Oxford Computer Group has scheduled a webinar that will touch on the Identity Management issues that need to be addressed for cloud services, including Live@edu and Office365.

Friday, November 11th, 2012, 11:00 a.m. Pacific Time. Duration 30 minutes.

Registration Link: http://www.oxfordcomputergroup.com/news/events/webinar-cloud-services-prep-for-edu-providers-278.php

Webinar Description:  Cloud Services Prep for EDU Providers

This 30 minute webinar is intended for education providers who have been considering Cloud solutions, such as Microsoft Live@edu and Office 365. In education, managing the entire lifecycle of a digital identity can be challenging. We will show how Microsoft Forefront Identity Manager 2010 is being used to automate the administrative tasks associated with identity management. We'll also discuss the perennial problem of password management for students, showing an innovative solution that provides self-service password management in the Cloud. We will provide an overview of Identity Management in Microsoft Live@edu and Office 365:

• How to reduce the cost
• How to prepare for Cloud services
• How to provision and deprovision accounts
• How to manage passwords and user access.

If you are an Exchange Online or Outlook Live tenant administrator, then you can access the Forefront Online Protection for Exchange (FOPE) Administration Center via a hyperlink in the Exchange Control Panel. And with a few additional steps, you can login directly to the FOPE Admin Center.

Accessing the FOPE Admin Center from the Exchange Control Panel

1. Sign in to the Exchange Control Panel as an Administrator
2. Click Mail Control (left side) then click the hyperlink underneath Forefront Online Protection for Exchange (right side), e.g. “Configure IP safelisting, perimeter message tracing, and e-mail policies.”

After about 30 minutes of inactivity, the FOPE Admin Center will timeout.

When you click the “Configure IP safelisting, perimeter message tracing, and e-mail policies” hyperlink in the Exchange Control Panel, you may receive the an error saying, “We are sorry but your session has expired.” 

So, how do you login again to the FOPE Admin Center?

You could sign out of the Exchange Control Panel and sign in again. Then, click Mail Control and click “Configure IP safelisting, perimeter message tracing, and e-mail policies.” But, you may need to close all of your browser windows.

If you have as many open browser windows and tabs as I do, then this could become a major interruption. “Should I save this tab or that tab? What’s the password for the firewall’s web GUI? Should I save a Draft in OWA or send this email before closing all the browser windows?”

I’ve gone on too long…you get the idea.

Instead, why not sign in directly to the FOPE Admin Center? You can stay logged in to the Exchange Control Panel, leave open your browser windows and tabs, and simply sign in again with your user name and password.

Sign in directly to the FOPE Admin Center for the first time

1. Browse to https://admin.messaging.microsoft.com/
2. On the “Sign in” page, click the “Need your password?” link
3. Enter your Administrator’s User Principal Name (UPN) or Windows Live ID, e.g. admin@fabrikam.onmicrosoft.com (Office 365) or admin@live.contoso.edu (Live@edu), and click Send
4. Login to your Administrator’s Inbox, open the Password Change Confirmation email and follow the link in the body of the message
5. On the “Set your new password” page, enter User Name, New Password and Confirm new Password
6. Go to https://admin.messaging.microsoft.com/ and login with User Name and new Password 

Steps 1 and 2	Step 3

Step 4

Step 5	Step 6

Forefront Online Protection for Exchange – Administration Center

At this point, you can go directly to the FOPE Administration Center at https://admin.messaging.microsoft.com/

…

So, how do you pronounce FOPE?

In my previous article, How do YOU pronounce FOPE? An Introduction, I discussed some of the key features of Forefront Online Protection for Exchange (FOPE) and invited you to explore additional resources:

• TechNet Edge – FOPE
• TechNet Library – Forefront Online Protection for Exchange
• FOPE 11.1 Administration Center User Guide
• Spam Filtering and Message Hygiene

And, hopefully, you’ve had an opportunity to sign in to the FOPE Administration Center via the hyperlink in the Exchange Control Panel or by entering your user name and password at https://admin.messaging.microsoft.com/.

Okay, I didn’t spell it out. The truth is that there isn’t a right or wrong answer.

Please leave a comment to tell us how YOU pronounce FOPE. There’s bonus points for using the International Phonetic Alphabet (IPA) or Pronunciation Respelling Key!

______________________________

Thanks for joining us today!

Zion Brewer

______________________________

Forefront Online Protection for Exchange (FOPE) is the default messaging security solution for Exchange Online (Office 365) and Outlook Live (Live@edu)!

The transition to FOPE for existing Outlook Live domains is nearly complete, and all new tenants are provisioning with FOPE from from the start. Both services can now benefit from FOPE’s enterprise-class reliability, multi-engine spam/virus scanning and customizable filtering options.

Here’s an excerpt from the FOPE Service Description 

Forefront Online Protection for Exchange offers five services that apply a unique blend of preventive and protective measures to help stop increasingly complex email–borne threats from infiltrating your organization, enforce your organization’s email policies, and maintain a reliable messaging environment:

• Antivirus Service: Helps protect your organization from receiving email-borne viruses and other malicious code by using multiple antivirus engines and heuristic detection to minimize the window of vulnerability during emerging threats.
• Anti-spam Service: Helps ensure that unsolicited email is automatically filtered before it enters your organization’s messaging systems.
• Policy Enforcement Service: Provides the ability to custom create highly flexible policy rules to regulate email flow for compliance purposes.
• Directory–Based Edge Blocking Service: Provides the ability to specify all valid users on a domain or to configure different filtering settings for groups of users within a domain.
• Automatic Spooling: Helps ensure that no email is lost by instantly and automatically queuing messages for later delivery if the receiving email server is unavailable.

Figure 2: Integrated email security and filtering solution provided by Forefront Online Protection for Exchange

These services easily interoperate with one another as a package and require little to no changes to be effective. Without any configuration, Forefront Online Protection for Exchange blocks more than 98 percent of unwanted email and 100 percent of known viruses… Forefront Online Protection for Exchange has found that its ratio of false positive messages is smaller than approximately 1 in 250,000 (0.0004 percent).

…

So, how do you pronounce FOPE?

Listen for the answer on TechNet Edge – FOPE. Look for the answer at TechNet Library – Forefront Online Protection for Exchange, FOPE 11.1 Administration Center User Guide or Spam Filtering and Message Hygiene.

Better yet…sign in to your FOPE Administration Center today and decide for yourself!

Learn how in the next part of this article: How do YOU pronounce FOPE? Sign in for the first time.

______________________________

Thanks for joining us today!

Zion Brewer

______________________________

We had a few customers having some issues connecting to Lync Online from Lync for Mac 2011.  The good news is this past weekend we provided a Microsoft Lync for Mac 2011 14.0.1 Update package available for download to help correct some of these issues. This update will also be available to Lync for Mac users this week through Microsoft Update.

                          Screenshot of desktop sharing on a Mac to a PC or vice versa.

This update addresses two known issues:

• Lync for Mac sign-in into Office 365
• Installation of Mac OS X Lion 10.7.2 causes Lync for Mac to become inoperable

After installing this update, Lync for Mac users will be able to connect to Office 365 and use Lync for Mac on Mac OS X Lion 10.7.2.

You can find more information about this update in the Microsoft Knowledge Base article

See more about Lync for Mac 2011 capabilities here.

This was a question asked by a community college customer deploying Office 365 for Education near Seattle. 

Dirsync server syncs AD user objects, groups, contacts to Office 365. User objects are synced as MSO IDs and all mail enabled objects are synced to Exchange Online.

What server hardware do I need for Dirsync?

Sizing your Dirsync server is based on number of objects in your Active Directory. Here is a matrix from the deployment guide:

It also has to be hosted on a 32-bit Windows Server for now. Future Dirsync for Office 365 is more than likely slated for 64-bit. Update 11-28-11: 64-bit Dirsync version available here for download.

Can I run this on a virtual server?

Yes, Dirsync is supported on a virtual server.

How can I prepare my AD Forest prior to setting up Dirsync?

Run the Office 365 readiness tool to analyze your AD Forest and remediate any objects the tool identifies prior to running Dirsync. This will save you a lot of headaches to run this tool first.  Grab the tool here.

Do I setup Dirsync first or ADFS (SSO) first?

Setup ADFS and federation first and then setup Dirsync. Logically you would think it would be the other way around however this is the order of operations.

What if I have more than 300,000 Active Directory objects to sync to the cloud?

If you have more than 300,000 (it used to be 20,000 object limit) Active Directory objects you need to open a ticket with support before you enable Dirsync.  Additionally, your AD user object size will determine which type of tenant you will be hosted on so you need to be sure you are provisioned on the correct tenant prior to enabling Dirsync as well.  Check with support to ensure you are on the correct tenant when going beyond 300,000 AD user objects.

To determine the total amount of AD objects you can run the Office 365 readiness tool to get a ballpark count of objects. Grab the tool here.

How do I size the SQL database for Dirsync?

If you have more than 50,000 AD objects to dirsync it is recommended to move to full blown SQL Server 2008 to handle the database size.  If you have less than 50,000 AD objects, you can continue to use the default SQL Server 2008 Express database.

Can I run Dirsync on the same server as ADFS 2.0 server?

No, it is not recommended to run them on the same hardware.

Do I need to make Dirsync server highly available?

No, if your Dirsync server fails you will not be out of commission nor will objects get deleted. You can stand up a new Dirsync server and the objects will get into sync again.

How often does it Dirsync sync with Office 365? Can I force dirsync?

It syncs by default every 3 hours or you can manually force a dirsync process via PowerShell with ‘Start-OnlineCoexistenceSync’ cmdlet. See a reference in Greg’s Dirsync step by step below.

Is there a good place to read about deploying Dirsync server?

Yes, the Office 365 deployment guide here and the setup accelerator here are great sources of information on configuring Dirsync. Additionally, Greg Katz posted a step by step here on our blog.