Great news! We just publically announced today at Educause that Office 365 ProPlus will be offered to students at no additional charge if all your faculty and staff are already licensed for Office 2013 Professional Plus via EES/OVSES agreement or via Office 365 ProPlus subscription.

This is incredible news for students as they can now take advantage of all that Office 365 ProPlus has to offer.

I put together a quick FAQ for what this means for your education institution:

What is included with Office 365 ProPlus subscription license?

• Office 365 ProPlus for PC (Office 2013 ProPlus base applications)
• Office 365 ProPlus for Mac (Office 2011 for Mac base applications)
• Office for iPad (see here for new update 3.27.14)
    

How many machines/devices can I run this subscription on?

Each subscription license allows you to run Office on up to five machines being Mac or PC. You can also run Office for iPad on up to 5 tablets.

Is this a full version Office and available for offline use?

Yes, this is full Office on the PC, Mac, tablet, mobile platform and all are available for offline use.

What applications come with Office 365 ProPlus for PC?

Word 2013

Excel 2013

PowerPoint 2013

OneNote 2013

Access 2013

Publisher 2013

Outlook 2013

Lync 2013

InfoPath 2013

What comes with Office 365 ProPlus for Mac?

Word 2011

Excel 2011

PowerPoint 2011

Outlook 2011

What comes with Office Mobile for iPhone? (update 3.27.14 – now free)

Word Mobile

Excel Mobile

PowerPoint Mobile

OneNote and Lync Mobile available as separate download.

See here for more options.

What comes with Office Mobile for Android? (update 3.27.14 – now free)

Word Mobile

Excel Mobile

PowerPoint Mobile

OneNote and Lync Mobile available as separate download

See here for more options.

What are the PC requirements for Office 365 ProPlus?

• Windows Server 2008 R2
• Windows 7
• Windows Server 2012
• Windows 8

32-bit Office can be installed on 32-bit or 64-bit operating systems and 64-bit Office can only be installed on 64-bit operating systems.

Computer and processor
1 GHZ or faster x86 or 64-bit processor with SSE2 instruction set.

Memory

1 GB RAM (32-bit)

2 GB RAM (64-bit) recommended for graphics features, Outlook Instant Search, and certain advanced functionality.

Disk space
3 gigabytes (GB)

Monitor resolution
1024 x 768

What are the Mac requirements for Office 365 ProPlus?

• A Mac computer with an Intel processor.
• Mac OS X version 10.5.8 or later.
• 1 GB of RAM recommended.
• 2.5 GB of available hard disk space.
• HFS+ hard disk format (also known as Mac OS Extended or HFS Plus).
• DVD drive or connection to a local area network (if installing over a network).
• 1280 x 768 or higher resolution monitor

What are the iPhone requirements for Office Mobile for iPhone?

iPhone 4

iPhone 5

iPhone 5s

iPod Touch 5th generation

All devices above must be running iOS 6.1 minimum

What about Office on the iPad?

Office for iPad is now available as of 3.27.14.  See new blog post for details here.

What are the Android requirements for Office Mobile for Android?

Android OS 4.0 or greater

Android touch enabled smartphones only

Do students have to sign into Office 365 to use any of these applications with Office 365 ProPlus?

Yes, a valid Office 365 ProPlus license tied to a valid Office 365 login for students is required to enable any of the four Office 365 ProPlus features.

How long can a student leverage Office 365 ProPlus?

The guidelines are they can leverage this until they graduate or are no longer attending your school. At that point, you must disable their Office 365 ProPlus license.

How is this different from Office 2013 Professional Plus?

The Office 2013 applications are exactly the same however there are some differences including patching, license sign in for usage, and Click-to-run (C2R) technology for rapid installs (2 minutes for quick usage).

Can I run a local image of Office 365 ProPlus to install from and can I customize the install share?

Yes, you can install Office 365 ProPlus for PC from a local share and still leverage C2R technology for a few minutes installation of Office and with the Office Deployment Tool you can also customize the Office installation. See here for more instructions

Where can I get training on Office 365 ProPlus?

There is some excellent end user training on Office 2013 here.

There is some excellent end user training on Office for Mac 2011 here:

• Excel 2011
• Outlook 2011

• PowerPoint 2011
• Word 2011

Some end user help guides on Office Mobile for iPhone here and here.

Some end user help guides on Office Mobile for Android here and here.

Some end user Office for iPad training here:

• Excel for iPad training
• PowerPoint for iPad training
• Word for iPad training

Is there a deployment guide for Office 365 ProPlus?

Yes, there is an excellent IT Pro reference guide here and see my deployment blog post here.

When can I obtain this license for my students?

You can order it through your reseller. Please see these three part series on “How to get Student Advantage” - partI, partII, and partIII for guidance. Here is a new “Student Advantage Deployment Guide”.

This release has been a capability which has generated a lot of interest with my customers going with Office 365 Education.  I have put together a quick FAQ to help with this.

What is Azure Active Directory Dirsync with Password Sync?

Formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. in addition to the syncing of users, groups and contacts.  This new feature will allow for Same Sign In with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will by synced up to Azure AD.  See here on TechNet for more details.

Where can I get the new Dirsync with Password sync bits?

You can grab the latest version of Dirsync here or it is available in the Office 365 portal under ‘users'  and then Dirsync.

What version of Dirsync has Dirsync with Password sync?

Dirsync with password sync is available in versions 1.0.6385.12 or newer version.

How can I quickly tell if I have the right version downloaded?

The first way you can tell is by size. The file size is about 183+MB vs. the older version is 99MB.  The other way you can tell is by the icon. The application icon should be our new Windows logo with the four blue squares. The final way to confirm this is by hovering over the dirsync download and check the version the version with Dirsync with password sync or later is: 

note: I renamed the default ‘dirsync’ filename since I already had the older dirsync in the same directory.

What do I need to do to replace my older dirsync?

You do have to remove the existing installation of Dirsync prior to installing the new version with password sync.

You don’t need to remove other components such as SIA or SQL express. I left everything else in place. Here is the setup I did on an existing Dirsync Server:

1) Important: If using ADFS with federated ID, you must first convert your domain namespace to managed ID PRIOR to installing and running Dirsync with password sync. See steps below under “What if I am federated…”

2) Remove existing Dirsync application from control panel.

3) I took screenshots of the rest:

What if I am federated and using ADFS and want to switch to Dirsync with Password Sync?

You will need to convert your domain from federated to managed.  Using the

convert-msoldomaintostandard –domainname foo.edu –skipuserconversion $false –passwordfile c:\password.txt 

Azure AD cmdlet.   See here on TechNet for more details.  Note: the password file is for dumping all users temporary passwords into.

How can I tell if it is configured correctly for Dirsync with Password Sync?

You should see event ID 656 and 657 in your application event log to show that it is syncing the password hash to the cloud.

What are the advantages of Dirsync with Password Sync vs. ADFS?

There are a couple of advantages of using Dirsync with Password Sync over using ADFS 2.1 with Dirsync:

1) A single server is needed vs. redundant and scaled out ADFS servers.

2) No dependency with on prem hardware/data center – if Dirsync with Password Sync server dies – just replace it. There is no impact accessing cloud services with an onprem outage because the identity is a managed identity in Azure AD vs. a federated identity using ADFS 2.1.

3) No complex ADFS architectures – No ADFS Proxies, load balancers, certificate management are required. It keeps the deployment less complex with fewer moving parts.

What are the disadvantages of Dirsync with Password Sync vs. ADFS?

ADFS 2.1 with federated login provides true Single Sign On (SSO) with Office 365 where as Dirsync with Password Sync allows for Same Sign On which implies users will be prompted for credentials when accessing Office 365 even in domain joined scenarios.  ADFS 2.1 also allows for better access control based on IPs, etc.

Where can I find more information on troubleshooting Dirsync with Password Sync?

There is an excellent KB article here to help you.

If your Exchange Online (Office 365) or Outlook Live (Live@edu) users are already using Room Mailboxes to schedule meetings in conference rooms, auditoriums, labs or other facilities, then why not enable Room Finder for your Microsoft Office Outlook 2010 clients by configuring Room List Distribution Groups?

Room Finder simplifies the process of searching for an available room while setting up a meeting. Instead of adding all possible conference rooms to a meeting request and using the Scheduling Assistant to identify available rooms, meeting organizers can use Room Finder to show a room list, see suggested times, and choose an available room.

Room Finder in Outlook 2010  without Room Lists	Room Finder in Outlook 2010  with Room Lists

How do I enable Room Finder?

A messaging administrator can enable Room Finder for Outlook 2010 clients in a few easy steps: (1) Connect to Exchange Online or Outlook Live using Windows PowerShell; (2) Create Room List Distribution Groups; (3) Add existing Room Mailboxes to Room List Distribution Groups. 

Outlook 2010 detects the Room List Distribution Groups automatically and populates the Room Finder with room lists, available rooms and suggested meeting times.

Connect to Exchange Online or Outlook Live using Windows PowerShell

• Install and Configure Windows PowerShell
• Connect Windows PowerShell to the Service

Create Room List Distribution Groups

New-DistributionGroup -Name "Name of Room List" –RoomList creates a new Room List Distribution Group using the cmdlet’s minimum required parameters for a Room List Distribution Group. If you don’t specify any additional parameters, then they will be set for you.

You may want to take control of your recipient object’s attributes by using additional parameters, e.g. –Alias, –DisplayName, –PrimarySmtpAddress, etc. You can find a full list of available parameters at TechNet New-DistributionGroup: Exchange 2010 SP1 Help.

Add existing Room Mailboxes to Room List Distribution Groups

Add-DistributionGroupMember –Identity "Name of Room List" –Member "Name of Room Mailbox" adds Room Mailboxes to Room List Distribution Groups. It requires that you specify the Room List Distribution Group using the –Identity parameter and the Room Mailbox to be added using the –Member parameter.

You can use the DisplayName, Identity, PrimarySmtpAddress and various other values with the –Identity and –Member parameters. You might find it helpful to list them.

The following command will list the Room List Distribution Groups.

The following command will list the existing Room Mailboxes.

______________________________

Thanks for joining us today!

Zion Brewer

______________________________

I had several ADFS and Single Sign On (SSO) questions from a large university in northern California proceeding with Office 365 for Education for faculty, staff and students.

What servers do I need to accommodate single sign on (SSO) aka Federated ID?

The following on premises servers are needed to accommodate SSO with Office 365:

• ADFS 2.0 Proxy Servers (2 minimum for redundancy)
• ADFS 2.0 servers (2 minimum for redundancy)
• DirSync Server

Do we require ADFS proxies or can I just deploy an ADFS internal server?

Technically, you can get away with just ADFS servers and no proxy servers for Federated ID, we recommend you deploy ADFS proxies to protect your ADFS servers and to allow for client access restriction capabilities such as denying access to email when off campus or IP filtering.

Can I use TMG or UAG instead of an ADFS proxy server?

Currently, it is slated to be supported however the documentation is still being developed. In some cases, such as IP filtering, an ADFS proxy is still required in conjunction with UAG or TMG     There is some initial documentation here.

Is there an order they need to be installed?

Yes, configure ADFS and federated ID first and then Directory Sync Server. You would think it is the other way however things run better when ADFS is configured prior to Dirsync.

Do I need full blown SQL Server with ADFS?

It depends on how you are going to implement ADFS and the total number of ADFS servers deployed. If you require stretched ADFS this requires full blown SQL to accommodate this scenario or if you require more than 5 ADFS servers WID cannot scale beyond that number of ADFS servers.  See here for the differences between WID and SQL with ADFS or here for topology choices for ADFS.

What versions of SQL are supported?

WID, SQL 2008 R2, SQL 2012.

How many ADFS servers do I need for Federated ID?

Each ADFS server scale varies depending on load frequency such as will everyone be logging within a 15 minute interval or spread over an hour. This answer can range from 2 ADFS servers for 15,000 users with high availability with high load or many more users depending on your load frequency.

See the ADFS sizing calculator here to help narrow it down.

Can I enable geo-redundancy with ADFS?

Yes, it is possible to enable this with SQL mirroring/Replication to an alternate datacenter along with geoaware load balancers.

What happens if ADFS is unavailable?

ADFS is required to access Office 365 when using Federated ID (SSO). You want to ensure you have redundant ADFS proxies and ADFS servers to reduce any downtime to the cloud.

What type of hardware do I need for ADFS?

Make sure you do not underspec your ADFS servers as it does require some horsepower to run effectively:

Federation Service Server

· Dual Quad Core 2.27GHz (8 cores)

· 16GB RAM

· Gigabit Network

Federation Service Proxy Server

· Quad Core 2.24GHz (4 cores)

· 4GB RAM

· Gigabit Network

Where can I get more information on deploying ADFS?

There is a good ADFS deployment guide here and a O365 ADFS deployment checklist here.

I have had several questions around multi-forest and multi-tenant questions from my education customers.  Here is a FAQ I put together:

Can you have multiple forests with a single tenant?

Yes, with FIM Connector for Office 365 or with the upcoming AADirsync tool. You can grab the beta of AADirsync tool here.  Read more on AADirsync here.

Can you have one forest with multiple tenants?

Yes, this is now supported as of recently.  You either have to use the FIM Connector for Office 365 or you can now use multiple Dirsync servers syncing to each unique tenant. The key is you cannot sync the same objects into the different tenants. You must create dirsync filtering on each dirsync server.

Can I have a non-AD directory sync to a tenant?

Yes, with FIM Connector for Office 365.

Can I have one ADFS farm servicing multiple forests?

Yes, as long as trusts exist between the forests this will work. Each forest much have unique UPN login suffixes for this to work.

What if do not have trusts between the forests?

If no trusts exist between the forests than multiple ADFS farms are required.

Can I have multiple Exchange orgs connecting via Hybrid into a single tenant?

Yes, this is a new capability available in Exchange 2013 SP1. See here. 

What if I have a resource forest for Exchange and an account forest for logins?

Setup dirsync against the resource forest and setup ADFS against the account forest. Eventually, collapse the resource forest data into the account forest and then change dirsync to work against the account forest.