I will be presenting at the Office 365 Engage conference

The Office 365 Engage conference will take place in Haarlem, NL, during the week of June 19-22, 2017. I will be joining a large group of other MVPs that will be presenting sessions over 6 different tracks, with strong focus on Office 365 instead of the individual workloads.

The sessions I will be presenting are two: What’s new in Office 365 Security and Modern authentication for the Office 365 Administrator. They both fall under the Office 365 Administration track.

My choice of sessions was governed by the fact that many important security related settings and controls remain unnoticed by Office 365 administrators, because there is no single place to configure these. Even though the new Admin portal and Security and Compliance Center brought some of them together, many controls are still scattered across the individual workload admin portals or the Azure portal. Even the announcements for such new features are published on different platforms and it’s very hard to keep track of them. I’ve published several blog posts that summarize new additions over the course of the last year or so, and I thought it would be a good idea to present a session that spans across all of them, including of course all the latest news. I hope that reminding people of the existence of such controls and showing some live demos (if the demo gods are willing) would result in a valuable session.

Then of course there is Modern authentication, which is the silent hero that made possible many of these new additions. Modern authentication has been around for years now, so it’s hardly something new to talk about. Still, there are some new things to discuss around it, like support for ExO remote PowerShell and (finally!) support for token revocation and customizable token lifetimes. Even without those new additions, the topic is worth revisiting just to remind people about all the benefits we get with Modern authentication and to discuss some issues that might arise after you make the switch. Rest assured, it will not be a programmer oriented session, but a practical approach with the Office 365 administrator at mind!

Hit me up if you can think of something specific you want discussed around these topics, and as always feedback is welcomed!

The full session list for Office 365 Engage can be found here: https://office365engage.com/sessions/

Posted in Uncategorized | Leave a comment

Using variables with Invoke-Command in Remote PowerShell sessions in Exchange Online

As many of you probably know, Remote PowerShell sessions connected to Exchange Online run in the “no language” mode. This can easily be verified via:

(Get-PSSession | ? {($_.configurationname -eq "microsoft.exchange") -and ($_.Runspace.ConnectionInfo.ConnectionUri.Host -eq "outlook.office365.com")}).Runspace.SessionStateProxy.LanguageMode

Same applies to Skype for Business Online sessions, and in general is a pain in the royal behinds, as it prevents you from using variables, operators and everything else that can make your life easier. There are certain workarounds available, but in general they are still subject to limitations and can make the code very complex.

Another important limitation with Remote PowerShell sessions is the sessions stability. Everyone that has used some long running script in Exchange Online has run into this, and it’s not pretty. Some code optimizations are mandatory for such cases, and Microsoft has posted some guidance around them on the Exchange blog. Even those recommendations suffer from the aforementioned “no language mode” problem!

To better illustrate the issue, let’s take a look at the following example: we want to get a list of details for all the mailboxes in our company created after specific date. We can certainly use server-side filters to achieve this, which greatly increases efficiency:

Get-Mailbox -Filter {WhenMailboxCreated -gt "01 Jan 2016"}

With the recommendations from the blog article in mind however, we might want to use the Invoke-Command approach and return only the data that we need instead of the full objects. Using the $session variable to designate a currently opened ExO session, a working solution will look something like this:

$session = Get-PSSession -InstanceId (Get-OrganizationConfig).RunspaceId.Guid

Invoke-Command -Session $session -ScriptBlock { Get-Mailbox -Filter 'WhenMailboxCreated -gt "01 Jan 2016"' | Select-Object -Property Displayname, Identity, PrimarySMTPAddress, RecipientTypeDetails }

So far so good, but once we start looking into ways to make this a function, script or simply use some variable to designate the date, things start to get messy. The good news is it’s still doable though! Here’s an example that will work with PowerShell v3 and later, by means of exploiting the Using scope modifier:

$date = (Get-Date).AddDays(-250)

Invoke-Command -Session $session -ScriptBlock {Get-Mailbox -Filter ([scriptblock]::create("WhenMailboxCreated -gt '$using:date'")) | Select-Object -Property Displayname, Identity, PrimarySMTPAddress, RecipientTypeDetails }

The important bits: we need to use a Script block in order to prepare the filter syntax and we need to invoke the Using scope modifier to make sure the variable is evaluated locally. Remember, remote sessions running in “no language” mode do not allow you to set/reference remote variables!

For people still using older PowerShell versions (really?!), here’s a working example for V2:

Invoke-Command -Session $session -ScriptBlock {param($date) Get-Mailbox -Filter ([scriptblock]::create("WhenMailboxCreated -gt '$date'")) | Select-Object -Property Displayname, Identity, PrimarySMTPAddress, RecipientTypeDetails } -ArgumentList (Get-Date).AddDays(-250)

We can also use an example that does not require the need for using the Filter parameter and thus the scriptblock syntax inside the ScriptBlock parameter. For instance, if we want to get all mailboxes of the User and Shared type:

Invoke-Command -Session $session -ScriptBlock { Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox,SharedMailbox | Select-Object -Property Displayname,Identity,PrimarySMTPAddress,RecipientTypeDetails }

Works great, but if we want to make it dynamic, by passing the mailbox type as parameter or a variable, we need to use something like this instead:

$inclded = @("UserMailbox","SharedMailbox")

Invoke-Command -Session $session -ScriptBlock { Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails $Using:included | Select-Object -Property Displayname,Identity,PrimarySMTPAddress,RecipientTypeDetails }

Or in the old V2 format:

Invoke-Command -Session $session -ScriptBlock {param($log) Get-Mailbox -RecipientTypeDetails $log} -ArgumentList UserMailbox,TeamMailbox

So there you have it, a way to work around some of the restrictions of the “no language mode” for remote PowerShell sessions. It surely helped me simplify some of my scripts, by increasing their efficiency at the same time, so hopefully it will be useful to others as well!

Posted in Exchange Online, Office 365, PowerShell | Leave a comment

We can now create custom policies in Skype for Business Online

Half an year ago, I wrote about the possibility to edit the default policy in SfB Online here. Then Ignite happened, and among the myriad of other good news, we saw for the first time the ability to create custom SfB policies in Office 365.

Now, this functionality has been rolled to all Office 365 tenants, giving us greater customizability and further closing the gap with On-Prem SfB installs. Read more about it here: http://blog.enowsoftware.com/solutions-engine/using-custom-policies-with-skype-for-business-online

Posted in Office 365, Skype for Business Online | Leave a comment

New OWA onboarding process in Office 365

The new First Run experience for OWA has started rolling in a datacenter near you. Here are some screenshots of the steps the user is taken trough:

  • The initial screen, Welcome to Outlook

  • Setting up the Time zone and Language settings


  • Selecting your Theme. A “tenant default” option would be handy here.


  • Lastly, configure your Signature. Still no connection to Outlook on that part 🙂


  • Finalizing


  • All set up!


As you might notice from the above screenshots, I was using a Demo tenant, so it might take a while for the feature to hit Production servers. It’s already listed under Rolling Out on the Roadmap though, so it should happen soon!

Posted in Exchange Online, Office 365, OWA | Leave a comment

Postpone the deletion of your SharePoint Online Public website

In March 2015, Microsoft announced the deprecation of the public website feature in SharePoint Online. New tenants were no longer able to create public-facing site collections, and existing ones were given two years grace period to move the website to a different solution.

Two years passed by, and the due date is almost upon us. The KB article has been updated with detailed schedule on the deletion process, as follows:

  • Beginning May 1, 2017, anonymous access for existing sites will no longer be available. If customers need more time to move their public website, they have a one-time postponement option for up to one year (March 31, 2018). Customers must select the postpone option by May 1, 2017.
  • On September 1, 2017, when Microsoft deletes the public site collection in SharePoint Online, customers will no longer have access to the content, images, pages or any other files that reside on their public website. Before September 1, 2017, customers should make a backup copy of all their public website content, images, pages, and files, so they don’t lose them permanently.
  • On March 31, 2018, Microsoft will delete all public sites that have been postponed.

The postpone option has been added under the SPO admin center (Office 365 admin -> SharePoint -> Settings -> Postpone deletion of SharePoint Online public website), and looks like this:

Should you miss the deletion timeline as well, you will still be able to recover the content via the Recycle bin.

Posted in Office 365, SharePoint Online | Leave a comment