Outlook 2016 (365) connects directly to Office 365 and ignores AutoDiscover or On Premise Exchange


 If you have a user with Outlook 2016 who are not yet in Office 365 but have mailboxes provisioned in Office 365 you may find Outlook automatically connects to Office 365 and ignores Auto Discover or the on premise Exchange server.


 Starting in Outlook 2016 version 16.0.6741.2017, Microsoft enabled a new feature called Direct Connect to Office 365.  It was designed to quickly connect Outlook 2016 to Office 365.


 A registry key can be added on the PC which will disable the Direct Connect feature and allow either Auto Discover or the On Premise Exchange to configure Outlook.

  1. Go to Registry Edit on the PC. REGEDIT.MSC
  2. Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover  (I had to create the AutoDiscover Key)
  3. Create a DWORD: "ExcludeExplicitO365Endpoint" to Value : 1

Unable to activate Office 365 - Activation window blank when trying to activate


Various authentication issues including:

  • Outlook wont authenticate on Office 365
  • Activation window blank when trying to activate Office 365
  • Outlook wont authenticate on Office 365 with SSO

ADAL is the new authentication method for azure cloud solutions. It over-rides the standard kerberos, basic and NTLM protocols - There seems to be an issue with this displaying (usually windows 10).


ADAL can be disabled by registry key:

To disable modern authentication on a device, set the following registry keys:

Run > Regedit > 

Registry key






Reference, Links and Imges


Setting up Encrypted email in Office 365 in 5 Steps

1. Ensure you have assigned an Azure right Management license to the user in Office 365.

2. Run the following from a an Elevate PowerShell instance.

If you have never installed Encrypted email before, you may need to install AzureRM and AADRM.

Install-Module -Name AzureRM -AllowClobber
Install-Module -Name AADRM

3. Next run this script (you will need the tenant office 365 credentials):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
$cred = Get-Credential
Get-Command -Module aadrm
Connect-AadrmService -Credential $cred
$rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
$irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() }
if (!$list.Contains($licenseUri)) { $list += $licenseUri }
Set-IRMConfiguration -LicensingLocation $list
Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
Set-IRMConfiguration -ClientAccessServerEnabled $true

4. To test it is working run:

Test-IRMConfiguration -Sender [email protected]

5. Next, in the Office 365 Exchange Admin centre, set up a mail flow rule like this:

Activating Volume License Project and Visio Click to Run installations


You are unable to install Project or Visio Volume License editions along side normal Office 2013/2016 click to run installations. You may get an error like "this product key is for the volume-licensed version of project 2016"


Microsoft keep moving the goal posts! 

  1. Use the Office 365 Offline Deployment tool to download the "ProjectStdXVolume" product.
  2. Before running the setup, amend the config file to include the PID key Like so:

<Product ID="VisioProXVolume" PIDKEY="69WXN-MBYV6-22PQG-3WGHK-RM6XC">

Choose te correct PID for the required edition:

Visio Standard 2016  VisioStdXVolume  NY48V-PPYYH-3F4PX-XJRKJ-W4423 
Visio Professional 2016  VisioProXVolume  69WXN-MBYV6-22PQG-3WGHK-RM6XC 
Project Standard 2016  ProjectStdXVolume  D8NRQ-JTYM3-7J2DX-646CT-6836M 
Project Professional 2016  ProjectProXVolume  WGT24-HCNMF-FQ7XH-6M8K7-DRTW9 
Next, to activate the software make sure you have the C2R-P MAK key, not the MSI MAK key.

MAK keys that you use for Windows Installer (MSI) installations of Visio and Project won't work with the Office Deployment Tool. You need a different MAK key to deploy volume licensed editions of Visio and Project with the Office Deployment Tool. To get that MAK key, log into the Volume Licensing Service Center (VLSC) and use the key listed under "C2R-P for use with the Office Deployment Tool."

Reference, Links and Imges


HTTP Error 503 when Single Sin On redirecting to ADFS Server After Re-Enabling Single Sign On


An Office 365 single sign on environment has been disabled (due to server being offline for an extended period of time) and on trying to re-enable Single Sign on is not working. Specifically, when being re-directed from the Office 365 portal to the federated server sts.domain.com you get a http 503 error.  Also you may have noticed the token signing certificates in ADFS have exired.


The proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. If the servers are offline for more than two weeks the ADFS server will lose its trust relationship with the ADFS Proxy server. 


The certificates that had expired needed to be re-newed. To do this we simply ran the Azure AD Connect tool on the ADFS server. Once this was run, we noticed the expired certificates has been renewed.

Second, we need to install the new ADFS certificate thumbprint in the ADFS Proxy Server (Web Appication Proxy). To do this, on the ADFS server we ran:


and noted the thumprint for the new certificate

On the ADFS Proxy Server (Web Application Proxy) we ran:

Install-WebApplicationProxy -CertificateThumbprint "22121D02DCBF80F440B5E26D52B92BC255D59F95" -FederationServiceName "sts.domain.com"

We then had to enter the DOMAIN credentials. 

Reference, Links and Imges