Microsoft Online Technical Discussions & Information

Microsoft Online M2.5 Usage – Q & A

• Question:  We currently host our exchange at an outside provider.  I want to move it to online services.  Ideally I want to turn on a couple of mail boxes in the MS online and see how they work with real mail.  I realize those people wouldn't show up in the unified directory until everyone moved.  Reading the migration info on the site let me believe I had some ability to do that, however as I read into the migration guide, I have to have admin privileges to do that  - so am I correct to assume that won't work at all if your already hosted offsite.  Is there some guidance for how we should migrate that I missed?  Do we treat it as an IMAP possibly?
• Answer:  MS Online can Migrate mail from any Exchange 2000 or higher Service (providing MAPI, POP3/IMAP4 Connectivity methods).  We can also migrate On-Premise or Hosted POP3/IMAP4 mail as well; however it's just a little different procedure using the Mail Migration Application.  If you click help in the Mail Migration Application, it discusses the different ways in which you can do POP3/IMAP, which involves using a .csv file which points to the source and destination mailboxes with credentials information: 

• Question:  How do I get more than 5 users if we need more?
• Answer:  During the Beta Program only a 5 user license is granted, due to the influx of company requests.  At this time there is no way to increase this capacity in the Beta Program.

1. You could request another Online company, which would give you another 5 user license, however those users would not be in the same GAL or be able to communicate/participate with each other at this time due to the separate company boundaries.  This is something we are working on and will be available in a future version (i.e. Divestitures, Mergers & Acquisitions, etc.)

• Question:  Trying to add a exchange domain set to external I get the following:

• Answer:  SMTP Domain Management has several different moving parts to this (i.e. Exchange Hosted Services) and as such there are remote calls made to display the Domains and Settings for each.  Typically when we see this error, we can simply refresh or click out and back into the Page and it displays properly (it is something we are tracking).  Be advised that you cannot change the default SMTP Domain (i.e. contoso1.microsoftonline.com) from Authoritative, as this is the default SMTP domain and will always be Authoritative for the Online environment.

1. Newly created SMTP domains can be set/changed between Authoritative/External Relay, however they cannot be used in the Authoritative state UNTIL you prove you own the Domain by creating a CNAME record using the unique GUID assigned to your online company, at which point it is verified and available for use (i.e.  Create users under this domain, add additional SMTP email address to existing users.)

• Question:  Just a suggestion but on the verify page, it should really tell you that the most likely reason it didn't verify was due to latency for the add of the cname to take effect, I would think you want to advise people to wait 5-30 minutes or something or if it was really smart it would query the domain TTL and give them an estimate.

• Answer:  Agreed and we have updated the M3 Page to help guide Admins through this process, explaining better what is going on and when problems occur, offer recommendations on how to resolve (i.e. Wait ~24 for DNS replication to occur.  I believe we have also broken up the Creation and Verification process, because people are creating and clicking Verify, which is on the same page and causing problems).

• Question:  Trying to delete a site collection I get the following error:

   

• Answer:  We have a known issue whereby if you delete a SharePoint Site Collection via SharePoint, that operation is not communicated back to the Admin Center.  Because of this, MOAC thinks the site is still there and when you try any operation against it, the procedure will fail.  The practical problem is that if you delete a site through SharePoint, you don't get that SharePoint space allocation back and you are not allowed to delete the site because the site doesn't exist. 

• Question:  Is there a way to grant an external user access to a sharepoint site - e.g if we were collaborating on a project and  I wanted to give you access to one for example
• Answer:  ONLY Online user's can access SharePoint Online at this time, as Anonymous access is not available.  If you want to grant others outside of your company access, you would need to create an account for them via MOAC (Microsoft Online Admin Center), either a generic or individual account, and grant that account access into the SharePoint site collection.

• Question:  Directory sync - The doc doesn't really say is there any impact to the local directory another words any risk in enabling this? (I would suggested adding something about that if possible)
• Answer:  The only thing DirSync does to a Company AD environment is to create a Service Account by way or running DirSync setup by an AD Enterprise Admin and once creates, that Service Account is used to perform one-way Synch operations from the Source AD into the Online environment.

1. DirSync Synchronizes all users/groups in an AD Forest (Single/Multiple Domain environments) with the exception of Service Accounts;  DirSync also synchs Mail Enabled Contacts.
2. All items DirSynch'd into the Cloud are replicated into the Online Global Address List (GAL), so it is important to review your AD Groups/Contacts/Users and make sure they all appropriate SMTP addresses.

Note:  Just an FYI that if you have an email address of coloradotc.com as your Primary SMTP in your Source AD, then you will want to create that SMTP Domain in your Online Company and BEFORE doing DirSync.  Otherwise when user's are DirSynch'd into the Cloud, if that SMTP domain isn't in the company, those users UPN and Email Address are set to user@coloradotc1.microsoft.com, which is most likely what you don't want to have happen.

• Question:  I couldn't find info on support for Windows Mobile or Blackberry's did I just miss it?
• Answer:  For Mobility we currently support Windows Mobile 6 only.  This is because WM5 or lower (not sure if there is lower still out there), don't support Wildcard Certificates or the ability to enter a login User Principal Name (UPN), both of which are required when connecting via WM6.

1. Blackberry Services are being evaluated and once thouroughly tested will hopefully be implemented into Production for purchase and usage by MS Online Users.

Microsoft Online Services Overview Webcast

The Microsoft Online Hosted Services Program Managers performed a Live Meeting webcast on March 2008, which outlines each of the Online Serivces, how they will work and most importantly how users can take advantage of these services.

To view this webcast, please use the following link:  https://www112.livemeeting.com/cc/microsoft/view?id=W4TCP2

Microsoft Online Administration Center - Informational

Microsoft Online Hosted Services - TechNet Technical Documentation

Understanding Microsoft Online Authentication

The Microsoft Online Hosted Services use two different Authentication Types when accessing Online resources:

The following Online Services provide the Windows Authentication method:

1. Sign-In Client 
2. Online Company Portal
3. Exchange Online
• Outlook 2007
4. SharePoint Online
5. Live Meeting Online

With Windows Authentication, users logged into the Online Sign-In Client will silently pass their Online user credentials to the above Online Services, providing Single Sign-On (SSO) capabilities.

The following Online Services use Forms Based Authentication (FBA) method:

1. Outlook Web Access (OWA)
2. Microsoft Online Admin Center (MOAC)

FBA requires users to manually type their username and password before gaining access to the above Online Services.

SharePoint Online Customization Options

The SharePoint Online Hosted Services allow customizations to Site Collections, however FrontPage 2003 is not allowed when performing these customization steps.  The only supported application that can be used is SharePoint Designer 2007.  For more information on SharePoint Designer please check here:

1. Download a trial version of SharePoint Designer 2007
2. Read more about this Office 2007 Applications

Microsoft Online Hosted Online Services Demo - Presentation

Hi all, please refer to the following location to understand what Features, Functions and Services the Microsoft Online Hosted Services provides:

• http://www.microsoft.com/online/demo/demo.aspx

Microsoft Online Admin Center - Exchange Online

The Microsoft Online Admin Center (MOAC) Exchange Online displays the Online Company's Mail Storage and allocated storage for all mailboxes provisioned for users.  In reading this information note that each user that receives an Online license, receives a 1GB mailbox.  If your company is provisioned with 5 Online User Licenses and those 5 licenses are assigned to individual users, the Allocated Storage for all Mailboxes wil display 5GB of 5GB in Use.

This setting doesn't display the amount of disk space used, either by an individual or a sum total for all mailboxes.  It simply displays the upfront allocated space granted to users in the company.  To determine mailbox size for individual users, they must go into their Outlook Mailbox and look to the user's Inbox Properties for the total size of the mailbox.

Microsoft Online Sign In Client Configuration

The Microsoft Online Sign In Client uses a local machine configuration file, which contains:

• Online Service Sign Sign-On Webservice End Point connection settings
• Connection timeout value setting
• Proxy Authentication setting

All of these configuration settings can be found in the following location (default):

• C:\Program Files\Microsoft Online\Sign In\SignIn.exe.config

Microsoft Online Sign In Client Configuration Settings

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.serviceModel>
  <bindings>
   <wsHttpBinding>
    <binding name="UID" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
     <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
     <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
      <message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
     </security>
    </binding>
    <binding name="ChangePassword" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
     <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
     <security mode="Transport">
      <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
      <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true"/>
     </security>
    </binding>
   </wsHttpBinding>
  </bindings>
  <client>
   <endpoint binding="wsHttpBinding" bindingConfiguration="UID" contract="MicrosoftHostedServicesISignInService" name="{CBC8B2628B4B9B9488F97123BC8CFAA8}" address="https://signinservice.microsoftonline.com/ssoservice"/>
  </client>
 </system.serviceModel>
</configuration>

The above Bolded items are of particular interest as they control connectivity with the Microsoft Online Hosted Services Sign In Web Services:

• Binding - UID
• sendTimeout="00:01:00" - Controls how long the client will wait for a response from the Online Sign In Service before timing out.  You can extend this setting if you are connecting over a WAN connection or have a very slow connection, which requires additional time to complete transactions such as this.
• bypassProxyOnLocal="false" - Controls whether the client should not use a Proxy Server for local connections.  However the Online Hosted Services will ALWAYS be remote, so this setting is not used at this time.
• useDefaultWebProxy="true" - Controls how the Sign In Client uses your browsers Internet Explorer (i.e. Internet Explorer --> Internet Options --> Connections --> LAN Settings).
• Binding - wsHttpBinding
• https://signinservice.microsoftonline.com/ssoservice" - Controls the Online Hosted Sign In Webservices end-point. 
• Note:  This should never be modified, as it is the central Sign In Services location for the Online space.

Microsoft Online Admin Center (MOAC)

The Microsoft Online Admin Center (MOAC) is the Administration Center for all IT Generalists/Admins defined for the Online Company.  Within MOAC, Admins have the ability to manage:

1. Users
2. Exchange SMTP Domains
3. Exchange Contacts
4. Exchange Distribution Lists (DLs)
5. SharePoint Sites
6. Live Meeting Conference Center Settings

Microsoft Online Admin Center - Home

Microsoft Online Admin Center - User List

Microsoft Online - Support Overview

Microsoft Online Admin Center - Support Service Requests

Microsoft Online Admin Center - Downloads

Microsoft Online Admin Center - Search (TechNet, Support, MSDN)

Microsoft Online Admin Center - Service Settings Overview

Microsoft Online Admin Center - Exchange Online

Microsoft Online Admin Center - SharePoint Online

Microsoft Online Admin Center - Live Meeting Online

All the above User and Services Settings provide the Online Company's Administrator with all the tools needed to manage their Online environment.  The environment is based on AJAX and as such currently only support IE7.  If you use a downlevel or different browser your experiences may differ from what is displayed above.

Live Meeting - Outlook 2007 Add-In Configuration Settings: Live Meeting Online Services

The Live Meeting Online Service provides the ability to perform Web Conferencing and provides Audio/Video Services.  If you are using Outlook, 2003 or 2007, you can install the Live Meeting Add-Ins, which allow you to schedule/create Live Meeting Conferences from your Outlook client.

When you first install the Microsoft Online Sign In Client and configure the application, the users Online account information is written to the local machine's registery, which is referenced by the Outlook 2007 Add-In.  Because of this, user's wanting to use the Live Meeting Outlook Add-In do not need to configure other than to perform a Test Connection.

Note:  Before you can use the Live Meeting Outlook Add-In to schedule meetings, you must first click the Live Meeting icon in the Microsoft Online Sign In Client and connect to your company's Online Conference Center.  This process creates your Live Meeting Online user account, which is required to connect to the Conference Center.  Once you perform this operation, you can then use the Live Meeting Outlook Add-In to schedule meetings.

Clicking User Accounts takes you to the Live Meeting - Outlook Add-In, where you can define user account names and passwords.

Note:  If you have the Microsoft Online Sign In Client installed, be sure and sign into the client, which will place your Online credentials into the local machine's Credential Manager.  Once logged in, when you click Test Connection within the LM - Outlook Add-In, you will not be prompted for credentials as your Online credentials will be passed from  CredMan.  If you are NOT signed into the Sign In Client, you will need to input your Online user account and password, so when the Test Connection is performed, the appropriate user credentials are used to connect to the Conference Center:

Example

• User:  user@company1.microsoftonline.com
• Pass: <xxxx>

Once you have the Add-In installed, you must click Test Connection once to establish a connection between the client and Live Meeting Online Service.  Once you have performed this operation and receive

Once completed you can use your Outlook 2003/2007 application to schedule meetings!

SharePoint Online Search Feature Activation - Must be Done if Search Results are Not Displayed

When performing a Search in your Microsoft SharePoint Online website, you may not see any search results displayed, as shown above.  SharePoint Search performs Security Trimming, which means that the only search results displayed are based on whether you can access to these items.  If you don't have permissions to access items, those items will not display within Search Results.  In addition to Security Trimming, the SharePoint Online Site Collection may not have certain Site Collection Features enabled, one of which provides the Search capability.

To provide Search functionality to your SharePoint Online Site Collection (website), follow these steps:

1. Login to the SharePoint Online Site Collection website as a Site Collection Administrator.  The person who created the SharePoint site is automatically added as a Site Collection Administrator
2. Click the Site Settings link in the top right corner of the webpage and select Site Settings.
3. Under the Site Collection Administration section, click the Site Collection Features link

4. Verify that the following item is set to Active:

5. If not set to Active, click Activate and once performed your SharePoint Online Site Collection will have Search capabilities.

Once completed you will see the following page, indicating the service has been Activated:

Note:  It may take several minutes to index your Site content before being able to display search results. Once indexed you should now be able to search and view Search Results:

Unable to Change Password in Sign In Client

When performing a Change Password operation in the Sign In Client application, you might receive the following error:

"Unable to update the password. The new password must be at least 7 characters long, contain letters and numbers. You cannot reuse your previous 3 passwords. You can change your password only once in 1 days. For more information, click Help."

As a result the user is not able to change their Online Password.  To workaround this issue you must contact your Microsoft Online IT Gen/Administrator and request that your password be reset.  Once reset you will be able to change your temporary password as needed.  Otherwise you will need to wait 24 hours before you can successfully change your password through the Sign In Client.

To verify you are running into this particular error, you can enable Sign In Client Application logging and look for the following entry within the logfile.

• How to enable Sign In Client Application Logging
• Once enabled, stop and restart the Sign In Client and attempt to change your password.  Once you receive the failure, browse to your logfile directory, which is outlined in the above Blog Posting "How to enable Sign In Client Application Logging".
• Search for the following entry within the Sign In Client Logfile:  Exception||SSOChangePassword.ChangePassword||FaultException<PasswordChangePolicyNotMetException>

If you receive the above error message you have either changed your password within the last 24 hours or you are not adhering to the Password Policy requirements listed at the beginning of this Blog.

Microsoft Online Services Usage Without a Sign In Client

  The Microsoft Online Services provide a set of Hosted Services which include among other items the Microsoft Online Sign In Client which provides Single Sign On (SSO) capabilities.  SSO provides you with the ability to automatically access Windows Authentication based Online Resources, without being prompted for credentials.  However if you are in a location where the Sign In Client is not available such as an Airport Kiosk, you can still use the Online Services, you will just need to manually enter your Online Credentials to access the below resources.

Scenario:  You are at an Airport Kiosk and need to access the following Microsoft Online Services:

All Resources Require Your Microsoft Online User Account Credentials

• Microsoft Online Admin Center - https://admin.microsoftonline.com
• Forms Based Authentication (FBA)
• Microsoft Online Company Portal - https://home.microsoftonline.com
• Windows Authentication
• Microsoft Outlook Web Access (OWA) - https://red001.mail.microsoftonline.com
• Forms Based Authentication (FBA)
• Microsoft Online Live Meeting - https://lm.microsoftonline.com
• Windows Authentication
• Microsoft SharePoint Online - https://<companyURL>.SharePoint.microsoftonline.com
• Windows Authentication

Microsoft Online Mobility Instructions

The Microsoft Online Services provides mobility access for several of the Hosted services, including SharePoint Websites and Email/Calendaring access.  Below are the steps needed to access these two Services:

You can set up your Windows Mobile 6 device to synchronize with your company's Microsoft Exchange Online service. This ensures that you'll be able to send and receive e-mails and keep your calendar current whether you're at work or out of the office.

Notes:

• If your Windows Mobile 6 device is already set up to sync with another Exchange server, you must delete that e-mail account from your mobile device before your device can sync with Exchange Online.
• Windows Mobile 6 is required.
• Before starting, make sure your cellular service plan supports Windows Mobile.

To set up Windows Mobile 6 to synchronize with Exchange Online

1. On the Start menu of your mobile device, click Messaging.
2. Select New E-Mail Account.
3. Type your e-mail address.
4. Clear the Try to get e-mail settings automatically from Internet check box, and then click Next.
5. Select Exchange server as Your e-mail provider.
6. Click Next until the Edit Server Settings screen appears.
7. Enter the server address: https://red001.mail.microsoftonline.com/.
8. Select the This server requires an encrypted (SSL) connection check box, and then click Next.
9. Enter your Exchange Online e-mail address and password, and then leave the domain field blank.
10. Select the data you want to synchronize.
11. Click Finish.
12. Click Menu, and then click Send/Receive.
13. An alert window will appear requesting you to set up passwords and comply with security policy. Click OK.