Remember back in April when I wrote this post on multi-factor authentication (MFA) for Office 2013? (It’s OK if you don’t, because you can go read it now.) Good news: one of the things required to ship MFA in office is an updated version of the Active Directory Authentication Library, or ADAL. Well, guess what? A couple of days ago, Microsoft announced a major Azure AD update that includes a new release of ADAL. The release notes don’t specifically mention MFA support in ADAL, but they do say that ADAL 2.0 supports “new authentication flows” so I am hopeful that this is the release required to unlock Office 2013 MFA support. I guess we’ll see; it wouldn’t surprise me to see Microsoft announce its availability at TechEd Europe, since that’s the next major event on their schedule. Stay tuned…
Category Archives: UC&C
It must be the season or something. Like several of my peers (e.g. Paul, Phoummala, and Michael, to name 3), I’m moving on from my current position to a unique new challenge. In my case, I’m taking the role of Principal Architect at Summit 7 Systems.
Astute readers may remember that, just about a year ago, I joined Dell’s global services organization as a global principal consultant. I was fortunate to work with a large group of extremely smart and talented people, including several MCMs (Todd, Dave, Andrew, Ron, and Alessandro, y’all know who I’m talking about!) Working for a large company has both its benefits and challenges, but I was happy with the work I was doing and the people I was working with. However, then this happened.
Scott Edwards, cofounder of Summit 7 and a longtime friend from my prior time in Huntsville, told me that he wanted to grow Summit 7’s very successful business, previously focused on SharePoint and business process consulting, to expand into Office 365, Lync, and Exchange. Would I be interested in helping? Yes, yes, I would. Summit 7 is already really well known in the SharePoint world, with customers such as NASA, Coca-Cola, Nucor Steel, and the State of Minnesota. SharePoint consulting is a very different world in many ways from what I’m used to, so it will be interesting, challenging, and FUN to carry the Lync/Exchange/365 torch into a new environment.
In my new role, I’ll be building a practice essentially from scratch, but I’ll be able to take advantage of Summit 7’s deep bench of project management, business process consulting, marketing, and sales talent. I’m excited by the opportunity, which is essentially the next step forward from my prior work as a delivery specialist. I am not yet taking over the role of Summit 7’s corporate pilot, but that’s on my to-do list as well. (A couple of folks have already asked, and the answer is: yes, I will be flying myself occasionally to customer gigs, something that Dell explicitly forbade. Can’t wait!)
This is an exciting opportunity for me and I relish the chance to get in and start punching. Stay tuned! (Meanwhile, you can read the official Summit 7 press release here.)
So the news is out: Microsoft is rolling MEC, Lync Conference, and SharePoint Conference into a single “unified commercial technology conference” in Chicago next year. MVPs were notified that this change was in the works, and there was a lot of vigorous discussion. Now that the cat has been debagged, I wanted to share a few thoughts about this new conference. For perspective, I should say that I attended almost all of the original MEC conferences back in the day and hit both “next-gen” MECs and this year’s Lync Conference. I have also spoken at TechEd around a dozen times all told; I co-chaired Exchange Connections for a number of years and am a repeat speaker there as well, so I am thoroughly familiar with the landscape of Exchange and Lync-oriented conferences. (Since I haven’t been to SPC, any time I talk about MEC or LyC you can just mentally search-and-replace “SPC” in there if you like.)
Is this just TechEd 2.0?
The announcement, bylined with Julia White’s name, says that Microsoft is combining MEC, LyC, and SPC to provide a unified event that will give attendees “clearer visibility into Microsoft’s future technology vision and roadmap” and “unparalleled access to Microsoft senior leaders and the developers who write the code.” One of the most valuable aspects of the current set of product-specific conferences, of course, is the deep engagement with people from each specific product group. The enthusiasm and passion that the developers, testers, support engineers, PMs, and leaders of the Exchange and Lync product groups shines through: they are just as happy and excited to be there as the attendees are, and this creates a unique energy and sense of community that are consistently absent from TechEd.
Microsoft has been very successful at positioning TechEd as the generalists’ conference, with coverage of every part of their stack. Developers, architects, security engineers, and business decision makers all had content targeted at them, but it was often driven by Microsoft’s marketing agenda and not by customer demand. As the number of products in Microsoft’s portfolio has grown, TechEd hasn’t lengthened to accommodate more sessions; instead, the number of Exchange/Lync/Office 365 sessions has remained roughly constant even as those products have expanded. I think it’s fair to say that as a vehicle for deep technical information, TechEd’s glory days are far behind it. On the other hand, as a vehicle to showcase the Microsoft party line, TechEd thrived. It became clear several years ago that individual product communities would greatly benefit from having their own conferences to focus on their unique needs. Exchange Connections did a good job of filling this niche, of course, but first SPC, then LyC, then MEC proved that these product-specific conferences engendered a very high degree of attendee (and exhibitor) satisfaction and engagement, and they proved the high value of having a Microsoft-led and -organized conference with enthusiastic participation from the big wheels in each product group.
The announcement goes on to say “feedback from attendees across the past conferences asking for more content and product team engagement across Microsoft versus just within one product area.” In complete sincerity, I can say that none of the hundreds of MEC or LyC attendees, or MVPs, or Microsoft product group folks I have spoken to have said “gee, what we really need is a big conference that covers all of Microsoft’s UC&C products.” I do know that the product groups have aggressively sought and carefully considered feedback from attendees at these conferences, so it’s certainly possible that they’ve been hearing something very different than I have. It is true that people whose duties or interests span multiple products have to go to multiple conferences, and this is a valid complaint. Many consultants can’t spare multiple weeks of bench time to attend all of the relevant conferences, and many smaller companies that are using multiple products aren’t able to budget multiple conferences either. So from their standpoint, perhaps this unification is a win.
Tony points out that there are great logistical and cost-savings benefits to Microsoft in consolidating the conference, and that exhibitors may prefer to have a larger, more diverse audience. I agree with the former; on the latter, I’m not sure. Companies whose product lines span multiple parts of the UC&C ecosystem may benefit; for example, ENow makes both Exchange and Lync monitoring solutions, so having both Lync and Exchange admins in the crowd is great for them. I’m not sure the same is true for exhibitors such as Polycom, AvePoint, or Sherpa Software, whose products focus on one Microsoft server.
Julia goes on to promise that “this unified conference will be every bit as awesome, every bit as valuable and in fact, it will exceed on both these measures. That is our maniacal focus and commitment to you, so hold us to it!” While I am naturally skeptical of broad and unsupported promises such as this, the many, many people involved in the existing round of conferences— from Julia and her staff to the individual product group folks like Jamie Stark and Brian Shiers to the MVP and MCM speakers— all have a huge interest in making sure that the new event meets the high bar set by the existing conference. That helps temper my skepticism with a high degree of optimism. The announcement promises more details on the conference (perhaps including a name?) in September, and I’d expect to see more details at TechEd EMEA in October.
One last note for speculation: if you were Julia, and you were planning on introducing new versions of your flagship products, wouldn’t it be logical to do it with a big splash at a new event? May 2015 is, conveniently, in the first half of calendar year 2015, and at MEC 2014 Microsoft told us to expect a new on-prem version of Exchange in the second half of 2015.
Microsoft continues to expand the reach of its Azure services by introducing new capabilities, seemingly on a daily basis. Today I was surprised to see an announcement for the new Azure Machine Learning service (more background in this NY Times article). The link for the service apparently isn’t live yet, though.
The availability of this service raises some interesting questions around Office Graph, the set of nifty social-ish features that Microsoft introduced at SPC and reiterated at MEC and TechEd. We recently learned that, at least for now, there are no plans to offer Office Graph, and its associated features, to on-premises customers in the next release of Exchange Server. Carefully parse that statement; it could mean anything from “there will never be Office Graph features in on-prem Exchange” to “we can change our plans and include them at any time.”
It’s fair to say that Office Graph is designed to leverage the high scale of Office 365, and that because it is a resource-intesive group of processes and services, that there’s likely to be a lot of infrastructure for management, monitoring, and tuning of its components— not necessarily something that could trivially be unleashed on the existing base of on-premises customers. I’d bet that these services have a lot of interconnections, too. However, if Microsoft is adopting the Amazon approach of “everything is a service”, as they seem to be, you’d think that having some parts of Office Graph running on Azure ML is not only possible but probable. And the Azure folks are clearly comfortable with hybrid environments, as witness the fact that the Forza 5 and Titanfall video games on Xbox One both make extensive use of Azure-based resources.
So, if Office Graph is (or could be) consuming Azure ML as a service, it would seem to lower the barrier for getting Office Graph-related services into on-prem Exchange. I’ll be watching closely to see what Microsoft announces, and even more closely to see what they do, around this issue— it seems like the best possible world would be one where on-prem customers can harness the scale of Azure to get access to Office Graph features and where Microsoft doesn’t have to engineer a complete support system around on-prem variants of the Office Graph components. Stay tuned…
One of the big advantage of software as a service (SaaS) is supposed to be reduced overhead: there are no servers to install or configure, so provisioning services is supposed to be much easier. That might be true for customers, but it isn’t necessarily true for us as administrators and consultants. Learning about Office 365 really requires hands-on experience. You can only get so far from reading the (voluminous) documentation and watching the (many and excellent) training videos that Microsoft has produced. However, there’s a problem: Office 365 costs money.
There are a few routes to get free access to Office 365. If you’re an MVP, you can get a free subscription, limited (I think) to 25 users. If you’re an MSDN subscriber, you can get a tenant with a single user license, which is fine for playtime but not terribly useful if you need a bigger lab. Microsoft also has a 30-day trial program (for some plans: Small Business Premium, Midsize Business, and Enterprise) that allows you to set up a tenant and use it, but at the end of that 30-day period the tenant goes away if you don’t pay for it. That means you can potentially waste a lot of effort customizing a tenant, creating users, and so on only to have it vanish unless you whip out the credit card.
- Go to http://www.microsoftofficedemos.com/ and log in.
- Click the “Get Demo” link in the top nav bar, or the “Create Demo” link on the page, or just go to https://www.microsoftofficedemos.com/Provision_step1.aspx. That will display the page below. Note that you can download VHDs that provide an on-prem version of the demo environment if you want those instead.
- Make sure you’ve selected “Office 365 tenant” from the pulldown, then click “Next”. That will display a new page with four choices, all of which are pretty much self-explanatory. If you want an empty tenant to play around with, choose the “Create an empty Office 365 tenant”. If you want one that has users, email, documents, and so on, choose “Create new demo environment” instead.
- On the next page, you can choose whether you want the standard demo content or a vertical-specific demo pack. This will be a really useful option once Microsoft adds more vertical packs, but for now the only semi-interesting one is retail, and the provided demo guides (IMHO) are more useful for the standard set, so that’s what I’d pick. After you choose a data set, click “Create Your Demo”.
- The next page is where you name the tenant, and where Microsoft asks you to prove you’re not a bot by entering a code that they send to your mobile phone. (Bonus points if you know why I picked this particular tenant name!) The optional “Personalize Your Environment” button lets you change the user names (both aliases and full names) and contact pictures, so if you’re doing a demo for a particular customer you can put in the names of the people who will attend the demo to add a little spice. The simple option is to customize a single user; there’s one main user for each of the demos (which I’ll get to in a minute), but you can customize any or all of the 25 default users.
- Once you click “Create My Account”, the demo engine will start creating your tenant and provisioning it. This takes a while; for example, yesterday it took about 12 hours from start to finish. Provisioning demos is just about last on Microsoft’s priority list, so if you need a tenant in a hurry use the “create a blank tenant” option I mentioned earlier. You’ll see a progress page like the one below, but you’ll also get a notification email to the address you provided in step 5 when everything’s finished, so there’s no need to sit and watch it.
Executive summary: there aren’t any, so plan accordingly.
Recently I was working with a customer (let’s call him Joe, as in “Joe Customer”) who was considering moving to Office 365. They went to our executive briefing center in Austin, where some Dell sales hotshots met and briefed them, then I joined in via Lync (with video!) for a demo. The demo went really well, and I was feeling good about our odds of winning the deal… until the Q&A period.
“How does Office 365 provide mailbox-level backups?” Joe asked.
“Well, it doesn’t,” I said. “Microsoft doesn’t give you direct access to the mailbox databases. Instead, they give you deleted item retention, plus you can use single-item retention and various types of holds.” Then I sent him this link.
“Let me tell you why I’m asking,” Joe retorted after skimming the link. “A couple of times we’ve lost our CIO’s calendar. He uses an Outlook add-in that prints out his calendar every day, and sometimes it corrupts calendar items. We need to be able to do mailbox-level backups so that we can restore any damaged items.”
At that point I had to admit to being stumped. Sure enough, there is no Office 365 feature or capability that protects against this kind of logical corruption. You can’t use New-MailboxExportRequest or the EAC to export the contents of Office 365 mailboxes to PST files. You obviously can’t run backup tools that run on the Exchange server against your Office 365 mailbox databases; there may exist tools that use EWS to directly access a mailbox and make a backup copy, but I don’t know of any that are built for that purpose.
I ran Joe’s query past a few folks I know on the 365 team. Apart from the (partially helpful) suggestion not to run Outlook add-ins that are known to corrupt data, none of them had good answers either.
While it’s tempting to view the inability to do mailbox-level backups as a limitation, it’s perfectly understandable. Microsoft spent years trying to get people not to run brick-level backups using MAPI. The number of use cases for this feature is getting smaller each year as both the data-integrity and retention features of Exchange get better. In fact, one of the major reasons that we now have single-item recovery in its current form is because customers kept asking for expanded tools to recover deleted items, either after an accidental deletion or a purge. Exchange also incorporates all sorts of infrastructure to protect against data loss, both for stored data and data in transit, but nothing really helps in this case: the corrupt data comes from the client, and Exchange is faithfully storing and replicating what it gets from the client. In fairness, we have seen business logic added to Exchange in the past to protect against problems caused by malformed calendar entries created by old versions of Outlook, but clearly Microsoft can’t do that for every random add-in that might stomp on a user’s calendar.
A few days after the original presentation, I sent Joe an email summarizing what I’d found out and telling him that, if mailbox-level backup was an absolute requirement, he probably shouldn’t move those mailboxes to Office 365.
The moral of this story, to an extent that there is one, is that Microsoft is engineering Office 365 for the majority of their users and their needs. Just as Word (for instance) is supplemented by specialized plugins for reference and footnote tracking, mathematical typesetting, and chemistry diagrams, Exchange has a whole ecosystem of products that connect to it in various ways, and Office 365 doesn’t support every single one of those. The breadth and diversity of the Exchange ecosystem is one of the major reasons that I expect on-premises Exchange to be with us for years to come. Until it finally disappears, don’t forget to do some kind of backups.
Every field has its own unique constraints; the things the owner of a small manufacturing business worries about will have some overlap, but many differences, compared to what the CEO of a multi-billion-dollar energy company is concerned with. The legal industry is no exception; one major area of concern for lawyers is ethics. No, I don’t mean that they’re concerned about not having any. (I will try to refrain from adding any further lawyer jokes in this post unless, you know, they’re funny).
Disclaimer: I am not a lawyer. This is not legal advice. Seriously.
The entire US legal system is based on a number of core principles, including that of precedent, or what laymen might call “tradition”. For that reason, as well as the stiff professional penalties that may result from a finding of malpractice or incompetence, many in the legal profession have been slower to embrace technology than their peers in other industries. When there is no settled precedent to answer a question, someone has to generate precedent, often by taking a case to court. Various professional standards bodies can generate opinions that are considered to be more or less binding on their members, too. To cite one example of what I mean, here’s what the Lawyers’ Professional Responsibility Board of the state of Minnesota has to say about one small aspect of legal ethics, the safeguarding and use of metadata:
…a lawyer is ethically required to act competently to avoid improper disclosure of confidential and privileged information in metadata in electronic documents.
That seems pretty straightforward; the body responsible for “the operation of the professional responsibility system in Minnesota” issued an opinion calling for attorneys in that state to safeguard metadata and refrain from using it in ways that conflict with their other ethical obligations. With that opinion now extant, lawyers in Minnesota can, presumably, be disciplined for failing to meet that standard.
With that as background, let me share this fascinating link: a list of ethics opinions related to the use of cloud services by lawyers and law firms. (I found the list at Sharon Nelson’s excellent “Ride the Lightning” blog, which I commend to your attention.)
Let that sink in for a minute: some of the organizations responsible for setting ethical standards for lawyers in various states are weighing in on the ethics of legal use of cloud services.
This strikes me as remarkable for several reasons. Consider, for example, that there don’t seem to be similar guidelines for e-mail admins, or professional engineers, or cosmetologists, or any other profession that I can think of. In pretty much every other market, if you want to use cloud services, feel free! Oh, sure, you may want to consider the ramifications of putting sensitive or protected data into the cloud, especially if you have specific requirements around compliance or governance. By and large, though, no one is going to punish you for using cloud services in your business if that choice turns out to be inappropriate. On the other hand, if you’re a lawyer, you can be professionally liable for failing to protect your clients’ confidentiality, as might happen in case of a data breach at your cloud provider.
The existence of these opinions, then, means that in at least 14 states, there are now defined standards that practitioners are expected to follow when choosing and using cloud services. For example, the Alabama standard (which I picked because it is simple, because I live in Alabama, and because it was first in the alphabetical list) says:
…a lawyer may use “cloud computing” or third-party providers to store client data provided that the attorney exercises reasonable care in doing so… The duty of reasonable care requires the lawyer to become knowledgeable about how the provider will handle the storage and security of the data being stored and to reasonably ensure that the provider will abide by a confidentiality agreement in handling the data. Additionally, because technology is constantly evolving, the lawyer will have a continuing duty to stay abreast of appropriate security safeguards that should be employed by the lawyer and the third-party provider. If there is a breach of confidentiality, the focus of any inquiry will be whether the lawyer acted reasonably in selecting the method of storage and/or the third party provider.
The other state opinions are generally similar in that they require an attorney to act with “reasonable care” in choosing a cloud service provider. That makes Microsoft’s recent relaunch of the expanded Office 365 Trust Center a great move: it succinctly addresses “appropriate security safeguards” that are applied throughout the Office 365 stack. Reading it will give you a solid grounding in the physical. technical, and operational safeguards that Microsoft has in place.
Compared to its major SaaS competitors, Microsoft’s site has more breadth and depth about security in Office 365, and it’s written in an approachable style that is appropriate for non-technical people… including attorneys. In particular, the top-10 lists provide easily digestible bites that help to reassure customers that there data, and metadata, are safe within Microsoft’s cloud. By comparison, the Google Apps security page is limited in both breadth and depth; the Dropbox page is laughable, and the Box.net page is basically a quick list of bullets without much depth to back them up.
The Office 365 Trust Center certainly provides the information necessary for an attorney to “become knowledgeable about how the provider will handle the storage and security of the data being stored”, and it is equally useful for the rest of us because we can do the same thing. If you haven’t already done so, it’s worth a few minutes of your time to go check it out; you’ll probably come away with a better idea of the number and type of security measures that Microsoft applies to Office 365 operations, which will help you if a) you go to law school and/or b) you are considering moving to Office 365.