuration both Lync On premises and Lync Online.

Review the NextHop blog post below for clear details and usage of this tool.

Announcing the Release of the Updated Lync Connectivity Analyzer
 

Download the Tool below

Microsoft Lync Connectivity Analyzer (64 Bit)

Microsoft Lync Connectivity Analyzer (32 Bit)

Lync Duplicate Contacts Issue Fix

Today Microsoft team published a KB article that provides the fix for Lync duplicate Contacts issue, This issue is faced by more users now recently in both On premises and Lync Online Environment and the earlier solution was to manually remove the contacts and its quite a headache and not a proper solution and Microsoft updated this will be fixed in the next Client update and here is the latest update that address this issue.

Review the below The EXPTA blog post on the earlier resolution from our MVP Jeff Guillet

Fix for Excessive Duplicate Contacts

With this updated KB it points us to install Security updates for both Lync 2010 and 2013 Clients and states that post this installation the issue will get fixed. Also it fixes other potential issues along with the duplicate contacts issue.

Review the KB here: http://support.microsoft.com/kb/2916650

Office 365 MX Record Update Deadline...

Microsoft Team already announced that Organizations who are using Office 365 should change their MX records from Generic to domain specific records during their Service Upgrade and the dead line is set to 1 June 2014 and a recent E-mail was sent to the Organizations for notifying the update requirement and it incorrectly showed the deadline as 31 January 2014, which is only few days a head and made confusion and the same was later corrected and  updated by Microsoft team on the MX record update FAQ community blog.

You still have time to make the changes and you can plan accordingly and change the MX to domain specific records with in this deadline for a non-disruptive mail flow.
 

Below is the community post that has this information also you can see more information regarding the need and steps for changing the MX and the vital part is now the Office 365 admin center has been updated to display mail.protection.outlook.com as the zone to use and earlier it was set as mail.eo.outlook.com and if you have already change your MX to the latter then it will also work, and if you about to do it  now then you can use the updated one mentioned in the portal.

You can verify your current MX using the MX Tool box and also review post validating the changes.
  
Review the post here: Update to MX records FAQ

ADFS 3.0 with Office 365

Today I am writing this post here to bring to readers attention about the new ADFS 3.0 which comes as a part of Windows Server 2012 R2 and how we can utilize the new benefits of this Service by knowing its pros and cons and how to deploy the same in to our Organization and make use of it with Office 365.

Review my earlier blog post ADFS in O365 in a Nutshell to understand the role of ADFS and its deployment considerations and see it in action with the provided references as a start.

Also read this Microsoft Knowledge base article to know the Supported Scenarios for providing SSO with ADFS

Supported scenarios for using ADFS to setup single sign-on in Office 365

Check the below article for a quick preview of Single Sign-On for Office 365

Overview of single sign-on for Office 365

In comparison with other Identity management providers ADFS is the most common implementation for SSO with Office 365.

Organizations that already deployed ADFS either use ADFS 2.0 or ADFS 2.1 in their environment for SSO as this a known deployment method so far with office 365 and an essential prerequisite if you are going have a federated domain. You can provide same sign on experience with the new Dirsync Password hash without having federated Identity, and for true SSO ADFS is the best option, Check my earlier blog post "ADFS Vs Password Hash" to know the differences provided with references.

 ADFS comes as a separate download earlier when Organizations made the deployment and serving millions of customers. As the Technology changes by time, now we no longer need to do a separate installation of ADFS as before and  also other significant changes are made to the federation setup with the arrival of the latest Windows Server 2012 R2. Many Organizations already upgraded their environment to the latest Server platform and still some are in their evaluation stages, As everyone know that Windows Server 2012 R2 is a robust product that it predecessors most of of the IT Infrastructure is getting upgraded to this Version and already it marked it presence in most of the private and public cloud offerings.

Review the new ADFS changes here with TechNet:  Active Directory Federation Services Overview

Lets get back to our topic ADFS 2.x based deployment had both internal ADFS servers and external ADFS proxy relies on the IIS, with this latest update it does not relies on IIS and also the ADFS proxy servers are now being replaced with the WAP ( Web Application proxy) where we can eliminate the need of  ADFS proxy servers and use the WAP to publish the ADFS URL to the internet using any of your traditional Reverse proxy system.

I reviewed the below Excellent post from our Microsoft Consultant Marius Solbakken Mellum on his goodworkaround blog where he explains about the above said information clearly along with other vital topics and visually shows us how to setup federation with ADFS 3.0 and also shows us how to publish the ADFS URL to internet using WAP, along with the O365 configuration steps post deployment.

 Howto - ADFS on Windows Server 2012 R2 with Office 365

Also, ensure that you have the latest Windows Azure Active Directory (WAAD) Module for Windows PowerShell installed on your environment and then proceed with the Office 365 federation configuration as this is mandate and a prerequisite to make things work with ADFS 3.0, Refer the below post from our Henrik Walther on the same.

Office 365 Federation using Windows Server 2012 based ADFS Servers 

* Review this below TechNet Blog post from PFE  Rhoderick Milne [MSFT] on the topic with detailed walk-through and real-time demo. This is the first one in series of posts and watch out for the rest of the upcoming posts on his blog which will get published soon.

How To Install ADFS 2012 R2 For Office 365

*Review this below Excellent Blog post from Jack Stromberg on upgrading your Environment from ADFS 2.0 to 3.0 explained step by step with known issues and facts for a successful upgrade.

[Tutorial] Upgrading from ADFS 2.0 (Server 2008 R2) to ADFS 3 (Server 2012 R2)

*One more step by step walk-through post over migrating AD FS 2.0 to AD FS 3.0 from MVP Kelsey Epps 

Migrating AD FS 2.0 to AD FS 3.0 for Office365 Single Sign-On

*Add-on Read: Along with the above blog post from Rhoderick review his recent one below which is really a great post to read and must read I would say because it is quite crucial as it is over securing ADFS access following which will take the Organization's ADFS deployment to the next level.

Enabling ADFS 2012 R2 Extranet Lockout Protection

*Enable Automatic Certificate Roll-over on your ADFS environment to save time and manual intervention of renewing ADFS Token signing certificate, review the below excellent blog post to know more on this with the threshold limits

Understanding AutoCertificateRollover Threshold Properties

*Be sure to read the below troubleshooting article if you have issues accessing Office 365 Services after token signing certificate rollover in an ADFS 2.0 Environment.

AD FS 2.0 token signing certificate roll over results in loss of access to all Office 365 services

*Also keep an eye on the ADFS federation Metadata updates and install the Federation Metadata Update Tool on all your ADFS servers as stated in the below TechNet blog

Federation Metadata Update Tool should be installed with every ADFS and Office 365 deployment

* Be sure to read the new Certificate Renewal documentation below applies to ADFS 2.0 and later

Renewing Federation Certificates for Office 365 and Azure AD

*New Article from MVP Jeff Guillet on Updating Certificates for AD FS 3.0

How to Update Certificates for AD FS 3.0

One more from Rhoderick Milne MSFT 


Updating Windows Server 2012 R2 ADFS SSL and Service Certificates

* Few other Vital Posts on ADFS listed below from Chicken Soup for the Techie TechNet blog which is a good read, This is more on ADFS 2.0 but some are common issues and walkthroughs that are applicable for ADFS 3.0, I reference here so that you wont miss these essential posts.

More information about SSO experience when authenticating via ADFS

Possible causes of Authentications failures for federated users in Office 365

My Environment is not yet upgraded and soon it will be done and these post will be quite useful for me as well as you to evaluate the changes in the Lab domain and proceed with the production, hope will get additional information when I do that and share it with you soon.

Update: 

Recently Microsoft team released  a new update for Windows Server 2012 R2 which adds one more great feature to ADFS 3.0 wherein now users can be identified and authenticated to Microsoft Azure and O365 using a new attribute called " Alternate Login ID" in a federated scenario. This adds real benefit for Organizations who are not using UPN same as E-mail address and also for Organizations who are not using publicly resolvable UPN. Refer the below TechNet article for more details, Currently we don't have any walk through available for this apart from this below TechNet article and soon we can expect Microsoft to update us more on this and will post the related content once I came across in mere future, watch out for updates in the below space...

Here is the Microsoft Knowledge base article published with the update details to install and get this feature.

Update enables an alternative logon ID in AD FS in Windows Server 2012 R2

Configuring Alternate Login ID

* Here comes the real time demo of this great feature from our renowned MVP Sean McNeill on his Office 365 Evangelist blog 

Alternate Username for ADFS 3.0 and Office365

* Official announcement from Microsoft team on this feature with required resources below from Office blogs

Alternate login ID for Office 365 reduces dependence on UPN

Finally, Review the below Microsoft PFE Blog post published recently on enabling this "Alternate Login ID" feature explained clearly with guided walk-through and real-time demo.

Introduction to Active Directory Federation Services (AD FS) AlternateLoginID Feature

Update: 

Alternate Login ID is not supported for Exchange Hybrid deployments, Review the below Excellent write-up on this topic with more details from our renowned Hybrid expert Joe Palarchio, Office 365 Consultant @ Perficient

Review here : Office 365 – The Limitations of Alternate Login ID

Update:

ADFS 2016 is now available as a part of Windows Server 2016, that gives you enhanced benefits to meet today's Organization needs for Identity and Access Management

Know more here: What's new in Active Directory Federation Services for Windows Server 2016

Access the below Excellent step by step guide from Rhoderick Milne MSFT on installing and configuring Windows Server 2016 Active Directory Federation Services (AD FS) for use with Office 365.

How To Install AD FS 2016 For Office 365

Update:

Read the below blog post to o know more on ADFS SSO and Token Lifetime settings 

Active Directory Federation Services (ADFS) Single Sign On (SSO) and token lifetime settings

Update:

Microsoft team made new changes to the Token Lifetime defaults in Azure AD to eliminate multiple Sign-in prompts and improve the end user experience.

Going forward the following defaults will now apply to all new Azure AD Tenants:

• Refresh Token Inactivity: 90 Days
• Single/Multi factor Refresh Token Max Age: until-revoked
• Refresh token Max Age for Confidential Clients: until-revoked

Access the Official Blog post to know more: Changes to the Token Lifetime Defaults in Azure AD

Stay tuned for more updates...

Microsoft Exchange Server 2010 / 2013 PowerShell Cookbook

It's been quite some time since I shared some valuable E-books and today I decided to provide readers with two vital E-books on Exchange Server 2010 and 2013 which is a mandate one to read to know more on how to manage these Servers using PowerShell, If you are a Exchange Admin then you should be well aware about the usage of PowerShell with Exchange Server on day to day basis and we should stop there and we need explore further and start our own Innovation and build Scripts that could make our life easier and as everyone today's world is targeting towards automation at all levels. In order to accomplish this we need a  resource which will provide us a deep dive experience and imagine if that resource is from a Expert who knows how to make you learn the Technology at ease like our renowned Exchange MVPs Jonas Andersson and Mike Pfeiffer.

I am reading these E-books everyday and they made my job easier at many stages and also gave me opportunity to learn the Technology and develop my learning and Administration skills. So, I decided to share my experience with you along with these vital resources for your learning.

E-book Download: Microsoft Exchange Server 2013 PowerShell Cookbook: Second Edition

E-Book Download: Microsoft Exchange 2010 PowerShell Cookbook 

You can get the paperback copy from Amazon using the below links and have it handy and refer whenever required and share it others.

Microsoft Exchange Server 2013 PowerShell Cookbook: Second Edition

Microsoft Exchange 2010 PowerShell Cookbook

Windows Antivirus Exclusion Recommendations (Servers, Clients, and Role-Specific)

Recent post from WindowsITpro made me write this post for you to provide you with the vital documentation from Microsoft team on the Windows Antivirus Exclusions that needs to be set on Server and Client to minimize the impact of issues caused by the Antivirus application used in your Environment because we don't need the Antivirus system to scan some of our Vital folders or applications that could typically cause some impact on the productivity and we normally tend to exclude them as a best practice, some of the Antivirus vendors like Symantec already have specific Exclusion list available based on the specific application with their latest update and they automatically create the exclusion, for example Symantec Mail Security for Microsoft Exchange (SMSMSE)with the latest SEP 11 RU6 MP1 for Exchange Server 2010. But most of the times it becomes the Admin's job to manually set the exclusions with the help of the AV security team with various Antivirus products.

Review and download the documentation for the complete list of exclusion with various products below.

Download here: Windows Antivirus Exclusion Recommendations

Additionally, Review the below TechNet blog post over Exchange Server Exclusions

Exchange and AntiVirus Exclusions – A Critical Conversation

Review the below TechNet Article for Lync Server Exclusions

Antivirus Scanning Exclusions for Lync Server 2013

Microsoft Assessment and Planning (MAP) Toolkit

If your Organization is planning for any Migration of Microsoft Products then the first tool that should come to your mind is the Microsoft Assessment and Planning (MAP) Toolkit. I believe most of you should be aware about it as of now, also it may be new for few of the readers and below is the short description of the Toolkit and the download link.

The Microsoft Assessment and Planning (MAP) Toolkit is an agentless inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8, Windows 7, Office 2013, Office 2010, Office 365, Windows Server 2012 and Windows 2008 R2, SQL Server 2012, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.

 
Download here: Microsoft Assessment and Planning Toolkit

ADFS Vs Password Hash

This post is written here today referencing the latest TechTarget post from our renowned Exchange MVP Michael Van Horenbeeck on the differences between Dirsync Password Hash (Password Sync) and ADFS and Identify which is better by analyzing their pros on cons and get to know how they both function in a single window, I read this post today and its is very informative and must read to know the feature differences of both of these Authentication options and choose the best one for your environment along with other major things to consider and understand both of them in a nutshell.

I have already wrote posts on both Password Hash and ADFS and you can refer them below along with Michael's post to understand the subject more better and what ever Michael is explaining about the authentication with ADFS is clearly mentioned on the Presentation I referenced in the ADFS post visibly for your ease of understanding.

Dirsync - Password hash

ADFS in O365 in a Nutshell

Review Michael's post below from TechTarget

Is Password Sync better than ADFS for Office 365 identity management?

Also read one more excellent feature comparison post from Office365 Tip of the Day blog post from MVP Sean McNeill

ADFS vs DirSync with Password Sync: The User Experience

Importance of Exchange Server Client Access Licenses

Today It's time for us to take a loot at the Importance of Licensing, lets begin by referring the new post from our Exchange MVP Tony Redmond posted on his Exchange Unwashed blog in WindowsIT Pro, this post is a quite significant for all of us to know the importance of Licensing with Exchange Server 2013 and how it varies from his predecessors, what are the different Licenses available and which is the best one to adopt in comparison with each other etc. discussed under a single window.

Check out the post here: Counting Client Access Licenses

Additionally, review the below Microsoft Article to know more on CAL explained in detail. Understanding this is the key to choose right Licensing option when you deploy your IT Infrastructure.

Client Access Licenses and Management Licenses

Also check this below important TechNet How To post for Office 365 Licensing and how it relates to On premises Licenses when you use both the workloads in your environment.

Licensing How To: Using Office 365 user licenses to meet CAL requirements

Five Ways to Ensure a Successful Transition to Office 365 Webcast

Its been quite some time since I posted over the Webcast events available for readers and today I am posting on one of the vital upcoming Webcast for the readers to register and book their calendar for this event.

Office 365 is gaining popularity now and Major Organizations have already started to migrate to complete Cloud Solution or planning for a Hybrid solution and its always good to know what the experts says over some of these transitions and gain adequate knowledge along with other resources and plan our Migration and complete it successfully.

Register yourself for this webcast even from Redmond Magazine sponsored by Dell Inc. and This presentation Scheduled on January 23, 2014 at 11:00 AM Pacific Standard Time.

Register here: Five Ways to Ensure a Successful Transition to Office 365