We recently took a look at one of the ways you can address the question of supporting alumni users in Office 365 Education, and I mentioned that you would need to look to the new Office 365 Education in order to provide custom address book policies in order to restrict access to your institution GAL by your alumni users.

There are a few reasons why implementing this is a good idea:

• You probably don’t want your alumni users being able to view the details of your current students and faculty.
• You will also likely want to maintain the privacy and separation by stopping your students and faculty from seeing all your alumni details, too!
• Even more importantly, you’ll almost certainly want to stop alumni from seeing each other – as this list grows over time there'll be a lot of names in that list. Who knows, one day some of them might be famous!

What You’ll Need

In order to configure this you’ll need to ensure a few things:

1. You’re running the new Office 365 (sometimes known as “Wave 15” or the 2013-style).
2. You’ve enabled address book policy routing.
3. To use any cmdlets that require the Address List role, you need to add the role to a role group. For details, see the “Add a role to a role assignment policy” section of Manage Role Assignment Policies.
4. To decide on, and set, a marker to identify your alumni users; for example, using one of the custom attributes to store a value such as “alumni”.

Step One: Create the Address Lists

Address book policies contain address lists, so to begin we need to create an alumni address list for our users, and a blank resource address list for our resources (assuming we don’t want alumni users to see any rooms or resources in the their GAL).

Resource List:

We’ll connect to our tenant using Windows PowerShell and run the following command:

New-AddressList -name "AL_Alumni_Resources" -RecipientFilter {(((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')) -and (CustomAttribute3 -eq "nullresource"))} -DisplayName "Alumni Room List"

This creates an address list called AL_Alumni_Resources that contains rooms where custom attribute 3 is equal to “nullresource”. This is a bit of a trick since there are no resources with that value, so we get a blank address list as a result. There are probably more elegant ways to do this, but this one works.

Alumni Address List

Again, in PowerShell, we’ll run:

New-AddressList -name "AL_Alumni" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (CustomAttribute2 -eq "alumni")} –DisplayName “Alumni Address List”

This creates an address list called AL_Alumni that contains users where custom attribute 2 is equal to “alumni”.

Global Address List

To create a new GAL we’ll run:

New-GlobalAddressList -name "GAL_Alumni" -RecipientFilter {(CustomAttribute2 -eq "alumni")}

This creates a global address list called GAL_Alumni that contains objects where custom attribute 2 is equal to “alumni”.

Offline Address Book

To set up the OAB we’ll run:

New-OfflineAddressBook -name "OAB_Alumni" -AddressLists "GAL_Alumni"

This creates a offline address book called OAB_Alumni that contains the alumni GAL.

Step Two: Create Alumni Address Book Policy

Now that we’ve got our address lists in place we can create the policy that ties it all together, so in PowerShell we run:

New-AddressBookPolicy -name "ABP_Alumni" -AddressLists "AL_Alumni" -OfflineAddressBook "\OAB_Alumni" -GlobalAddressList "\GAL_Alumni" -RoomList "\AL_Alumni_Resources"

Step Three: Assign the Address Book Policy to users

Now for the moment of truth: applying our newly created policy to our alumni users:

Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute2 -eq "alumni"} | Set-Mailbox -AddressBookPolicy "ABP_Alumni"

Step Four: Test

If we log into OWA with a test alumni user we'll see that if we browse to the people tab, we get the following view:

Notice that on the left column, under directory we see the two address lists we created – they’re both empty!

Step Five: Hide alumni from address lists

The last step, now that we’re satisfied we’ve hidden the rest of our users and lists from our alumni, is to hide our alumni from any other address lists. This is much simpler you’ll be please to know!

Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute2 -eq "alumni"} | Set-Mailbox -HiddenFromAddressListsEnabled $true

Things to note

• I’m not a PowerShell expert (sadly!) so there may well be better and more efficient ways to do this.
• If you have large numbers of users to apply this to you may hit PowerShell throttling policies, so be aware that you may need to do this in chunks of users over a period of time, rather than every user in one go.
• Test thoroughly – this is just one way and probably won’t fit every scenario. Make sure you test before rolling out!

Find out more

For a more in depth guide on address book policy procedures check out TechNet which contains all the information I needed to structure this article.

Collabco is a specialist Microsoft Partner focused on SharePoint, Dynamics CRM, Lync, UAG, Mobility and deliver the following services: Technology Consultancy, IT Strategy Consultancy, Development, Project implementation, Support and Training.  They are also the focus of our next post in our partner blog series.  Over to Brendan Nel and Oli Newsham from CollabCo for some more info and a cool demo.

--

With over 60 million users, Moodle is a well-known VLE used in schools, FE and HE establishments all over the world.  Whilst offering the ability to customise to meet individual requirements there has been no easy way to present student information in an Office 365 environment until now.

UK-based Collabco, whose MyDay product enables educational establishments to aggregate the information students need on a daily basis and present it in a highly intuitive Windows 8 style environment, have just announced the launch of their new MyDay Moodle app to overcome this.

Easy to setup and use

The MyDay Moodle app links an existing Moodle installation to SharePoint. Once the app is installed it guides an administrator through the process of setting up their Moodle installation to talk to the app. All the administrator needs to do it fill out a couple of fields then copy some files into Moodle that the app generates.

Once setup, users of the app are presented with a set of tiles in SharePoint showing their current and outstanding assignments categorised into time periods.

Moving the mouse over a tile shows details of the next assignment in that category and clicking the tile takes you to a detailed view of your assignments.

Clicking on an assignment in the detail view will automatically sign the user into Moodle and take them directly to the selected assignment.

Check out our video demo to see this in action.

Available for SharePoint Online (SharePoint 2013 running on Office 365) the app requires Moodle 2.0 or above to run. For more information go to www.collabco.co.uk to get in touch.

I ran into an interesting problem setting up ADFS 2.1 on Windows Server 2012 for Office 365 federation. It is now a supported server OS for ADFS and Office 365 as long as you run the Azure Active Directory PowerShell. 

ADFS setup worked flawlessly and I setup the web certificate, etc. You can follow the ADFS 2.1 on Windows Server 2012 for Office 365 steps here now.

I went to convert my domain to federated in Azure Active Directory Powershell (steps here) to setup a Trust with Office 365 and it failed when I used the convert-msoldomaintofederated cmdlet.  I received an this error:

Convert-MsolDomainToFederated : Microsoft.Online.Administration.Automation.Iden
  tityInternalServiceException
  At line:1 char:30
  + Convert-MsolDomainToFederated <<<<  -DomainName domain.edu
     + CategoryInfo          : NotSpecified: (:) [Convert-MsolDomainToFederated
    ], FederationException
     + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Ident
    ityInternalServiceException,Microsoft.Online.Identity.Federation.Powershel    l.ConvertDomainToFederated

I found a fix that resolved this. You must run this PowerShell cmdlet first:

Set-MSOLpasswordpolicy validityperiod 90 –notificationdays 10 –domainname domain.edu

After I ran that – waited about 20 minutes – then ran:

convert-msoldomaintofederated –domainname domain.edu   - went through without issue.

It would appear that your password policy must be set to 270 days or less or you cannot convert your domain to a federated domain.

Finally, you should run get-msoldomain to check that you are indeed federated for that domain.

Oxford Computer Group, a Microsoft Gold Partner, are running a series of one day training events that cover how to complete your upgrade from Live@edu to Office 365 for education. In their own words:

“This course provides an introduction to the process of upgrading your Microsoft Live@Edu cloud-based email service to Microsoft's new Office 365 cloud offering. Every institution using Live@Edu will have to make this change this year, and many seem unaware of the implications. We examine the reasons for the upgrade, the differences between the platforms, and present the options that are available for getting successfully from one to the other. At the end of the course you will have a sound understanding of the process itself, the things that you will need to do and the decisions that your institution will have to take…”

The course will cover:

• A brief overview of what the Live@edu to Office 365 Upgrade is and entails
• Options available for Service Provisioning & Licensing
• An introduction to SSO with ADFS and Shibboleth
• The Upgrade Process & what’s involved
• How to get successfully from one platform to the other
• Alumni solution

Check the date and register now.

And don’t forget, the upgrade wiki is always a useful tool for finding out information too!