Category Archives: Exchange Server tips tutorials and expert advice

Exchange Server tips tutorials and expert advice

Prepare for an upgrade to Exchange 2016 with these pointers

As a new version of Exchange Server draws near, an enterprise with an on-premises messaging platform must decide…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

if it will upgrade, migrate to the cloud or wait until the next major release of Exchange.

Many organizations that choose to stay on premises generally make this determination due to business requirements or to prolong a significant investment in infrastructure. Some enterprises might hold off on an upgrade to Exchange 2016 since Exchange 2019 isn’t far off — Microsoft says to expect a final release at the end of 2018.

If a business recently moved to Exchange 2013, it may prefer to stay on premises until this new version arrives. But the tradeoff is the company must wait a bit longer to get more modern features and enhanced security capabilities that can benefit the organization now.

But the choice to upgrade also brings challenges. Administrators must prepare their environment, their teams and end users for the substantial change.

So, what are some areas IT must prepare for when they consider an upgrade to Exchange 2016 from a legacy version? And, once the upgrade is done, what can they do to ensure they can adequately support the platform?

Plan and define the Exchange 2016 requirements

Whenever administrators look to upgrade the messaging platform, they should right-size for the latest Exchange environment to ensure the new version functions appropriately, and can accommodate changes and growth. Administrators can use several online resources, but most rely on a useful calculator from Microsoft. The Excel template, named the Exchange Server Role Requirements Calculator, offers IT a way to quickly assess the numerous requirements around the following critical areas:

  • Role requirements
  • Volume requirements
  • Backup requirements
  • Replication requirements
  • Storage design
  • Distribution
  • Activation scenarios

Get ready for the new Exchange Server

After designing the environment in the design phase, IT can then build it with the latest updates and patches on all the servers. Microsoft recommends either Windows Server 2012 R2 or Windows Server 2016 as the server OS for Exchange 2016.

Make sure to update the .NET Framework; it is a crucial component of Exchange 2016 that determines the performance and reliability of Exchange functions.

If responsiveness is an issue after the upgrade to Exchange 2016, administrators will need to dig through the usual suspects. Check the storage and networking hardware configurations, power settings for the CPU or network interfaces, and review the sizing and architecture of the Exchange environment.

Keep up with monitoring and health checks

Once the business completes its upgrade to Exchange 2016, admins must keep the new environment healthy with regular maintenance. This doesn’t require expensive software — just due diligence. Many admins stick with simple tools, such as Paul Cunningham’s Health Report for an Exchange Server PowerShell script, System Monitor (Perfmon) counters and other utilities to keep an eye on Exchange logs and monitor the overall health of the system.

Use the right tools to troubleshoot other problems

Even with thorough planning and a flawless upgrade to Exchange 2016, administrators might face some issues or challenges with the system after deployment. Be prepared to troubleshoot any problems that could arise by gaining an understanding of PowerShell and Log Parser, and any Exchange-specific utilities that identify the source of errors or email issues.

Dig Deeper on Microsoft Exchange Server 2016

Determine if an Exchange Online migration makes sense

it just concerns moving email to the cloud. But there is a whole product suite to consider as part of this process.

The decision to shift from an on-premises email platform is not easy. Before the organization commits to this move, look at the transition from both a strategic and a technical perspective. There are a series of questions that should be answered before making the decision to switch to Exchange Online.

Is Exchange Online right for this organization?

Remember that Exchange Online is part of the Office 365 suite and is more than just email. The platform’s services address many business needs, such as file shares, document sharing, collaboration tools and simple word processing. And with certain licenses, if you buy Exchange Online, you own many of these other tools as well.

With that in mind, review the business issues below to see if an Exchange Online migration makes sense for the company:

  • The employees work in silos and require a tool to tear down these walls.
  • While emails don’t include client information, the system should automatically check that sensitive information is not sent.
  • Security is a priority. A lot of effort is made to keep that technology up to date.
  • Some employees get 250 email messages a day and must work collaboratively with other teams.
  • Company data sits in many different places, including email. Data management must be simplified.

While email is definitely part of the challenge, it’s not the only tool that runs teams and organizations. These hurdles should not hold up an Exchange Online migration. If email is a priority, consider making this phase one of the project, and then, deploy the additional tools your organization needs in different phases of the project at a later date.

Work out a path to a solid migration

Once the business works out the strategic approach, dive into the technical considerations for a smooth Exchange Online migration. First, find answers to the following questions because they will influence the user experience (UX), design and amount of time to deploy.

Should the UX be seamless, or will users log in with different credentials for Office 365 email?

Answer: I find larger organizations do not want users to log in separately, whereas smaller ones are more flexible in this area. That said, most businesses want a seamless UX. A business that wants to give users more streamlined access to resources should discuss how to implement Azure Active Directory Connect to set up password sync and single sign-on. Federation is not required, but organizations that already have it implemented find it is a good option for them. If federation is not in your environment, then look at other options.

Does the business need a failback plan?

Answer: Organizations often see a migration to the cloud as one way, but a failback plan should be included in the planning process. Ask yourself this: Would your organization migrate its on-premises Exchange deployment to a new server without a failback plan? For most companies, the answer is typically no. The only exception tends to be the very small business that just wants to be in the cloud and not maintain costly on-site infrastructure. With a failback option, the migration will be done in hybrid mode with the Hybrid Configuration Wizard. The ability to fail back mailboxes or migrated components if an unexpected issue arises provides a measure of stability for the business.

Does the business need to back up email data in Exchange Online?

Answer: This question seems straightforward, but the answer is complicated. If the business is OK without the ability to restore a mailbox, then this might work. The Deleted Item Recovery feature keeps messages for 30 days, and the retention hold options can be used to retain messages beyond 30 days. Does the organization need a way to restore a mailbox when it’s gone or recover individual items beyond 30 days? With answers to those questions, the company can then work to produce the correct technical implementation that best supports its email requirements.

Consider what the business uses in its on-premises deployment and whether that should apply in the cloud. Each organization is different from a technical perspective, so there is more to think about. These questions will help prepare the groundwork when the time comes to make a decision about an Exchange Online migration.

Set up remote domains to control Exchange messaging

information can land in an external recipient’s inbox if the Exchange admin doesn’t use remote domains.

Most organizations have certain external recipients that users send mail to on a regular basis. Exchange Online administrators can control the types of messages and the email format sent to such recipients — and anyone else in the recipient’s domain — by defining a series of remote domains.

Remote domains enforce the organization’s mail flow preferences for recipients in specific domains. Those domains usually belong to a partner organization or vendor, although some businesses use them to restrict the delivery of messages deemed sensitive or undesirable. For example, the organization might block out-of-office messages or automatic replies from going to the remote domain.

A remote domain almost always corresponds to a domain name that does not belong to the organization. Technically speaking, an organization can own the domain name, but it cannot appear within Exchange’s list of accepted domains.

How to set up a remote domain

To configure remote domains, log in to the Exchange Admin Center, and go to Mail Flow > Remote Domains. To add a remote domain, click the Add icon, and then type a display name and the domain. In addition to individual subdomains, admins can also use wildcard characters. For example, to add the poseylab.com domain and its subdomains, enter *.poseylab.com, as shown below.

The settings here will override any configuration or rules a user sets up through a mail client, such as Outlook or Outlook Web App.

Wildcard characters
Admins can use wildcard characters to add subdomains.

The dialog box also contains a number of different options to configure the behavior of communications with recipients in the remote domain.

The first section relates to out-of-office automatic replies. The admin can adjust settings to control whether automatic replies go to recipients in the remote domain but also whether those recipients should receive external or internal replies.

Admins adjust the automatic replies portion, as well as automatic forwarding, for recipients in the remote domain.

In the message reporting section, the admin manages both delivery and nondelivery reports, as well as meeting forward notifications, for recipients in the remote domain.

Lastly, select whether to allow the use of Rich Text Format, the Multipurpose Internet Mail Extension character set and the non-MIME character set. Admins can adjust these settings for users on other messaging platforms that cannot process certain formats and send out a winmail.dat attachment to a message as a result.

Save the changes to add the new remote domain. Admins can always adjust the rules for the remote domain by selecting it and clicking the Edit button.

The remote domains list also contains a default remote domain, which cannot be removed. Exchange uses the default domain to control what happens when mail is received from any domain not on the list of remote domains. Admins can edit the default remote domain, which has identical settings to the custom remote domain.

Multi-geo service tackles Office 365 data residency issues

Many modern enterprises have workers in offices spread all over the world. While there are numerous advantages…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

to a multinational organization, the complexities of managing the data generated by a global workforce can vex even the most adept Office 365 administrator.

When the admin creates the Office 365 tenant, the Exchange Online mailboxes reside in a specific geographic region determined by the organization’s billing address. The mailboxes may be replicated to different data centers within that geographic region. To meet data residency requirements, organizations can create multiple Office 365 tenancies in different geographic regions, but this increases overall administrative complexity.

To address these Office 365 data residency needs and streamline how businesses handle them, Microsoft designed what it calls multi-geo capabilities. With multi-geo, organizations that use Exchange Online can store a mailbox in one of multiple geographic regions within a single Office 365 tenancy.

Here is some information on the multi-geo feature and its configuration for Office 365 data residency.

Multi-geo comes with restrictions

As of publication, the multi-geo feature is in a selective preview stage for Exchange Online and OneDrive for Business. Microsoft plans to release it into general availability for those services in the first half of 2018. The company intends to add multi-geo to SharePoint Online with a preview expected in the first half of 2018. Microsoft said it might add this capability to other Office 365 apps, such as Microsoft Teams, but it has not given any timelines.

However, the multi-geo service comes with restrictions. For example, the India and South Korea geographic regions are only available to organizations with licenses and billing addresses there. Other regions, such as France, are not yet available.

Microsoft recommends an organization with questions about the multi-geo feature talk to its Microsoft account team. The company has yet to unveil licensing details for the service.

Multi-geo introduces new terminology

Home geo is the term Microsoft uses for the geographic region where the Office 365 tenancy was created. Regions that the organization adds later are known as satellite geos. The multi-geo feature provisions new mailboxes in the home geo by default, but admins can start them in a satellite geo.

The organization can move existing mailboxes between home and satellite geos. This operation should not adversely affect workers because the mailboxes will remain in the same Office 365 tenancy, and the Autodiscover service automatically locates the user’s mailbox in the background. However, Microsoft said the multi-geo service does not support Exchange public folders, which must reside in the home geo.

Organizations should monitor the Microsoft Office 365 roadmap for changes in support of the multi-geo service.

PowerShell cmdlets adjust regions

In organizations where directory synchronization hasn’t been deployed, administrators can use two PowerShell cmdlets to set configuration parameters for the multi-geo feature.

Admins can use the Set-MsolCompanyAllowedDataLocation cmdlet from the Azure Active Directory (AD) PowerShell module to set up the additional geographic regions in the Office 365 tenant.

The Set-MsolUser cmdlet features a PreferredDataLocation parameter to specify the geographic region that will store the user’s Exchange Online mailbox and OneDrive for Business files. A user account can only have one PreferredDataLocation for those services.

Considerations with directory synchronization

Businesses that have deployed directory synchronization and run a hybrid configuration of Exchange, where some mailboxes are stored on premises and others in Exchange Online, need a new version of Azure AD Connect to support the multi-geo feature. Azure AD Connect synchronizes an on-premises AD user account custom attribute into the PreferredDataLocation attribute in Azure AD.

The admin sets up the geographic region of the user’s Exchange Online mailbox with the AD on-premises custom attribute. After the value is synchronized with Azure AD, Exchange Online uses that setting to place the mailbox in the proper region. This enables admins to adjust settings in on-premises AD accounts to control the geographical region of Exchange Online mailboxes.

Next Steps

Keep Office 365 data secure

Microsoft adds data loss prevention features across services

Back up Office 365 before disaster strikes

Use eseutil for Exchange database repair with care

by making a hasty attempt to get the platform back online without careful planning.

Don’t rush in and start immediate repairs with the command-line tool eseutil. While eseutil is a powerful tool for Exchange database repair work, use it wrong and it can make matters worse. Admins must understand the different functions of eseutil and when their use is appropriate.

Not every problem requires eseutil

Admins can use eseutil for several significantly different Exchange database repair procedures: to defrag a database, to recover damaged page files or to perform a roll-forward recovery of a database. The roll-forward option restores the backed-up data, then runs the transaction logs to recover the cached data.

But the best time to run eseutil depends on the circumstances. Use it in repair mode solely as a last resort when several things go wrong in the environment. If you can’t mount the database and restore backups, it might be your only option.

When database and streaming files don’t match

A failure can cause Exchange to dismount a database. This often happens when the streaming file (STM) and the database file (EDB) are not synchronized. When eseutil starts a database repair, it first checks that the STM file is in sync with the EDB file. If eseutil finds those two files do not match, it will error out.

By forcing eseutil to run an Exchange database repair despite this condition, the admin might lose all data held in the streaming file. The following command ignores the mismatch error and runs the repair:

eseutil /P .edb /I

This command has consequences. The STM file primarily holds user data from Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP) clients, so if all clients run Outlook, ignore an STM file mismatch. Conversely, if a large number of clients connect to Exchange servers with POP3 or IMAP, then forcing a repair though an STM file mismatch usually results in data loss.

Restore and roll forward

If the Exchange databases have proper backups, restore and roll forward a database rather than attempt a repair.

This process takes less time and comes with lower risk of data loss. By comparison, even a lightly corrupted database takes around an hour to repair each 5 GB of the database. With the size of databases in most production environments, that’s a significant time investment.

To perform a restore and roll forward, an admin needs two things: a good recent backup of the database and all the transaction logs created after that backup. If both conditions are met, run this command to restore the database and roll it forward:
eseutil /CC

Complete these Exchange database repair steps

Once eseutil completes the repair mode, there are still three tasks to execute before the admin can mount the database.

  1. Run eseutil /D (defrag) against the database.
  2. Run isinteg –fix, which uses another Exchange utility to check the integrity of the newly repaired and defragmented database.
  3. Back up the database.

Management will want the Exchange database mounted and operational as soon as possible, but admins shouldn’t skip these steps. While it’s possible to mount the database after the eseutil repair finishes, the database is not stable until you complete the first two steps, and it’s not safe until the backup is done.

Office 365 compliance features keep data locked down

Stricter guidelines for compliance regarding messaging retention are forthcoming thanks to rules such as the EU…

General Data Protection Regulation. Administrators new to Office 365 must learn the nuance of this service’s features to prepare for these changes.

Office 365 compliance features differ with those of on-premises systems, such as Exchange Server. The tools to identify, retain and remove data are built in to the Office 365 Security & Compliance Center. This portal enables businesses to keep data for as long as necessary without third-party tools or extra storage, and it works across Microsoft’s cloud services.

This article looks at the Office 365 compliance features, where they lack and how admins can adjust for these shortcomings.

Master the Office 365 Security & Compliance Center

Until recently, Office 365 mirrored its on-premises counterpart — IT managers administered and managed compliance within each individual service. To keep data in Exchange Online, the admin would adjust settings in the Exchange Admin Center with terminology specific to Exchange. It works the same with SharePoint Online.

The Security & Compliance Center changes all this. It uses a unified portal to manage compliance functionality across the Office 365 suite. Admins use the portal to create policies for all data within the Office 365 tenant. Admins also use this section to perform discovery and searches across multiple services within Office 365.

Office 365 Security & Compliance Center
Figure 1: Admins use the Security & Compliance Center to handle compliance tasks for data across the Office 365 suite.

Admins use the Security & Compliance Center to manage data in several areas. Your organization might need more than one of these Office 365 compliance features.

  • Data loss prevention (DLP): This section identifies sensitive content automatically and prevents users from uploading or sharing the data externally or internally.
  • Data governance: This area sets policies across Office 365. It works to define how long to keep, and when to remove, data. Admins can also archive data or mark it for supervision review.
  • Classifications: This section lets admins define labels to tag content in OneDrive, SharePoint and Exchange services. These labels work with the data governance function to categorize data and apply preservation rules.
  • Sensitive information types: These definitions automatically match data, such as credit card or Social Security numbers. Built-in definitions cover most financial, medical, health and personal data, and admins can also add customized definitions. DLP functions and classifications use these definitions to auto detect sensitive data.

Understand the capabilities of Office 365 compliance features

An enterprise’s most common compliance requirement is to keep all data for a certain amount of time. Most organizations must retain data for five to 10 years, although the requirement is longer for some.

With an on-premises mailbox server, organizations typically use email journaling for compliance purposes. An email journal makes a copy of every email message — this includes the message envelope and BCC recipients — on a separate system. The business retains the copy for as long as necessary.

[embedded content]

How to build new labels in Office 365
then publish them with a policy.

Organizations on Office 365 do not need a product that copies and stores data from Exchange or SharePoint. If a worker alters or removes data from the mailbox, SharePoint sites or OneDrive for Business, data governance keeps the original in Office 365.

In Figure 2, an admin creates a policy that targets all Office 365 data. The preservation lock feature prevents the Office 365 administrator from removing the policy to add an extra layer of security.

Office 365 policies
Figure 2: This policy protects data in all areas of the Office 365 suite.

Use DLP to hinder leaks

Many organizations with on-premises messaging servers try to prevent disclosures of sensitive data in email with edge-based DLP tools. But edge-based DLP tools only defend the email gateway and do not account for other ways users share sensitive information. Unless it integrates with OneDrive or SharePoint, an edge-based DLP tool does not scan documents included as a link, rather than an attachment, in email.

Office 365 DLP works across both Exchange and SharePoint and prevents sensitive data from being uploaded and shared. For example, admins can configure Office 365 DLP to prevent users from sending a list of credit card numbers to a OneDrive for Business account. Alternatively, admins can set a DLP policy to stop users from sharing credit card numbers with external guests.

New DLP policy
Figure 3: This Office 365 DLP policy sends an alert if the content includes insurance information or passport numbers.

The classifications feature identifies and marks this sensitive data for retention and removal. Autolabel policies can search for data across Exchange, SharePoint and OneDrive by keyword. The admin can further adjust settings in sensitive information types to mark data and remove it.

Who needs to take the Exchange 2016 exam?

IT pros debate whether it’s worth the effort to pursue a Microsoft certification. But in a job search, it can tip…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

the scales in favor of one candidate over another.

For Exchange administrators, the 70-345 exam covers the design and deployment of Exchange Server 2016. The test poses installation and troubleshooting questions that range from mailbox database issues to data loss prevention setup.

Microsoft recommends test-takers have at least three years of experience with the management and design of Exchange Server and familiarize themselves with the integration of Exchange Server with Office 365 and Skype for Business. Admins should also have a strong grasp on PowerShell and comprehensive networking skills.

IT pros build credit toward a Microsoft Certified Solutions Expert (MCSE) certification by passing the Exchange 2016 exam. However, Microsoft certification exams do not define IT pros. There are many “paper MCSEs” — admins who don’t know how to manage the products covered by the exams they passed. Conversely, others are well-versed in specific Microsoft products but never took a certification exam.

IT pros should ask themselves these questions before they opt to take the Exchange 2016 exam.

Will I benefit from passing the Exchange 2016 exam?

If you think a Microsoft certification exam will get you promoted, start studying.

When I started my career as an IT professional in the 1990s, Microsoft exams were crucial. My first MCSE was a huge stepping stone in my professional development and helped me get a significantly better position. I can’t say that every exam I took was completely relevant or made me a better IT professional, but they helped me get jobs. If you think a Microsoft certification exam will get you promoted, start studying. These tests are great for IT rookies.

For experienced IT admins? Not so much. I’ve passed the latest version of the Exchange Microsoft Certified Solutions Master exam, so I don’t see much benefit in another Exchange MCSE test. The answer will vary depending on the trajectory of each admin’s career.

How is this exam different from earlier Exchange tests?

Admins with experience on previous exams for Exchange or other Microsoft technologies might think they know what to expect. In many ways, the 70-345 exam is more of the same, but there are a few key changes.

First, there is only one Exchange 2016 exam, whereas there were two tests for Exchange 2013. The exam isn’t harder, just more concentrated. There are fewer overall Exchange questions, but Microsoft removed the easy ones. In that regard, the margin for error is smaller.

Second, Microsoft Learning modernized its certification exams to make them more relevant to today’s workplace. They have improved questions in the 70-345 exam in that they are more focused with fewer debatable answer choices.

Is on-premises Exchange even a thing anymore?

This is an important question for anyone who wants to invest their time and money to train for any technology.

Microsoft encourages businesses to move to the cloud, but that isn’t an option for many enterprises. As long as demand remains for on-premises Exchange, Microsoft will develop the product. It’s possible Exchange 2019 will require an Office 365 subscription, but admins would still need to know how to manage Exchange.

On-premises Exchange will likely remain in many enterprises for some time, at least through Exchange 2019. If your organization doesn’t plan to move to the cloud, an on-premises certification brings value.

Do I need practical experience to pass the Exchange 2016 exam?

I’ve worked with Microsoft Learning to write certification tests, and while the current exams are now more based on the real world, admins can probably pass the 70-345 exam without in-production experience on Exchange 2016.

But preparation still matters. Most test-takers rush to finish Microsoft’s test. Admins receive only 150 minutes for each exam. I recommend that IT admins build a lab and play with Exchange to maximize your familiarity with the platform.

Next Steps

Some of the available Microsoft certifications

Use these tips to prepare for Microsoft certification

Be ready to show technical expertise in an MCSE exam

Don’t get hung up on Office 365 Cloud PBX pitfalls

For IT administrators, the value of Microsoft’s Office 365 Cloud PBX service is that it consolidates telephony…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

services with email messages and cloud storage in one consumable portal. But make no mistake, this is not plug-and-play.

Admins must be sure their in-house business technology is compatible with the service to get all of its features. Office 365 Cloud PBX with public switched telephone network (PSTN) dialing capabilities enables workers to use Skype for Business Online to:

  • place, receive, transfer and mute calls;
  • click a name in the address book and call the contact; and
  • use mobile devices, a headset with a laptop or PC or an IP phone that works with Skype for Business.

However, the real benefit is that Cloud PBX integrates those features into the Office 365 portal. Admins manage all the Office 365 services, which include mailboxes and licenses, in one place and need only contact one vendor should a problem arise. But like any move to a cloud service, it requires planning and preparation.

Here are some benefits of Office 365 Cloud PBX and tips on how to easily transition to the cloud service.

Office 365 now fully replicates on premises

Many IT admins use the administrative console to handle some of the major applications within Office 365, such as Exchange, SharePoint, licensing and Skype for Business.

But Office 365 didn’t fully replace on-premises servers until Microsoft included a PBX service in the E5 subscription plan. Office 365 Cloud PBX includes critical features, such as call queues and an automated attendant, to make the service more comparable — and, therefore, a full-blown replacement — to Exchange Server for businesses.

Microsoft catches up on needed features

Businesses expect modern unified communications (UC)  platforms to offer advanced features, such as collaboration tools, mobility, call routing, hunt groups, instant messaging, presence technology, voicemail on the go and portability to take an extension or direct inward dialing anywhere users want. Businesses wish to use these platforms as a service and don’t expect to purchase hardware other than the clients’ handsets.

However, many admins found that Office 365 E5’s early release fell short. The main complaint was that it lacked two essential features: automated attendant functionality and call queues.

Office 365 didn’t fully replace on-premises servers until Microsoft included a PBX service in the E5 subscription plan.

Microsoft finally released those capabilities for general Office 365 tenants in April 2017. The company offered Skype for Business Online as a complete, hosted option with enterprise features and functions that are comparable to its on-premises counterpart. This means IT administrators don’t deal with the complexities and challenges of an on-premises voice over IP (VoIP) and keep the crucial features that the enterprise needs.

Microsoft will replace Skype for Business Online with Microsoft Teams likely by 2020, a problematic development for companies that rely on the former for telephony services.

IT considerations before a move

The introduction of a cloud-based UC system requires planning and preparation. Consider the following checklist before you bring Office 365 Cloud PBX into the business.

Avoid points of failure: Like an email server, a phone is a critical communication component. Before you install Office 365 Cloud PBX, make sure your system has multiple reliable network connections. For example, a manufacturing firm located in a rural area can’t switch its phone system to the cloud without this redundancy.

Look into new handsets: Before an organization replaces its existing VoIP with Skype for Business, IT needs to determine if the legacy handsets work with Office 365 Cloud PBX. Microsoft supports several hardware vendors, but Skype for Business with PSTN might not be compatible with some handsets. Check your firmware requirements.

Consider compliance requirements: Security is always a concern when an enterprise moves data into the cloud. Office 365 provides functionality, such as specific rules and policies, to help enterprises meet compliance obligations in email messages, archives and e-discovery. Skype for Business includes similar capabilities to archive and search for messages and interactions. In addition, admins can access detailed audit trails on communications for security reviews.

Monitor usage to manage costs: IT admins that oversee corporate mobile devices should know how to monitor data usage; it helps them stay on budget, and it identifies which resources each user consumes. Similarly, Skype for Business offers domestic and international plans with a set number of minutes. IT admins should examine several reports to monitor those plans and manage costs.

Next Steps

Survey the entire landscape before an Office 365 move

Vendors struggle with mobile unified communications

Steps to use Skype for Business in your business

Cloud App Discovery spotlights shadow IT users

Do you know what end users do with a company’s data? Do they use Dropbox to share documents with clients? Discuss…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

trade secrets via Slack? Plan secret projects on Trello? The Cloud App Discovery feature in Office 365 reveals certain shadow IT practices admins need to know to secure the enterprise.

End users often enlist cloud services to perform their jobs, but the practice of introducing unsanctioned apps invites risk. It circumvents security practices, which potentially opens the company to an unexpected compliance issue or a cyberattack. Cloud App Discovery uncovers shadow IT without the need to implement agent-based software on users’ computers and mobile devices.

Here’s how to identify and monitor use of unauthorized cloud services within the organization — and what to do about it.

Find hidden app usage with Cloud App Discovery

Office 365’s E3 subscription includes Cloud App Discovery, a component of Cloud App Security. This service interprets log files from web proxy servers, firewalls and network devices, such as wireless access points and switches, to create a visual picture of the shadow IT services used in the organization.

Cloud App Security dashboard
Figure 1. The Discover tab in Office 365 Cloud App Security presents a visual summary of shadow IT services used in the organization.

The Office 365 version of Cloud App Discovery indicates services that have similar functions to Office 365 apps, especially productivity services. Therefore, the discovered apps section does not include nonproductivity applications. We’ll show how to uncover those later in this article.

Create reports of productivity apps

Cloud App Discovery uses logs taken from a network device that sits between end users and the internet. The Cloud App Discovery service supports common log file formats, such as those generated by Cisco access points, open source web proxy servers or third-party cloud services, such as Symantec Websense.

The admin then accesses the Cloud App Discovery feature from the Security & Compliance Center. Download a log file from the network device in a format that Cloud App Discovery supports, navigate to the main console and choose Discover > Create new snapshot report.

Search for and specify the log format from the list, then upload the log file. Office 365 takes up to 24 hours to process and display the results.

Log file upload
Figure 2. To create a new snapshot report, search for the log format you want to use, and upload the log file.

Navigate to Discover > Manage snapshot reports to see the uploaded file. Office 365 shows processed reports as Ready.

Manage snapshot reports
Figure 3. The snapshot reports section indicates when the admin uploaded the report and its status.

The report shows the productivity apps in use from the Office 365 platform and from other cloud services. Select an app to open an Excel spreadsheet for more details, such as how many users accessed the service, how many times users accessed it and the amount of traffic uploaded to and downloaded from the service.

Discovered apps
Figure 4. View the report to see the productivity apps that are in use and to see detailed information about each app.

Automate the log upload process

Organizations that subscribe to Enterprise Mobility and Security (EMS) E3 can extend Cloud App Discovery’s functionality in several powerful ways.

The continuous reports feature automates log uploads through a customized VM with a syslog server and an HTTPS uploader.

To configure continuous reports, use the Discover > Upload logs automatically option in Cloud App Security. The admin adds a data source, which replaces the uploaded log file. The admin then defines a log collector and links it to the data source, which generates the information to deploy the Hyper-V or VMware VM.

After the VM deploys, configure one or more network devices to send data to the log collector in the format that matches the defined data source. Figure 5 shows an example of a Cisco Meraki device set up to send URL data in syslog format to the log collector’s VM IP address.

Configure URL data
Figure 5. Configure a network device to send data to the VM IP address for the log collector.

After about 24 hours, results from logged data will appear in the Cloud App Discovery section. The admin accesses both real-time and historic information related to app usage.

Cloud App Discovery dashboard
Figure 6. The Cloud App Discovery dashboard shows current app usage statistics and provides access to historical information.

See the threat level of shadow IT services

Aside from productivity services — such as webmail, cloud storage and content sharing — Cloud App Discovery also provides visibility into other areas. The EMS-based version of the tool detects internet of things devices, cloud service use from providers such as Amazon Web Services and visits to websites.

Cloud App Discovery ranks the discovered services based on risk score from one to 10. A lower score indicates a more suspicious application. The Cloud Discovery service determines the rank through assessment of security policies, such as where the data resides, who has access, who has control and whether organizations can prevent unauthorized access.

Apps designed for enterprise use, such as Google’s G Suite, get good scores. Services that provide less organizational control, such as WhatsApp, receive poor grades.

WhatsApp is considered a risky service because no one has administrative control. For example, a financial advisor who communicates with a client over WhatsApp could breach regulations because the business cannot record the conversation for future discovery.

View the detailed report on each service, and decide whether to approve the cloud service.

Figure 7 lists the services with usage statistics and threat level:

Discovered apps tab
Figure 7. The Discovered apps tab lists the services used on the company network with details on the traffic used and the risk score.

Take action against shadow IT

Administrators should take action when armed with data from Cloud App Discovery. If workers use Trello, Slack and Box, then admins should deploy the corresponding Office 365 services — Planner, Teams and OneDrive for Business, respectively.

However, IT should still take action even if the business can’t make these Office 365 apps immediately available. In that case, let end users know that the company plans to roll out Microsoft services to replace shadow IT apps. Explain the benefits of the move, such as service integration across the Office 365 suite.

The EMS-integrated capabilities give admins a way to configure security alerts when workers use these unsanctioned apps. Part of the continuous reports feature partially controls the use of apps. For example, an admin creates a rule that identifies when a user downloads a lot of data from Office 365 and then uploads a lot of data to Dropbox. When the rule detects this activity, the admin gets an alert and notifies the security team to block that user’s access to Office 365.

Next Steps

Slack or Microsoft Teams: Which one makes more sense?

Shadow IT dangers present best opportunity to use cloud access security brokers

Regulate shadow IT to reduce risk

Office 365 admin portal updates offer new insights

the data center. But Microsoft’s updates to its Office 365 admin portal give IT visibility into the platform to assist with training and troubleshooting.

Office 365 reduces an organization’s on-premises infrastructure and applications, such as email servers and SharePoint, in favor of a hybrid or pure cloud play. With this shift, admins spend more time monitoring the status of Office 365 services to stay abreast of disruptions and outages that potentially affect users.

The service health dashboard is a critical part of the Office 365 admin portal for administrators. It provides a single place to check the status of their online services and determine if a disruption impacts the business. Recent enhancements to the portal relate to the overall health of the services, and others focus on ways for admins to encourage user adoption of the platform.

Microsoft overhauls the Office 365 service health overview

The summary view of the Office 365 service health dashboard gives admins an indication of any trouble at a glance. This area displays any recent incidents and advisories from Microsoft and also includes messages about planned maintenance to the platform. Microsoft notifies customers at least five days prior to any work that affects service performance.

If there is an ongoing issue, administrators drill into the service to get additional details. Microsoft also provides access to historical data of service problems that admins further segment with date filters.

Office 365 service disruption
Figure 1. The summary view of the Office 365 service health section indicates when a disruption occurred.

Power BI dashboards share user insights

Other updates in the Office 365 admin portal include new service usage dashboards to enable administrators and business leaders to see statistics on end-user activity in the different workloads.

Administrators must configure the free Power BI subscription and activate the Office 365 adoption content pack — found under the Reports > Usage section on the left navigation menu — to produce the dashboards.

After the setup, the Power BI service pulls in usage data to populate dashboards with valuable insights related to user activity in Exchange, Skype for Business, OneDrive, SharePoint and Yammer; user adoption by product, department and region; and assigned licenses. The dashboards are then available through PowerBI.com or from a mobile device or a tablet that runs an iOS, Android or Windows platform.

Power BI dashboards
Figure 2. PowerBI.com displays the dashboards related to Office 365 service usage.

Through Power BI, administrators gain access to advanced interactive capabilities. If the admin asks a question, the system responds with data visualizations. For example, Power BI generated the chart in Figure 3 in response to the request for “Total active users by product.”

Active users query
Figure 3. Power BI generates visual data based on queries from the administrator, such as active users for each product.

Microsoft also improved the visibility into directory synchronization services. The health of this service is critical because it relates to the connectivity and synchronization between Active Directory in the client’s environment and Office 365. A problem with this service can result in issues with user account synchronization.

Administrators monitor this area under Directory Synchronization services in the service health section.

More visibility on the horizon

Microsoft’s roadmap indicates the company plans to release more features in the Office 365 service health section to provide:

  • specific user monitoring capabilities;
  • access to user-level details;
  • automated service health notifications via SMS or email; and
  • ability to send faster incident reports.

The new usage reports gauge the level of end-user engagement with different services and products. Some system engineers still have the native Office 365 admin portal reports to track service use if they prefer it over Power BI.