Author Archives: Cian Allner
Author Archives: Cian Allner
In my Office 365 admin kit, I have assembled some of the best resources for Office 365 IT Pros and administrators. Whether it's Office 2016 change management, cloud security, SharePoint or Yammer, it's all here.
I also have resources more intended for end users. This includes getting the best out of Office 2016. Check out my other Office 365 Kit for more.
Read on for eight guides to help manage Office 365.Continue reading
In these Office 365 guides, you'll learn about getting the most out of Office 2016. Whether it's the ususal Office 2016 programs as well as OneNote, Skype for Business or Office 365 Groups, you're in the right place.
I have assembled, or curated if you will the best Microsoft Office 365 guides and brought them together in one place. I have collected these together via Docs.com. Docs.com is Microsoft's web service for sharing documentation.
At the end of this post, where possible, I'll include the original download links and other resources. You can check these out if they are helpful.
If you are an administrator or interested in managing Office 365, check out my Office 365 Admin Kit.
Discover sixteen Office 365 guides in the rest of this post!Continue reading
Too much collaboration, is that possible? With Office 365 there is a multitude of options for collaboration. Can it get to a point that this begins to cancel each other out and become unproductive?
Most of us love collaborating, working with our colleagues to achieve a common good. What cost does it come with? I'll try and answer some of these questions. I'll get into detail with Office 365 and how to use the best collaboration tool for the job.Continue reading
Office 365 users can now download Office 2016 by default. Learn how to control and manage this, as well the latest on Office 365 ProPlus change management.
Microsoft released the Office 2016 Deferred Channel earlier this month.
At this time, Microsoft announced on the Feb 23rd this build would be available in the Office 365 User Software Page. True to their word, this has now kicked in.
If you haven't changed any admin settings, your users will now be able to download Office 2016. When they login to the portal they will see something like this, inviting them to download Office 2016:
Also, when opening the Office 365 User Software Page from Settings, Office 2016 is recommended:
Further down the page, Office 2013 is still available but well hidden.
The 'Why I would install Office 2013?' page, which I can't link to easily, has some useful info. It talks about:
As the administrator, your meant to provide your users with guidance on which version they should install.
There are new options in the admin portal, under Service Settings and then User software. In the new Office 365 Admin center, this can be found under Settings, then Services & add-ins and finally Software download settings.
Here you can control whether you want your users to be able to download Office 2016. This is what it looks like by default.
If you had previously set some options, you should revisit this page to see what it look like now. There have been some reports of a few oddities with these settings!
To stop users from being able to download Office 2016, untick 'Office (includes Skype for Business)' under the '2016 version' section.
To learn about the update branches or as they are called now channels, check out my Office 2016 Deferred Channel Released for Business post.
When deploying Office 2016 you will want to download Office 2016 in its entirety. You can get an offline copy of Office 2016, which for Office 365 ProPlus customers is the Click-to-run version.
Use the Office Deployment Tool (2016 version) for this, check this post for all the steps - How to download Office 365 Deferred Channel for Office 2016.
Here are the key dates you really need to know for your Office 365 ProPlus change management, all the way up to the end of Office 2013:
It's worth reiterating, by the end of June, any Office 365 ProPlus clients running Office 2013, getting updates directly from Microsoft will be upgraded. This is the criteria used to determine if Office can be upgraded successfully.
All these dates are subject to change, for the latest information check Microsoft's Office 365 ProPlus upgrade guide.
As this post illustrates Office 2016 is coming and administrators have some responsibility
Look out for more Office 2016 coverage, in the meantime, you could check out my other related posts.
Inoreader is your secret weapon, using RSS get the news before anyone else. In this review, you will learn about what Inoreader can do for you.
For any professional, being well informed is paramount, it can set you apart and give you the advantage you need. As an IT Professional, I have many web sites that I need to monitor for developments but it's increasingly difficult with today's pace of change.
If only there was a way to stay up-to-date with changes as they happen? Always be ahead, informed and the one in the know. Introducing Inoreader - 'the content reader for power users who want to save time'.
Read on for my in-depth review of Inoreader and why I think it's a must have service.Continue reading
If you have upgraded to Azure AD Connect 1.1, manual sync won’t work anymore but I’ll show you how to fix it. If you're getting a DirectorySyncClientCmd error, you will want to read this rest of this post.
Azure AD Connect (AAD Connect) 1.1 was released last week. I went through on how to upgrade to this version and why it’s an important release - Azure AD Connect 1.1 – How to upgrade.
One reason to upgrade is that the Azure AD Connect 1.1 automatic sync schedule has been reduced from 3 hours to 30 minutes. This is great but there will be times when you want to run a manual sync outside of that set schedule.
Microsoft has changed how scheduling working in Azure AD Connect 1.1. Previously you would run the DirectorySyncClientCmd.exe command:
Now with Azure AD Connect 1.1 this command won't work, mostly because DirectorySyncClientCmd.exe doesn’t exist anymore!
Microsoft explain this change with how scheduling is handled in AAD Connect 1.1:
In earlier releases the scheduler for objects and attributes was external to the sync engine and the Windows task scheduler or a separate Windows service was used to trigger the synchronization process.
With DirectorySyncClientCmd.exe gone, it's still thankfully simple to run a manual sync.
The scheduler will by default run every 30 minutes. It could be that you have an urgent change which must be synchronized immediately which is why you need to manually run a cycle.
The replacement for DirectorySyncClientCmd is to run is Start-ADSyncSyncCycle. Here is how to run a delta manual sync in Azure AD Connect 1.1:
Start-ADSyncSyncCycle -PolicyType Delta
If you ever need to run a full sync
Start-ADSyncSyncCycle -PolicyType Initial
Microsoft list the reasons when a full sync is needed:
I ran Start-ADSyncSyncCycle from the AAD Connect server in PowerShell.
For more information check out Microsoft's page - Azure AD Connect sync: Scheduler. I hope this post was of use, it caught us out when we upgraded. As you can see it's simple to use the new command instead.
Azure AD Connect 1.1 is out, now with much faster sync times and other cool new features. Read on to see how the upgrade works and why you should probably upgrade too.
UPDATE: You won't be able to run manual sync once you have upgraded. Read all about it here along with the solution - DirectorySyncClientCmd manual sync error Azure AD Connect Upgrade.
UPDATE 2: If you recently upgraded to version 1.1, make sure you have version 18.104.22.168, which was released on the 26th February. This fixes some bugs in the initial version. See resources section for links.
Azure AD Connect syncs account information from your on-premise Active Directory into the cloud. If you're still using the older Directory Synchronization (DirSync) tool, you really should look into Azure AD Connect.
Azure AD Connect is the tool to integrate your on-premises identity system such as Windows Server Active Directory with Azure Active Directory and connect your users to Office 365, Azure and 1000’s of SaaS applications.
Microsoft announced Azure AD Connect 1.1 yesterday, with these new features
What stood out for me was the faster sync times. Up until now the shortest supported frequency was syncing every three hours, with Azure AD Connect 1.1 it's now 30 minutes.
The faster sync times are really welcome, as it means any changes you make on-premise will be reflected in the cloud that much sooner. When setting up new staff especially on Office 365, the faster sync will make a big difference.
I already have a recent version of AAD Connect installed, so an in-place upgrade is a breeze. See the resource section below for a link on how to upgrade from DirSync.
The setup recognizes this is an upgrade:
Then connect to Azure AD. I did have one issue with this, where I specified the username to connect to Azure AD, it said the account had an expired password.
After resetting the password and checking out this guidance 'Office 365 Service Accounts–How do I stop DIRSYNC from breaking every 90 days…' I continued.
Then upgrade is ready to go:
That was quick, after a few minutes the upgrade had completed successfully:
Now let's make sure we have that 30 minute sync schedule that's newly supported in this version. From your AAD Connect server run this PowerShell command
This reports back something like this:
After checking out what this means, it confirms we have the shorted permissible sync time
AllowedSyncCycleInterval: The most frequently Azure AD will allow synchronizations to occur. You cannot synchronize more frequently than this and still be supported.
CurrentlyEffectiveSyncCycleInterval: The schedule currently in effect. It will have the same value as CustomizedSyncInterval (if set) if it is not more frequent than AllowedSyncInterval. If you change CustomizedSyncCycleInterval, this will take effect after next synchronization cycle
Syncing with version 1.1 is now built-in to the sync engine rather than being external.
There are lots of other new features, support for Modern Authentication when specifying an MFA enabled admin account during installation, Domain/OU filtering and more. Check out the release history for lots more details.
Nano Server, a new feature of Windows Server 2016 is going to be huge, or actually very small. Let's find out what the big deal is all about.
Microsoft has been enthusing about this new installation option for around a year. By the end of this post, you will know why Nano Server is so significant and why Microsoft belives it is the future of Windows Server.
Nano Server is Windows Server re-imagined for a cloud world. Nano Server is lean, it's fast and secure. It's 25 times smaller for starters than the conventional Windows Server. This all means less patching, a better uptime and lightening fast installation.
The journey started with Server core which has been around since Windows Server 2008. Microsoft began to reduce the footprint substantially by removing features that should be unnecessary on a server. This still left a lot of bloat in the
Now starting with Windows Server 2016, Microsoft is going further with Nano Server. Microsoft has removed even more components. There is no GUl, meaning no option to remote desktop to manage Nano Servers for example.
Even when locally attached to the console, all you can do is reconfigure the network and firewall settings. Nano Server is intended to be 100% managed remotely
You can use Nano Server to provide many of the same services as before. This includes workloads such as for an IIS web server, Hyper-V host, or a File or DNS server.
Nano Server can be used with:
This may seem radical but I'll let you into a secret, Microsoft doesn't want you to remote desktop onto any server for administration. It's a security risk, it's inefficient and it doesn't scale.
Jeffrey Snover, Microsoft Chief Architect, Enterprise Cloud even goes as far as comparing using remote desktop into servers akin to drug addiction. If you regularly remote desktop into servers, Microsoft wants you to break that habit.
Most of your usual management tools should continue to work as normal. Simply point tools like Server Manager' & 'Hyper-V Manager' and remotely connect to a Nano Server. Traditional MMC snap-ins will continue to work when remotely connected to Nano Server.
Full PowerShell support is being added. PowerShell Desired State Configuration look like an interesting new feature. The new web-based Server Management tools will work as well. There are plenty of options.
Here is a Server Management Tools demo:
Learn about this new web-based GUI management tool that is hosted in Azure and available for no charge.
Especially useful when managing headless servers such as Nano Server and Server Core, it can be used to manage on-premises infrastructure alongside Azure resources.
Compared to the conventional version of Windows Server, there are these benefits:
For a good summary and some demos, check out this video from the Microsoft Mechanics show:
Initially Microsoft is focused on these two scenarios
Infrastructure servers are a definitely a winner, who wants to reboot a Hyper-V server loaded with VMs unless you really have to?
For the things you can't do with Nano Server today, Server Core becomes your standard option:
"The Server Core installation option removes the client UI from the server, providing an installation that runs the majority of the roles and features on a lighter install. Server Core does not include MMC or Server Manager, which can be used remotely, but does include limited local graphical tools such as Task Manager as well as PowerShell for local or remote management."
One of the few remaining reasons to use the full version of Windows Server is Remote Desktop Services (RDS) and supporting third-party apps that just won't work on anything else. Server with Desktop Experience is what Microsoft call the full version of Windows Server 2016.
Since writing this article, Microsoft has provided more specifics on how Nano Server is to be made available. There are two really important things to point out from this announcement:
Firstly, Software Assurance is mandatory:
Software Assurance is also required to deploy and operate Nano Server in production.
Secondly, Nano Server will follow a Current Branch for Business (CBB) service model:
Our goal is to provide feature updates approximately two or three times per year for Nano Server. Because Nano Server will be updated on a more frequent basis, customers can be no more than two Nano Server CBB releases behind.
What does this actually mean though?
Only two CBB releases will be serviced at any given time, therefore when the third Nano Server release comes out, you will need to move off of #1 as it will no longer be serviced. When #4 comes out, you will need to move off of #2, and so on.
Ultimately this means you will have to update Nano Server every 6 to 8 months. This will be a manual process.
This won't always be ideal but that's the price you pay for all the benefits I have discussed. This does mean Microsoft will rapidly improve Nano Server making it more suitable for additional workloads.
Finally, Windows Server 2016 Technical Preview 5 is available now and it's your opportunity to get an early look at Nano Server. Microsoft has a 'Getting Started with Nano Server' that is well worth checking out.
Windows Server 2016 will be officially launched at the Microsoft Ignite Conference in Atlanta on September 26-30.
Learn how to use Docker to host WordPress websites and blogs in this comprehensive guide. Docker is the perfect platform to host WordPress websites but it’s not without its complications. This guide will put you on the right track from the start.Continue reading
Is shadow IT making IT departments increasingly irrelevant? When users can source their own IT product or system independently, could it be said this is a symptom of IT departments that are out of touch or that is not providing the right services?
Let's delve in with some examples and my take on what a modern IT department should do to be more responsive, possibly avoiding some of these pitfalls in the first place. We will also check out what Microsoft Azure Cloud App Discovery can bring to the table.
It can start innocently enough, when users start going directly to their preferred service, it could be Dropbox or Slack or some other killer app and then before you know it, your IT department is looking out of kilter. It can be a slippery slope as IT departments can then become an afterthought, where your staff don't even think to consult when commissioning projects.
They might even send their own staff on IT training and employee a contractor even to get an IT system up and running, bypassing their IT department entirely.
I am painting a worst case scenario admittedly but one I don't think is that uncommon in some ways. I have seen it first hand, where there was a significant delay in implementing SharePoint Online.
Pockets of staff started adopting SharePoint Online anyway in the meantime. Power users spread the technology and know-how, all with no support or sanction of the IT Department. It got to the point where outside of IT, managers were sending their staff to SharePoint training courses.
This did get caught in the end and redirected to an official project but it just shows you how staff will find a way if you're not meeting a need, they will go just work around it.
Another example, around three months back, we got asked if we knew anything about a Rackspace server, which none of us did. What transpired was someone in the organization had commissioned a hosted server to setup a WordPress website. This server was unknown to the responsible staff in the IT department who would as a matter, of course, secure and maintain systems.
This Rackspace server unsurprisingly left unmaintained instead was hacked and used to launch an attack against a third party. The third party thought the hack originated from us. Rackspace actually were the ones to spot and notify us that one of "our" servers had been compromised. A pretty poor situation I think we can agree.
You could call this rogue IT or as Microsoft tend to call it, shadow IT. It's unapproved invariable unsanctioned IT services or products introduced into an organization. Rather than be fearful of shadow IT, another tact is to embrace it and listen to what it's telling you and why people went elsewhere in the first place.
Here is my approach to shadow IT, it's meant to be a holistic systematic approach that puts the IT department in control of technology.
Be open to questions and thinking out of the box
Have a technology roadmap so everyone knows what to expect down the line
Be honest with staff explaining why particular decisions are made and why certain technology can't be approved
Give staff a way out when they go off track and help them to utilize the right tools
Help staff navigate and pick which is the right tool, one that works well for their particular needs. Keep staff informed regularly with new developments .
Recognize power users that are interested in technology , can endorse change and help with it's introduction across an organization
Have a IT department structure that cultivates innovation and allows IT staff to have the time to work in new ways and be at the forefront.
Of course there will be times when you can't entertain the requests at all, they will be so left-field, there just not going to fly. Also in highly regulated fields, healthcare, finance etc., your hands may be tied to a large extent.
Moving on to one tool that can help with managing one aspect of shadow IT, Microsoft have a tool, Azure Cloud App Discovery. It can help unearth cloud applications in an organization.
In modern enterprises, IT departments are often not aware of all the cloud applications that members of their organization use to do their work. It is easy to see why administrators would have concerns about unauthorized access to corporate data, possible data leakage and other security risks. This lack of awareness can make creating a plan for dealing with these security risks seem daunting.
Azure Cloud App Discovery uses an easy to deploy PC agent that reports back telemetry to Azure.
It doesn't take long as data is collected in a matter of hours, you get a nice easy to interpret Azure dashboard. Very quickly you can identify applications you may have otherwise known were in use.
You can do a lot more than reporting, apps can be managed, brought into the fold, with enhanced security, single sign-on, support for Multi-factor Authentication, integration with the Office 365 app launcher and more.
That was my insights into shadow IT, with first-hand experience of this and at least one tool that helps. I'll have further posts on similar topics in the near future, look out for these if this is of interest.