When it comes to planning an Office 365 migration, there is one gotcha that can be a surprise that is only found when signing up for a new Tenant. Surprise! Your domain name is not available because it has been registered in another tenant! Say what? While it is difficult to prevent this from happening (for reasons I will describe later in this post), there is some upfront planning you can be prepared to take if you encounter this during your tenant registration process.

This is more likely to occur with Education customers than Commercial/Enterprise/Business customers. More often than not, Education customers will find that their domain name is already associated with an existing Office 365 tenant that they did not create. However, this same problem can occur with Corporate customers because Power BI allows for automatic tenant creation when the first user signs up (if there was no previous tenant created with the primary email address of the user). 

In this blog post, we will focus mainly on Education customers, because it happens much more often. How does this happen? It’s by design. A self-provisioned tenant gets created whenever a student or faculty member signs up for Office “Online” using their .EDU email address at this website here:

http://office.com/student

The first account to do this will actually establish an Office 365 tenant for that organization. This is a huge help to larger organizations with small IT staff, as it enables students and staff to have self-service access to valuable and free services from Microsoft.

Side note 1:Some schools have purchased Campus agreements with Microsoft, allowing teachers and students to install the full Office applications on up to 5 PCs or Macs (not just browser-based Office Online) .  If your school provides this additional benefit, you’ll see the Install Office button on your Office 365 home page after you complete sign-up.

Side note 2: Microsoft has provided a promotion kit to help schools get the word out about the tremendous value of these services. This can help boost the schools image when trying to compete for incoming students $$$.

The tradeoff for free and easy is that the tenant name that gets created may not be the most ideal for long term use, for example: if a student name Jack using the email address of [email protected] is the first to sign up for the free Office Professional Plus offer, and the tenant that gets created behind the scenes could be contoso2.onmicrosoft.com.  To learn more about self-provisioning see this article (here).

Here are the licenses that the student will be assigned if self-provisioned:

To disable automatic tenant join for new users: Set-MsolCompanySettings -AllowEmailVerifiedUsers $false

To enable automatic tenant join for new users: Set-MsolCompanySettings -AllowEmailVerifiedUsers $true

This applies to all Office 365 Education customers (Universities, Colleges, School Districts, etc)  – simply, any domain name ending in .EDU.  This blocking prevents new users in your organization from signing up for Power BI.

To learn more about disabling self-provisioning click (here).

It is possible to perform re-claim administrative authority over a self-provisioned Office 365 tenant. Some reasons why you may want to do this include:

• Establish single-sign on with an on-premises Active Directory or 3rd party SSO service
• Enforce IT or Security policy settings, especially because the default settings in an Office 365 tenant may or may not reflect the current policy of the organization (sharing policies, encryption policies, software installation, just to name a few examples).
• Perform an on-premises migration of Email, SharePoint, or storage to Exchange Online, SharePoint Online or OneDrive for Business
• If the organization has a long term initiative around tenant consolidation, user initiated tenants based on email enabled sub-domains may not be desired.
• For multi-national organizations, user initiated tenants may be created in a data center that is not desired by the organization.
• Self-created tenants could be perceived as ‘shadow IT’ – where there is limited organizational visibility or even knowledge of what users have signed up for the services, and usage of those services.

There are many other reasons why it is advantageous to perform the administrative takeover of an Office 365 tenant, but those are the top three.

Before you begin the takeover process (described here) –  you’ll first need to decide if you want to keep two separate Office 365 tenants, consolidate the accounts, or chose one versus another one. There are two good reasons for this:

1. Because your domain can only be associated with one Office 365 account.

2. The self-service tenant very likely has a number of faculty and students who may have data saved in OneDrive. Removing the domain name from the self-service tenant would cause data loss of anything stored in OneDrive, and will disrupt the users who were relying upon their cloud identity to register with Office 365. This is because passwords do not migrate over from the self-service tenant to the new tenant, and in many cases you would not want them to anyway, because you may want to use on-premises AD as the source of authority for authentication.   

Need help with this takeover process, or guidance with your next Office 365 Project? We can help you deploy any or all of the 21 features Included in Office 365 for a flat rate per month. To learn more about our Cloud Advisory Service, click here, or contact us at [email protected].

In a previous post (here) I described how to enable Delve Analytics at the tenant level. After that has been enabled, the end-user can then enable it for themselves through a few clicks.

As an end-user first signing into the new Delve Analytics (part of the new Office 365 E5 license) we are first greeted with this welcome screen:

Click on Analytics on the left navigation pane

Click on ‘Go to Feature settings’

Enable Delve Analytics

Note the highlighted message ‘It may take up to a week for all changes to take effect’

Screen shots below. Before you judge me for not working a lot, keep in mind this is just my lab environment. Really !! =)

Need help with your next Office 365 Project? We can help you deploy any or all of the 21 features Included in Office 365 for a flat rate per month.  Contact us at [email protected].

Many customers are asking what is included in the new E5 license that was announced on December 1st, 2015. The E5 license introduced several new products, and since it includes everything that exists in the E3 license, I thought it would be helpful to list all 20 features here:

       1. Office 365 Advanced eDiscovery

       2. Customer Lockbox

       3. Advanced Threat Protection

       4. Delve Analytics

       5. Power BI Pro

       6. Skype for Business Cloud PBX

       7. Skype for Business PSTN Conferencing (UNLIMITED CONFERENCE MINUTES – available now in 45 countries…   Toll-Free is not yet available but when it does become available, it will be an additional per minute charge)

       8. Skype Broadcast Meeting  (Note: requires latest Skype for business client for all presenters) (Note: all attendees require computer audio, as PSTN dial-in is not yet available for SFB Broadcast meeting)

       Note: Skype PSTN Calling is a separate add-on and is not included in the E5. However, remember that PSTN Calling is an ‘additive’ SKU that must be coupled with either E5 or a stand-alone Cloud PBX SKU).

The following 12 features are also included in the E5, as they are inherited from the E3:

       9. The latest desktop version of Office (aka Office 365 Pro Plus)

       10. Skype for Business Online (Plan 2) -> IM&P, Desktop Sharing, Web Conferencing, Peer to Peer Audio/Video Conferencing, (Dial-In PSTN conferencing from 3^rd parties or MSFT can be added onto this E3 for $4/user/month)

       11. Exchange Online (Plan 2) (Unlimited Cloud Storage)

       12. SharePoint Online (Plan 2) (1TB storage per tenant, 500MB per user)

       13. OneDrive for Business (Unlimited Cloud Storage per user)

       14. Office Online

       15. Delve

       16. Sway

       17. Office 365 Planner Preview

    18. Azure Rights Management

19. Data Loss Prevention & Legal Hold

20. Azure Active Directory Basic

21. Voicemail

All of the above is available for just $35/user/month!

Need help with your next Office 365 Project? We can deploy all 21 features listed above for a flat rate per month.  Contact us at [email protected] to learn more.

Microsoft announced today (here) that beginning today, Office 365 Administrators have new controls available to determine which software versions are available for their end users.  This setting will take effect on February 23rd, so you have a few weeks to decide which options you are going to select.

Note: This only applies to new software downloads on a go-forward basis. Previously downloaded copies of Office 365 ProPlus (2013 edition) will still be prompted to upgrade to the 2016 version unless administrative action is taken prior to February 23rd. See my blog post (here) for more details on this auto-upgrade and how to postpone it if you are not quite ready for it.

In the announcement, Microsoft also announced that the naming convention used to describe how frequently security updates get pushed down will be renamed from ‘current branch for business’ to ‘Deferred Channel build.’ (Although as you can see in the screen shot it still uses the ‘Current Branch for Business’ name.

Okay – I missed the “Memo” this time – what can I do to prevent this from happening again in the future?

If you’ve configured your users to get updates from a location on your internal network, then the upgrade to Office 2016 is under your control. What if you missed the memo on how to do this and you want to make sure you stay informed so that things like this don’t happen again? I recommend having someone in your organization stay focused on things like this by creating a position to discovery of upcoming changes, or hire a Cloud Architect to do this for you. If you do not have budget for a new position, or your existing staff is overwhelmed, then you may benefit from Cloud Advisory services from Patriot Consulting (visit our website by clicking here for more information).

Or you can always email us at Hello @ PatriotConsultingTech.com

This is a continuation post from a 2 part series on accessing the new ‘Advanced eDiscovery’  (from an acquisition of a company called ‘Equivio’), now included in the Microsoft Office 365 “E5” SKU. To read part 1, click this link (here).

After waiting approximately 24 hours for my access to the Advanced eDiscovery center to be granted, I was able to access Equivio from the Office 365 Compliance Center.

The compliance center offers three choices for searching content. A fourth location to search content is the eDiscovery search within the Exchange Online admin center. Microsoft is investing heavily into the Compliance Search capability and so customers should be keeping an eye on that over the next 12 months, while recognizing that some of the needed functionality remains in the SharePoint eDiscovery Center and Exchange eDiscovery Center.

1. SharePoint eDiscovery Center

2. Compliance Search

3. Equivio Analytics (aka Advanced eDiscovery)

4. Exchange eDiscovery Search (not directly accessible from the Compliance Center)

5. Protection Center (This is in Beta now, and will eventually replace the Compliance Center).

Compliance Search is useful for quick search results across Exchange, SharePoint, OneDrive and O365 Groups. At the time of this writing, export is limited to single items. Bulk export from Compliance Search is on the roadmap. Until then,  the other three options include bulk export.

Note: The export option in these tools have separate export formats, so depending on your export need, that may determine which search tool you select. For example, the Exchange eDiscovery search will export to .PST, whereas the SharePoint eDiscovery will export to the Electronic Discovery Reference Model standard.

TIP: The first time you use the SharePoint eDiscovery Center, you will need to add a connector to Exchange Online before you can search mailboxes. For guidance on the SharePoint eDiscovery Center see this TechNet Article (here).

TIP: There is no PowerShell option (yet) to export a mailbox to PST. The work-around is to use the Exchange eDiscovery search without keywords so that the entire mailbox is returned in the search results, then select the option to export to PST. So my advice is to use the Exchange eDiscovery search if you only need to search email, otherwise use the SharePoint eDiscovery center if you need to search SharePoint/OneDrive & Email. 

Ok.. so getting back to Equivio Analytics aka Advanced eDiscovery.

First, you need to make sure you are an eDiscovery Administrator. This is a member of the eDiscovery Manager role group but there is a new checkbox that only appears when you add new users to it. If you were previously a member, you now need to remove yourself and re-add yourself back in to see the new checkbox, otherwise you will receive an access denied error message when trying to browse to Equivio Analytics the first time.

Once you have access, you can click on the eDiscovery menu and then ‘Go to Equivio Analytics’

In order to get data into Equivio, you first need to start with a Compliance Search in the Compliance Center and then you can export search results to Equivio. This diagram shows the workflow:

After performing a search I see the option to export the results to Equivio

The first time I tried this, I was prompted for my email address and was notified that I would be emailed when it was ready for me. After waiting 45 minutes, I received an email from [email protected]  “Sorry, but the results for compliance search Compliance Search didn’t export to Equivio.”

That’s it – nothing to work from. So I returned to Equivio and created a blank case.

I then repeated the export and this time it succeeded. However, when I tried to create a second search and have it go to a separate case, it inserted the new search results into the same case in Equivio.

There doesn’t appear to be a way to tell the Compliance Center that you want to insert the new search results into a separate case in Equivio.  I imagine they are working hard to iron out the integration, since this was an acquisition

With the case highlighted the next step is to click on ‘Go to case’ in the bottom right

From there, you follow the bread crumb trail to Prepare > Process > and Analyze the data before moving on to Relevance and Export.

At this point there is no working help menu within the application.

Fortunately, there is guidance for Advanced eDiscovery on TechNet here: https://technet.microsoft.com/en-us/library/mt303716.aspx

Despite the rough edges of getting into this tool,  this tool could save an organization thousands upon thousands of dollars in legal fees during a discovery by reducing the total number of documents that truly need to be considered relevant for a case. I am confident that Microsoft will improve the integration and the user interface in the next year.

Benefits:

• Reduced costs. Reviewers are directed to what’s important – i.e., to documents that contain unique information, and to the unique information within each document. Proven in hundreds of cases, Equivio’s technology consistently reduces review and handling costs by 30 to 50%.
• Less time. In many situations, it’s impossible to review all the documents in the given time window. Equivio enables prioritized review by zooming in on value-added, unique data.
• Less risk. By directing reviewers to the unique documents, and to the unique data in those documents, Equivio reduces the risk of missing critical information.
• Consistent treatment. The Equivio groupings allow reviews to apply tags across a near-duplicate set or email thread to ensure very similar documents are treated consistently. The need for consistency applies throughout the data cycle, from the feed of documents into the retention archive, through the implementation of storage policies, and the treatment of documents in a specific litigation or regulatory event.
• Accessing the data users need. By allowing the virtual suppression of redundant data, Equivio helps users cut directly to the information they need.” Reference

Note: Last week, Microsoft announced (here) that you can now export data out of Equivio and make it available for 3rd party discovery applications. This is helpful if you made a large investment in other tools and you are looking to integrate with a previous investment.

Need help with your next Office 365 Project? Contact us at [email protected]

The default installation for Office 365 Professional Plus (Word, Excel, Outlook, PowerPoint, etc) will begin automatically upgrading this month (after February 23rd, 2016) to the Office 365 ProPlus (2016) version. In this article I list 8 things that you should carefully check before Office 2016 automatic upgrades begin this month.

Wait… What???

Microsoft began advising customers of the Office 2016 release date last September (here) so the availability should not be a surprise to most people who stay informed. But what’s truly new and different about this upgrade is that it is the first time in Office history where if no action is taken, that users will be prompted to upgrade to the next version. This can be an advantage to organizations that want to keep recent security updates deployed, but have overwhelmed or understaffed IT departments who are struggling just to keep the lights on.

Also, for organizations that allow their users to download Office 365 ProPlus from the software downloads section of the Office 365 portal, they should be informed that beginning February 9th, the version that gets installed from the portal will change from 2013 to 2016. [Update 2/9/2016: The announcement today is good news for customers, as they can now select which version will be the default download option)

For larger organizations, Microsoft provided the Office Deployment Toolkit or the Update Path Group Policy setting so that upgrades could be streamed from local file shares rather than the Internet. So I would expect that savvy organizations took advantage of this method and will be less impacted by these upgrades. However, even those larger organizations still have their work cut out for them as they also need to test for compatibility between applications and Office 2016 and to verify systems meet the minimum system requirements.

8 Things you should check for now

For organizations that have not yet validated compatibility with Office 2016 (for example the new minimum requirements are now 2GB Ram and a 1280×800 minimum screen resolution, and Office 2016 does not support Exchange 2007), then there may be only one choice: delay  the auto-upgrade to buy yourself some time (see that section below). However, it would not be wise to postpone the upgrade indefinitely, because Office 365 ProPlus (2013) will stop receiving updates in February of 2017. In other words, this is not a one-time issue; organizations that have embraced the cloud need to align their policies and procedures so that this doesn’t keep happening to them every year.

Here is a list of things to include in your planning for Office 2016

1. Do you have Exchange 2007? You will need to take action now to disable the auto-upgrade, otherwise your Outlook users will be unable to connect to your Exchange 2007 server.
2. Do your users use InfoPath? This will automatically be removed. See that section below for details.
3. Do you have the Office 365 ProPlus versions of Visio or Project installed? They will be automatically removed. See that section below for details.
4. Do you use language packs? See that section below for details.
5. Do you rely upon the side-by-side installation method of Office? See that section below for details.
6. Do you rely upon Volume Licensed editions of Visio or Project? See that section below for details.
7. Did you not change the default update path to point to a local file share, or did you stick with the default of streaming updates from the Internet? If you have more than 50 users, you may need to take action now to prevent your Internet circuit from being saturated when about 1GB of updates (per user) are streamed beginning this month.
8. Do you have any workstations with less than 2GB of Ram, or a screen resolution less than 1280×800?

Language Pack change for global organizations

There is a change to the way additional languages are deployed in the Office 2016 version of Office 365 ProPlus. Previously, in Office, you could deploy an MSI-based language pack after you installed Office 365 ProPlus, even though those language packs weren’t specifically designed to be used with Office 365 ProPlus. In Office 2016, using those language packs is no longer supported. Instead, with Office 2016, you install language accessory packs after you’ve deployed Office 365 ProPlus in one of its 40 base languages. These can be downloaded by the end-user from the Software page of the O365 Portal, or IT can distribute them with the Office Deployment Tool.

Side-by-Side is no longer supported

Previously, Office 365 ProPlus (2013) could be installed side-by-side with Office 2010. Beginning with this version of office, this has changed (or rather, it now goes back to how it was before, where this wasn’t possible between Office 2010 and 2007). You can’t have the Office 2013 and the Office 2016 version of Office 365 ProPlus installed on the same computer. Also, you can’t have a volume licensed version of Office 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Conflicts with Volume Licensed versions of Office

You can’t have a volume licensed version of Visio 2016 or Project 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Automatic Removal of Visio Pro and Project Pro

If there is a 2013 version of Visio Pro for Office 365 or Project Pro for Office 365 installed on the computer when you upgrade Office 365 ProPlus to the Office 2016 version, those versions of Visio and Project are removed from the computer. You won’t be able to reinstall them after the Office 365 ProPlus installation finishes. However, you can install the 2016 versions of Visio Pro for Office 365 and Project Pro for Office 365 on the same computer with the Office 2016 version of Office 365 ProPlus.

However, if you have a volume licensed version of Visio 2013 or Project 2013 installed on the computer, it won’t be removed from the computer during the upgrade of Office 365 ProPlus. You can continue to use the volume licensed version of Visio 2013 or Project 2013 on the computer with the Office 2016 version of Office 365 ProPlus.

Reference: https://technet.microsoft.com/en-us/library/mt422981.aspx

InfoPath is now removed automatically

InfoPath 2013 remains the current version and therefore won’t be included in the Office 2016 version of Office 365 ProPlus. When you upgrade an existing installation of Office 365 ProPlus to the Office 2016 version, InfoPath is removed from the computer. If your users still need to use InfoPath, the previous version will be available for installation on the Software page in the Office 365 portal.

What happens if I don’t take any action?

If you don’t take any action, then users will begin receiving prompts on or after 2/23/2016 to upgrade Office 2013 to Office 2016. This will cause approximately 1 Gigabyte of information to be streamed to each computer. For organizations with small internet bandwidth, just a handful of users could saturate an internet link, leaving little left over for critical business applications that may rely on external Software as a Service offerings (or make web browsing grind to a halt).

Another issue that can happen is that plug-ins that work with older versions of Office may not work with 2016. I’m not aware of specific examples, but this is just based on previous Office upgrades. The prudent thing to do is to develop a test plan to validate compatibility with Office plug-ins. To be fair, about 12 months ago, Microsoft committed (here) to not make any changes to the extensibility model for macros or add-ins, so most things that were compatible with 2013 should also work fine with 2016 (be sure to test it for yourself).

If you do not take any action, then Office 2016 will continue to receive monthly security updates. However, for organizations that want less change, Microsoft introduced a new software update model in Office 2016 that allows Office to only update itself once per quarter (called ‘Current Branch for Business) [Update 2/9/2016: This has been renamed to ‘Deferred Channel build’]. Whereas the default option will remain the same as Office 2013, dubbed just ‘Current Branch.’  Microsoft has also provided a way for beta testers to get in front of change to evaluate the security updates, this is called ‘First Release for Current Branch for Business’. [Update 2/9/2016: This has been renamed to  “First Release for Current Channel” and “First Release for Deferred Channel,” respectively. ]

If you do this, those users can install ‘First Release for Deferred Channel’ First Release for Current Branch for Business directly from the Software page in the Office 365 portal. Organizations can mix and match these branches for different sets of users within their organization. IT can control this with the Group Policy templates for Office 2016.

Change is Good!

There are several enhancements in Office 2016 that you will want. So I caution organizations to immediately rush to disable this upgrade. Carefully weigh the pros and cons and realize that when you adopt a cloud service, such as Office 365 Professional Plus, you are benefiting from innovation and enhancements. There is a great change management guide from Microsoft available (here). There are too many goodies in Office 2016 to list but some of the ones I already benefit from include:

-Real-time co-authoring within Microsoft Word (previously to do co-authoring, you had to keep clicking the save button to merge changes when others were working in the document at the same time).

-Office 365 Groups integration with Outlook 2016. Groups enable a team to have a shared calendar, inbox, cloud storage, OneNote, Planner, PowerBI, and more.

– Smart Links in Outlook. This allows any attachments I send to everyone on the TO: line to receive a hyperlink to the file in OneDrive for Business rather than attaching the file itself (if the file is synced locally to a folder from OneDrive). This solves a huge problem for recipient email systems that may not be able to handle large attachments. Now they can just click on a link to get the file. Brilliant.

– Background Intelligent Transfer Service (BITS) – Allows the security updates we talked about earlier to be throttled so that it doesn’t have a major impact on the Internet circuit. This is not turned on by default, so IT Admins will need to plan to take advantage of this.

– Data Loss Prevention. While this is not new for scanning email that is sent, what is new is that this can now happen in real-time while working within Office 2016 applications such as Word and Excel. In this world, we need all the help we can get when it comes to keeping information secure!

– Multi-factor authentication support. This prevents having to have a separate ‘application password’ for Office Applications when using MFA technology designed to work with this new modern MFA solution.

– Of course, the Office for Mac 2016 was released and is a huge improvement from the previous version.

There are lots more improvements to Office 2016.  And “GigJam” is coming at some point this year too.

https://blogs.office.com/2015/09/22/thenewoffice/

https://blogs.office.com/2015/09/10/admins-get-ready-for-office-2016-rollout-begins-september-22/

How to delay the upgrade

If you don’t want these users to be upgraded automatically, you have a few options. The original method was to configure ProPlus to get updates from a location on your internal network. You can configure this either by using the Office Deployment Tool or by using Group Policy and the Update Path policy setting. For offices with multiple branch offices and small WAN links, you can point the update path to a distributed DFS share so that WAN links are not saturated.

Another method is to set the ‘Enable Automatic Upgrade’ Group policy setting to Disabled. (click here for more info). This works for your domain-joined machines.

The last method I am aware of is to push out this registry update:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\15.0\common\officeupdate
Add the following value under the office update subkey:
“enableautomaticupgrade”=dword:00000000

Additionally, if you allow software downloads from the Office 365 portal, you may want to disable that temporarily until you have had the opportunity to make sure your organization is ready for the change. Just make sure you complete your evaluation before February 2017, as that is when the 2013 version of Office will stop receiving security updates.

Okay – I missed the “Memo” this time – what can I do to prevent this from happening again in the future?

If you’ve configured your users to get updates from a location on your internal network, then the upgrade to Office 2016 is under your control. What if you missed the memo on how to do this and you want to make sure you stay informed so that things like this don’t happen again? I recommend having someone in your organization stay focused on things like this by creating a position to discovery of upcoming changes, or hire a Cloud Architect to do this for you. If you do not have budget for a new position, or your existing staff is overwhelmed, then you may benefit from Cloud Advisory services from Patriot Consulting (visit our website by clicking here for more information).

Or you can always email us at Hello @ PatriotConsultingTech.com