Office 365 Evangelist

It has been a busy and big week for Microsoft! I want to again thank all the attendees that participated in the 2^nd Office 365 International User Group Meeting, quick recap here. The numbers of attendees almost doubled and our website http://www.office365union.com was launched and is adding more information and content almost daily.

Office 365 News:

Office 365 for U.S. Government announcement: http://blogs.office.com/b/microsoft_office_365_blog/archive/2012/05/30/announcing-office-365-for-government-a-us-government-community-cloud.aspx

Office 365 FISMA Certification: http://blogs.office.com/b/microsoft_office_365_blog/archive/2012/05/03/fisma-security-certification-office-365.aspx

Microsoft Celebrates U.S. Small Business with Office 365: http://news.softpedia.com/news/Microsoft-Celebrates-9-6-Million-US-Small-Businesses-with-Office-365-270578.shtml

Can Office 365 beat Google Apps? (Spoiler alert, obviously if I am posting it, the answer is YES): http://www.cio.com/article/705945/Can_Google_Apps_Unseat_Microsoft_Office_and_Exchange_

Great Office 365 Blogs to follow (From http://www.office365union.com/Pages/Resources.aspx)

Loryan Strant, Office 365 MVP- http://thecloudmouth.com

Rene Modery, Office 365 MVP – http://modery.net/

Jethro Seghers, Office 365 MVP – http://www.j-solutions.be

Martina Groom, Office 365 MVP – http://blog.atwork.at/

Sean McNeill – http://office365evangelist.com Kinda partial to this one J

Nick Bowyer – http://itprofessional.co.nz/

Robert Pearman – http://titlerequired.com/

Windows 8 Client and Windows Server 2012 News:

Windows 8 Client Release Preview Availability: http://www.microsoft.com/en-us/news/Press/2012/May12/05-31Windows8RPPR.aspx I am in the process of installing this on my tablet while writing this post!

Windows Server 2012 Release Candidate Availability: http://blogs.technet.com/b/windowsserver/archive/2012/05/31/windows-server-2012-release-candidate-available-now.aspx Will be working on this update next for my laptop dual boot!

Yesterday we held the second Office 365 International User Group meeting. I was very pleased with the meeting and especially the increased attendance. The main presentation for this meeting was around the different training model that Cloud Services brings to the table. This presentation was put together by Brett Hill (@brettHill) but due to some travel delays he was not able to join the meeting; Loryan Strant (@TheCloudMouth) stepped in and presented the information, Thanks Loryan!

We also had Rene Modery (@Modery) show off the website for the group, www.office365union.com. While the site is still being developed, it is a start and just this morning I added several items of interest to the Resources section. Please check out the website and let me know what you think. We have plans to add a Forum section and are looking for any input you can provide!

So I have been very busy moving clients to Office 365, traveling for speaking engagements (sounds much more prestigious that it sounds) and balancing a home life to be able to blog regularly. So this is a recap of numerous Office 365 (and other) updates over the last couple weeks.

First off, this coming Tuesday, May 29^th at 8pm GMT is the second Office 365 International User Group meeting. I encourage you to attend if you have any interest in Office 365, please go here to get the Lync meeting invite: http://home.office365evangelist.com/Pages/Office365UserGroup.aspx

Here is our schedule for the second meeting:

All times GMT

8:00pm Meeting start…small discussions until we get everyone connected

8:15pm Website Unveiling

8:30pm Deployment Pitfalls Open Discussion

9:00pm Vendor Spotlight – Office365answers.com – Brett Hill

9:30 pm Open discussion

Rene Modery, a Microsoft Office 365 MVP has blogged about some recent news for Office 365, please read: http://modery.net/office-365-links-of-the-week-25-may-2012/. Rene is also the driving force behind the Office 365 International User Group Web Site deployment. He is a great SharePoint resource and encourage you keep up with his blog and twitter feed!

Here is some great info from Loryan Strant, another Microsoft Office 365 MVP, about the Partner Access Licenses (PAL) for Office 365 SharePoint Online, http://thecloudmouth.com/2012/05/23/microsoft-increases-partner-access-licenses-for-sharepoint-online/ These PAL licenses enable a Office365/SharePoint Online customer the ability to allow access to internal SharePoint Online sites for external resources such as Joint Venture, Partners, or customers that need internal access to sites. Loryan as an Office 365 has some great information so I encourage you to read his blog regularly.

Speaking of Loryan, he co-authored a book you should check it out, http://blogs.perficient.com/microsoft/2012/05/microsoft-office-365-mvps-publish-book-on-cloud-migration/

The Exchange Deployment Assistant tool has now been updated to support Exchange 2003, 2007 and 2010 with the Hybrid Deployment Wizard included with Exchange 2010 SP2, http://blogs.technet.com/b/exchange/archive/2012/05/23/exchange-server-deployment-assistant-update-for-exchange-2010-hybrid-deployments-with-office-365.aspx

Here is a link to my post about my trip to the Microsoft San Antonio, TX Datacenter!

The Denver Broncos had the first official Team Activities (OTA) that both the players and coaches can be involved in this past week. While these are voluntarily workouts in the off-season, only two Broncos players on the current signed roster did not participate. This really marks the first time the future Hall Of Fame QB Peyton Manning, is able to work with the entire team and coaching staff! This is the first step to my Broncos on the way to New Orleans on February 2013 for the Super Bowl!

My little girl graduated from Kindergarten on May 22^nd I am very proud but starting to feel old at the same time!

So Today was a good day! I am right now sitting in the San Antonio airport waiting on a flight back home to Denver, but earlier today I got a chance to take a tour of the Microsoft Datacenter in the area! This opportunity was part of a joint event between Catapult Systems and Microsoft around Cloud Services. I spoke about Office 365 and the journey to the cloud, and a Microsoft Azure specialist talked about the Azure services. After we completely bored the audience we were all taken on an in-depth tour of the very impressive Datacenter. Very, very impressed with the facility overall and the team in charge on its care and management.

As a Microsoft Partner, I am under a companywide NDA, and to gain entry to the facility I had to sign two additional documents, one being another NDA; so at this time I am reluctant to provide any details of the tour, but am working with Microsoft to determine what I can say about the tour and will update this post with public information I can disclose. I will say this again, very impressed with the facility, the cleanliness, the attention to detail and the overall scale of the site!

One cool piece of information that was talked about in the Azure session was the information about the upcoming Azure Infrastructure as a Service (IaaS) offering coming later this year! After seeing the Datacenter I know this will be a huge success and a great way for companies to expand to the cloud and take advantage of Microsoft massive investment in Cloud Computing!

Hopefully more to come about the datacenter itself, just waiting on a few lawyers, Marketing people and the planets to align!

UPDATE:

I found some small tidbits that I am allowed to say about the datacenter from the Microsoft Site, http://www.globalfoundationservices.com  The GFS is the branch of Microsoft that designs, builds and runs the datacenters around the world for Microsoft.  here is a good overview about the San Antonio, TX dataceter,

http://blogs.technet.com/b/jweston/archive/2008/04/15/article-on-microsoft-s-san-antonio-s-data-center.aspx

The San Antonio, TX Datacenter covers almost 500,000 square feet of space.  This datacenter along with the other datacenters contain over 200 properties, or services, for Microsoft.  Really think of the GFS as the datacenter provider and the various online properties like Bing, Hotmail, Office 365, Azure, etc as tenants in these massive datacenters.  Really the GFC datacenter locations are actually just collocation facilities  for the over 200 online properties of Microsoft.

Sorry I can’t give you all the meaty details, but want to ensure I stay within my NDA.  I will say this, while the San Antonio datacenter was great to see, it is only a Gen 2 datacenter.  Microsoft is already rolling out Gen 4 datacenters that truly are module in every aspect!

So I have previously blogged about the issue of the ADFS server and the Microsoft Online Services needing to have the shared certificate regenerated each year, http://office365evangelist.com/?p=489. So I would like to expand on this issue as it affected me directly last night. Not in the way most would think. Around 2:30am my mobile phone starting blowing up on my nightstand. Side note, I am now a Consultant, I really don’t give out my home number and my mobile phone, a very beautiful Nokia Lumia 900 Windows Phone, turns into an alarm clock and it goes silent. So it was not until but wife noticed the lights flashing from over 12 calls that she nudged me to check my phone.

I also noticed several text messages and a couple voice messages that gave me a clue to the culprit. I called the last number back, it was neither a local number nor a number I had in my contact list, but knew who I was calling. It was a great client I had at my previous company. It was the top guy, the IT manager of my first ever Office 365 implementation, just about a year ago while Office 365 was still in Beta, that just now should raise a flag for any of you who read the above linked post. So what they were facing is the same issue Catapult faced a couple months ago. Their ADFS internally shared certificate with Office 365 had expired! While this is a major issue for a company that has implemented ADFS for SSO with the internal Active Directory should not be a major issue overall, it was. The reason that it was a major issue for my friends is that after getting ADFS up and running they utilized their federated identities to administer Office 365 and kinda forgot about the original Cloud Based Admin account or any other Online Only Accounts. Thus when ADFS failed to authenticate the end users for access to mailboxes, Lync and SharePoint Online, they were also unable to authenticate for Administrative access.

So the reason while I was selected to get woken up was not to catch up on the old days, share stories and have some fun; it was to beg and plead to get the Online Admin accounts username and password. Unfortunately I was pretty groggy at 3am and could not think straight. It was suggested that my SMCNEILL Online account was still alive, so I went through my standard passwords for my clients. This did not work, but because I use standard passwords for accounts it will benefit us later in this story, stay tuned. While I was working with the top dog on his cell phone, I could hear in the background another one of the admins arguing with Microsoft support. The main issue my friends had was not that they didn’t know the password for the Online Admin account, let’s just call it admin.company.onmicrosoft.com; the issue was that in the Beta days and the first six or so months of Office 365 Microsoft did not anticipate needing to reset the password for the Online admin accounts. Today if you sign up for Office 365 and you login with the company.onmicrosft.com account for the first time you are presented with a pop-up that asks not only for a secondary email address, and this cannot be for an address within your tenant domain list, but also a mobile (smart) phone number to be able to text and email a password change that is outside of the Office 365 environment. This was a great move in the last six months by Microsoft to recognize the need for an alternate way to reset a password for an Admin account. Back to my story, my friends had not logged into the Online Only account in probably nine months. So without setting an alternate email for a password reset associated with the Admin Online Account, Microsoft was having trouble validating and ensuring that if they reset this password and gave it to these yahoos on the phone what was the security risk (I’ll talk about this particular client below). But when you think about it, you have to admire Microsoft for being hesitant to reset a Global Admin User password to just someone who calls in and complains.

After trying several of my standard passwords for the SMCNEILL@company.onmicrosoft.com account and having no luck it sounded like Microsoft was close to being satisfied with my friends various verifications methods to getting the true admin account password reset. So I went back to sleep, or at least back to bed. So if you are like me, I can’t stand leaving an issue open, so my mind was racing and could not get back to sleep. After about 20-30 minutes I ended up getting up again and booting up my new company laptop. Thankfully I started using OneNote for all my projects with my previous company about two years ago and keep the usernames, not password, in OneNote pages for my clients. Well I Opened the one note for this client and noticed another thing I did not realize while sleep deprived, I did not setup my Admin account as SMCNEILL@company.onmicrosoft.com by it was Consultant@Company.onmicrosoft.com. Again in my OneNote page the password just said “Standard Client Password”. So I knew that the passwords I tried with the SMCNEILL account would most likely work with the proper user account. SUCCESS! I was able to gain access to my previous client’s tenant, I did have to reset this password since it had probably been nine months since this account was used but I had access. I immediately called my good buddy back and told him I was able to login to the tenant. He was able to reset the primary Admin account (since my account still had full admin rights) and get the ADFS shared certificate re-generated between on-prem and Office 365 and the issue was resolved.

So what is the point of this little story? Well if you have ADFS and SSO setup, DO YOU KNOW THE ONLINE ONLY ACCOUNT NAME AND PASSWORD? I agree that my friends probably failed a little bit in not having the username and password documented. But I want to use this real world example, as a warning to all of the Office 365 Clients out there! Here is what I suggest an Office 365 client does at a minimum every Quarter (3 months) but recommend every month, as part of a disaster recovery plan:

1. Ensure you have the Online Admin Account Username and Password documented
2. Ensure that you have set an alternate email address for the Online Admin Account
   1. If you have not logged in with the Online Admin Account recently, do it!
   2. If it has been awhile logging in with the Online Admin account you will be presented with the requirements to set a phone and alternate email for password resets
      1. If you are not sure what is the alternate email address is you can find it and reset from the properties of User Account properties
      2. If this is set to you companies email address hosted on Office 365, change it! To an email address outside of Office 365
   3. If you don’t know the account or password, utilize your Federated account to login and locate and reset the password and then login with the account (see above)
3. Create a plan to document your Online Only Account username and password
4. Test a login every month with your Online Only Account
5. Depending on the size of your company, create a secondary Online Account with Organization Admin permissions and verify monthly or quarterly

I strongly recommend that any company on Office 365, especially with ADFS and SSO implemented, they follow the above steps. My great friends and client would also recommend this I think. You need to ensure your “Backdoor” is still a viable option to be able to access your tenant in the event anything happens to ADFS.

Side Note:

I do appreciate that Microsoft was very careful with resetting an admin account for an Office 365 Tenant! But I think in this situation they could have done just a bit of research as the licenses for the tenant were tied to a Enterprise Agreement (EA) and the worst they could have done was send the password reset info to the contact of the EA. While this will not work for every client, in this situation my friends were on the phone from 4pm their local time, and then finally decided to call me, conveniently while I was in deep sleep, but I was glad I was able to assist.

The next meeting of the Office 365 International User Group meeting has been scheduled for May 29, 2012 at 8pm UTC! Please go to my Site to be able to download a meeting invite for the event. While the full agenda is still being worked on I can let you know we plan on unveiling our new website and also a great presentation by Brett Hill, Office 365 MVP, around his companies training offering for Office 365! We had a great inaugural meeting in April and looking forward to this meeting in May! Please pass this information on to anyone who has an interest in Office 365! We have several Office 365 MVP’s, (Microsoft designated Most Valuable People), as part of this group and their insight and knowledge is invaluable to the community as a whole.

The month of May is going to be a busy for me with three speaking engagements in three different states. First up next week I will be traveling to Phoenix to speak at the Cloud Intelligence Conference Phoenix 2012 This is a one day mini-conference May 8^th, I will be speaking about the Value of Office 365 for the Enterprise. This conference has a pretty impressive lineup of speakers, if you are in the Phoenix area I highly recommend you make plans to attend. While out in Phoenix I will also be pretty busy making the rounds with the local Microsoft reps and client visits to help support the newly opened Catapult Phoenix office!

Next up will be the following week in San Antonio, TX. I will be speaking about Office 365 and You Journey to the Cloud at a Microsoft Executive Cloud Briefing and Datacenter Tour. Yes that last part is really cool; Microsoft is providing a tour of one of their Datacenters! I am really looking forward to talking about Office 365 but truly more excited to check out the datacenter.

Rounding out the month I will be presenting at the 4^th Annual (I believe it is the 4^th, I have presented at the past 2) Rocky Mountain Tech Trifecta May 19^th. I will be speaking about Office 365 Hybrid Deployment with Exchange 2010 SP2, highlighting the advancements with the new Hybrid Wizard. This is a free event and I highly recommend it. They are running a promotion for registered attendees to tweet about the event and the winner will receive an Xbox 360 Kinect Star Wars Limited Edition bundle. So go register, tweet and attend and you could be the lucky winner of the prize!