Sunday, June 26, 2016

How I got my head out of my SaaS and into the Azure Cloud

We have spun out a new company to better service Office 365 tenants that want to sync the GAL and Public Folders to smartphones. Here is the story.

Thursday, February 18, 2016

Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

By Vern Weitzman

There are two types of permissions that you can give to a service account so that it can easily update contacts, appointments and sticky notes inside of users mailboxes. Delegation is the most common permission used for on-premise Exchange Servers. It allows granular permissions

This blog post shows the steps required to enable a user or service account to open mailboxes in impersonation mode on Office 365 Exchange.

  1. Log in to your Office 365 Management Console as a Global Administrator. Under the ADMIN menu, launch Exchange.

2) Next you will see the Exchange admin center.  Launch the admin roles menu beneath Permissions.

3) After you click admin roles, click the plus (+) symbol to add a new role. If another role already exists that has impersonation, you can just edit that role.

After you hit the plus (+) symbol to add a new role (or edit an existing one), the roles dialog appears.  If it’s a new role, type the name App Impersonation.

Add the service account under Members.   If you are using the cloud service and don’t have a service account yet, you should use grant the App Impersonation role to your mailbox (or to whatever mailbox that you used to set up the cloud service).

It can sometimes take several minutes for these changes to become active.

If you would like to enable App Impersonation via Powershell, read the blog post How to Configure an Office 365 Hybrid Premise Service Account.

Sunday, July 26, 2015

Sync the Office 365 GAL to Outlook

By Vern Weitzman

Sync the Office 365 GAL to iPhone, Android and Other Smartphones

You may already know that your iPhone and Android users will be much more productive if they have a cached copy of the GAL in their contacts.

If you are not familiar with the itrezzo Unified Contact Manager and want to sync the GAL,

Configuring itrezzo Contact Management with Azure AD
We recently worked with a customer that had 3000 mailboxes in their Office 365 GAL. The Unified Contact Manager, our unified contact management tool, was using Exchange Web Services and GAL sync was failing miserably.

We wanted to fall back to LDAP since they were running DirSync. Unfortunately, there were three different domains from different locations syncing into Office 365. Each of them had a unique copy of their local GAL. Office 365 had the only complete master copy of all GAL entries.

That is the point where we switched their GAL access type to Azure AD. Things worked perfectly after that.

If you want to Sync the Office 365 GAL to a smartphone, this post explains how and why you might need to use Azure AD.

Graph API

Office 365 Global Address List Types

The snapshot above shows three possible ways that the Unified Contact Manager can create a contact list using the GAL.

  1. If you have DirSync to on-premise AD, you can configure LDAP.
  2. The default method to sync the Office 365 GAL is Exchange Web Services (EWS).
  3. For an Office 365 GAL with more than a few hundred users, an ideal solution is to use Azure Active Directory. Microsoft provides access to Azure AD through the Graph API.

Setting up the Office 365 Tenant to use Azure AD

Using the Graph API connector does take a few extra steps.  The first requirement is to grant the itrezzo Unified Contact Manager permissions to use the Azure Active Directory. If you don't know how to do this, use the procedure detailed in this blog post.

This procedure has you save the Client ID and Tenant ID to the Notepad. You will need it below.

After Azure AD permissions are enabled, run the itrezzo Web Admin and open the Global Configuration Menu. Choose Global Address List.  Select Graph API and fill in your organization's information. An example is shown below.

Paste in the Client ID at the bottom of the Graph API settings.

The Tenant name should match the primary internet domain name.

You should also have the Tenant ID in Notepad. Paste it to the Graph API Tenant ID shown above.  

The login credentials for a Tenant Admin should be used. Typically the itrezzo Service mailbox might lack tenant admin permissions.

Once you have saved the new credentials, restart the itrezzo ECO Platform service.

Under Active Directory, you should now see the GAL as it appears in Outlook on Office 365.  
You may need to click the gear icon in the top right corner of the grid to get Active Directory to refresh.

You can also create a collection. When you try to search the GAL to add members to the collection, it will now use Azure AD.  If this fails, Azure AD is not properly configured.

To diagnose failures, open the logs for the current day of the week.  Scroll to the bottom of the ECO log.  It will have some errors messages. Look for the Azure error result. If you can’t resolve this on your own, feel free to contact itrezzo Support.

Saturday, July 25, 2015

How to configure Azure AD and Office 365 for GAL Sync

By Vern Weitzman

Setup Azure Active Directory for a Native Application

When the itrezzo Unified Contact Manager runs as an on-premise application, it can be configured to access the Azure Active Directory using the Graph API.This blog post shows the steps required to configure an Azure AD Native Application so that it can authenticate and access the GAL (Global Address List).

Wednesday, April 1, 2015

Why should we migrate Exchange Server mailboxes to Office 365

By Vern Weitzman

Is it worth migrating corporate email to the cloud?

In the last year, I have peered into the Exchange Messaging infrastructure at about 100 different companies. These organizations range in size from 20 users, all the way up to 20,000 users.  

Three reasons to migrate Exchange Server mailboxes to Office 365
Many of these organizations have migrated Exchange Server mailboxes to Office 365 without losing control of their own messaging infrastructure.

This post focuses on three typical business situations. After migrating users to the cloud, Exchange Service levels have risen while capital and operating costs have dropped.

Tuesday, March 3, 2015

How to Sync Outlook Public Folder Calendars to iPhone and Android

By Vernon Weitzman

Sync Outlook Calendars to a group of iPhone Users

If you want to sync a calendar to Outlook users so they can view it on their iPhone, this blog post will give you step by step instructions on how to set that up.

If your company has desktop users opening shared calendars on Exchange Server, you may have already gotten a request to be able to access these folders on an iPhone or Android. If your company uses Office 365, CiraSync is a cloud service will allow you to sync a public folder to Outlook Calendars in about a minute.

A shared calendar is usually found in a Public Folder, or a shared mailbox. Hundreds of desktop users may have access to view the calendar. Unfortunately this capability is not readily available to smartphone users.

Solutions exist in the app store but they might require significant help desk support to install and configure the app on hundreds of smartphones. In a another blog post, I covered how to sync public contact folders to to dozens, or hundreds of smartphone users. The process for syncing a calendar is even simpler.

Why Sync Shared Calendars to Outlook?

The most common use case is to share a company calendar that is stored in a public folder. The folder would have company holidays and other events that company staff should be aware of. Other events include major product shipments, releases, closing of financial periods, or a plant shutdown.

We have some specific customers in the construction industry that have an interest in this capability. When they win gazillion dollar projects to build a large office building, or a data center, their livelihood depends on flawless project management.

Although it’s just a small piece of their collaboration suite, these customers can now insure that their entire team in the field will have up-to-date access to the project milestones and customer progress checks.

Setting up a Shared Calendar

Launch the itrezzo Web Administrator and expand the top level container called Unified Contact Manager.

Right Click on Calendar Distribution Lists.
Outlook calendar distribution list
How to add the Outlook Public Folder Calendar
Choose Create Calendar and a cascading menu will appear.
This is where you define the outlook sync public folder location
Choose Public Folder or Private Contact Folder
For the example shown below, we have selected a Public Folder as the source.
Public Folder selector for iPhone synce

The IDU public folder calendar has eight appointments.

After this folder selector dialog is saved, note that the selected folder appears near red circle #3 in the snapshot below.
Details of iPhone Public Folder Calendar Source

If you are just starting out, we recommend that you sync a calendar six months in the future (red circle #1) and also retain the prior two months (red circle #2) of appointments.

Defining the Calendar Target Criteria

The “Targets” of a Calendar Distribution List are the users who will receive a synched copy of the shared calendar. The targets can be any of the following:
  • A specific list of users selected from the GAL 
  • A Distribution Group from the GAL 
  • An itrezzo Contact Collection
In a previous blog post, I explained that itrezzo Contact Collections allow you to leverage existing groups, OU’s (Organizational Units), Dynamic DL’s and define exclusions when the groups have unwanted members.

The list of Targets is shown in the screen snapshot below at red circle #3. If you are testing this out for the first time, I recommend that you pick yourself, or a test mailbox as the sole target.

In the screen snapshot shown below, near red circle #1, there is a dropdown list to choose where the calendar is synced in the target users mailbox.
Select Outlook users target folder or sub-folder

If you choose the sub folder for your synced calendar, you must name the subfolder (red circle #2) that will be created beneath the default calendar folder. This name will appear both on the Outlook Desktop client as well as on an iPhone Calendar.

Run the Unified Contact Manager (UCM) on Demand

Now that we have established the CDL (Calendar Distribution List), it will run automatically after UCM logs on to a mailbox to update contacts. To validate the CDL just created, we will select the target user in the “User Statistics Container” and “Run UCM” on this user.

Validating the Public Folder Calendar Sync to Outlook and the iPhone

Outlook is the first where we will check to see that the “Dev Team” calendar was created. The best way to do this is with the “Folder List” view in Outlook. At the bottom of the Outlook navigation bar, we simply click on the folder icon as shown by the green arrow.

Now we can navigate to the Calendar and expand it to see subfolders.
Outlook Sub folder and Folder List view
Outlook Desktop Folder List View

We can clearly see the Dev Team folder, select it and see the contents (not shown here).

Now we will switch to the iPhone for this user mailbox. If we open the Calendar app, we see an option (Circled in red) at the bottom to display a list of the synced calendars.
iPhone Calendar Outlook Sync
iPhone Calendar App - Show Available Calendars
Choose the Calendars option and the screen below appears and we see a calendar called “Dev Team” with an orange dot preceding it. From this screen we can choose which calendars will be displayed in the default calendar.
Outlook public folder synced to iphone
Public Folder that Synced to iPhone
If we leave all calendars checked and return to the calendar view, we can see that the Dev Team appointment below has an orange bar preceding it.

iphone appointments synced from exchange public folder
iPhone appointments synced from Exchange Public Folder
Some additional things we can test:
  • Add an appointment - does it get added to target users ?
  • Delete an Appointment - does the appointment get removed from the target calendar? 
  • Change the time of an appointment - target user appointment must mirror the source.
After we have tested the calendar sync to one Outlook user and their smartphone, we can now expand the list. The Target user list can include a single department, or a collection which spans the entire organization.

Which Exchange Server versions can we iPhone Calendar Sync?

Yes, this solution will work with to sync calendars to iPhone users on Office 365. Here is the complete list of Supported Exchange Server versions:
  • Office 365 
  • Exchange Server 2003 
  • Exchange Server 2007 
  • Exchange Server 2010 
  • Exchange Server 2013

How much does Outlook to iPhone Calendar Sync Cost?

The cost for this cool feature ranges anywhere from mostly free, to completely free.

If you are already an itrezzo customer, your current user licenses will allow calendar sync functionality. If you are not a customer, you can get five free user licenses which will allow both contact and calendar sync.

If you would like to self install, we would recommend this blog post to get an application server setup on Windows 2012.

We are planning to release a 10 user free calendar sync package. If you are in hurry, please fill out the itrezzo contact form.

Monday, December 15, 2014

How Does Unified Contact Management Affect the ROI of Daily Productivity

A unified contact management solution is certain to produce a positive ROI on daily productivity for you business.

Unified Contact Manager
Breakdown in Contact Management
JFK once said,
"The time to repair the roof is when the sun is shining."

After the Crises is a Mistake 

Too often companies think about problems AFTER the fact. This is a mistake.

Thursday, October 30, 2014

Exchange Server 2013 MAPI profile Generator

By Vern Weitzman

What do telephone books have in common with Exchange server MAPI applications? For starters, there won't be any extensive investment in either of these technologies. They will both be relics of the past and no one will miss them.

Even though we are working diligently to support EWS in our contact management software, we occasionally have a requirement for a stand alone MAPI profile when connecting to Exchange. However, Exchange 2013 radically changed the requirements for building a profile. Since Microsoft recommends against installing Outlook, and using it to run MAPI background services, that means we can’t use Outlook to create a profile.

When you run the standalone MAPI/CDO component, the documented procedure to build an Exchange 2013 profile is not user friendly. You need to be proficient with MFCMAPI and very meticulous with a hex editor. After several attempts at this process, profanity is commonly expressed.

I had the pleasure of creating an Exchange 2013 Server profile for many server installations and it was obvious that we should never ask a customer to do this procedure. For my own sanity, I tasked one of our engineers to create an app to automate Exchange 2013 profile generation. You can download the itrezzo MAPI generator here. The download is just a zip file. Extract the contents into a subfolder and run iaProfGen.EXE.

Run on iaProfGen

Note: If you are setting up a MAPI application to run as a Windows Service, be sure to logon as the service account since the MAPI profile has to be accessible in HKEY_CURRENT_USER.

Run iaProfGen ( double click or open the application ) and this window will appear.

itrezzo MAPI profile generator
  1. Select Exchange 2013 as shown above 
  2. Be certain that the identity is the owner of the service account mailbox 
  3. Name the profile 
  4. Click the Discover button
MAPI profile generator

  1. Note that the unique server identifier for the Exchange Server is automatically filled in 
  2. If your environment supports AutoDiscover, the RPC proxy server or CAS will be filled in. If it is empty after AutoDiscover, you have to enter this manually. 
  3. Hit the configure button to create the MAPI profile
Exchange Server MAPI profile generator

Watch the log window to insure that the profile was created successfully.

Now hit the Test button to insure that the profile works.

test MAPI profile generator

All constructive feedback is welcome in the comments below and feel free to learn more about itrezzo contact management solutions.

Monday, September 15, 2014

Configuring Unified Contact Management on Windows 2012

By Vern Weitzman

The itrezzo installer can automate several of the required features on Windows 2008 Server. However, Windows 2012 server is quite a bit different and you will need to add ASP.Net, Windows Authentication, WCF, Dynamic HTTP activation and other options shown below.

Friday, August 8, 2014

Sync SalesForce to iPhone, Android and BlackBerry via Exchange Server Contacts

By Vern Weitzman

Sync SalesForce Contacts to an iPhone and Increase Your Bottom Line

How many times has someone on your sales team missed a client call because the right contact information wasn’t in his or her phone?

If you answered even once, it’s too often.

Wednesday, June 18, 2014

Sync Smartphone Contacts using Collections

Optimize AD Groups for Contact Lists
By Vernon Weitzman

Smartphones, Contact Collections and the Global Address List

There are many elegant things about Active Directory. One thing that has always impressed me is the simplicity, reliability and scalability of AD Groups.  When constructing groups,  it is trivial to insert mailboxes, contacts or domain users as members of a group. We also have the flexibility to nest groups inside of groups. When we ultimately send an email to a distribution group, the expansion happens on the server and can recursively include dozens or even hundreds of groups and thousands of recipient objects.