Sunday, June 26, 2016

How I got my head out of my SaaS and into the Azure Cloud


We have spun out a new company to better service Office 365 tenants that want to sync the GAL and Public Folders to smartphones. Here is the story.


Thursday, February 18, 2016

Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

By Vern Weitzman

There are two types of permissions that you can give to a service account so that it can easily update contacts, appointments and sticky notes inside of users mailboxes. Delegation is the most common permission used for on-premise Exchange Servers. It allows granular permissions

 
This blog post shows the steps required to enable a user or service account to open mailboxes in impersonation mode on Office 365 Exchange.

  1. Log in to your Office 365 Management Console as a Global Administrator. Under the ADMIN menu, launch Exchange.


2) Next you will see the Exchange admin center.  Launch the admin roles menu beneath Permissions.


3) After you click admin roles, click the plus (+) symbol to add a new role. If another role already exists that has impersonation, you can just edit that role.

After you hit the plus (+) symbol to add a new role (or edit an existing one), the roles dialog appears.  If it’s a new role, type the name App Impersonation.


Add the service account under Members.   If you are using the cloud service and don’t have a service account yet, you should use grant the App Impersonation role to your mailbox (or to whatever mailbox that you used to set up the cloud service).

It can sometimes take several minutes for these changes to become active.

If you would like to enable App Impersonation via Powershell, read the blog post How to Configure an Office 365 Hybrid Premise Service Account.

Sunday, July 26, 2015

Sync the Office 365 GAL to Outlook

By Vern Weitzman

Sync the Office 365 GAL to iPhone, Android and Other Smartphones


You may already know that your iPhone and Android users will be much more productive if they have a cached copy of the GAL in their contacts.

If you are not familiar with the itrezzo Unified Contact Manager and want to sync the GAL,


Configuring itrezzo Contact Management with Azure AD
We recently worked with a customer that had 3000 mailboxes in their Office 365 GAL. The Unified Contact Manager, our unified contact management tool, was using Exchange Web Services and GAL sync was failing miserably.

We wanted to fall back to LDAP since they were running DirSync. Unfortunately, there were three different domains from different locations syncing into Office 365. Each of them had a unique copy of their local GAL. Office 365 had the only complete master copy of all GAL entries.

That is the point where we switched their GAL access type to Azure AD. Things worked perfectly after that.

If you want to Sync the Office 365 GAL to a smartphone, this post explains how and why you might need to use Azure AD.


Graph API

Office 365 Global Address List Types

The snapshot above shows three possible ways that the Unified Contact Manager can create a contact list using the GAL.

  1. If you have DirSync to on-premise AD, you can configure LDAP.
  2. The default method to sync the Office 365 GAL is Exchange Web Services (EWS).
  3. For an Office 365 GAL with more than a few hundred users, an ideal solution is to use Azure Active Directory. Microsoft provides access to Azure AD through the Graph API.

Setting up the Office 365 Tenant to use Azure AD

Using the Graph API connector does take a few extra steps.  The first requirement is to grant the itrezzo Unified Contact Manager permissions to use the Azure Active Directory. If you don't know how to do this, use the procedure detailed in this blog post.


This procedure has you save the Client ID and Tenant ID to the Notepad. You will need it below.


After Azure AD permissions are enabled, run the itrezzo Web Admin and open the Global Configuration Menu. Choose Global Address List.  Select Graph API and fill in your organization's information. An example is shown below.


Paste in the Client ID at the bottom of the Graph API settings.


The Tenant name should match the primary internet domain name.

Azure AD, LDAP, EWS
You should also have the Tenant ID in Notepad. Paste it to the Graph API Tenant ID shown above.  


The login credentials for a Tenant Admin should be used. Typically the itrezzo Service mailbox might lack tenant admin permissions.


Once you have saved the new credentials, restart the itrezzo ECO Platform service.


Under Active Directory, you should now see the GAL as it appears in Outlook on Office 365.  
You may need to click the gear icon in the top right corner of the grid to get Active Directory to refresh.

You can also create a collection. When you try to search the GAL to add members to the collection, it will now use Azure AD.  If this fails, Azure AD is not properly configured.

To diagnose failures, open the logs for the current day of the week.  Scroll to the bottom of the ECO log.  It will have some errors messages. Look for the Azure error result. If you can’t resolve this on your own, feel free to contact itrezzo Support.

Saturday, July 25, 2015

How to configure Azure AD and Office 365 for GAL Sync

By Vern Weitzman

Setup Azure Active Directory for a Native Application


When the itrezzo Unified Contact Manager runs as an on-premise application, it can be configured to access the Azure Active Directory using the Graph API.This blog post shows the steps required to configure an Azure AD Native Application so that it can authenticate and access the GAL (Global Address List).

Wednesday, April 1, 2015

Why should we migrate Exchange Server mailboxes to Office 365

By Vern Weitzman

Is it worth migrating corporate email to the cloud?


In the last year, I have peered into the Exchange Messaging infrastructure at about 100 different companies. These organizations range in size from 20 users, all the way up to 20,000 users.  

Three reasons to migrate Exchange Server mailboxes to Office 365
Many of these organizations have migrated Exchange Server mailboxes to Office 365 without losing control of their own messaging infrastructure.

This post focuses on three typical business situations. After migrating users to the cloud, Exchange Service levels have risen while capital and operating costs have dropped.

Tuesday, March 3, 2015

How to Sync Outlook Public Folder Calendars to iPhone and Android

By Vernon Weitzman

Sync Outlook Calendars to a group of iPhone Users

If you want to sync a calendar to Outlook users so they can view it on their iPhone, this blog post will give you step by step instructions on how to set that up.

If your company has desktop users opening shared calendars on Exchange Server, you may have already gotten a request to be able to access these folders on an iPhone or Android. If your company uses Office 365, CiraSync is a cloud service will allow you to sync a public folder to Outlook Calendars in about a minute.

A shared calendar is usually found in a Public Folder, or a shared mailbox. Hundreds of desktop users may have access to view the calendar. Unfortunately this capability is not readily available to smartphone users.

Solutions exist in the app store but they might require significant help desk support to install and configure the app on hundreds of smartphones. In a another blog post, I covered how to sync public contact folders to to dozens, or hundreds of smartphone users. The process for syncing a calendar is even simpler.

Why Sync Shared Calendars to Outlook?

The most common use case is to share a company calendar that is stored in a public folder. The folder would have company holidays and other events that company staff should be aware of. Other events include major product shipments, releases, closing of financial periods, or a plant shutdown.

We have some specific customers in the construction industry that have an interest in this capability. When they win gazillion dollar projects to build a large office building, or a data center, their livelihood depends on flawless project management.

Although it’s just a small piece of their collaboration suite, these customers can now insure that their entire team in the field will have up-to-date access to the project milestones and customer progress checks.

Setting up a Shared Calendar

Launch the itrezzo Web Administrator and expand the top level container called Unified Contact Manager.

Right Click on Calendar Distribution Lists.
Outlook calendar distribution list
How to add the Outlook Public Folder Calendar
Choose Create Calendar and a cascading menu will appear.
This is where you define the outlook sync public folder location
Choose Public Folder or Private Contact Folder
For the example shown below, we have selected a Public Folder as the source.
Public Folder selector for iPhone synce


The IDU public folder calendar has eight appointments.

After this folder selector dialog is saved, note that the selected folder appears near red circle #3 in the snapshot below.
Details of iPhone Public Folder Calendar Source


If you are just starting out, we recommend that you sync a calendar six months in the future (red circle #1) and also retain the prior two months (red circle #2) of appointments.

Defining the Calendar Target Criteria

The “Targets” of a Calendar Distribution List are the users who will receive a synched copy of the shared calendar. The targets can be any of the following:
  • A specific list of users selected from the GAL 
  • A Distribution Group from the GAL 
  • An itrezzo Contact Collection
In a previous blog post, I explained that itrezzo Contact Collections allow you to leverage existing groups, OU’s (Organizational Units), Dynamic DL’s and define exclusions when the groups have unwanted members.

The list of Targets is shown in the screen snapshot below at red circle #3. If you are testing this out for the first time, I recommend that you pick yourself, or a test mailbox as the sole target.

In the screen snapshot shown below, near red circle #1, there is a dropdown list to choose where the calendar is synced in the target users mailbox.
Select Outlook users target folder or sub-folder

If you choose the sub folder for your synced calendar, you must name the subfolder (red circle #2) that will be created beneath the default calendar folder. This name will appear both on the Outlook Desktop client as well as on an iPhone Calendar.

Run the Unified Contact Manager (UCM) on Demand

Now that we have established the CDL (Calendar Distribution List), it will run automatically after UCM logs on to a mailbox to update contacts. To validate the CDL just created, we will select the target user in the “User Statistics Container” and “Run UCM” on this user.

Validating the Public Folder Calendar Sync to Outlook and the iPhone

Outlook is the first where we will check to see that the “Dev Team” calendar was created. The best way to do this is with the “Folder List” view in Outlook. At the bottom of the Outlook navigation bar, we simply click on the folder icon as shown by the green arrow.

Now we can navigate to the Calendar and expand it to see subfolders.
Outlook Sub folder and Folder List view
Outlook Desktop Folder List View


We can clearly see the Dev Team folder, select it and see the contents (not shown here).

Now we will switch to the iPhone for this user mailbox. If we open the Calendar app, we see an option (Circled in red) at the bottom to display a list of the synced calendars.
iPhone Calendar Outlook Sync
iPhone Calendar App - Show Available Calendars
Choose the Calendars option and the screen below appears and we see a calendar called “Dev Team” with an orange dot preceding it. From this screen we can choose which calendars will be displayed in the default calendar.
Outlook public folder synced to iphone
Public Folder that Synced to iPhone
If we leave all calendars checked and return to the calendar view, we can see that the Dev Team appointment below has an orange bar preceding it.

iphone appointments synced from exchange public folder
iPhone appointments synced from Exchange Public Folder
Some additional things we can test:
  • Add an appointment - does it get added to target users ?
  • Delete an Appointment - does the appointment get removed from the target calendar? 
  • Change the time of an appointment - target user appointment must mirror the source.
After we have tested the calendar sync to one Outlook user and their smartphone, we can now expand the list. The Target user list can include a single department, or a collection which spans the entire organization.

Which Exchange Server versions can we iPhone Calendar Sync?

Yes, this solution will work with to sync calendars to iPhone users on Office 365. Here is the complete list of Supported Exchange Server versions:
  • Office 365 
  • Exchange Server 2003 
  • Exchange Server 2007 
  • Exchange Server 2010 
  • Exchange Server 2013

How much does Outlook to iPhone Calendar Sync Cost?

The cost for this cool feature ranges anywhere from mostly free, to completely free.

If you are already an itrezzo customer, your current user licenses will allow calendar sync functionality. If you are not a customer, you can get five free user licenses which will allow both contact and calendar sync.

If you would like to self install, we would recommend this blog post to get an application server setup on Windows 2012.

We are planning to release a 10 user free calendar sync package. If you are in hurry, please fill out the itrezzo contact form.

Monday, December 15, 2014

How Does Unified Contact Management Affect the ROI of Daily Productivity

A unified contact management solution is certain to produce a positive ROI on daily productivity for you business.

Unified Contact Manager
Breakdown in Contact Management
JFK once said,
"The time to repair the roof is when the sun is shining."

After the Crises is a Mistake 

Too often companies think about problems AFTER the fact. This is a mistake.