Secret ingredients to quality software

SSW Foursquare

Rules to Better Office 365 - 5 Rules

If you still need help, visit our Office 365 consulting page and book in a consultant.

  1. Using Active Directory Federation Services (ADFS) lets you use one account to log into multiple systems, through Single Sign-On (SSO).

    ADFS is built upon SAML 2.0 protocol (Security Assertion Markup Language), allowing secure exchange of authentication data.

    With ADFS, you can use only one account (generally created on your on-premises Active Directory (AD) server) to log into multiple systems e.g. Dynamics 365 CRM, Office 365 and many others.

    This implementation gives you security over which users are acessing which application with which accounts, and also reduces the surface for attacks on having many accounts with many different passwords:


    Figure: Good Example - Using one account on many systems

    ADFS also gives you a solution in other corner cases:

    1. When you want to use Office 365 and not store your password on the cloud; 2. When you want the authentication to take place on-premises; 3. When you want to create a trust between SharePoint on-premises and Azure AD; 4. Amongst many others. adfs

    Figure: Good Example - Using SSO to log into CRM with your on-premises account

  2. Azure Active Directory (AAD) Password Hash Synchronization (PHS) is one of the methods you can use if you want to have your identities synced to the cloud, alongside Pass-through Authentication (PTA) and Federation with AD FS.If you have a hybrid identity in place with AAD, chances are you are already synchronizing password hashes to the cloud with Azure AD Connect Sync.

    AAD PHS synchronizes the password in on-premises AD with AAD so you can use your on-premises password to login to cloud services, like Azure or Office 365. It also allows you to implement Seamless Sign-On for domain-joined machines, so users don't need to login twice when opening their emails in a browser, for example.

    AAD PHS also allows you to have an absolute lean infrastructure on-premises, as the only needed moving part is Azure AD Connect Sync to be installed in a server or Domain Controller. No agents or internet-facing machines necessary.

    The web requests don't even come to your server, they are server by Microsoft's big pool of servers around the globe!

    aad phs
    Figure: Good Example – AAD PHS infrastructure workflow

    You can check out a deep dive of AAD PHS in official Microsoft documentation at What is password hash synchronization with Azure AD?

  3. If you have an on-premises Skype for Business (S4B) server, and you want to upgrade to Microsoft Teams, you need to setup S4B in Hybrid mode with your Office 365 tenant first.

    Microsoft Teams is going to replace Skype and Skype for Business in the near future - which means an upgrade will be necessary soon.

    1. To leverage the full features of Teams, you need to first setup Hybrid on your S4B on-premises server. This is no small task, and you can find the full instructions on how to do that here   2. After setting up a Hybrid environment, you will need to migrate all your users from S4B to Teams. This involves 2 steps (if you have an on-premises S4B):       a. Moving from S4B on-premises to S4B online (instructions);       b. Moving from S4B online to Teams. (instructions)
    • In Teams, add a Dynamics tab
    • In Dynamics, add a Teams URL field

    integration teams 365
    Figure: Dynamics 365 tab in MS Teams (also showing the Teams URL field, two birds in one stone)

  4. The default message size limit in Exchange Online is 25MB. Even though email attachments are not the best way to share a large file, sometimes it is the only option - and these days, 25MB is quite small. This default limit should be increased; it is easy to do so from the Exchange admin center or Exchange Management Shell.

    It is important to remember that the maximum email attachment size will also depend on the person receiving the email - their email service will need to accept the larger size. For example, Gmail's default limit is also 25MB.

    Changing the default in Exchange admin center

    1. Go to Exchange admin center | Recipients | Mailboxes | Set default message size restrictions
    2. Enter the maximum size you would like to set in KB for both sending and receiving, and click Save. We have it set to 35MB (35,840KB).

    exchange default message limits
    Figure: Default message size restrictions in Exchange admin center

    Note that this will only apply to new mailboxes. To change the restrictions for existing mailboxes, from the same page you can select one, several or all existing mailboxes, and click Message size restrictions. As above, enter the desired maximums and click Save.

    exchange user message limits
    Figure: Existing mailbox message size restrictions in Exchange admin center

    Changing message limits in Exchange Management Shell

    Of course, this can also be done with the Exchange Management Shell, for example:

    Set-Mailbox -Identity "Adam Cogan" -MaxSendSize 35mb -MaxReceiveSize 35mb

    Exchange Online limits - Service Descriptions | Microsoft Docs

    Configure message size limits for a mailbox | Microsoft Docs

We open source. Powered by GitHub