Blocking Outlook App for iOS & Android

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0″ (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.

Ignite 2015 Session Catalog is here!

ignite ButtonA short heads-up as the session catalog for Microsoft Ignite has been published. So, if you are still undecided or already want to pick ‘must see’ sessions for your schedule, you can check the session catalog here.

The session catalog contains 275 sessions, covering products like Exchange (49), Office 365 (85) and Skype for Business (26). It will be the first major Microsoft event where details will emerge on the next version of Exchange, Exchange v.Next.

The Exchange team published a blog on the Exchange-related Ignite sessions here. The blog contains a nice video featuring Greg Taylor and Jeff Mealiffe talking about what to expect at Ignite.

Also, on Febuary 3rd, the team behind Ignite as well as several speakers will be available on Twitter to answer any questions you may have on Ignite. Use the hashtag #IgniteJam to participate, or follow @MS_Ignite for any updates.

More information on Ignite, pre-day sessions, the session catalog and the #IgniteJam in the original post on Channel 9 here.

Multi-Factor Authentication in Office 365 (Part 2)

wp_ss_20140521_0001Multifactor Authentication is a must-have for services based in the cloud, especially for accounts with administrative purposes. We have already covered what Office 365 Multifactor Authentication is and how to configure it in Office 365 tenants with the Office 365 admin center, and we briefly showed the end user experience. Now we will look at how we can use the Azure Active Directory Module for Windows PowerShell to configure Office 365 authentication with MFA.

Azure Active Directory Module for Windows PowerShell (AADMPS) enables organizations to not only configure MFA for existing end users who use PowerShell, but also enhance their current provisioning process with MFA options. By pre-configuring MFA, administrators can prevent end users from having to go through the initial MFA setup process and use their currently configured mobile phone or office number for verification.

Read the full article over on SearchExchange

Multi-Factor Authentication in Office 365 (Part 1)

Multi-Factor AuthenticationMulti-Factor Authentication identifies an end user with more than one factor. Authentication is based on something you know, such as your password; something you have, such as a security token or smart card; or something that’s a physical characteristic of who you are, such as biometrics. By creating an additional factor on top of the password, identity is better protected. Multi-Factor Authentication is seen as a must-have for cloud-based services, especially for administrative types of accounts.

In this first tip on SearchExchange, I explain how you can configure Multi-Factor Authentication in Office 365, discuss the so-called contact methods, explain app passwords for non-MFA applications as well as show the MFA end user experience.

Read the full article over on SearchExchange

Script Updates

powershellA small heads-up for those not following me on Twitter of one of the other social media channels. Last week I made updates to the following three scripts:

Install-Exchange2013.ps1, version 1.72

  • Added CU5 support
  • Added KB2971467 (CU5 Disable Shared Cache Service Managed Availability probes)

Remove-DuplicateItems.ps1, version 1.3

  • Changed parameter Mailbox, you can now use an e-mail address as well.
  • Added parameter Credentials.
  • Added item class and size for certain duplication checks.
  • Changed item removal process
  • Remove items after, not while processing folder. Avoids asynchronous deletion issues.
  • Works against Office 365.

Remove-MessageClassItems.ps1, version 1.3

  • Changed parameter Mailbox, you can now use an e-mail address as well
  • Added parameter Credentials
  • Added parameter PartialMatching for partial class name matching.
  • Changed item removal process. Remove items after, not while processing folder. Avoids asynchronous deletion issues.
  • Works against Office 365.
  • Deleted Items folder will be processed, unless MoveToDeletedItems is used.
  • Changed EWS DLL loading, can now be in current folder as well.

Be advised I keep am overview of the scripts and their current versions with publish dates here.

 

Clutter in the Gutter?

At the Microsoft Exchange Conference earlier this year, the Office team introduced us to some nice features which were under development at that time. These features are part of Office Graph, a machine learning feature set meant to make the end user experience more personal and contextual as part of the Enterprise Social initiative.

imageIn the keynote, during a “Geek out with Perry”, Perry (Corporate VP for Microsoft Exchange) mentioned that the “Cloud First” approach allowed Microsoft to implement features step by step, with the option of reverting not-so-good changes. In the end, this should also result in a better product for the on-premises customer when releasing new Exchange builds, and ultimately Exchange v.Next (the next version), as they would not receive the not-so-good changes. It was mentioned several times, also in individual sessions on Office Graph features like Clutter and Groups as well, that these features would be “cloud-first” but there was “no ETA yet” for Exchange on-premises. At that time, most of us leaving MEC did that with the impression that all these features, at some point, would make it to Exchange or Exchange v.Next.

Apparently we got hold of the wrong end of the stick. Last week this article appeared on Network World, where in an interview with Julia White (GM Office Marketing) she mentioned that Clutter would not make it to “Office Server”, which seems to be the term for the on-premises deployments of the Exchange, Sharepoint and Lync Server triplet. This was a bit surprising, given the information received at MEC. The reason given in the article for this deviation was that Office Graph is too “compute intensive” to include on a Office Server. I assume to preempt any sounds on being forced to the service, Julia states that, “It’s not capricious favoritism toward Office 365 customers.” This is more or less in line with Microsoft’s earlier statements, on not having plans to stop delivering on-premises releases of Exchange (v.Next). In the discussion that followed on Twitter, Julia confirmed that “Clutter won’t make ExServer v.Next unfortunately.”

File:Classic shot of the ENIAC.jpgThe scale of Office 365 is incomparable to the average business running Exchange, Sharepoint and Lync on-premises and the amount of information that needs to be processed for Office Graph. And I can’t help it, but looking at the ‘compute intensive’ argument brings back memories of computer rooms where big monolithic systems offered computing powered easily surpassed by today’s tablet. With Clutter being expected for later this year and vNext next year, that is a considerable window. Some claim that Moore’s Law is obsolete and we also can’t expect to be running Skynet from home next year but still, computing power increases and I know of some customers who would just get the additional hardware onboard to facilitate those extra features. In addition, Clutter can be enabled on a per-user basis anyway.

In a more or less opposite statement, Julia is quoted saying, “Our philosophy is anything we technically can ship in servers, we will. We want our server customers and our cloud customers to have as much as we can ship to them. If it’s possible technically and it’s feasible then we’ll put it in the servers.” I think the reason for not adding Clutter should be sought in the hints Julia provided in the 2nd part of the article. With on-premises customer not following or even delaying upgrading to current versions of Microsoft’s products, Exchange, Sharepoint, Lync and clients, makes it hard to ship and support product transcending features, especially if this requires the latest (and greatest) version.

Think Site Mailboxes, more or less the predecessor of the announced Groups feature of Office Graph. Implementing Site Mailboxes requires Exchange 2013, Sharepoint 2013 and Outlook 2013 and additional configuration to integrate the Exchange and Sharepoint products. In the field, I see very low adoption of Site Mailboxes. Many customers are running older product levels (blocking implementation) or it’s a more elementary reason like not having deployed Sharepoint. But then, for those that are running Site Mailboxes, it adds value. Isn’t that what this is all about? Note that for the compliance discovery feature to work, proper configuration of Exchange, Sharepoint and Lync is required as well, but compliance is perhaps is a better selling point than clutter or one of the other Office Graph features could ever be.

“Assumption is ..” are the first words of a well-known saying. For the future, don’t expect anything you see announced for Office 365 to be ported to the on-premises Exchange releases, even though that product stems from the same code. Then again, features might get dropped, for reasons provided above or just because they were not ready. That’s nothing new and we got accustomed to a little disappointment now and then. In the case of Clutter, it’s a shame because it looked like a neat feature to work more efficiently through e-mail without configuring tons of rules. In the case of Groups, it is confirmed for v.Next, but you never know for sure until it is released. Meanwhile, Microsoft should maybe try to prevent confusion by demonstrating Clutter a.o. in sessions called “What’s new in Exchange“.

If you got an opinion on these changes in course or feature drops, please share them in the comments.

MEC 2014 Update: Sessions & Speakers

mec2014logoA quick heads-up for those still in doubt whether to visit MEC or waiting for session information after which to decide on attending or not. MEC is the premier global event for Microsoft Exchange and Office 365 professionals and the 2014 edition will be held in Austin, Texas (USA) from March 31st to April 2nd, 2014.

The first sessions and speakers of the Microsoft Exchange Conference 2014 – or MEC for short – have been announced. According to the announcement, there is more to come so make sure you follow MEC’s official Twitter account at @mecconf.

MEC is a chance to get in-depth information and learn from real-life experiences on Exchange and anything related. It’s also a chance to meet people from the Exchange product group and the majority of your Exchange rock stars – presenting or attending (like me).

There are still tickets available. When you want to attend, you can register here.

The UC Architects Podcast Ep28

iTunes-Podcast-logo[1]We’re glad to announce the availability of episode 28 of The UC Architects podcast. This is a special episode recorded with a live audience during DevConnections 2013 in Las Vegas.

This episode is hosted by Steve Goodman, Johan Veldhuis, and Michael van Horenbeeck. Special guests are Tony Redmond, Greg Taylor (Microsoft), Jeff Mealiffe (Microsoft) and John Rodriguez (Microsoft).

Topics discussed in this special episode are:

  • MEC is back  – registration is now open, so get signing up! What might await those thinking of going? And with MEC, is there still a gap in the market for conferences like Exchange Connections?
  • Where is the place for on-premises Exchange long-term and how does this affect the Exchange-centric IT pro? What kind of skills will they need in 2-5 years time?
  • Is there a need for top level training and certification for Exchange?
  • Product quality – Is is Exchange a victim of it’s own success?
  • Exchange in the public cloud. Amazon Web Services have released a guide on deploying Exchange on AWS. Does this give more choice to organizations?
  • Questions from the audience

More information on the podcast including references and option to play or download the podcast directly through here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

The UC Architects Podcast Ep27

iTunes-Podcast-logo[1]We’re glad to announce the availability of episode 27 of The UC Architects podcast.

This episode is hosted by Steve Goodman, Pat Richard, Michael van Hoorenbeeck, John Cook, Serkan Varoglu, Tim Harrington, Johan Veldhuis and yours truly. Special guests are Andrew Higginbotham (Exchange MCM), Brian Reid (Exchange MCM, Instructor), and Jeff Guillet (Exchange MCM, MVP).

This is a special episode on the cancellation of the MCM/MCSM and MCA certifications by Microsoft, the impact on the certification market, MCM/MCSMs and those aspiring the certification and to the IT Professional community in general.

Special thanks to Andrew J. Price for some blitz editing.

More information on the podcast including references and a link to download the podcast directly here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

OWA for iPhone and OWA for iPad are here!

imageToday, the Exchange team announced the immediate availability of the (free) OWA for iPhone and OWA for iPad apps. Exchange fellows Tony Redmond and Dave Stork already hinted earlier this month that something was about to happen in this area.

Users of the Windows 8 Mail app may find the look of the OWA apps to be very familiar:

A quick summary on the app features:

  • Stored credentials for automatic logins;
  • Push notifications;
  • Meeting reminders (even with app closed);
  • Voice activated actions (English only);
  • Contact sync for caller ID function;
  • Remote wipe capability (user data, when the app runs).

That last one is a great, much requested feature when Bring Your Own Device is practiced (apart from that it makes sense due to the sandboxing principle). When required the business can selectively wipe business data without touching your personal information, similar to a feature to be introduced with Windows 8.1 called Remote Business Data Removal.

Besides that you need an iPhone 4S or iPad 2 or higher running iOS 6 or later, the apps are currently only supported for Office 365 subscribers running the tenant on Wave15 (or later). There are reports of the apps working with on-premises Exchange 2013 but that’s unofficial. To find out which version your tenant is running, use Get-OrganizationConfig in a remote PowerShell session, e.g.

$session = New-PSSession –ConnectionUri https://ps.outlook.com/powershell –AllowRedirection –Authentication Basic –Credential (Get-Credential) –ConfigurationName Microsoft.Exchange
Import-PSSession $session
Get-OrganizationConfig | ft AdminDisplayVersion

image

My tenant is running on 15.0.698.10 (15 = Wave 15), so theoretically I’m good to be running OWA for iPhone or OWA for iPad. I say theoretically, as I don’t have any iPhone or iPad available for testing.

An app version for on-premises Exchange 2013 is expected to be released at a later date. More information on configuration and usage of the OWA apps on the Office 365 blog here.