TechShizz | All posts tagged 'Office 365'

Outlook 2016 (365) connects directly to Office 365 and ignores AutoDiscover or On Premise Exchange

Problem

 If you have a user with Outlook 2016 who are not yet in Office 365 but have mailboxes provisioned in Office 365 you may find Outlook automatically connects to Office 365 and ignores Auto Discover or the on premise Exchange server.

Cause

 Starting in Outlook 2016 version 16.0.6741.2017, Microsoft enabled a new feature called Direct Connect to Office 365.  It was designed to quickly connect Outlook 2016 to Office 365.

Solution

 A registry key can be added on the PC which will disable the Direct Connect feature and allow either Auto Discover or the On Premise Exchange to configure Outlook.

  1. Go to Registry Edit on the PC. REGEDIT.MSC
  2. Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover  (I had to create the AutoDiscover Key)
  3. Create a DWORD: "ExcludeExplicitO365Endpoint" to Value : 1

Unable to activate Office 365 - Activation window blank when trying to activate

Problem

Various authentication issues including:

  • Outlook wont authenticate on Office 365
  • Activation window blank when trying to activate Office 365
  • Outlook wont authenticate on Office 365 with SSO
Cause

ADAL is the new authentication method for azure cloud solutions. It over-rides the standard kerberos, basic and NTLM protocols - There seems to be an issue with this displaying (usually windows 10).

Solution

ADAL can be disabled by registry key:

To disable modern authentication on a device, set the following registry keys:

Run > Regedit > 

Registry key

    Type

       Value

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL

    REG_DWORD

        0


Reference, Links and Imges

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/modern-authentication-on-outlook-2016-keeps-on/98a263f4-ab9c-4d6f-b5eb-2728a8e77412 

Setting up Encrypted email in Office 365 in 5 Steps

1. Ensure you have assigned an Azure right Management license to the user in Office 365.

2. Run the following from a an Elevate PowerShell instance.

If you have never installed Encrypted email before, you may need to install AzureRM and AADRM.

Install-Module -Name AzureRM -AllowClobber
Install-Module -Name AADRM

3. Next run this script (you will need the tenant office 365 credentials):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
$cred = Get-Credential
Get-Command -Module aadrm
Connect-AadrmService -Credential $cred
Enable-Aadrm
$rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
Disconnect-AadrmService
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
$irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() }
if (!$list.Contains($licenseUri)) { $list += $licenseUri }
Set-IRMConfiguration -LicensingLocation $list
Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
Set-IRMConfiguration -ClientAccessServerEnabled $true

4. To test it is working run:

Test-IRMConfiguration -Sender user@domain.co.uk

5. Next, in the Office 365 Exchange Admin centre, set up a mail flow rule like this:

Activating Volume License Project and Visio Click to Run installations

Problem

You are unable to install Project or Visio Volume License editions along side normal Office 2013/2016 click to run installations. You may get an error like "this product key is for the volume-licensed version of project 2016"

Cause

Microsoft keep moving the goal posts! 

Solution
  1. Use the Office 365 Offline Deployment tool to download the "ProjectStdXVolume" product.
  2. Before running the setup, amend the config file to include the PID key Like so:

<Product ID="VisioProXVolume" PIDKEY="69WXN-MBYV6-22PQG-3WGHK-RM6XC">

Choose te correct PID for the required edition:

Edition ID PIDKEY
Visio Standard 2016  VisioStdXVolume  NY48V-PPYYH-3F4PX-XJRKJ-W4423 
Visio Professional 2016  VisioProXVolume  69WXN-MBYV6-22PQG-3WGHK-RM6XC 
Project Standard 2016  ProjectStdXVolume  D8NRQ-JTYM3-7J2DX-646CT-6836M 
Project Professional 2016  ProjectProXVolume  WGT24-HCNMF-FQ7XH-6M8K7-DRTW9 
Next, to activate the software make sure you have the C2R-P MAK key, not the MSI MAK key.

MAK keys that you use for Windows Installer (MSI) installations of Visio and Project won't work with the Office Deployment Tool. You need a different MAK key to deploy volume licensed editions of Visio and Project with the Office Deployment Tool. To get that MAK key, log into the Volume Licensing Service Center (VLSC) and use the key listed under "C2R-P for use with the Office Deployment Tool."

Reference, Links and Imges

https://docs.microsoft.com/en-us/deployoffice/use-the-office-deployment-tool-to-install-volume-licensed-editions-of-visio-2016 

HTTP Error 503 when Single Sin On redirecting to ADFS Server After Re-Enabling Single Sign On

Problem

An Office 365 single sign on environment has been disabled (due to server being offline for an extended period of time) and on trying to re-enable Single Sign on is not working. Specifically, when being re-directed from the Office 365 portal to the federated server sts.domain.com you get a http 503 error.  Also you may have noticed the token signing certificates in ADFS have exired.

Cause

The proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. If the servers are offline for more than two weeks the ADFS server will lose its trust relationship with the ADFS Proxy server. 

Solution

The certificates that had expired needed to be re-newed. To do this we simply ran the Azure AD Connect tool on the ADFS server. Once this was run, we noticed the expired certificates has been renewed.

Second, we need to install the new ADFS certificate thumbprint in the ADFS Proxy Server (Web Appication Proxy). To do this, on the ADFS server we ran:

Get-ADFSSSlcertificate

and noted the thumprint for the new certificate

On the ADFS Proxy Server (Web Application Proxy) we ran:

Install-WebApplicationProxy -CertificateThumbprint "22121D02DCBF80F440B5E26D52B92BC255D59F95" -FederationServiceName "sts.domain.com"

We then had to enter the DOMAIN credentials. 

Reference, Links and Imges

https://blogs.technet.microsoft.com/rmilne/2015/04/20/adfs-2012-r2-web-application-proxy-re-establish-proxy-trust/

https://www.fastvue.co/tmgreporter/blog/how-to-solve-web-application-proxy-and-ad-fs-certificate-issues-general-error-code-0x8007520c

https://support.microsoft.com/en-gb/help/3079872/troubleshoot-ad-fs-issues-in-azure-active-directory-and-office-365