OFFICE 356 MIGRATION (4) – 3 steps ahead

Remember Oliver’s company (Shortstraw LLC) mail profile in one of our previous posts ?
Refresh your memory if you stumble upon this website and have forgotten / not read the previous one.
I will base this actual setup on our findings in that post.
The hardware and operating system upgrading procedures, that I spoke about, will not be handled here.

Preparing the environment

Since we’ve established our to-do list, we can now start the procedure in which the customer will experience the least downtime.
Depending on the expectations of the customer, you can either perform all these actions on-the-fly or prepare yourself thoroughly. In this case we’ll take the long(er) road.

After having created the 30-day trial (or go ahead and buy one instantly through Microsoft or a Cloud Solutions Partner)

At least, we’re welcome

You’ll be greeted with something similar to the screenshot above.
Clicking the upper left square icon will get you into the apps menu.
Depending on the user rights and licenses, you’ll see less or more icons, representing the programs and apps you’re allowed to use.

One important icon you’ll see, is the “Admin“.
Users that have administrator rights will be provided with this option.
In this example, our admin user has a fully working E3 license (you get 25 of these buggers in an O365 trial), which is something that’s “not done” in a real life situation.
Were you to upgrade this 30 day trial to a full tenant, I strongly suggest stripping the admin account of all his licenses. It’s bad practice to use your O365 admin account for anything else than … well… admin purposes.
We’ll get into licensing later.

O365 admin menu
The admin menu

Click on “Admin” and a specific administrative portal opens.
You can take a short tour of everything by clicking “Start the tour” if you want or read onward and click “Skip”.

On the left side of the admin page you’ll notice the admin menu (which is deliberately placed as a screenshot on the right side of this page, just to confuse you)

First thing you’ll be wanting to do is to create the situation with the correct internal mailflow, user rights etc.
Remember : as long as you don’t change the MX record in the customer’s DNS settings, NOTHING will happen to the existing setup.
You can safely mess around until you’ve got the flow up and running to your own standards.

Remembering our previous conclusion, we’ll start creating our users’ mailboxes first.
If you want to get this right at first try, you’ll want to include the domain first as an “inbound” domain into your O365 tenant. This will allow you to create user names ending in @yourdomain.com instead of @yourdomain-com.onmicrosoft.com.
Again, including the domain name will not change your current mail flow.
DON’T PANIC !!!

Open the Setup menu and click “Domains”

One domain will be listed by default.
This is you tenant name (in my example “shortstraw.onmicrosoft.com”) and cannot be removed.

Click “Add Domain” and fill in the desired domain name, after which you click “Next”.

In order for Microsoft’s servers to verify your identity and double checking if you’re actually the owner or admin for your added domain, you’ll be given the choice of either adding a TXT record or adding a fake MX record into your own DNS management software at your hosting company’s admin package.

In my case, the lovely French hosting company “OVH” will be my location to turn to.

A line of TXT in OVH’s DNS management

Eventually, practically every DNS hosting company allows you to manage your settings through some form of admin portal for easy setup purposes.
Once the record has been added, you can click the “Verify” button to let Microsoft doucble check the creation of the record.

Troubleshooting :

If the TXT record is not yet found, according to the O365 domain verification wizard, you can always start your troubleshooting on a global level by surfing to https://dnschecker.org/DNS Checker creates a worldwide DNS lookup, using all sorts of DNS servers to see if your DNS record has propagated already to all locations.
Usually DNS propagation for a brand new domain record will probably not take a lot of time. It’s those record changes that tend to take longer.
Successful verification will get you to this screen

From this point on, you’ll be able to pick your domain name already in the user creation wizard.
Should you choose to continue, more DNS records will be added.
Skip forward to user creation. (link not yet implemented, because too lazy)

The screenshot above will give you a sneaky Microsoft question, with the default option set to “Set up my online services for me”.
Though Microsoft might say “Recommended”, I strongly disagree here.

“Why’s that”, you say ?
In case you decide to stop your O365 adventures and want to move on to a new platform for mail, you’re going to have to go through a lot of hassle to set this straight again.

Always choose to manage your own DNS records and click “Next”. Unless you’re REALLY pissed about your current DNS provider. In that case, I still suggest just finding another one. BUT NOT MICROSOFT FOR THE LOVE OF GOD.

Choose what you need (or select all)

A step that has been neatly added in the onboarding wizard, since Q4 of 2017 is the “Choose your Online Services” wizard.
This narrows down the amount of DNS records for you to add, according to the active checkmarks.
I’m going to select all of them, because I know my end-customer Oliver Shortstraw will need toe Exchange parts as well as the Mobile Device Management.
He’s also a somebody that changes his mind in the blink of an eye, so just to be sure we won’t have to setup anything else later, I also picked “Skype for Business”.

A somewhat huge list of DNS records will appear, for you to fill into your favorite DNS hoster *cough* OVH *cough*

A wild list appears. You crit it for 9000. It was super effective

Now in order to fully understand what’s going on here, I’ll explain in detail the actual stuff that’s going on. Teach a man to fish etc.

FINAL WARNING (I won’t repeat it again) DO NOT CHANGE THE MX RECORD JUST YET (unless this is a brand new setup for a brand new domain, then go ahead and have fun)

CNAME : autodiscover > autodiscover.outlook.com
This record basically tells your Outlook client to read a pre-made config file on a Microsoft server.
Thus allowing you to just enter your e-mail address and password in the Outlook setup wizard, instead of having to go through the hassle of manually setting up your O365 config.

CNAME : sip > sipdir.online.lync.com
Refers to the actual SIP server for using Skype for Business/Lync/Teams. Your communication client will connect to this server and this server will in place patch you through to the geographically most redundant SIP server.

CNAME : lyncdiscover > webdir.online.lync.com
This server uses the same Autodiscover protocol as the Outlook one.
It patches you through to the correct Microsoft server cluster where your tenant is hosted, as well as other various kinky background processes. Dragons be here.

CNAME : enterpriseregistration > enterpriseregistration.windows.net
Basically serves as a registration server (duh), so the Microsoft servers know what mobile device was added to the tenant for so-called “conditional access”

CNAME : enterpriseenrollment > enterpriseenrollment.manage.microsoft.com
Enrolling (again, duh) Windows mobile devices and managing them through Microsoft Intune, requires these servers.

TXT : v=spf1 …
Specifies the server(s) that may send mail, originating from your domain name.
More on SPF records in an other post.
For now, follow the suggested entry, which – shortly explained – allows a group of servers that are defined in the name spf.protection.outlook.all to send mail from your domain. All others are denied.

SRV : _SIP
Together with the sipfederationtls entry, these are usually the more tricky ones to enter, depending on the DNS management tool.
[An example from the one.com hosting panel].
This specific entry provides the security layer.

SRV : _SIPFEDERATIONTLS
This entry states the TCP port 5061 is being used for everything federation-related in communicating over SIP. A Classic SIP port uses port 5060. Microsoft likes to do things in their own special way…

MX : xxxx-yy.mail.protection.outlook.com
An automatically generated server name, based on your domain name and domain extension.
MX is short for Mail Exchanger and tells other mailservers in the world where to go dump its mail for your specific domain name.
The second you change this record in your DNS management (and it gets propagated world wide, bla bla) your mail will be directed to the server(s) in this record.

<lazy mode> Let’s assume for the time being, that our test company does not care much for just a little downtime and let’s change all these records in our DNS management tool </lazy mode>

Clicking the “Verify” button at the bottom of the wizard page will get Microsoft’s O365 server to check all your entries. Depending on the DNS management tool and the hosting company, this might take a couple of seconds up to a couple of hours.

After a successful verification of all entered services, let’s move on to creating new users in the next post.
For now, pat yourself on the back for a job well done and have a refreshing beverage.

SMTP relay on your Windows server for use with Office 365

Antique software ? No TLS/SSL support for outgoing mail ?

No problem !

If you stumble upon this article through a Google search (who uses Bing, anyway…), you’re probably wondering how to solve the following issue (or something similar) :

It’s all about the Pentiums, baby !

You have this old invoicing software that doesn’t get updates anymore ever since 2008 and relies on port 25 – unauthenticated – to send mails through your ISP’s outgoing mail server.

You happen to have this beautiful product called ‘Office 365’ and use its mail functionality for your own domain name. This domain name is used as outgoing mail domain in your software.

Luckily, you still have a Windows Server randomly lying about (hopefully 2008 R2 or higher, but this trick works with older stuff as well – also : this works on a Windows 7/8/10 , even though the IIS install method will be different)

Installing SMTP in IIS

  1. 2012 R2 Server
    Install Internet Information Services (IIS)

    1. In Server Manager, select Add Roles.
    2. On the Before you begin page in the Add Roles Wizard, select Next.
    3. On the Select Installation Type page, select Role-based or Feature-based installation.
    4. On the Select destination server page, choose Select a server from the server pool, and select the server that will be running SMTP services. Select Next.
    5. On the Select Server Roles page, select Web Server (IIS), and then select Next. If a page that requests additional features is displayed, select Add Features and then select Next.
    6. On the Select Role Services page, make sure that Basic Authentication under Security is selected, and then select Next.
    7. On the Confirm Installation Steps page, select Install.

      Install SMTP

      1. Open Server Manager and select Add Roles and Features.
      2. Select Server Selection and make sure that the server that will be running the SMTP server is selected and then select Features.
      3. On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
      4. Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).

  2. 2008 R2 Server
    Install Internet Information Services (IIS)

    1. In Server Manager, select Add Roles.
    2. On the Before you begin page in the Add Roles Wizard, select Next.
    3. On the Select Server Roles page, select Web Server (IIS) and select Install.
    4. Select Next until you get to the Select Role Services page.
    5. In addition to what is already selected, make sure that ODBC Logging, IIS Metabase Compatibility, and IIS 6 Management Console are selected and then select Next.
    6. When you’re prompted to install IIS, select Install. You may need to restart the server after the installation is finished.Install SMTP
      1. Open Server Manager and select Add Roles and Features.
      2. On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
      3. Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).
  3. Windows 10 / 8 / 7Use the instructions on https://www.howtogeek.com/112455/how-to-install-iis-8-on-windows-8/
    You’re probably oing to need at least the ‘Professional’ version of the operating system to be able to pull this one off.

Configuring the SMTP Service for use with O365

  1. Set up SMTP
    1. Select Start > Administrative Tools > Internet Information Services (IIS) 6.0.
    2. Expand the current server, right-click the SMTP Virtual Server, and then select Properties.
    3. On the General tab, select Advanced > Add.
    4. In the IP Address box, specify the address of the server that’s hosting the SMTP server.
    5. In the Port box, enter 587 and select OK.
    6. On the Access tab, do the following:
      1. Select Authentication and make sure that Anonymous Access is selected.
      2. Select Connection > Only the List Below, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as printers.
      3. Select Relay > Only the List Below, and then specify the IP address of the devices relaying through this SMTP server
    7. On the Delivery tab, select Outbound Security, and then do the following:
      1. Select Basic Authentication.
      2. Enter the credentials of the Office 365 user who you want to use to relay SMTP mail.
      3. Select TLS Encryption.
      4. Select Outbound Connections and in the TCP Port box, enter 587 and select OK.
      5. Select Advanced and specify SMTP.office365.com as the Smart Host.

/!\ Restart the IIS service and the SMTP service.  /!\

 

Actually testing, before applying

You can test SMTP relay services without using your software that needed it in the first place.

To test SMTP relay services, use the following steps.

  1. Create a text file using Notepad or another text editor. The file should contain the following code. Replace the source and destination email addresses with the addresses you will use to relay SMTP.
    FROM: <source email address>
    TO: <destination email address>
    SUBJECT: Test email
    
    This is a test email sent from my SMTP server
    
  2. Save the text file as Email.txt.
  3. Copy the Email.txt file into the following folder: C:\InetPub\MailRoot\Pickup.
    Try to copy it instead of just moving it. The mail file will disappear.
  4. After a short time, the file should automatically be moved to the C:\InetPub\MailRoot\Queue folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.

    Warning: If the SMTP server can’t deliver the message, a non-delivery report (NDR) is created in the C:\InetPub\MailRoot\BadMail folder. You can use this NDR to diagnose delivery issues.

     

Troubleshooting

This is where most guides fall short.

  1. Read the mails, that appear in the Badmail folder.Usually there will be a reason for refusal or non-delivery explained in these files.
    If you have ‘show file extensions’ turned on, they will appear as .BAD files.
    Open with Notepad or a similar pogram to see something like this :


    Self-explanatory, I guess.

  2. If mails were to actually arrive at their destinaton, but marked as “phishing” or appear in the spam folder of your recipient, chances are pretty high, your software package is still sending out through the wrong outgoing mailserver.
    Seeing as I’m not a psychic, I can’t know how to configure outgoing mail in every piece of software.Press F1 

    An other reason for your mails being marked as “phising” (and I deliberately left this near the end of this article), is also related to the above (still sending out through your ISP’s SMTP server using an Office 365 mail address).
    HOWEVER…

    When the mail arrives – even though its marked as spam –  this means your ISP was able to actually deliver it. In Office 365 cases, this usually means that your ISP is not allowed to send out as your O365-linked domain name.
    I’ll provide a detailed how-to on interpreting mail headers in a later post, but for the purpose of this exercise, let’s presume the mails are being marked because of the above.

    In this case, just adding/editing an SPF record that relates to your ISP will be enough.

    I hear a couple of muffled hillbilly-sounding voices in the background asking me ‘what in tarnation is an SPF record’ and how does that work ?
    Read and weep : https://blog.returnpath.com/how-to-explain-spf-in-plain-english/

    For all you Belgians out there, these are the values you need to include in your SPF record for the bigger ISP’s :

    Telenet
          include:_spf.telenet-ops.be

    Proximus
          include:ispmail.spf.secure-mail.be
          include:bgc.spf.secure-mail.be

    The somewhat attentive reader might be asking himself ‘if I could just add an SPF record using the records for my ISP, then why did I even bother reading this article ?

    I’ll keep the answer very simple : EVERY user of this ISP will have the ability to send mail as your domain name, without passing some form of verification in this case.

    AAaaaaand we’re back to the 80’s/90’s , where it was common fun and games to change your mail address in Outlook Express or other old mail software.

    Random :
    Did you know that Outlook Express’ executable file   msimn.exe was named, because it’s short for MicroSoft Internet Mail and News ?

  3. Mail does not arrive and the NDR gives an authentication error :

    Did you change your O365 password for the account that you use to authenticate for the SMTP connection ?
    Yes you did. (or you just made a typo)

  4. Mail does not arrive and the NDR gives a ‘does not permit to send as’ error :

    Most often, this occurs when not sending as the account that is the SMTP relayer.
    Your fancy 80’s software probably sends as (e.g., which is latin for exempli gratiā and is often translated as example given – just sayin’) invoicing@shortstraw.be, while your SMTP’er is oliver@shortstraw.be.

    To solve this, either change your outgoing mail address in your 80’s software, change the authenticating O365 in your SMTP relay server OR…. *drumrolls* add ‘send as’ permissions to the invoicing mailbox for Oliver’s account.

    What’s that ? invoicing@shortstraw.be does not exist in your O365 tenant ?
    Yeah… I figured as much…
    Add is as an alias to Oliver’s box or create a new box. Choice is yours.

 

Oh, and in a footnote : you will not find the mails sent through your relay’er in the resp. mailbox’ Sent Items.
Handy for troubleshooting… NOT

Re-linking an Office 365/2016/2013 installation to a new user

Disaster strikes !

You company has lost an employee and his or her computer gets transferred to a new colleague, who’s freshly hired.

Hello, IT ?

When your lazy-mode kicks in as an IT implementor, you’re probably gonna go and rename the old account in the Office 365 portal and go on with ordinary life as a sysadmin.
However, this will bring some new issues to the table.

  • The user will still be named as the old user in the internal database of O365
  • Here and there, references to the old name will still appear in the web portal, as well as in the ‘edited by’ properties of Office documents.
  • Your physical install of Office will still refer to the old user and will ask for reactivation, which will not work.
  • … (which is short for “I can’t think of anything else, but I’m sure there is more”)

Having been told I should be less agressive, I’ll try to go towards a passive agressive mode and say “this is what I suggest you should do” instead of “now do this”.

The general idea here is to convert the old mailbox (if there is any, this depends on the O365 subscription) to a shared mailbox, wait for the actual conversion to be done (this is an incredibly important part which is overlooked often) and then take away the e-mail-holding license (Plan 1, Business Premium, E3, E5, …) from that user.
The detailed explanation on how to do that, is not relevant to this post, right now.
Afterwards, create the new user and add the license.

What IS relevant, is the removal of the old license on the computer that remains behind and is passed on to the new user.

A couple of steps need to be taken in order to clean up the installation, so it can be re-linked to a new O365 user.

  1. Use the Office Software Protection Platform script to remove the license from the computer.
    To remove the Office 365 license, you must run two cscript command lines. The command lines are:

    A. Run C:\program files <x86>\Microsoft office\office15>cscript ospp.vbs /dstatus

    The above command line will generate a report of the currently installed/activated license. (See Below)

    NOTE: You might see multiple licenses in the /dstatus report.

    B. Make note of value for “Last 5 characters of installed product key”

    C.  Run C:\program files <x86>\Microsoft office\office15>cscript ospp.vbs /unpkey:“Last 5 of installed product key” For example: C:\program files <x86>\Microsoft office\office15>cscript ospp.vbs /unpkey:WB222 (See Below) Repeat the step above if necessary until all keys are removed.

    After running the /unpkey: command line you will see a “Product Key uninstall successful” message. You can now close the Command Prompt and move onto Step 2.

  2. Remove cached identities in the registry.
    In the Registry Editor navigate to HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity\Identities and remove all of the identities under \Identities.

    NOTE: If using Shared Computer Licensing remove the above Identities from HKEYUsers\SID.

  3. Remove stored credentials in Credential Manager.

    A. Open Control Panel > Credential Manager.  Remove all Windows credentials listed for Office15 or Office16.

    B. To remove the Credential Click on the Drop down arrow and choose Remove from Vault.(See Below)

    In Shared Computer Licensing scenarios you must remove the Token and identities listed below.
    %userprofile%\Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing

  4. Manually cleanup specific folders.

    Credential Manager:

    Appdata\Roaming\Microsoft\Credentials
    Appdata\Local\Microsoft\Credentials
    Appdata\Roaming\Microsoft\Protect
    HKCU\Software\Microsoft\Protected Storage System Provider

    Office 365 activation Tokens and Identity

    Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing
    HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity
    HKEYU\(The Users SID)\Software\Microsoft\Office\15.0 or 16.0\Common\Identity

    The above steps will be reset to the activation state for Office 365(2013/2016). The activation flow after the locations are cleared will represent an initial activation scenario.

TL;DR ? Download OLicenseCleanup.vbs_1 , rename to a .VBS file (by removing the .TXT extension, why am I even saying this. Really? If you don’t know how file extensions work in Windows, please stop reading now and educate yourself on this subject)

Partly taken from Technet 

Office 356 Migration (3) – getting ready to rumble

Wanna mess around in a demo version of Office 365, before trying the real thing ?
No problemo !
Go to https://products.office.com/nl-be/try  and create an account to your heart’s content.

One big /!\ warning /!\ before actually doing so :
Experience has taught me that – while you can create a 30-day demo account and perform all the fun stuff that the full version can – there’s a couple of things you need to know about your demo version.

  1. All domain names added to this O365 tenant, even if it’s in demo mode, have a tendency to remain there even after your trial has expired.
    In concreto, this signifies, you will not be able to add this domain to a new O365 tenant, should you want to do this, after ignoring the renewal of your demo.
    Microsoft has this funny way of holding onto your old data if anything external is still linked to your account. In this case a domain name.
    So, when you plan to stop your demo account, be sure to remove all external factors first (such as the link to your own domain name, linked mailboxes that are being pushed into an O365 mailbox, …)
    If you don’t do this and you will need this to be re-linked afterwards, you might have to call Microsoft support. *sigh*
  2. You’ll never be able to fully clean up all the messing around you performed in your demo version, so make sure you actually start a new and clean tenant if you want the start using O365 “for real”, thus no mistakes that you made are moved into your live setup (hey, I’m not judging, this is actually what demo environments are for).
  3. If you want the full experience, I do suggest buying a domain name (or using one you have lying around) to integrate into your O365 demo environment, as this will teach you how to fiddle around in the DNS settings later on.
    This will also allow you to log into your environment using your actual email address instead of some my_user_name@some_tenantname.onmicrosoft.com .
    Mail functionality coming from a .onmicrosoft.com domain is usually blocked or filtered in many cases, so for good form, just integrate a domain name.
    We’ll see how this is done later on.
    Make sure you get a domain host that allows you to add SRV records, if possible. This will allow you to properly configure your Skype For Business / Lync / Teams communication setup.
    A more simple explanation on SRV records can be found through this link.

 

Getting our hands dirty (almost)

Shortstraw LLC, the Belgian versionIn this example setup, we will be creating a basic startup scene through which we will continue to enlarge our virtual company, adding the necessary services as we need them.

For now, our company “Shortstraw LLC” has not seen the proverbial light yet and just wants his mail in the cloud and accessible at all times.
Shortstraw’s current mail setup for their Belgian branch consists of some simple POP boxes (or so they told us, their IT implementor   *dramatic sound*)

shortstraw mail_01
Shortstraw’s mail setup according to first contact with the customer

The image above (because a wall of text doesn’t read as easy as a children’s illustrated book) shows how the customer describes his current mail situation, after having established first contact over the phone.
Oliver (the CEO) and Annie (the CFO) each have a mailbox which they read in their not-yet-documented mail program.
Together they both read the info@shortstraw.be mailbox as a POP box, while leaving a copy of the messages on the server, which is an old-school way of sharing a mailbox.
Their technician, John, receives his to-do list from Annie onto his personal Gmail mailbox john.vercammen@gmail.com , so he can use his calendar on his smartphone.

Actually getting your hands dirty

For good form and for good measure you as the IT guy decide to visit the customer, because that’s what you do in cases like this. You go and check on what’s real instead of relying on end-user information.
No offence to you dear end-user, who might also be reading this article. I’m just stating the obvious, which is also the reason you contact an IT guy in the first place instead of performing the move to O365 yourself. 

After a small audit, you discover the situation to be as follows (example taken from real life) ⇒

Veritas !

You’ll notice already the subtle difference after you got your hands on the computer.
Seemingly unsignificant, there are a few things to be taken into account.

  • Windows Vista : the easiest one to notice AND resolve. Get rid of this product.
    Don’t upgrade to Windows 10 as this is not supported. You can always try to do a fresh W10 install, should the hardware support this, but see this as a sales opportunity.
  • Office 2007 OEM : 2 things.
    – you cannot reinstall (license-wise) an OEM license onto a new computer
    – don’t apply Office 2007 for future use in an O365 environment. I’ve mentioned this before. You’ll get into tons of trouble, such as calendars and contacts not synchronizing.
  • Office 2010 OEM : upgrade this to the latest service pack.
  • Windows 7 : try to get this to at least Service Pack 1.
  • info@shortstraw.be : only a copy of the messages is being held onto Annie’s computer, which means… Oliver probably has the most chance of having a more complete inbox.
    Every time Oliver checks the mails, Annie would no longer receive this mail if Oliver was the first to receive them.
  • oliver@shortstraw.be : make good note of all his aliases in the mailbox management system he’s currently using at his Belgian mail hosting company. Chances are he’s going to want to split this up into multiple boxes for overview purposes.
  • shortstraw@provider.be : an older POP mailbox that customers still use now and then. This mailbox is mainly kept for historical reasons, but Oliver wants to be able to at least read this mail in the future.
  • annie@shortstraw.be : has the cfo@ alias.
    She has her Outlook configured to receive her personal mails through IMAP. According to herself, this was intentional so that she could read her mails on her cell phone as well. This was never configured, however, but the situation remains to this day.
    Annie’s computer uses the local Outlook calendar to plan all things for the business, including keeping a double of the invites she sent to the technician.
  • John Vercammen : with the exception of having his LTE/4G data plan payed for by Shortstraw and receiving  his Samsung Galaxy S8 for work, he is not linked into the company network as such.

Analysis

Having all the information above, even as a layman at O365, you can see that there is much room for improvement, such as getting rid of old techniques for sharing a mailbox, getting your employees in sync with your company, upgrading software etc.
For this case, which is a fine example of a typical situation, my suggestions, based upon my personal experience and Office 365 support are the following (all mailflow suggestions can also be done in different ways; I just hand out the most common ones) :

  • Partly related to Office 365, I’d suggest getting rid of Windows Vista AND the Office 2007.
    I deliberately added the term ‘OEM’ in my example as OEM software cannot be transferred (in terms of license) to new hardware in case of Office and Windows.
    Even were Oliver to buy a new computer and he’d want to re-use his Office 2007 – which would have been an silly choice due to compatibility issues – OEM licensed software can’t be transferred to new hardware.
    In a related side-note : Office installations ‘bought’ through O365 can be installed on 5 computers for personal use.
  • Office 2010 on Annie’s computers needs to be upgraded to Service Pack 3.
    Her operating system, Windows 7, needs at least Service Pack 1.
  • info@shortstraw.be : this needs to become a so-called shared mailbox. Shared boxes have the same value as an ‘ordinary’ mailbox, but without a physical user linked directly to it. Hence, no financial cost is attached to this box.
    In the migration process, you’ll need to use Oliver’s computer for the most correct and up-to-date content of this mailbox, due to the nature of how ‘leave copy of messages on the server’ works in a POP3 environment (crf. Annie’s PC)
  • oliver@shortstraw.be / shortstraw@telenet.be : both boxes are POP mail. You can easily export these boxes through Outlook’s “Export to PST” function. Don’t forget to export all content of the mailbox, such as agenda and contacts
  • Speaking of contacts : a common mistake is confusing the autocomplete list in Outlook (that’s the list of addresses that appears when you start typing the first letters of an e-mail address) with an actual contact list.
    Seeing as you’ll be creating either a new profile in Outlook or a clean install on a new computer, you’re going to want to back up this list somewhere.
    Microsoft has a handy how-to on how to accomplish this.
    Should you want to dive a bit deeper in the markup of an NK2 file (which is the file extension for an autocomplete list up until Office 2013), I suggest downloading NK2Edit by Nirsoft (a website totally worth visiting for tons of handy tools, by the way)
  • annie@shortstraw.be : now this is an other story. IMAP mailboxes are to be handled with caution, due to their nature in which they are built.
    If you were to simply export an IMAP mailbox to a PST file, for import purposes later on in O365, you might run into the fact that only the mail headers are stored in the PST file. The actual content isn’t.
    Microsoft has yet another handy couple of ways of importing IMAP mailboxes. We’ll get to that when the actual process of importing starts.
    It basically involves the Office 365 servers at Microsoft connecting to the IMAP server themselves, without you having do anything client-side.
    You tell the servers in which mailbox to ‘dump’ the content of the remote IMAP mailbox and the process runs slowly in the background. You’ll have to ability to check on the status.
  • John Vercammen : don’t worry about John (yet). The implementation of integrating John in shortstraw.be is as easy as creating a new mailbox. There’s still a couple of options left open, such as integrating his personal gmail directly into his O365 and choosing the right subscription for John, depending on his specific needs (for instance if he wants to work from home on his personal computer and he’d need a Microsoft Office installed)
    The IT guy guides, Oliver decides.

 

As a personal thought exercise I suggest you try to come up with a couple more improvements for this customer’s network, as I’ve left some subtle ones yet unhandled.

In the next post, we start the process of migrating, while explaining every step’s why and how.

Office 365 Migration (2) – The needs and the means

If you’ve missed the previous post on O365, and/or haven’t got a clue what this product is, please read the previous blog post on this page. With that out of the way…

What are this ? This are this !

Cloud
The one true Cloud

What do we understand under the concept of ‘migration’ ? Migrating to an O365 environment can start from something as simple as ‘moving away from your mail provider, that gives you a your_name@generic_provider_name.com address’ to ‘getting your entire company in the cloud, files, authentication and the whole shenanigans‘.

As an IT implementer for your customer, you’ll need to converse with the end-user to figure out his exact needs. As an end-user you’ll let to have your IT implementor allow to ask you tons of question and have him perform a thorough audit of your current situation. More on this a bit further in this post.

Both parties will get the most out of it, this way.
There’s nothing more frustrating (well maybe there is, but you catch my drift) than having bought a product after which you realise this wasn’t really the thing for you.
Resellers will lose credibility, end-users will be needlessly frustrated and in the longer run, Office 365 will get a bad name for the wrong reasons.
Yes, there are right reasons for not liking O365. There are many cases in which O365 is not the thing for you. Sound advice from an IT professional will help you (I’m looking at both parties) make the right choice.

For the purpose of this entire explanation, we will create a completely non-existing company, entirely not based upon true facts or totally not taken from a real-life situation (insert disclaimer here).

We’ll call it Contoso Zupertails Inc. Shinra ShortStraw LLC.
Kudos to those that get the joke.
This company will be our example end-user, with its very own end-user needs.

 

Rolling start

vroom
pure nostalgia

Asking the correct questions will automatically get you a push in the right direction towards a succesful migration.
Don’t be bone idle and dare to ask questions. Standardisation is a wonderful thing for an IT provider, but leave some room for customisation.
You don’t want to end up being just a box-mover even though the box will be a virtual one in this case.

Eventually, you will create your own checklist, when having set up your own workflow for selling O365 as an IT partner. For now the following list of considerations is a fine way to start your audit.
Depending on the situation, some of these questions will be unnecesary.
I’ll also explain WHY you should ask these questions, as this is often a list that gets forwarded to either Microsoft or a CSP.

    • What is the current e-mail program (and is there room for change) ?An often unasked question that leads to unforseen timing issues in even the easiest of migration processes.
      E-mail in Office 365 is shown to advantage in its native functionality : an Exchange server in the cloud.
      Tons of functionality will be lost (calendar, contacts) when, for instance, using only IMAP or when trying to integrate your O365 in Microsoft Mail (default mail client in Windows 10) of Mozilla Thunderbird (mail client for cavemen or Linux users, not necessarily the same).Calculate extra time into your estimate, as an Outlook-to-Outlook migration is the easiest and fastest way to migrate.Also, if Outlook 2007 (or older… *shiver*) is still at play, you need to upgrade to at least version 2010 (with all necessary updates). Don’t listen to all those other websites that tell you that Outlook 2007 is compatible, because you’ll be in for some serious horror stories.
      Preferrably upgrade to the newest version of Office, which is something easily achieved through O365, as some subscriptions come with a physical copy of Office.
    • Know the current mail setup inside-out (and dare to innovate and change)
      Ex(c)ellent advice

      If change is considered a bad thing, maybe migrating to O365 isn’t your cup of tea.
      The process of migration is often linked to fear, as well as by customer as by implementer.

      That being said, it’s of the utmost importance to be aware of the current mailflow, amount of mailboxes, aliases, distribution groups, public and/or shared folders, …
      Also check if there’s any device such as an all-in-one printer or a standalone device sending out mail from the domain name to be used in the O365 environment and make note of the model and make, so you can look up its compatibility.

      Make note of every human entity, wanting to use your O365 setup within the environment of the end-user, because of the way the licensing system works.
      It’s not 100% true, but as a rule of thumb, you pay per physical user.

      With this knowledge, you can go and create a plan for the new mailbox setup, which doesn’t need to be a true one-to-one copy of its predecessor.
      For instance, in O365, shared mailboxes, aliases and distribution lists are completely free, whereas some (older) mail providers might charge you a small fee for this. The same goes for a mail forwarder.

      Don’t feel offended. For the purpose of being a completionist, here’s a short explanation of the mailboxes.

      a regular mailbox :  at the time of this writing and depending on the subscription, you get either a 50GB or a 100GB limit mailbox with your O365 mail subscription. Full Exchange support (calendar, tasks, contacts, …) and webmail included.
      Generally used as ‘user@domain.com’.-a shared mailbox : theoretically the same concept as the above. With the exception that no paid license is needed for this type of mailbox. You’ll need to configure user rights to the mailbox in order to allow others to access this, as a shared mailbox cannot be opened directly.
      Hey, nothing’s really free, right ?
      Usually, a shared mailbox is used as boxes in which multiple users can mess around. All changes made by user A will be seen by user B. In the past, this could only be achieved through IMAP.
      Another classic reason to use a shared mailbox : user X leaves the company, but you want his mails to be archived and visible for a certain list of people. In this case you can convert a mailbox to a shared box after which your paid license for this box gets released and can be used for somebody else.

      an alias : essentially an extra label that allows a mailbox to be addressed through an extra email address. E.g. the original mailbox Oliver.Shortstraw@shortstraw.com could get an alias os@shortstraw.com or oliver@shortstraw.com in order to make the mailbox address more accessible.

      a distribution list : a list of mailboxes grouped together under one general mail address.
      Sending to a distribution list will cause the mail to be received in all the members’ mailboxes.
      If user A deletes the mail from his mailbox, user B will not know this.
      The general consensus in using a distribution list, is that it’s mostly used for internal communication. O365 even allows turning on/off the option for this list to be available to the internet, so that you can use for example a technicians@shortstraw.com list to contact all your technicians in one mail.

      forwarding : not really a mailbox as it’s more of a feature you can activate on a mailbox (or even automate on a server-level. If set to a specific mailbox, a forwarder does nothing more than what its name already provides : it forwards mails to an other mail address (even outside your organisation)

  • Do you have access to DNS management for the domain which is to be integrated in O365 ?Migrating to O365 requires you to edit certain DNS records (more on this in a future post, where the actual process is explained). The time required to do this, is a crucial factor for a swift and painless migration.
    When you’re in the situation where you don’t have access to some form of DNS management interface and you’ll have to be e-mailing an internet provider or a webdesigner to get this process done, you’re best to consider moving the DNS name to another host, for your own personal ease of work.
    Sometimes, the DNS management is done by a webdesigner, as given as example above, because he or she created a website and held onto the domain management. In cases like this, it’s imperative to communicate beforehand with all parties included, in order to smoothen the entirety of the process as much as possible.
  • Does your IT Department have the expertise and time to complete the migration successfully?An often recurring question.
    Seeing as the aspect of ‘time of implementation’ has been touched a couple of times already, it’s no surprise the ‘expertise and time’ question appears here.
    For a succesful migration to work out, you’re going to need time.If you as a user will not plan your potential downtime, this WILL result in a large amount of unnecessary stress for your users and your IT implementor.

    O365 training
    Office 365 training links in the portal

    If you as an IT implementor do not plan your migration correctly, there WILL be downtime. A lot of it.
    It’s imperative that you notify all users (see below) of potential changes in their mail and data environment. On a small scale, this can be handled quickly by having a simple chat or sending a mail a couple of days before the actual migration.
    On a larger scale, this might involve training your users (and yourself).
    The Office 365 admin portal has handy links for this purpose only.

    Always have an IT partner ready as a backup in this case. And for good form, inform THEM as well on when you’re about to migrate 🙂

  • Have you discussed this with all your users ?The impact on time of availability of your users’ work environment is a factor not to be overlooked.
    As a father of a partly authistic kid, I can assure you that some people do not handle sudden changes very well.
    Communication is key in all of this.
    Even if it’s just informing your users of changes that are about to happen, the slightest status update is helpful in explaining why user X’s cell phone starts giving notifications and why user Y’s Outlook says ‘not connected’ in the taskbar.
    Depending on the situation, you’re going to have to either give the users a small heads-up or you’re going to have to write manuals and configure tons of computers.
    Yeay ! Job opportunities !
  • Do you have access to everything related to the internal network ?Often, you’ll need to move away from a local mail server or you’ll have to have access to users’ computers. Those users might not always have full rights on their computers to change settings.
    Very few firewall settings might have to be changed, mailboxes might need to be accessed on a local server etc. etc.
    These are just a few possible reasons for you to need access to the local resources on the user’s network.

A lot more questions remain to be asked, depending on the situation, but I guess you can already relate to this by now, after having read all the above.
Let me just Google that for you, right here, in case you want more information on this topic and what questions you need to ask yourself before cloudifying your mail and data situation.

In my next post, we might actually get our hand dirty and start doing things.

Office 365 Migration (1) – food for thought before you start

Obligatory blah blah

Office 365 logo

Having to give daily support on this (I can say ‘amazing’) product, I’ve decided to write a couple of mini-guides on migrating you current mail environment to an Office 365 as well as related topics.

Some screenshots are taken from http://www.itpromentor.com/ , a website by Alex Fields, who is a great technical blogger, so I gladly link back to his site.

 

Seeing as teaching new techniques to human beings is always about helping people remember the ‘why’ in order to better understand the ‘how’, I’ll try to get into a bit more detail in every piece of the explanation and guides.

Before starting out, I’m going to give a tiny commercial heads-up on Office 365 products (no, I’m not sponsored by Microsoft in any kind).
If you’re a business user and you use Outlook ‘like a bawz‘, but hate all the fuss and the inability to easily interact with all your colleagues and customers, this is the thing for you.
O365, as I’ll be calling the product from now on (it types faster), starts low-cost at just ‘mail in the cloud’, but can go as far as cloud authentication and co-authoring documents, following up on workflows depending on the content of a file etc. etc.

I’m not going to play the devil’s advocate and give you a full lowdown on why you shouldn’t use Google For Business, as this product has its own amazing features as well. Heck, I even use it myself, for my own domain name. Aaaaannnd just to prove my point : co-authoring a document is still easier in Google Suite (which is the other/newer name for Google For Business).

 

The concept

YESIf you’ve been living under a rock or you’re not into IT fashion words, I’d love to give you a small recap on the entire concept of O365.

Financially, there are two sides to this idea :

  •  as a reseller, you’re guaranteed a small recurring fee per month/year for all your customers that you deliver onto the platform. Preferably using a Microsoft CSP to help you out. Do not expect to get rich overnight. O365 as a business model requires you to sell the product as your own, adding extra value to the product, which brings us to the second financial side…
  • as an end-user or business-owner, what stops you from taking out your credit card and just paying Microsoft directly the same amount you would probably pay your IT partner, were he to just sell you the product, is the extra value and direct support you can get from him.
    I think we can all agree that in Microsoft’s eyes you are a small fry. Yes, even you, business-owner with 50 E3 accounts. This relates especially to the first-line support calls you will receive from a call-centre in Casablanca or Islamabad.
    O365 requires less but still sufficient support as if you’d be running your own data- or Exchange-server. Keep this in mind when making the purchase.
    – Will you install your own Active Directory from scratch ?
    – Are you up to configuring your own send and receive connectors ?
    – Do you have a plan in mind to perfectly set up your file structure in the cloud ?If all three questions can be answered with a ‘YES’, then hesitate no more and get your credit card out, surf https://portal.microsoftonline.com and figure it out yourself.
    Google will be your friend in this journey.
    The basic setup can be a bit overwhelming, but Microsoft has made managing your O365 environment relatively easy when you use only the web-interface.

 

Now that we’ve passed the money barrier, let’s talk practical specifics.

A general misconception (and I can totally understand the confusion here) is that O365 is a box you can buy in the local IT-minded supermarket.
It’s probably a misconception, BECAUSE THERE IS AN ACTUAL BOX YOU CAN BUY.

A wild bunch of Office 365 boxes in their natural state : unopened

We have to thank the lovely product managers at Microsoft for this confusing product naming here.
No, the actual products I’ll be talking about, are subscription-based products with names such as Business Premium (confused already ?), Exchange Plan 1, Office 365 E3, ProPlus etc.
The product name ‘Azure’ will be thrown around a lot too.

As a user, you’ll be paying Microsoft either directly or indirectly for a cloud-based solution that hosts your files, mail, calendar, without the hassle of maintaining your own physical server.
Other advantages include an always up-to-date version of Microsoft Office, an online collaboration platform (yes I’m talking about Sharepoint), a communication tool (Microsoft Teams, which used to be Lync/Skype for Business) and tons more.

The aforementioned Azure will also net you a true cloud server, if you’re in the running for something more than the default solution. As short-sighted as this very brief summary of Azure is, this post doesn’t really shed much light on Microsoft Azure.
Let’s say that calling it a ‘cloud server’ is an insult 🙂

 

DON’T PANIC

If you’re still reading this and haven’t run away in total disgust of either having to resell or having to use a Microsoft cloud product please keep an eye open for the next post on Office 365.
Also, that other fashion word, ‘Powershell’ : you’ll be hearing it a lot in advanced trainings.
Embrace it, don’t fear it.
If what you read in the above lines gives you the same feeling as watching a TV test signal, also don’t worry too much. Powershell is just a way of typing commands, just like good old DOS.
Plus you don’t HAVE to use it. It just helps with advanced management tasks.

There’s tons of online help available. Microsoft also allows you to play around in a 30-day trial environment.

Last but not least : ‘no stress’.
Happy reading.

Also : read onward here