Microsoft just recently sent me one of their spammy messages that I usually overlook.
Instead, this time, it was a bringer of good tidings. Finally, Microsoft will force-feed you or your users with documentation, tips and tricks on how to use your Office 365 products and get the most out of it. There has been a built-in training centre for admins as well as regular users in the portal.microsoftonline.com landing page for a while now, but – speaking out of personal experience – not a lot of end-users visit this page.
Kindly read the message below, that contains the interesting part of the original mail :
The mail :
We’re pleased to announce that starting on November 29, 2018, all users of Microsoft 365 and Office 365 will receive helpful product training and tips for services in their subscriptions via email. This feature has administrative controls to enable and disable.
[How does this affect me?]
After this change takes place, email communications will be enabled-by-default for your organization’s users, allowing us to provide product training and tips aimed at helping them increase their productivity and to maximize their utilization of the products and services they use most. End users will only receive emails regarding services that they have been enabled for, and you can control whether or not your users receive these communications in the End User Communication tab in your Office 365 admin center. Your users also have the ability to opt-out of receiving these emails on an individual basis by accessing the Security and Privacy pane of their My Account Portal.
This feature will be on-by-default for all Office 365 and Microsoft 365 organizations on November 29, 2018.
If you wish to disable this service for your users, you can do so between now and November 29, 2018 and your settings will be honored.
[What do I need to do to prepare for this change?]
If you prefer your users receive product training and tips that are all tailored to the services in their subscription, then there’s nothing you need to do to prepare for this change.
If you do not want us to send product training and tips to your end users, please follow these steps to disable:
Should you eventually still be interested in Sharepoint Online after reading all the horror-stories and getting yourself mentally up to the task of making this key decision, prepare yourself for a lot more decisions 😉
If you’re a Belgian SME, you can probably skip most of this thought process. If you’re a somewhat larger company or an SME according to American standards, you’re in for a treat if you love planning things.
Consider the following tasks, depending on the size of you IT implementor and the size of the Sharepoint customer :
Plan hub sites
In short, hubs connect your libraries and sites into one easy-to read-and-manage central entity with its own look and feel.
The example picture (for a larger company) shows a specific hub (in green) for the HR department, where all department libraries are centralized.
The general idea behind this is to create a seperate hub for (e.g.) Finance, Marketing, Sales, …It’s common practice for smaller companies to put everything in one hub (with maybe the IT documentation in a separate one)
Managing your Search and Discovery result sets.
You can take feature this as far as you want. Managing search results in a Sharepoint environment and administring keywords can either be something you completely let live a life of its own OR you can fully manage your keywords, result templates OR anything in between.
Actually creating the site and developing graphical layout, customizing content.
Will you be sharing your documents externally to users not in your organization ?
Mentioned before in the previous post : plan the physical content of the Sharepoint site.
What will you be showing your users ? Will your SP environment become a complete file archive of all your documents or will you just be using the platform’s collaboration function on a project-basis ?
As mentioned before, small enterprises are likely to use 1/10th of Sharepoint and might require a very limited amount of planning, to the point where it even comes down to replicating the original folder structure of a to-be-decomissioned on-premise server.
Sounds like a mouth-full, but practically speaking this is nothing more than a copy-paste action (albeit a tad more technical in the background)
On a note of keeping things simple and understandable, I’ll provide examples for an imaginary small company that starts using Sharepoint for the first time, so we can skip the whole larger planning phase and go straight to using Sharepoint Online (SPO).
Being the Belgian SME that they are, Shortstraw LLC has data hanging all over the place, spread among various computers, USB disks, cell phones and tablets.
They started out without a centralized server and are now ready to move to Sharepoint as a data storage platform. (or at least, that’s what they told you *dramatic music*)
Questions, questions, questions …
You, as IT partner for Shortstraw, can now start a limited amount of planning and meet up with CEO and CFO Oliver and Annie.
There’s a certain amount of practical questions you will need answers to, before even starting your move to SPO.
Total amount of data in GB/TB ? This M$ page will tell you more about these limits.
Do they want all data synchronized on their computer(s) as local files ?
Will they be sharing files through SPO (especially to external sources) ?
What files will you split up into a personal Onedrive for Business account and a Sharepoint library?
How fast is the internet on-premise ?
Free disk space and operating system on the machine(s) that holds the data. In case you’re wondering : Windows 10’s native Onedrive has support since halfway 2018 for so-called ‘streaming files’, which downloads your files on-the-go when you open it from Onedrive. Windows 8/7/… all need an actual physical copy on the disk when synchronising.
Setting it up. Getting started. Doing your thing.
The right tools for the job.
When starting a migration to Sharepoint Online, a couple of tools come to mind. There are a few nifty pieces of software that can do the job quite well.
I’ll be discussing the last three, as they are free of charge (not counting the actual license cost of your O365 subscription obviously) and have little to no learning curve.
For the ease of this example, I’ll just assume we have some structurally placed files and folders on an on-premise file server/NAS/other easily accessible location for a Windows computer.
More prep !
Nothing ever comes easy (except for your mom – obligatory mom joke, couldn’t resist). More prep work is required before we can move our files to SPO.
A small theoretical explanation (practical examples will follow, don’t worry) :
First of all we’re going to want to create the location(s) where we want to store the files online. This is usually done by creating one or more document libraries. Simplified, you could compare them to shared folders on a file server.
Best practices tell us to set your initial user rights (more on this later) on a library basis, if necessary.
In a more extreme manner, you could even create Sharepoint subsites or Site Collections.
Secondly, you’re going to need to create security groups to apply to your libraries, where we’ll be removing the default security settings, in order to set specific rights to specific libraries.
This can either be done in Azure AD or straight from Sharepoint.
My n°1 suggestion is to keep the admin user as an owner of your libraries – or at least as power user – as we’ll be needing a specific user account for the automated migration process anyway.
If you’re into manual labor, you can have your users perform their own migration, but this is ill-advised.
My three free tools
Before you start to panic, I promise I’ll get more into detail about every method mentioned. The examples below will just give you a sneak peek on the easy of use.
Sharepoint out-of-the-box upload/drag-and-drop
You either choose ‘Upload’ in the menu above your library or just drag and drop your file to where the library is located on-screen.
Same approach, different method.
You select the ‘synchronize’ button above the library, whereas you’ll get a verification from OneDrive to see if you really want to start a synchronization between your computer and this specific library.
Sychronizing will require a significant amount of disk space if you’re not working on Windows 10 (W10 uses the aforementioned file streaming method)
Microsoft Sharepoint Migration Tool
This tool automates the uploading (and pre-analysis) for your data towards the Microsoft Cloud.
Preferably, use the migration tool, when all your local data is stored somewhat centralized. This tool is best run from the (Windows) server itself where the data is held, for speed reasons, among others.
Microsoft SPMT has a very easy and intuitive look and feel, but will require you to create the libraries before starting the migration process.
Also make sure you have sufficient disk space, as this tool creates a temp folder as large as the entirety of the data to be transferred. (temp folder can be selected in the migration options)
That’s all folks.
Prepare for a hands-on moment in the next Sharepoint post !
Microsoft simply puts it down as an “Online Collaboration Platform”, which is actually one of the most simple ways of explaining the whole thing.
Sharepoint can be used as a sort of online organized file dump, but that would be something like using only the glove compartment of a Ferrari.
It’s often compared to a mixture of “Google Drive”, “Huddle” and a WYSIWYG website editor like WordPress, where you can manage all of your corporate content (to a certain limit), create intranet webpages, automate business processes through workflows, build custom apps etc.
I’ll mainly be talking about Sharepoint Online (SPO) , from hereon. Know that there exists an on-premise version as well, that had its root somewhere between the year 2003 and 2007, but still exists on current-gen Windows servers.
Is Sharepoint the right product for you ?
As with all products, it’s best to perform a study on why you would need it and if it’s the best solution for you, before you actually buy it. There’s a very big change SPO might not be exactly what you need and there’s that other chance, you’ve struck gold and it fits your needs perfectly.
A 30 day demo can be obtained through various means, of which the classic Microsoft demo environment is the most popular one : https://products.office.com/nl-be/try
If in doubt –> always demo it first.
Consider the following questions before usage :
Do your employees work remotely?
Do your employees often move from one client location or meeting to another?
Do your employees need access to various devices so they can do their jobs?
How are your employees currently accessing the content that they need?
Do you have customer-facing requirements, like a place to share information, an online catalogue, an online Request for Information form, or an online Request for Quote form that your customers need to fill out?
Do you share documents with your customers often?
Are you using USBs to transport and work on presentations, requests for information, or marketing collateral?
Does your staff ever complain that they wish there was an easier way to access your content?
You might have guessed, from the commercial way these questions have been formed (thank you, proserveit.com) , that Sharepoint will be a fitting answer for all of them.
I’ll also gladly push away some common misconceptions surrounding Sharepoint and its use, since potential users will start Googling and will eventually find articles that scare them away from this online platform.
Sharepoint is just a place to store your files
It’s a friggin’ collaboration platform. You’ll be able to work on project-based or group-based items, follow up your colleagues, create automated tasks, …
The IT department will be in charge of setting up our environment and maintaining it
Maybe the IT department will need to explain the very concept of Sharepoint and set up the initial workspace environment a bit, but you as a user will be very able to create your own project pages, invite colleagues, change the look and feel of your SP workplace and much more.
You can’t customize Sharepoint. It will look like any other SP environment
Sharepoint (Online as well as the on-premise version) has a relatively easy way of customizing every page and/or creating templates based on your company colors or personal preferences. Not only the page theme, but also the way your libraries are shown and much more can be fully customized.
SP is not user-friendly
C’mon, really ? You’ve worked with Microsoft products before, right?
Can you really say Microsoft’s end-user products are not user-friendly ? And be honest !
If you can actually find a software package by M$ that you find to be user-unfriendly, try to find an alternative and tell yourself again how great that alternative works out for you, will you ?
As with all new software, you might have to learn the basics, but even creating a new Sharepoint project or page just feels like typing a Word document or creating a flyer in Publisher.
I’m pumped! Let’s do this!
Before you get all over-hyped, there’s a few things to take into consideration before moving your data to the cloud and de-comissioning your old server(s).
Doing so, will avert potential headache afterwards, for either the IT implementor as for the users that will actually be … using … Sharepoint.
The baseline here is : “Don’t do a full copy-paste”
Just in case, we might need this document…
Take a breather and think about how much data you’d like to move over to SPO.
Do you really want to bring over all those old archived files, that you will never ever be looking into?
There’s no real harm in actually copying them over to SPO, but wouldn’t you rather work in a clean and clutter-free environment than be surrounded by piles of old paperwork ?
New document (1)(1)(2)-final_by_john.docx
For the love of God/Allah/Vishnu/The Flying Spaghetti Monster/…
Having a document like this is bad enough practice as it is, but don’t bring this over to your new Sharepoint environment.
Judging by this filename, there have been tons of new versions of this document created over time, while keeping the original ones around for … I don’t know … archiving ?
Sharepoint has built-in versioning, that can be customized to your heart’s content : approval options, type of numbering, amount of copies to keep, …
You’ll only end up using more storage than you actually need as well as creating a chaotic and unstructured work environment.
Next to all that, the above filename situation might be created by multiple users trying to access the same file and saving it as their own version.
Again in Sharepoint, you can actually co-author a document or even set a certain lock notification on the document for obligatory check-out of the document before editing it.
No more excuses 😉
Don’t think “Files and Folders” anymore
If you know how a database structure works, you’ll have better insight in why and how you shouldn’t be using the classic files and folders layout anymore, because Sharepoint, when you simplify it, is just one giant database.
Don’t feel bad if you don’t know what the internal workings of a database server are. I’ll gladly explain the Sharepoint way of thinking, so that you get the most out of your new structural storage.
First of all, keep in mind that Sharepoint is a collaboration platform. The essential part here is that one word : “collaboration“.
Obviously there’s still a need for rights and structural placement of folders, but the main idea is the working-together part.
You can create cross-functional groups, completely separate from your existing classic company structure where you now have a CEO > Management Group > Employees rights piramid.
Consider the people who own the file content, as opposed to the ones that get to “use” it and base yourself on “projects” instead of folders. Create Sharepoint pages per project, for instance.
Try to add as much logical keywords to your documents instead of categorizing in one single folder. Remember those many times you thought about that one file that was good for folder A , folder B and even folder C, and you had to make the decision of putting it at least somewhere?
Well, Sharepoint uses sort of a labeling system called Enterprise Keywords, where the actual location of your file matters less than the correct label(s) you attach to it.
Just make sure that the users who need this file, have access to the file, folder or library it’s in and you’re good to go. The Sharepoint search function will do all the work for you.
Not even to mention the awesomess of the program called “Delve“, that digs deeper in projects, files, statistics etc.
Planning your libraries
In Sharepoint everything is divided into lists and libraries. Remember my database reference above ? Well, a list or library is nothing more than a database table.
As with all database systems, there’s a certain limit to what you can do. In this case, the often discussed 5000-items limit in a Sharepoint library is to be taken with a grain of salt.
You might have heard from the above mentioned item limit.
The number of items in a Sharepoint library should not exceed 5000 according to Microsoft advice. So, what happens if you get you 5001st item in a library ? Does the internet explode ?
Let me elaborate on this.
First off, the Sharepoint definition of an item is either a folder or a file, meaning that if you have 200 subfolders that contain 1 file in total, you have 201 items.
This whole limit thing has to do with the indexing speed for the software that runs in the background.
In order to quickly find your data, your server environment needs to read and analyze your data first, after which this analyzer-process writes something like a table of contents.
This table of contents is then used for search actions, because a ToC reads faster than actually having to scan your documents on-the-fly.
Microsoft has set a pretty round number on this, so it is easily remembered.
Should you go over the limit of 5000, the automatic indexing process simply becomes not-so-automatic and will take around 24 hours, depending on the process timing by Microsoft, which is something you yourself cannot change.
There’s actually another limit : 20000 items. Here, the indexing starts to go wrong and may start reporting faulty results or missing files.
What I’m saying is : “DON’T PANIC ; don’t limit yourself to the 5000 items barrier if indexing within 24 hours is good enough”
Hopefully, I didn’t scare you too much here on the whole Sharepoint thing.
If you’re still planning to move your data to Microsoft’s cloud environment, keep reading on the entire process of migrating and what tools to use best in a next post.
Imagine coming from an obscure mail system in which you got a couple of public folders, such as a Public Address Book (not to be confused with the GAL – Global Address List) or some public Agenda.
Basically, this could also be a non-obscure system, as even the most generic or widely-used mail systems provide this functionality.
Having heard so much about Office 365, you decide to take the leap towards the cloud and start migrating all you mailboxes, only to find no default out-of-the-box public folder.
Fear not, as the functionality is still there. Even though it was rumored Microsoft was going to stop support for public folders in an Exchange environment. User pressure caused M$ to re-evaluate their choice, thus public folders are here to stay (at least for 3 years minimum). This also applies to Exchange Server 2016, by the way.
Open the Admin > Exchange menu in your O365 admin page
Once inside the Exchange Control Panel, select ‘Public Folders’ in the leftmost menu or on the dashboard.
A new menu will appear, where you are to select “Public Folder Mailbox” in the topmenu.
For some reason yet unknown to me, you have to create a public folder mailbox first before you can actually create a public folder.
One would expect this to have all of this process automated…
Oh well, best go with the flow.
Click the little “Plus” icon and fill out the necessary info.
Once this is done, you get to create the actual shared folder in that same top menu, by selecting *insert drum roll* “Public Folders”.
Click the little “Plus” icon in order to start creating your first Public Folder and name it as such.
Click save and *BOOM* your folder has been created.
Now you should be assigning user rights to this folder, as you’re not going to be admin’in this folder yourself as global admin for this O365 tenant.
Ideally leave the administration of public folders for contacts, agenda’s etc. to the end-customer as this is a specific task for a specific kind of manager.
If you’re reading this as the IT guy/girl for a small company, you’re probably screwed and get to do this task yourself.
Click the newly created folder once so that the focus is on its name and next click on “Manage” in the right column.
You can choose who you want to allow specific rights to this folder, by clicking the necessary rights ticks or selecting prefab permission levels in the dropdown menu.
Press “Save” when done.
Actually creating contacts
Start by opening Outlook as a user that has owner rights (or sufficient rights to create folders) to your public folder and go to “Folder View” (that’s the three little dots in the bottom of your left column, in case you don’t have a 4K screen)
Next, open the new public folder by expanding “All public folders” until you’ve reached your root folder (which should just be one click, normally)
Right click the root folder and select “New folder”, after which you give it an appropriate name and select “This folder contains Contact Items”
As you see, other options are available, such as a public agenda etc.
We’ve already set the rights for admin, but as an owner, you can easily set other user’s rights afterwards through Outlook, instead of having to run over to your Exchange Control Panel as the global admin user.
In any case, you can right click your newly created folder, that will now have a Contact icon and select “Properties”
…where you can tick the option “Show this folder as an e-mail address book”, so that Outlook (and you mobile as well as webmail) will be able to display this list for you to search through.
Confirm with OK.
Clicking the “To” button in your Outlook, will now let you select your newly created address book.
Everybody happy !
Now either import your PST file from the previous public contact list or start typing.
Good luck !
Many thanks to Peter from Kalmstrom.com for providing the necessary ‘missing links’ in my to-do list. I also shamelessly took the imagery from his website, as my own O365 30-day demo was expired ;). In my defense, it looks like the Pakistani Rimza.com domain in the example is possibly not Peter’s domain either :p
You didn’t think I was going to let you start a migration process without making you read the detailed “how and why”, did you ?
There’s a couple of migration types to keep in mind, where one is easier than the other.
Usually the more difficult one is also the most interesting one, but even this is dependant on specific needs.
Remote move migration
The last one (PST) is in most cases forgotten as an official way, since it’s possibly way too simple in Microsoft’s eyes.
As the target audience for this specific blog post is the average Belgian SME with an average of 5 to 20 employees, I’ll stick to the basics in this post.
An other post will cover the heavier subjects in a nearby future (aka ‘when I feel like it’)
PST Migration (1)
Microsoft has this pretty cool tool to either upload PST files to a temporary Azure storage or to actually send them a physical copy by mail (yes, snailmail)
It’s a bit out of the scope of our average situation here, but know that such a method exists.
It will require the use of the program AZCopy, which is well explained in the link above.
Check it out if you want to look like a cool IT guy in the eyes of your customer 😉
(although Powershell is still the way to go if you really want to impress your customer)
PST Migration (2)
Being a ton easier and providing more oversight than the PST Migration above, the ‘basic’ PST migration will have the average end-user require/demand your presence more often.
Although remote tools like Teamviewer/LogMeIn/… have made the life of the IT’er a lot easier, there’s got to be a bit of physical contact every now and then. This type of migration will give you the opportunity to sit down and explain Office 365 to your users while the data is slowly uploading through MS Outlook.
Grab some coffee and get your hands dirty as this type of migration will get you closest to the actual customer’s computer than any other.
Try to avoid using this migration type, when the customer has an IMAP mail account you need to move to your O365 tenant, as often IMAP saves the mail headers, but not the mail an sich, resulting in a very empty mailbox in the end.
Now, how does this process work ?
Pretty easy :
First of all, get your mail users to stop using their mail for a while.
Preferably redirect the mailflow, by use of the MX record we talked about in this post, already 24 hours before starting your PST import, to make sure no trailing mail gets left behind on a mail server you won’t be able to access anymore after migrating.
If you’re really sure that the mail is good to go, the easiest way would be to locate the current location of the PST files. https://www.msoutlook.info/question/827 explains this quite well.
Keep in mind that the PST files aren’t always in their default location. Some customer prefer to save their PST files on a network location or redirected folder.
If you happen to be the IT guy that implemented this specific setup, shame on you. PST files will get corrupted by just looking at them. Placing them in a network drive, will only make things worse.
The ‘new account‘ wizard starts, where you can simply enter your new mail address (given you’re not migrating from a local Exchange server on your own domain – more on this later)
Outlook will start and an empty mailbox or even a partly filled one will appear. Depending on whether you changed the MX record already or left it unchanged.
Eventually, change the default profile to your new O365 one.
Repeat x times where x is the number of computers where Outlook is running the old mailbox.
The difficulty level could vary depending on the version of the IMAP server, but the thought train runs on that same track. (did I just invent a new proverb ?)
First of all, let’s take a look at this schema below, which explains the process of migration quite neatly and in an understandable manner.
If you’ve followed our current steps in the previous posts, we’ve already established the steps up to the creation of the mailboxes, which starts us at step 5. isn’t that tidy ?
You need to create a specific CSV file, that we’re going to use in our migration batch.
Usually it will suffice to base yourself on this template, but there are exceptions for Exchange, Dovecot, Mirapoint and couple of weirder ones.
The general idea behind this CSV file is to provide the mailbox address TO which you need to copy the content of the IMAP folder, together with the username and password of the ORIGINAL IMAP mailbox, where the mail is currently residing.
You can start the migration in the O365 Exchange Control Panel, by going to ‘Recipients’ and then clicking ‘Migration’ in the topmenu.
Click the little ‘+‘ and select ‘Migrate to Exchange Online’
Select ‘IMAP migration’
Upload your CSV file and allow unknown columns
Enter the IMAP server data and means of authentication of your old provider
Pressing ‘Next’ will start the initial setup.
The migration top menu will provide you with more information on how your migration is going. You can click the migration batch and review potential errors or view the overall progress.
A picture’s worth a thousand words, so I’m guessing a Youtube video will be worth at least “De Leeuw van Vlaenderen” :
Oh no! I lost my contacts.
First of all, wear glasses.
Second, they’re not your contacts. They’re your autocomplete list in the to-field
Third, you might have used the global address list instead of your own contact list.
Still found no contacts ? Have you imported from a different folder language of Outlook ? Check ‘all folders‘ and see if you’ve got an other ‘Contacts’ folder somewhere (check for specific Contacts icons)
Also, an IMAP migration does not cover contacts (or calendar or tasks for that matter, import them using the PST method, while excluding mail)
I can’t send an internal mail after the O365 migration.
Actually, you can, but you’re still using the wrong address in the background.
Your to-field might say ‘firstname.lastname@example.org’, but in the background it’s saved this entry as a unique ID (especially when migrating from your own local mail server).
The solution : delete this user from your address book/autocomplete list and type the address manually.
I didn’t have Outlook before migrating. How can I create this new profile you speak of ?
2 do : tools for migrating from other crappy software
My PST file will not import (/partly).
Most common reason is a corrupt PST file. Fix it using the scanPST tool.
Corruption can happen if you save your PST file on a network drive or if a specific mail is being a d*ck. ScanPST will solve this.
An often overlooked reason could also be not having enough space in your new O365 mailbox. In this case you might have to upgrade the O365 subscription for this specific user with extra space or clean up the mailbox before doing the export to a PST file.
Very big mails don’t get IMAP-migrated.
This is normal. IMAP migration supports email size up to 35MB/mail
I had a sh*tload of mails in my old IMAP folder and now some of them are missing.
If you had over 500.000 mails in your old IMAP box, this is bound to happen as number of maximum items you can migrate in one batch is limited to 500.000
Migrating from Google to O365 is constantly failing. What am I doing wrong ?
You haven’t google’d enough.
No, seriously, there’ s a security setting you must turn on in your Google Security Settings :
In our previous post, we’ve set up everything so we’d be able to start creating the users and their respective mailboxes.
If at this point you’ve already changed the mail server name in the domain’s MX record to that of the Office 365 one, remember that actual mail might already be arriving (or bouncing) in the O365 environment, so be cautious of this, when migrating a live situation.
A small recap below in case you forgot our intended setup :
If you’ve been paying attention in the previous posts, you’ll know we will be needing to create three users here :
All other mail related stuff will be handled with mail groups or shared boxes.
Remember : the Microsoft licensing system in O365 is user-based, not computer-based.
Let’s start off with creating these three accounts.
Open the Office 365 admin portal and open the “Users” menu, and then select “Active Users”.
Next, Click the “+ Add a user” button and a small form appears.
You’ll notice a couple of things in the user creation form (except from the obvious things of course) :
The domain field shows your recently added domain as well as the onmicrosoft.com tenant name.
This means that you’re not obliged to actually use a domain name in an O365 environment. When going for mailboxes, it’d be stupid/silly/… not to do so.
Password generation : either let Microsoft generate a password for you that complies with the O365 password policies or type one for yourself.
You can also allow the user to be able to change their password on first logon.
Make your choice depending on the end-customer’s needs.
After confirming the user creation, you’ll also be given the option to send the credentials to an email address of your choice.
Roles : by default, new users will be given the “User” role, which allows for basic usage of the O365 environment. Other roles can be “Global administrator” or a custom mix of rights.
For more info on the different types of admin rights, see this Microsoft page.
If you’re ever to go and do a Microsoft exam on O365, these roles will pop up more than once in the questions list.
The Roles parts also allows you to fill in an alternative email address, instead of the user having to do this. Purely intended for password retrieval purposes.
Product licenses : in the O365 demo you’ll be given 25 Enterprise E3 licenses.
Depending on your user’s needs, provide the correct licenses by clicking the slider next to the license name.
Creating an user without a product license, which is also an option, is ill-advised and used in only a few specific situations.
Click the “Add” button and you’ll be greeted with the send-password screen asking you if you need to send the password in case you forget to write it down.
Repeat for all the necessary users.
In this case Annie and John will be created in the same way.
Remember to remove the admin’s E3 license for good measure. (but keep him admin !!)
In this demo environment, it doesn’t really matter, but you don’t want your customer to be paying for an unused license.
Just a tiny heads-up : if you don’t want your users to be calling you every 90 days, you might want to perform the small task of changing the Password policy.
Go to Settings > Security and Privacy and change password policy to “Never expire” and “Never notify” by clicking the “Edit” button.
The spice must flow. So must the mail
Well, that didn’t seem so difficult, right ?
Office 365 has automatically created a mailbox already for your users, in the background.
The system knid of predicted that you’d be wanting a mailbox for your E3-licensed users, as otherwise it wouldn’t be logic that you’d provided them with such a license. Of course there’s still some things that need to be done, so let’s have a look there.
There are two ways to edit mailbox properties.
The easiest, but with the least fancy options is through the same “User” menu we used to create the users themselves.
The second option is through the Exchange Admin Center.
Let’s start with “easy mode” :
Click the user in the Active Users menu and his properties will appear in an overview.
One of the options visible will be “Mail Settings”, where you can set up a couple of things :
Mailbox permissions : literally what it says. Allow others to have specific access to this mailbox. We’ll get into more detail when we reach a shared mailbox.
Email forwarding : allows you to *drumrolls* forward your user’s mail to another mailbox, with the option of leaving the original mails in your O365 box.
External mailboxes (unrelated to your O365 tenant) are also possible recipients.
Litigation Hold : allows for items in the mailbox to be retained even if the user deletes them.
Pay attention that this can increase the size of your mailbox significantly.
More info on litigation can be found on this Technet article.
Automatic replies : I don’t believe this needs much explaining.
Can also be done through the user’s personal settings in either Outlook or throught https://outlook.office365.com and preferably so. If you need to manage all your customers’ mailboxes and set their Out of Office message yourself, you’d best be charging by the hour.
Email apps will provide you the option of disabling certani ways of connecting to the O365 mail system. I can imaging you might want to disable POP ad IMAP for instance. It depends on the specific needs, however.
Show in global address list sets visibility of this mailbox in the address list when browsing through your company contacts. Usually you’d want this setting to remain untouched. Only in certain cases (for instance a logging or journaling mailbox) will this be a good choice.
Converto to a shared mailbox basically unlinks the mailbox from a user license and changes it to an mailbox which is only visible through an other O365 account within your tenant.
Edit Exchange properties opens the “hard mode” Exchange Admin Center screen, which we’ll discuss in more detail next.
The Exchange Admin Center is actually the way to go when you want to configure your mail environment in more detail.
It’s also a lot more fun to fiddle around in and it will give you a more general idea on all the mailbox features.
For all on-premise Exchange server admins with experience in 2013 server or higher : you’re in for a treat as this is an almost-perfect copy of the “Exchange Control Panel” with just a tiny difference in some functionality. You can probably skip most of this part.
Even the URL is similar : https://outlook.office365.com/ecp/
Don’t be startled by the amount of clickable options in the Exchange admin Center.
We’ll cover the basics, under the “recipients” section.
Have a look around in the other options, but don’t change anything for now.
For your ease, click the Recipients link in the left menu.
This will show us six options in the top menu :
Mailboxes : an advanced view per mailbox for setting up rights, mailflow, aliases, …
Groups : allows for creation of either a fixed ditribution group, a security group or a dynamic distribution group. The dynamic groups are actually quite fun to play around with. They set up a mail-enable group depending on certain variables such as company name, department, …
Resources are practically identical to shared mailboxes, with the difference that they have a fancy looking icon. Resource mailboxes have the purpose of creating a mailbox (more preferrably a calendar) for your hardware.
If Oliver Shortstraw has a meeting room and a shared car, he might benefit from giving these items a calendar of their own (it’s free, anyway) so managing whoever needs to borrow the car or use the meeting room becomes a super-easy task.
Contacts : if you were to use external email addresses in tenant-wide mail rules, they need to be defined in this area.
“Mail contacts” are used for administrative purposes only.
“Mail users” are Active Directory enabled objects linked to an external mail address, allowing external users (like a gmail user) to perform things inside your cloud AD environment.
Shared mailboxes : as mentioned before, these mailboxes host mail, but aren’t linked to a physical user, thus not accounted for during licensing cost calculation.
Migration. I’ve always found this option to be somewhat misplaced in the recipients menu.
The “Migration” option oviously lets you migrate to (and from !) Exchange Online through a couple of ways.
We’ll be doing the second-to-easiest migration later on, as we’ll be importing shortstraw.be mail from the current provider over an IMAP migration.
In case you’re wondering : importing PST files in Outlook is the easiest way.
Let’s start alphabetically and have a look at Annie’s mailbox.
Doubleclick her entry in the Mailboxes part of the Exchange Admin Center
The more important options in this popup window (allow popups in your browser for this to work, by the way) aren’t the ones you see at first.
Except from the “hide from address list” check mark, you can safely move on the “email address” menu for now. Feel free to have a gander at the other options.
You’ll see three entries by default, after having created a user with only one domain attached to the O365 tenant :
SIP : used in Lync/Skype for Business/Teams (the communication part)
SMTP (in uppercase) : the default address, by which all outgoing mail from this mailbox is sent. Also called the “reply address”
smtp (in lowercase) : an alias to the mailbox. Mail sent to this address will appear in the mailbox as well. Replies will be sent from the SMTP address.
In our example, we’d like for Annie to receive email@example.com as well.
This can be easily achieved by clicking the little + icon and filling out the form, where you type the complete e-mail address and pressing the “Save” button.
You can edit here if this new address needs to become the reply address.
Mailbox features holds a plethora of options such as disabling the use webmail, denying mobile phone connectivity, litigation (see above), archiving, …
The part I want to focus on is “Mail flow” (scroll down a little in the list or enlarge the window).
Again, feel free to check out the other options as well.
Click mail flow and a new window will appear where you get to fill out another form.
Pretty straightforward option where you can setup a server-side mail forwarding, without Annie knowing about it.
For legal reasons I’m obliged to tell you that you should inform your users of this forwarding rule.
Ticking “Enable forwarding” enables you to click the “Browse” button, which in its turn shows you the list of available users to select from.
You’ll see that this list is populated only by the internal addresses in your own global address list.
And this is where our “Mail contacts” from above come in of oyu’re to setup a forwarding to an address that’s not housed in your customer’s O365 tenant.
“Deliver message to both forwarding addresses and mailbox” simply does what it says. If you weren’t to activate this after enabling the forward option, Annie wouldn’t receive mails anymore in her own mailbox, but all mails are forwarded without leaving a copy.
One more option in the left menu of our user mailbox properties that we’ll look into within a couple of minutes is the “Mailbox delegation” menu. This option is a mini rights management where you can set “full access”, “send on behalf” and “send as” rights for a mailbox.
In our example, Oliver had a couple of aliases in his old mail setup.
Because we love our customer, we’ll gladly copy and paste these addresses in the new environment so he can be mailed on e.g. firstname.lastname@example.org
Our third “straw” is John, who luckily doesn’t need extras so he’s good to go with an out-of-the-box setup, which starts him up automatically as email@example.com
We’re almost done with our basic mailflow configuration.
All that remains from our initial analysis (concerning the shortstraw.be domain name) is the remaining firstname.lastname@example.org that needed to be seen by both Annie and Oliver.
We’ve already established that a shared mailbox would be the most appropriate solution for this, so let’s configure one !
Go to the “shared” top menu and click the little + icon.
A familiar looking form appears.
You might recognize this from when you just recently created a new mailbox.
The biggest difference is the appearance of the permissions box.
Select the user(s) with permission to view and send from this box and press “Save”.
You’re good to go !
Setting up a shared mailbox is THAT easy.
Remember Oliver’s company (Shortstraw LLC) mail profile in one of our previous posts ? Refresh your memory if you stumble upon this website and have forgotten / not read the previous one.
I will base this actual setup on our findings in that post.
The hardware and operating system upgrading procedures, that I spoke about, will not be handled here.
Preparing the environment
Since we’ve established our to-do list, we can now start the procedure in which the customer will experience the least downtime.
Depending on the expectations of the customer, you can either perform all these actions on-the-fly or prepare yourself thoroughly. In this case we’ll take the long(er) road.
After having created the 30-day trial (or go ahead and buy one instantly through Microsoft or a Cloud Solutions Partner)
You’ll be greeted with something similar to the screenshot above.
Clicking the upper left square icon will get you into the apps menu.
Depending on the user rights and licenses, you’ll see less or more icons, representing the programs and apps you’re allowed to use.
One important icon you’ll see, is the “Admin“.
Users that have administrator rights will be provided with this option.
In this example, our admin user has a fully working E3 license (you get 25 of these buggers in an O365 trial), which is something that’s “not done” in a real life situation.
Were you to upgrade this 30 day trial to a full tenant, I strongly suggest stripping the admin account of all his licenses. It’s bad practice to use your O365 admin account for anything else than … well… admin purposes.
We’ll get into licensing later.
Click on “Admin” and a specific administrative portal opens.
You can take a short tour of everything by clicking “Start the tour” if you want or read onward and click “Skip”.
On the left side of the admin page you’ll notice the admin menu (which is deliberately placed as a screenshot on the right side of this page, just to confuse you)
First thing you’ll be wanting to do is to create the situation with the correct internal mailflow, user rights etc.
Remember : as long as you don’t change the MX record in the customer’s DNS settings, NOTHING will happen to the existing setup.
You can safely mess around until you’ve got the flow up and running to your own standards.
Remembering our previous conclusion, we’ll start creating our users’ mailboxes first.
If you want to get this right at first try, you’ll want to include the domain first as an “inbound” domain into your O365 tenant. This will allow you to create user names ending in @yourdomain.com instead of @yourdomain-com.onmicrosoft.com.
Again, including the domain name will not change your current mail flow.
DON’T PANIC !!!
Open the Setup menu and click “Domains”
One domain will be listed by default.
This is you tenant name (in my example “shortstraw.onmicrosoft.com”) and cannot be removed.
Click “Add Domain” and fill in the desired domain name, after which you click “Next”.
In order for Microsoft’s servers to verify your identity and double checking if you’re actually the owner or admin for your added domain, you’ll be given the choice of either adding a TXT record or adding a fake MX record into your own DNS management software at your hosting company’s admin package.
In my case, the lovely French hosting company “OVH” will be my location to turn to.
Eventually, practically every DNS hosting company allows you to manage your settings through some form of admin portal for easy setup purposes.
Once the record has been added, you can click the “Verify” button to let Microsoft doucble check the creation of the record.
If the TXT record is not yet found, according to the O365 domain verification wizard, you can always start your troubleshooting on a global level by surfing to https://dnschecker.org/DNS Checker creates a worldwide DNS lookup, using all sorts of DNS servers to see if your DNS record has propagated already to all locations.
Usually DNS propagation for a brand new domain record will probably not take a lot of time. It’s those record changes that tend to take longer.
From this point on, you’ll be able to pick your domain name already in the user creation wizard.
Should you choose to continue, more DNS records will be added.
Skip forward to user creation. (link not yet implemented, because too lazy)
The screenshot above will give you a sneaky Microsoft question, with the default option set to “Set up my online services for me”.
Though Microsoft might say “Recommended”, I strongly disagree here.
“Why’s that”, you say ?
In case you decide to stop your O365 adventures and want to move on to a new platform for mail, you’re going to have to go through a lot of hassle to set this straight again.
Always choose to manage your own DNS records and click “Next”. Unless you’re REALLY pissed about your current DNS provider. In that case, I still suggest just finding another one. BUT NOT MICROSOFT FOR THE LOVE OF GOD.
A step that has been neatly added in the onboarding wizard, since Q4 of 2017 is the “Choose your Online Services” wizard.
This narrows down the amount of DNS records for you to add, according to the active checkmarks.
I’m going to select all of them, because I know my end-customer Oliver Shortstraw will need toe Exchange parts as well as the Mobile Device Management.
He’s also a somebody that changes his mind in the blink of an eye, so just to be sure we won’t have to setup anything else later, I also picked “Skype for Business”.
A somewhat huge list of DNS records will appear, for you to fill into your favorite DNS hoster *cough* OVH *cough*
Now in order to fully understand what’s going on here, I’ll explain in detail the actual stuff that’s going on. Teach a man to fish etc.
FINAL WARNING (I won’t repeat it again) DO NOT CHANGE THE MX RECORD JUST YET (unless this is a brand new setup for a brand new domain, then go ahead and have fun)
CNAME : autodiscover > autodiscover.outlook.com
This record basically tells your Outlook client to read a pre-made config file on a Microsoft server.
Thus allowing you to just enter your e-mail address and password in the Outlook setup wizard, instead of having to go through the hassle of manually setting up your O365 config.
CNAME : sip > sipdir.online.lync.com Refers to the actual SIP server for using Skype for Business/Lync/Teams. Your communication client will connect to this server and this server will in place patch you through to the geographically most redundant SIP server.
CNAME : lyncdiscover > webdir.online.lync.com
This server uses the same Autodiscover protocol as the Outlook one.
It patches you through to the correct Microsoft server cluster where your tenant is hosted, as well as other various kinky background processes. Dragons be here.
CNAME : enterpriseregistration > enterpriseregistration.windows.net
Basically serves as a registration server (duh), so the Microsoft servers know what mobile device was added to the tenant for so-called “conditional access”
CNAME : enterpriseenrollment > enterpriseenrollment.manage.microsoft.com
Enrolling (again, duh) Windows mobile devices and managing them through Microsoft Intune, requires these servers.
TXT : v=spf1 …
Specifies the server(s) that may send mail, originating from your domain name.
More on SPF records in an other post.
For now, follow the suggested entry, which – shortly explained – allows a group of servers that are defined in the name spf.protection.outlook.all to send mail from your domain. All others are denied.
SRV : _SIP
Together with the sipfederationtls entry, these are usually the more tricky ones to enter, depending on the DNS management tool. [An example from the one.com hosting panel].
This specific entry provides the security layer.
SRV : _SIPFEDERATIONTLS
This entry states the TCP port 5061 is being used for everything federation-related in communicating over SIP. A Classic SIP port uses port 5060. Microsoft likes to do things in their own special way…
MX : xxxx-yy.mail.protection.outlook.com
An automatically generated server name, based on your domain name and domain extension.
MX is short for Mail Exchanger and tells other mailservers in the world where to go dump its mail for your specific domain name.
The second you change this record in your DNS management (and it gets propagated world wide, bla bla) your mail will be directed to the server(s) in this record.
<lazy mode> Let’s assume for the time being, that our test company does not care much for just a little downtime and let’s change all these records in our DNS management tool </lazy mode>
Clicking the “Verify” button at the bottom of the wizard page will get Microsoft’s O365 server to check all your entries. Depending on the DNS management tool and the hosting company, this might take a couple of seconds up to a couple of hours.
After a successful verification of all entered services, let’s move on to creating new users in the next post.
For now, pat yourself on the back for a job well done and have a refreshing beverage.
Antique software ? No TLS/SSL support for outgoing mail ?
No problem !
If you stumble upon this article through a Google search (who uses Bing, anyway…), you’re probably wondering how to solve the following issue (or something similar) :
You have this old invoicing software that doesn’t get updates anymore ever since 2008 and relies on port 25 – unauthenticated – to send mails through your ISP’s outgoing mail server.
You happen to have this beautiful product called ‘Office 365’ and use its mail functionality for your own domain name. This domain name is used as outgoing mail domain in your software.
Luckily, you still have a Windows Server randomly lying about (hopefully 2008 R2 or higher, but this trick works with older stuff as well – also : this works on a Windows 7/8/10 , even though the IIS install method will be different)
Installing SMTP in IIS
2012 R2 Server Install Internet Information Services (IIS)
In Server Manager, select Add Roles.
On the Before you begin page in the Add Roles Wizard, select Next.
On the Select Installation Type page, select Role-based or Feature-based installation.
On the Select destination server page, choose Select a server from the server pool, and select the server that will be running SMTP services. Select Next.
On the Select Server Roles page, select Web Server (IIS), and then select Next. If a page that requests additional features is displayed, select Add Features and then select Next.
On the Select Role Services page, make sure that Basic Authentication under Security is selected, and then select Next.
On the Confirm Installation Steps page, select Install.
Open Server Manager and select Add Roles and Features.
Select Server Selection and make sure that the server that will be running the SMTP server is selected and then select Features.
On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).
2008 R2 Server Install Internet Information Services (IIS)
In Server Manager, select Add Roles.
On the Before you begin page in the Add Roles Wizard, select Next.
On the Select Server Roles page, select Web Server (IIS) and select Install.
Select Next until you get to the Select Role Services page.
In addition to what is already selected, make sure that ODBC Logging, IIS Metabase Compatibility, and IIS 6 Management Console are selected and then select Next.
When you’re prompted to install IIS, select Install. You may need to restart the server after the installation is finished.Install SMTP
Open Server Manager and select Add Roles and Features.
On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).
Select Start > Administrative Tools > Internet Information Services (IIS) 6.0.
Expand the current server, right-click the SMTP Virtual Server, and then select Properties.
On the General tab, select Advanced > Add.
In the IP Address box, specify the address of the server that’s hosting the SMTP server.
In the Port box, enter 587 and select OK.
On the Access tab, do the following:
Select Authentication and make sure that Anonymous Access is selected.
Select Connection > Only the List Below, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as printers.
Select Relay > Only the List Below, and then specify the IP address of the devices relaying through this SMTP server
On the Delivery tab, select Outbound Security, and then do the following:
Select Basic Authentication.
Enter the credentials of the Office 365 user who you want to use to relay SMTP mail.
Select TLS Encryption.
Select Outbound Connections and in the TCP Port box, enter 587 and select OK.
Select Advanced and specify SMTP.office365.com as the Smart Host.
/!\ Restart the IIS service and the SMTP service. /!\
Actually testing, before applying
You can test SMTP relay services without using your software that needed it in the first place.
To test SMTP relay services, use the following steps.
Create a text file using Notepad or another text editor. The file should contain the following code. Replace the source and destination email addresses with the addresses you will use to relay SMTP.
FROM: <source email address>
TO: <destination email address>
SUBJECT: Test email
This is a test email sent from my SMTP server
Save the text file as Email.txt.
Copy the Email.txt file into the following folder: C:\InetPub\MailRoot\Pickup.
Try to copy it instead of just moving it. The mail file will disappear.
After a short time, the file should automatically be moved to the C:\InetPub\MailRoot\Queue folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.
Warning: If the SMTP server can’t deliver the message, a non-delivery report (NDR) is created in the C:\InetPub\MailRoot\BadMail folder. You can use this NDR to diagnose delivery issues.
This is where most guides fall short.
Read the mails, that appear in the Badmail folder.Usually there will be a reason for refusal or non-delivery explained in these files.
If you have ‘show file extensions’ turned on, they will appear as .BAD files.
Open with Notepad or a similar pogram to see something like this :
Self-explanatory, I guess.
If mails were to actually arrive at their destinaton, but marked as “phishing” or appear in the spam folder of your recipient, chances are pretty high, your software package is still sending out through the wrong outgoing mailserver.
Seeing as I’m not a psychic, I can’t know how to configure outgoing mail in every piece of software.Press F1
An other reason for your mails being marked as “phising” (and I deliberately left this near the end of this article), is also related to the above (still sending out through your ISP’s SMTP server using an Office 365 mail address). HOWEVER…
When the mail arrives – even though its marked as spam – this means your ISP was able to actually deliver it. In Office 365 cases, this usually means that your ISP is not allowed to send out as your O365-linked domain name.
I’ll provide a detailed how-to on interpreting mail headers in a later post, but for the purpose of this exercise, let’s presume the mails are being marked because of the above.
In this case, just adding/editing an SPF record that relates to your ISP will be enough.
The somewhat attentive reader might be asking himself ‘if I could just add an SPF record using the records for my ISP, then why did I even bother reading this article ?
I’ll keep the answer very simple : EVERY user of this ISP will have the ability to send mail as your domain name, without passing some form of verification in this case.
AAaaaaand we’re back to the 80’s/90’s , where it was common fun and games to change your mail address in Outlook Express or other old mail software.
Random : Did you know that Outlook Express’ executable file msimn.exe was named, because it’s short for MicroSoft Internet Mail and News ?
Mail does not arrive and the NDR gives an authentication error :
Did you change your O365 password for the account that you use to authenticate for the SMTP connection ?
Yes you did. (or you just made a typo)
Mail does not arrive and the NDR gives a ‘does not permit to send as’ error :
Most often, this occurs when not sending as the account that is the SMTP relayer.
Your fancy 80’s software probably sends as (e.g., which is latin for exempli gratiā and is often translated as example given – just sayin’) email@example.com, while your SMTP’er is firstname.lastname@example.org.
To solve this, either change your outgoing mail address in your 80’s software, change the authenticating O365 in your SMTP relay server OR…. *drumrolls* add ‘send as’ permissions to the invoicing mailbox for Oliver’s account.
What’s that ? email@example.com does not exist in your O365 tenant ?
Yeah… I figured as much…
Add is as an alias to Oliver’s box or create a new box. Choice is yours.
Oh, and in a footnote : you will not find the mails sent through your relay’er in the resp. mailbox’ Sent Items.
Handy for troubleshooting… NOT