Don’t turn into a pumpkin because of DirSync with your Office 365 system

I feel like I may have already mentioned this on the Twitter, but I feel like I need to put out a reminder PSA for folks that perhaps were asleep at the terminal or looking at their iPhone playing Pokemon Go… DirSync and AzureAD Sync Service will no longer connect as of 1 January 2018. Only AzureAD Connect will actually be able to connect to AzureAD to allow for imports of projected identities from your on-premises Active Directory or other LDAP based system.

You have been informed.

Why would I be using DirSync you might ask yourself? The primary reason being so that you’ve got all of your users’ identities and attribute information showing up properly within Office 365 (or within other applications that you’re hosting within Azure and need an identity source to pull from). Where do these user identities show up you might ask yourself? Within any contact card or anything that tracks a user.

Moving on… About a year ago, in April 2016, Microsoft deprecated DirSync and Azure AD Sync Services in favor of AzureAD Connect. They did this in a blog post. Some people may have missed it. Others put a sticky note in their cubical and then forgot it when another sticky note was placed on top of it reminding them to renew an SSL certificate.

If you’re not familiar with AzureAD Connect, you probably haven’t logged into your Azure portal (oh, by the way, it’s no longer manage.windowsazure.com, but rather it’s portal.azure.com) or you haven’t logged into the Admin terminal of your Office 365 portal to check on your Directory Synchronization status. Regardless, the time has come to go and figure out what you’re going to do so that your directory synchronization with AzureAD doesn’t go offline and break because of lack of upgrading to what is supported.

How do you go about upgrading to AzureAD Connect? RTM… or read the manual for those that aren’t familiar with acronyms.

Where do I find the manual though?

I’m glad you asked… as a typical search using your favorite search engine probably wouldn’t bring up the results until you clicked on the Search button. . .

Okay, so seriously, where’s the guidance for upgrading?

Check it out here https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated.

Alternatively, Microsoft has additional documentation as a part of the AzureAD Connect installation documentation on how to upgrade over here –

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-upgrade-get-started

All in all, it’s pretty simple to upgrade to your basic environments. If you have additional complex rule sets for performing combinations of actions while performing a projection into AzureAD from your on-premises AD, you’ll want to go in and figure out what they are within the MIIS Client so that you can recreate them or validate them within AzureAD Connect.

Good luck and hope that you’re able to make the deadline of midnight on the 31st of December as we ring in the new year!

Favorite Podcasts… 2017 List

It’s interesting to look back at the past year and realize that I haven’t really been listening to all that many podcasts – whether professionally or personally. There are a few that are epic that should be on everyone’s queues to include:

There are several others out there but the above are the ones you’ll probably find me listening to. Maybe.

And maybe at some point when life slows down we’ll have Brewery.fm come back to life… http://www.brewery.fm

Happy casting!

Azure’s Access Control Services Retiring

If you’ve been working with Azure for a while you may have come across a need to make use of Azure’s Access Control Services. This service offering or capability effectively allowed developers to create something that was hosted on Azure but have authentication and authorization to be completed performed outside of the application that a developer was building.

In many cases, developers that were looking to integrate with services like Facebook, Twitter, or another Active Directory would make use of ACS to handle the authentication and authorization and allow the developer to focus on what they were developing within their App. This was great in that it was effectively performing a lot of heavy lifting without a lot of code.

As Azure is continuing to evolve, change happens and in this case we see Access Control Services entering a deprecated state where it will no longer be support as of November 7, 2018. What’s all this mean to you? Perhaps nothing if you’re not using ACS. If you are however using ACS, it’s still fully operational, but similar to the Death Star, in the near future it will cease to exist.

More about this activity is available here on the Microsoft Azure Blog – https://azure.microsoft.com/en-us/blog/time-to-migrate-off-access-control-service/

If however you say to yourself, “I’ve been using ACS for a while and my app relies upon it heavily…” Fear not, there’s a published migration path that you can make use of… you can check it out here – https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-acs-migration

Nonetheless, consider yourself informed when you’re working with a client or with your fellow developers that you’ll need to consider how to begin building a transition plan to make use of something like Azure Active Directory or another offering of Azure’s per the migration guidance aforementioned. Happy developing!

Traveling in Style…

For those that don’t know me, I’m not a huge fan of flying. I’m not certain why to be honest… as a kid I flew across the Atlantic a few times, even across the Pacific to go to Hawaii. Nonetheless, recently on a flight to the midwest I was impressed at how much quieter flights are these days… granted the Bose QC35’s are pretty helpful. If only the flights could be shorter… guess what, companies are working on that.

Looking at some of the technological innovation to press forward toward supersonic flight is pretty darn cool. There’s the Elon Musk route of ferrying people up into sub orbital flight to get anywhere on the planet in 45 minutes. But for those that are looking for a slightly more affordable flight, several companies are working on supersonic or near supersonic flight.

If you’ve never heard a sonic boom – you’re missing out. It’s pretty loud. Check your newspapers for an air show and typically they’ll have a plane zoom by super fast and you’ll go, “Whoa that was amazing!”

Most supersonic flights that were on the Concorde were over the ocean so as to not cause too much noise pollution with the sonic boom. As someone that lives near an airport, I can say I definitely wouldn’t be a fan of hearing the window panes rattle every morning as flights started arriving.  Granted, I suppose it would be akin to the rattle that they make when the Millennium Falcon causes when it drops out of Hyperspace…

Nonetheless, aerospace engineering is working on getting you from point A to point B quicker.  More here if you’re interested… http://www.techradar.com/news/the-jet-age-is-over-here-comes-supersonic-hyper-mach-travel

Office 365 Group Management and Auto-Expiration Public Preview

If you’ve been working with Microsoft SharePoint Products and Technologies, you probably remember a utility that was made available as a part of SharePoint Server 2003 to automatically delete old site collections that hadn’t been worked with in a while. This was an incredibly helpful utility for system administrators that were watching their SharePoint systems grow virally with the use of Self Service Site Collection creation.

If you’re not familiar with Self Service Site Collection Creation, it’s probably because it was removed from the SharePoint Products and Technologies and then brought back. Self Service Site Collection creation was incredibly beneficial to when users needed to get something up and running as quickly as possible but typically meant that users were creating site collections that may or may not have necessarily fit within the taxonomy of sites that were being implemented by their organization. What does that mean? Well, in some instances duplicative sites and site collections that were owned by different individuals that perhaps weren’t knowledgeable of one another were created, nor did they always find out that the other site / site collection existed since SharePoint Search follows the permissions model and trims out things that you don’t have access to see.

With Office 365’s SharePoint Online, site collection followed a similar life cycle where only certain individuals (SharePoint Service Administraotrs) had the ability to create them. This helped to limit the sprawl of site collections and knowledge but in some instances caused end users to use other Rogue IT services as they found the process for creating a new site to be cumbersome.

Enter in Office 365 Groups and the ability for end users to quickly stand up a collaboration group without the need of an approval from an IT Manager or someone concerned with site taxonomy.  This effectively allows end users to provision a document library, a OneNote notebook, a calendar and a running history of messages that have been sent to the group. Sure it’s possible for the overarching administrator to turn this capability off (Groups) but the question then becomes, “Do you want to limit what your users can do with this Software as a Service platform and limit their ability to collaborate?” That’s a question that I know I comes up regularly – primarily when it comes to governance.

Back with SharePoint Server 2003 the added ability to have a script run and determine when a site collection was last modified which gave them the ability to then send an email to the site collection owner asking them if they were still using the site. Alternatively it was possible to just have the script watch and if it didn’t see a change over a certain period the site collection would be deleted.  Pretty handy – this actually was introduced with Office 365 in OneDrive for Business service for when a user’s license was removed for Office 365 (14 days later their OneDrive for Business went away). Fortunately Microsoft has worked on the tooling for the OneDrive for Business capability to allow a little more flexibility as to how this now works.

In similar fashion the Microsoft Office 365 Groups has a capability announced recently to allow for a similar function of a “soft delete” with a 30 day window to get an Office 365 Group back. The messages that this will send seem to be a bit friendlier based on the blog post from the Enterprise Mobility and Security Blog‘s article “Azure AD Automated Expiration for Office 365 Groups in Public Preview“.

Personally I see this as a great capability but also realize that there will be some gotchas. Specifically in that when a Group is created, an Exchange Distribution list is created. This is helpful since you’re able to have message traffic sent to this address. However if you think about the use case where a Group is deleted and the users fail to realize that the e-mail address that they received notifications on now no longer exists, there may be problems for end users.

Additionally it should be noted per the configuration documentation that an Azure AD Premium license is required to implement Office 365 Group Expiration – if you don’t have these they’re available at a per user cost and have several benefits in addition to this.

All in all, definitely an exciting feature and functionality but wondering how things will work for organizations where end users are truly business users that don’t quite understand all the components of an Office 365 Group or what the information lifecycle truly is…

Reston SharePoint User Group – August 2017

Every so often, I take a few nanoseconds and reflect on the activities within the community. Like everything in life, things ebb and flow. In the case of the SharePoint and Office Server and Services community though, it continues to thrive. This past weekend the Women in SharePoint Group within the DC area hosted a terrific set of sessions. The other SharePoint and Office 365 user groups in the area continue to grow in their respective communities, supporting their members and helping to continue to encourage growth in knowledge and practice.

This week at the Reston SharePoint User Group, we had the privilege of Matt Wade of H3 Solutions presenting on Microsoft’s Groups capability and how it relates to end users and the solutions that they are looking to build on top of the Office 365 platform.

Matt brings the topic down to earth and rather than getting muddied in the provisioning that takes place behind the scenes for Groups to work appropriately, he hones in on the end user and their interactions with Groups and their benefits to the users.

All in all, a decent turnout for the presentation and great engagement with the group. Thanks to Matt for presenting and also for the attendees for engaging and continuing to thrive! I look forward to having the honor of working with Microsoft and the local Community to continue to help users find benefit from tools that they’re provided with.

If you’re not engaged with one of the local area user groups in the DC area, check out Reston SPUG, they meet the first Monday of the month typically (holidays sometimes push the group to meet the second Monday).

Azure QuickStart Templates

If you’re like me you prefer to automate things as much as possible. In some instances that means using desired state configuration, in other instances it’s launching a series of PowerShell scripts. This saves time and helps to ensure a configuration that’s repeatable and easy to kick off without a ton of work – yes there are parameters that occasionally you have to set (e.g., passwords, IP addresses, etc.).

Enter into the mix that this helps to an extent. Then you start looking at Azure and the Resource Management templates and you realize that you can automate a good chunk of these operations… of course this means that you go out and quickly learn JSON so that you’re able to create your own.

Newsflash – there are quick start templates that Microsoft already has out there for you to use. That’s right, community driven and for the most part Microsoft supported. Where do you find them you might ask? Well if you use a search engine of your choice (Google, Bing, Yahoo, Duck Duck Go) you’ll probably find them rather quickly, but for your convenience they’re also here – https://azure.microsoft.com/en-us/resources/templates/

The templates can be launched directly from the template pages into an Azure subscription or if you find that you want to use these as a starting point, you can open the GitHub repo that’s associated with the templates, fork it and modify it to your hearts desire.

Bottom line? Don’t ignore these resources. You’ll occasionally run into a bug when a template references an older version of an Azure disk image, but to get around that just identify the issue and put in a pull request for the group that maintains that particular QuickStart template to update it.