Click to open the form

Knowledge Base

Step 1 - Client Information

  • Fill out the order form with your clients company information, providing a primary contact within the end user company.
  • Ensure to select the correct country for your client as this determines which data center the services are provisioned from.
  • Click Next to continue to product selection

Important

The details entered here must be that of your customer.
Your partner information is stored based on your login to our portal and there is no need for you to enter your information.
The Partner of Record is set automatically to you.

Step 2 - Product Selection

  • Here can select the products you would like to provision for your client
  • You can either enter the quantity directly or adjust the quantity using the up and down arrows

Step 3 - Order Overview

  • Using the overview section on the right, confirm the selected products and associated quantity.
  • Click Place Order to provision the tenant and purchase the products.

Step 4 - Order Confirmation

Once the order has been submitted, it is automatically processed and a confirmation email is generated.

The email consists of four distinct and equally important sections.

  1. Client Details
    With the exception of the assigned onmicrosoft.com domain, all details can be changed from within the clients Office 365 Admin Center control panel.
    The assigned onmicrosoft.com domain is used as a unique identifier of the Office 365 tenant and cannot be changed once created. This is for the initial setup only and the customers’ actual domain is applied to the tenant during the normal setup process to mask the assigned onmicrosoft.com domain.

  2. Primary Contact Details
    The partner is assigned as the primary email contact for the tenant, using the email address associated with your portal login. This email address is the same as what the order confirmation notification was sent to, this too can be changed from with the clients Office 365 Admin Center control panel.

  3. Admin Login Details
    Each new Office 365 tenant is assigned a generic admin@customername.onmicrosoft.com username and a temporary onetime use password.
    Visit https://portal.office.com/ to login as the customer using the included username and password. You will be asked to re-enter the temporary password and enter a new password.

  4. Account Manager Details
    For your convenience your rhipe Account Manager and/or Business Development Manager contact details are included on the bottom of the email.
    Please contact them if you have any sales related or general enquiries, alternatively contact rhipe CSP Technical Support via email at assist@cloudsupport.help for any technical enquiries.

 
Your organization can migrate email to Office 365 from other systems. Your administrators can migrate mailboxes from an Exchange Server or from migrate email from another email system. And your users can import their own email, contacts, and other mailbox information to an Office 365 mailbox created for them. Your organization also can work with a partner to migrate email.

Before you start an email migration, review limits and best practices for Exchange Online to make sure you get the performance and behavior you expect after migration.

See Decide on a migration path for help with choosing the best option for your organization.

You can also view an overview video:

https://support.office.com/en-us/article/Ways-to-migrate-multiple-email-accounts-to-Office-365-0a4913fe-60fb-498f-9155-a86516418842?ui=en-US&rs=en-US&ad=US
 

Migrate mailboxes from Exchange Server

For migrations from an existing on-premises Exchange Server environment, an administrator can migrate all email, calendar, and contacts from user mailboxes to Office 365.

An administrator performs a staged or cutover migration to Office 365. All email, contacts, and calendar information can be migrated for each mailbox.

There are three types of email migrations that can be made from an Exchange Server:

  • Migrate all mailboxes at once (cutover migration)   

    Use this type of migration if you're running Exchange 2003, Exchange 2007, Exchange 2010, or Exchange 2013, and if there are fewer than 2000 mailboxes. For an overview of cutover migration, see What you need to know about a cutover email migration to Office 365. You can perform a cutover migration by using the Setup wizard, or by starting from the Exchange admin center (EAC). If you want to use the EAC, see Perform a cutover migration to Office 365. See Use the Office 365 Setup wizard to perform a cutover migration to migrate during the setup (note that you might not see the same setup experience as in the topic, if not, use the EAC method).

    IMPORTANT: The Setup wizard is limited to migrating 150 mailboxes only.

    If you start the cutover migration from the EAC, you can move up to 2000 mailboxes, but due to length of time it takes to create and migrate 2000 users, it is more reasonable to migrate 150 users or less.

  • Migrate mailboxes in batches (staged migration)   

    Use this type of migration if you're running Exchange 2003 or Exchange 2007, and there are more than 2,000 mailboxes. For an overview of staged migration, see What you need to know about a staged email migration to Office 365. To perform the migration tasks, see Perform a staged migration of Exchange Server 2003 and Exchange 2007 to Office 365.

  • Migrate using an integrated Exchange Server and Office 365 environment (hybrid)   

    Use this type of migration to maintain both on-premises and online mailboxes for your organization and to gradually migrate users and email to Office 365. Use this type of migration if:

    • You have Exchange 2010 and more than 150-2,000 mailboxes.

    • You have Exchange 2010 and want to migrate mailboxes in small batches over time.

    • You have Exchange 2013.

    For more information, see Plan an Exchange Online hybrid deployment in Office 365.

Use Office 365 Import Service to migrate PST-files

If your organization has many large PST files, you can use the Office 365 Import Service to migrate email data to Office 365.

An administrator migrates PST files to Office 365.

You can use the Office 365 Import Service to either upload the PST files through a network, or to mail the PST files in a drive that you prepare.

For instructions, see Office 365 Import Service.

Migrate email from another IMAP-enabled email system

You can use the Internet Message Access Protocol (IMAP) to migrate user email from Gmail, Exchange, and other email systems that support IMAP migration. When you migrate the user's email by using IMAP migration, only the items in the users' inbox or other mail folders are migrated. Contacts, calendar items, and tasks can't be migrated with IMAP, but they can be by a user.

IMAP migration also doesn't create mailboxes in Office 365. You'll have to create a mailbox for each user before you migrate their email.

An administrator performs an IMAP migration to Office 365. All email, but not contacts or calendar information, can be migrated for each mailbox.

To migrate email from another mail system, see Migrate your IMAP mailboxes to Office 365. After the email migration is done, any new mail sent to the source email isn't migrated.

Have users import their own email

Users can import their own email, contacts, and other mailbox information to Office 365. See Migrate email and contacts to Office 365 for Business to learn how.

A user can import email, contacts, and calendar information to Office 365.

Work with a partner to migrate email

If none of the types of migrations described will work for your organization, consider working with a partner to migrate email to Office 365.

Method

Description

Use third-party migration tools to migrate mailboxes to Office 365

Use a third-party email migration tool

Migration tools can help speed up and simplify email migration. You'll find a list of tools in the Office 365 Marketplace.

Hire a partner to help you deploy Office 365

Hire a partner to help migrate your email

You'll find a list of partners in the Office 365 Marketplace.

The first step in converting an Office 365 Advisor licenses to a CSP license is to disable auto-renew on the Advisor license. This step is performed in the Microsoft customer-level admin portal by a user with the global admin role permissions in the tenant.

  • Log in to the Office 365 customer-level access portal.

     

  • Click the Admin icon.

Note: If the person accessing the tenant is not the global administrator, the Admin button shown below will not be visible.

  • Select Billing > Subscriptions from the left-hand navigation pane, or click the View and Edit Subscriptions link in the main window.

  • Check the Term End Date column for the relevant subscriptions.

If the Term End Date displays the text Expires (date), no action is required. Auto-renew is already turned off.
If Auto-Renew is currently on, the Term End Date will show Auto-renew (date). Continue to the next step.

  • Click the Turn auto-renew off link in the right-hand navigation pane and click Yes in the pop-up box.

  • Check the Term End Date again.

If the Expires (date) is displayed and the right-hand navigation pane displays the Turn auto-renew on link, then auto-renew has successfully been disabled.

INDIRECT PROVIDER RELATIONSHIPS ARE NOT REQUIRED AT THE CURRENT TIME. CSP SUBSCRIPTIONS THROUGH RHIPE ARE PROVISIONED DIRECTLY AGAINST YOUR MPN AGREEMENT NUMBER.

The new Indirect CSP channel allows certain new options for you as a reseller.

Once you are approved with an Indirect Reseller status in Partner Center, you can associate with rhipe as your Indirect Provider. This will mean that we can provide your customers with Licensing and Support under the CSP program, including Microsoft Azure subscriptions.

If you are signed into Partner Center already, please right click on the relevant link to your region and select 'Copy link to Clipboard'. Then go back to your browser where you are signed into Partner Center, open a new tab, paste the link in and run it. It will ask you to approve the Indirect Provider relationship with rhipe.

Partner Center is the Microsoft tool which allows you to manage your customer tenancies without logging in and out, and using various Global Administrator credentials. Partner Center allows you delegated access via your own Office 365 login and Singe Sign-On (SSO).

Microsoft has historically provided for delegated access for the Office 365 Admin Centers only through Partner Admin Center (PAC), which was also the method of access under the old 'Advisor'  licensing rebate program. The PAC tool is now being decommissioned as it does not support the newer Microsoft Services like Azure AD, Dynamics 365 and Azure. If you previously accessed PAC, then please go to https://partnercenter.microsoft.com instead for the new site.

 

How to check if Partner Center is activated on my tenant?

The simple test is to go into your own Office 365 tenant, and check the groups. If there is a group called 'Admin Agents' then Partner Center is already active. Make sure you add your own account to this group plus any other technical support staff accounts, and the 'Partner' tile will be available via https://portal.office.com those accounts shortly afterwards.

If you do not have this user group, please proceed with the signup instructions below.

I do not have Partner Admin Center:

If you do not have PAC or Partner Center, please sign up via http://rhi.pe/getpartnercenter after confirming you have the following prerequisite details:

  • Your own Office 365 tenancy, and access to an account with Global Admin credentials;
  • A current and valid Microsoft Partner Network agreement (MPN ID), and the credentials to sign into that;
  • Your organisation's legal business name, address, primary contact, and support details.

Once you have signed up and linked your MPN agreement, Microsoft takes up to 72 hours to review and either approve or deny your application.

I am signed up as an Indirect Reseller, what next?

You will need to add your relationship into all your customer tenancies. This allows the Delegated Admin Permission through to your Partner Center.

In Partner Center, go to Dashboard > Customers. At the top of the page is a link 'Request Reseller Relationship'. Click on that, and review the prewritten email. Copy the URL listed to clipboard, and we suggest adding that as a bookmark in your bookmarks toolbar.

Open an Incognito/Private browser session, and click on the bookmark in the toolbar. Sign in as your customer's Global Admin account, and approve the relationship. You can check you are listed within your Customer's Office 365 Admin Center under Settings > Partner Relationships. If it is, you can simply close the browser to end that Private Session.

Once you refresh the Partner Center customer list, you should see your customer tenant now. Repeat the above process for all your customer tenancies. 

How do I associate with rhipe as my Indirect Provider?

At the current time, this causes a number of issues for partners, including blocking ordering on your own tenant from rhipe. This is due to the Microsoft Indirect Reseller agreement which states you cannot purchase licensing for your own tenant from rhipe once you are an Indirect Reseller of rhipe. We do not recommend associating with rhipe as an Indirect Provider for this reason, but we will provide compliant license agreements in the future to allow this.

If you require the Indirect Provider association for another reason, please check with the support team first via a ticket or calling us via your local support number.

I am having issues in signing up as an Indirect Reseller:

Microsoft provides access to Partner Center as a benefit of your membership of the Microsoft Partner Network. In this case, rhipe is unable to assist as we are a third party between this contract arrangement between your organisation and Microsoft. 

We suggest that you open a case via the methods described in Raising a Partner Support case with Microsoft knowledge article. Remember to open a case online, get a case number, then call the phone number provided for your region to follow up.

 

There are times where you need to contact Microsoft as a Partner to get things fixed. Generally when this involves your partner agreement with Microsoft, where rhipe is a third party and is unable to assist directly. We can however direct you to the right place, as we understand that dealing with Microsoft for these issues can be difficult and hard to follow.

Cases where you may need to contact Microsoft directly include:

  • Issues with signup or renewal of your MPN;
  • Partner Admin Center setup, configurations, or moving PAC to a new tenant for your company;
  • Issues with any other Microsoft-provided Partner Benefits such as Internal Usage Rights (IUR) licenses granted to partners, online portals or services; 
  • Issues with Delegated Admin offers to your customers (e.g. inserting Advisor role into tenant);
  • Competency status with Microsoft (Silver or Gold Partner).

We recommend that you raise a support case with Microsoft signing in via https://partner.microsoft.com and logging a case at the following location:

MPN-Support1.png

Once you have logged the case with them, we suggest waiting 1-2 hours for them to contact you back. If that does not occur, then feel free to ring Microsoft Support on the following numbers, and select Partner Support from the Voice Menu, and then quote your case number to the support representative.

Microsoft Partner Support phone numbers:

Australia: 132 058, or 02 9870 2200, or 02 8223 9202

China (GCR Region): 800 8190550 or 400 6200550

Indonesia: 001803440421 or (+62 (21) 1 500 288 or +62 (21) 2552 8700 or 0 800 120 1201

Korea: 00079885212491 or +85230027869

Malaysia: 1 800 885 648 or +60 3 7712 4329

New Zealand: +64 9912 8073

Philippines: 1 800 14414127

Singapore: +65 800 852 3543 (+65 6888 8899)

Thailand: 0018004410218

Vietnam: 65 6622 1237

 

If you have continued issues with Microsoft partner support, you can log a case with us, quoting the case number with Microsoft. As a part of our relationship with you, we will endeavor to discuss with our Microsoft contacts to try and get a resolution for you.

If you are getting order errors in Prime when placing an order, and it seems like the license is not provisioning or adjusting correctly, then it is highly probable that your Microsoft Partner Network Agreement ('MPN') has expired. The agreement needs to be renewed annually with Microsoft in order to keep your status with Microsoft active.

Renewal takes just a few minutes, however you need to be aware that the renewal of your MPN does not instantly update across various Microsoft systems. You need to allow 24 hours for that status to update. Until then, all orders via Prime Portal will fail. This is not Prime having the issue, but the CSP order interface at Microsoft which is rejecting orders because it has not seen the MPN renewal yet.

Check your MPN

You can check your MPN validity status by logging into https://partner.microsoft.com/membership with the Organisation Admin of your MPN agreement. Note this is generally not the Global Admin user of your own tenancy, but a Microsoft Account (formerly 'Windows Live' account). 

MPN_Renew1.png

Once logged in, you will be shown your Primary/HQ agreement. Note that you may actually have a Secondary/Child agreement configured for your CSP Agreement with rhipe. You need to check the 'Organisation Partner ID' listed in the above screenshot with your MPN ID on file with rhipe. You can see the MPN on file with rhipe on the Order Confirmation emails from Prime Portal.

If they do not match, you will need to drop-down the Location box and select the MPN agreement rhipe has on file. Once it does match and the membership renewal date has expired, you have two choices.

  1. Straight renewal: click on the blue 'Renew' button (above).
  2. Adjust your competencies first: Select the Competency Summary link from the Requirements and Assets menu at the top of the page, and then click the blue Re-Enroll button on the right side of the Manage Competencies page - 

MPN_Renew2.png

You may meet the requirements for Silver or Gold Membership with Microsoft, however a fee is generally payable for these levels. You will get a larger amount of Internal Usage Rights licenses under Office 365, and better support from Microsoft during escalations as it is directed to a specialist team of support engineers for Silver/Gold members.

Next, review and update your organization profile. You'll be prompted to confirm your company's current profile, or update it as needed. When done reviewing and updating, click the Next button at the bottom of the page.

MPN_Renew4.png

Next, you will be prompted to accept and sign the legal agreement.

MPN_Renew5.png

Finally, you will need to pay any annual renewal fee. Generally this applies to Silver or Gold competency partners. First select the company's location, then select the renewal level and follow the payment instructions.

MPN_Renew6.png

Again, please be reminded that this will require 24 hours from renewal for the MPN to update within the CSP program at Microsoft, and you will then be able to place orders.

If you are having issues with renewing your MPN, we are unable to assist as a third-party to the agreement. You can log a Microsoft Partner support case directly with Microsoft by following our instructions here.

This guide is based on the following Microsoft article, which is updated regularly. If you are having problems, please check the original link for any updates. https://support.microsoft.com/en-au/help/2958000/renew-your-microsoft-partner-network-membership-a-step-by-step-guide

Please note that Microsoft is looking to actively migrate partners to Microsoft Partner Center instead of Partner Admin Center (PAC) for all the delegated admin and management of end-customer tenancies.

To upgrade from PAC to Partner Center, or to sign up for Partner Center then please follow the article: Associate your Partner Center with rhipe as your Indirect Provider

Interface Overview

 

Access your notes anywhere

What good are notes, plans, and ideas if they’re trapped on a hard drive?
Keep your notebooks available to you by signing in with your free Microsoft account when you first start OneNote on your PC.
There’s even a free OneNote app for all of your preferred devices to stay in sync wherever you go.

 

Save your work automatically

OneNote automatically saves all of your changes as you work — so you never have to. Even when you close the app or your PC goes to sleep, your notes are always saved, so you can continue right where you left off.
To see when OneNote last synced your changes, click File > Info > View Sync Status.

 

Never run out of paper

OneNote doesn’t have any of the limitations of a traditional paper notebook. When you run out of room, you can just make more.

To create a new page in the current section, click the (+) Add Page button at the top of the page tabs column. You can also right-click any page tab and then click New Page, or press Ctrl+N on your keyboard.

To create a new section in the current notebook, click the small tab with the plus sign [+] to the right of the section tab bar, or right-click any section tab and then click New Section.

When you first launch OneNote, a default notebook with a Quick Notes section is created for you, but you can easily create any number of additional notebooks for the subjects and projects you want by clicking File > New.

Microsoft Dynamics CRM Online plan had retired on November 1, 2016. However, if you have a current subscription, this change won’t affect you right away. As a global administrator, you’ll receive email updates and see posts in the message center (part of the Office 365 admin center) with information on when you need to take action.

Microsoft is introducing Dynamics 365, the next generation of intelligent business applications that enable your organization to grow, evolve, and transform to meet the needs of your customers and capture new opportunities. As a result, Microsoft is introducing new plans for customers November 1, 2016, that are similar, but not identical to your current plan.

For existing tenants that have existing Dynamics CRM Online subscription(s), you can use and adjust licenses up or down until such time as the underlying subscription expires. At that point, the 12-month subscription will not renew as it is a retired product, and you will need to order the appropriate licenses under the new Dynamics 365 line.

You will not be able to order new subscriptions for tenants that do not have CRM Online. They need to order the Dynamics 365 license products as a new customer.

Originally, Office 365 tenants that have been set up under under the Telstra Marketplace were not able to be transitioned to the CSP Licensing Program as they were set up under an incompatible system. 

 

All Telstra tenants have now been converted to CSP and can be transitioned, and the standard process applies. As long as the tenant has a region of Australia configured within it, the transition will work on the normal process.

 

If you experience an issue with transitioning a Telstra tenant, then please raise a support case so we can look into it for you.

Hi,

To add either Exchange Online Protection, Advanced Threat Protection or Online Archiving, it needs to have a base Exchange online mailbox license such as (Exchange Online Plan 1) in the order for it to process via the Prime portal and also in general.

Please note there are a couple of scenarios:

1) The above applies if the tenant doesn't have any existing base CSP licenses with us or they have Office 365 Exchange mailbox licenses directly through Microsoft.

2) If the tenant already has a base Exchange licence through our CSP program such as Office 365 Business or Exchange Plan 1 already against the tenant, then you don't need to add a base mailbox to the current order in Prime. Just email us and we can manually provision it for you.

Its basically an add-on to a base Exchange license, so the base needs to be present.

Thank you again for your time.

Regards,

CloudSupport

 

Cancel Office 365 for business

Applies To: Office 365 Admin , Office 365 Small Business Admin
 

TIP: For Office 365 Home, Personal, and University, see Cancel Office 365 for home.

There are two ways to cancel your Office 365 for business paid or trial subscription: cancel online, or cancel by calling support.

If the description on the right applies to you, click the image on the left to learn more.

NOTE: You must be a global or billing admin to do the tasks in this article.

ACTION

DESCRIPTION

Cancel online in the Office 365 admin center

  • If you purchased the subscription within the last 30 days.

  • If your paid or trial subscription term hasn't ended yet, and you have fewer than 25 licenses assigned to users.

Call Support to cancel

  • If you purchased your subscription with an Office 365 product key.

    NOTE: You can cancel your subscription, you won't be eligible for a refund.

  • If you have more than 25 licenses assigned to users.

  • For any other subscription, or if the Cancel subscription option is unavailable.

WARNING: If you cancel Office 365 before the end of your term, you may be subject to early cancellation fees.

Were these steps helpful? Please Leave us a comment.

Cancel your subscription online in the Office 365 admin center

STEP

DETAILS

1. Update your domain's MX and other DNS records (if you're using a custom domain)

If you set up a custom domain with Office 365, you added DNS records so the domain would work with Office 365 services. Before you remove your domain, be sure to update the DNS records, such as your domain's MX record, at your DNS host.

For example, change the MX record at your DNS host so email sent to your domain stops coming to your Office 365 address and goes to your new email provider instead. (An MX record determines where email for your domain is sent.)

  • If your nameserver (NS) records are pointing to Office 365 nameservers, changing your MX record won’t take effect until you change your NS records to point to your new DNS host (see Step 2).

  • Before you update the MX record, let your users know the date you’ll be switching their email, and the new email provider you’ll be using. Also, they’ll need to take extra steps if they want to move their existing Office 365 email to the new provider.

  • On the day you change the MX record, follow the rest of the steps in this article.

To change your MX record, contact your DNS host.

2. Change your domain's NS records (if needed)

If you switched your nameserver (NS) records to Office 365 when you set up your domain, you must set up or update your MX record and other DNS records at the DNS host you’re going to use, and then change your NS record to that DNS host.

If you didn’t switch NS records when you set up your domain, when you change the MX record in step 1, your mail will start going to the new address right away.

For more information, see How Office 365 manages DNS records. To change your NS records, see “Custom DNS records for the domain” in Remove a domain from Office 365.

3. Save your data

Your users lose access to their Office 365 data when the cancellation becomes effective, so have your users save their OneDrive for Business or SharePoint Online files to another location before you cancel the subscription. Any customer data that you leave behind may be deleted after 90 days, and will be deleted no later than 180 days after cancellation.

4. Remove domains

If you added your own domain name to use with Office 365, you have to remove the domain. For more information, see Remove a domain from Office 365.

5. Cancel your subscription

If you meet the criteria listed at the beginning of this article, you can cancel your subscription by using the Office 365 admin center.

  1. Sign in to Office 365 with your work or school account as a global admin. Learn how to sign in.

  2. Select the app launcher icon Office 365 app launcher icon in the upper-left and choose Admin.

  3. In the admin center, choose Billing > Subscriptions.

    Your screen might look like either of the following screenshots:

    The Billing menu in the new Office 365 Admin Center with Subscriptions selected.

    The Billing menu in the Office 365 Admin Center with Subscriptions selected.

  4. On the Subscriptions page, choose a subscription.

  5. From the More actions menu, choose Cancel subscription.

    Screen shot of the subscription page with the More actions list highlighted.
  6. Review the important dates, provide feedback about why you are cancelling, then chooseCancel subscription.

    Screen shot of the Cancel subscription page.

    Your subscription will now appear in a Disabled state, and will have reduced functionality until it is deleted. For more information about what you can expect when a paid Office 365 for business subscription is cancelled, see What happens if I cancel a subscription?

6. Uninstall Office

If you cancelled your subscription, Office 365 will run in reduced functionality mode. When this happens, users can only read and print documents, and Office 365 will show Unlicensed Product notifications. To avoid any confusion, have your users uninstall Office from their machines.

Log in to Prime Portal

Click on "Programs" on the left hand side panel 

Click on "Manage" option

You will see this screen page as below

 

Click the drop down of "Notifications" and enter the alternate email you wish to receive order confirmation in future and hit "Submit" button.

 

Managing your CSP Program through Prism Portal

 

This guide provides a basic overview of how to manage your CSP Program through Prime Portal.

 

Access Prism Portal

       

  • Once log in, you should see as image below the main dashboard of your prism portal

 

Manage your Microsoft CSP Program

To manage your CSP program select the “Product” icon on the left hand navigation. Ensure to click “Manage” on the CSP icon to view your program detail

 

Creating a new tenant

Function to create new tenant for a customer that is new to Office 365.

 

Click on "Create new Tenant" and fill out the order form with your client's company information, providing a primary contact within the end client company

  • Ensure to select the correct country for your client as this determines which data center the series are provisioned from
  • Click on "Create tenant" to continue onto next stage for product selection

Product Selection

  • Here you can select the products you would like to provision for your client
  • You can either key in the quantity directly or adjust the quantity using the up and down arrows

 

Order Overview

  • Using the overview section on the right, confirm the selected products and associated quantity.
  • Click on "Submit Order" to provision the tenant and purchase the product

 

Creating a new tenant for an existing Prism Customer

This will show Customers in Prism Portal who do not already have a CSP Tenant associated with them.

 

Manage an existing CSP Tenant

Used to manage the licenses of a customer with a rhipe CSP Office 365 subscription.

Managing the licenses of a tenant originally procured through rhipe CSP Program or transition into CSP has never been easier

Select your Customer

  • From the "manage existing tenant", select drop down menu to select your customer
  • Once the customer has been selected, click on "manage"

Amend the subscription as needed

  • Increase or decrease the quantity of products as needed
  • Confirm the quantities are correct in the overview section, click on "Submit Order"

Order Processing

  • Once the order has been submitted, you will see the status of the order through the notification icon 

 

Transition Tenant

Create new customer to transfer over their existing Office 365 subscription

  • Used when a customer has an existing Office 365 subscription through EA,Open Advisor, or purchased directly through Microsoft. This will allow you to sell license under CSP Program

 

Price List

You can view your Price List by selecting the price list icon when you are in your Microsoft CSP Program page.

 

Customer Management

Creating a new tenant requires you to create a Customer record in Prism Portal. You can view all your customer's in the "Customer Management" section on the left-hand navigation pane.

 

Invoices

You can now view your invoices in Prism portal. On the left-hand navigation pane, select on "Invoices"

 

Support Contact Details

If you navigate from the left-hand navigation panel, select on "Support" you will see a list of contact number according to their country and ISV programs

Client ID& Client Secret for API

Prism allows you to create Client ID and Client Secret by yourself in the portal. On the left-hand navigation pane, select on "Customer Management", Select on your own company profile, and select "manage client credentials" and generate.

 

MCA Agreement 

Starting November 7, 2018, you'll need to confirm that a customer has accepted the Microsoft Cloud Agreement by providing information about the person who signed it. See https://docs.microsoft.com/en-us/partner-center/confirm-consent for more details.

From the left-hand navigation pane > Select on Programs > Microsoft CSP > Manage Existing Tenants > Select on the customer that you would like to update the details.

This page will appear and you can update the information and select on Confirm. You may download a copy of the MCA agreement from the page to provide to your customer if they have not read & sign off the agreement from the portal or navigate to rhi.pe/pl for a downloadable copy

 

Annual Order renewal subscription

For all annual orders, Prism now allows you to continue renewal without contacting CSP support team. If you have a customer with annual orders and would like to continue the renewal of the subscription, Select on manage.

The red frame will inform you when is the renewal date due. If your customer confirms that they are going to continue renewal, please click "Renew Subscription" 

[Example Image]

You will receive a notification as below once you click on "Renew Subscription" in the portal.[Example Image]

*If the customer does not want to renew the annual subscription, you do not need to perform this action and let the annual subscription suspend itself when it hits the due date.

  

 

Support

To get support for Prime Portal contact : 

1300 303 520

assist@cloudsupport.help

www.cloudsupport.help

 

 

 

 

Dear xxxx,

Thank you for your interest in rhipe’s Prime Portal APIs. These APIs have been built from ground up to support our partners integrating with our systems.

Please find attached a Getting Started guide that will run you through the basics of using the Prime API for CSP provisioning. We have also recorded a Webinar where we went through examples. This webinar is available at https://attendee.gotowebinar.com/recording/4436972896568847875

Please find below your client credentials for accessing our APIs:

  • Client Id : <Insert Client ID>
  • Client Secret : <Insert Client Secret>

These credentials are unique to your organization and your customers so please ensure they are kept in a secure place.

Please note the following:

  • These are credentials to access your production platform so please be aware that any subscriptions that you provision will be billed if you don’t suspend them before the 15th of the month.
  • Access to these APIs comes with limited coding support and it is a requirement that use of these API’s requires an intermediate understanding of coding for REST APIs and OAUTH2 Authorization. We therefore provide support in instances where partners cannot integrate for reasons not related to basic coding requirements or questions.

Kind Regards
CloudSupport

Microsoft is changing some programmatic rules around their CSP program. Microsoft is removing the unbilled 'grace period' between subscription start date and billing date in October 2017. As such, rhipe is discontinuing this feature.

 

What are the changes in rhipe CSP billing?

rhipe is changing to billing in arrears to help you understand your CSP invoice more easily and reduce your operational overhead. The changes are as follow:

  1. Change in Billing Cycle - as of September 2017, the billing cycle will shift from 15th to 14th day of the month to 1st to last day.
  2. Change to Billing in arrears– also, as of September 2017 the invoices you receive will be in arrears, to be issued the 1st day of the month for the previous month.

For us to implement these changes, there will be a transition period. This will affect your invoices for September and October:

  • August 2017: Microsoft CSP invoices issued as per usual billing cycle and method – no changes.
  • September 2017: You will receive a mid-month invoice ONLY for the adjustment of CSP subscription for the previous month (cycle: 15th Aug to 14th Sep). There won’t be any charges for the period Sept 15th to Oct 14th.
  • October 2017: rhipe will not issue an invoice in mid-October.
  • November 2017: On 1st November, you will receive an invoice for the period 15th September to 31st October (47-day usage invoice). You are no longer charged in advance.
  • December 2017: On 1st December, it’s back to the new normal, you will receive an invoice for your customers’ CSP license subscriptions for the period 1st November to 30th November (new billing cycle), in arrears.

You will continue to receive the arrears invoice every month for your customers’ CSP license subscriptions for the prior month from January 2018 onward.

A summary of the change to billing in arrears can be found below:

Month Billing Type Billing Cycle Billing Date
August Prepayment + Adjustment Aug 15th to Sept 14th + prior month adjustment Aug 15 – 20
September Adjustment Prior month adjustment only Sep 15 – 20
October No Invoice No Invoice No Invoice
November Arrears Sep 15th to Oct 31st Nov 1st
December Arrears Nov 1st to Nov 30th Dec 1st
January Arrears Dec 1st to Dec 31st Jan 1st

 

How do my invoices during the transition period from September to November look like and how are they different from the current invoice?

September Invoicerhipe will begin the transition to billing in arrears.

You will receive a mid-month invoice ONLY for the adjustment of CSP subscription for the previous month (cycle: 15th Aug to 14th Sep).

There is no prepayment for the subscriptions for the next 1 month. I.e. There won’t be any charges for the period Sept 15th to Oct 14th.

An example of the September invoice can be seen below:

CSP_Billing_Change_Sept.png

 

For the 1st customer Easy Accounting Services

  • You will see on the invoice that “Easy Accounting Services” changed from 3 to 5 x Office 365 Business Essentials licenses on 17 August 2017.
  • You will see the usual credit for the amount pre-paid in August and the true-up of the actual usage for the month.
  • You should also note that there are no pre-payment line items on this invoice.

For the 2nd customer example Johns and Associates Accountants

  • You will see on this invoice that there were no quantity changes made in the month.
  • As such there are no pre-payment line items and there is nothing further to pay as the subscription 15 Aug 2017 – 14 Sep 2017 usage was already pre-paid in August.
  • You will see the term PREPAID, which means that the subscription was prepaid in the previous month already.

Note: You will see in the footer of this invoice that it is payable in the usual 14 days and therefore due on 30 September 2017.


October Invoice - No Invoice generated

 

November Invoice - rhipe transitioned to billing in arrears.

you will receive an invoice for the period 15th September to 31st October (47-day usage invoice). You are no longer charged in advance.

An example of the November invoice can be seen below:

CSP_Billing_Change_Nov.png

For the 1st customer Easy Accounting Services

  • You will see on this invoice that “Easy Accounting Services” changed quantity of Office 365 Business Essentials licenses from 5 to 6 on 18 September 2017.
  • You will also see that they again changed from 6 license to 8 on 21 October 2017.
  • As this is now a “billing in arrears” invoice you will see that a line item is shown for each change in quantity and there are no pre-payment line items.

For the 2nd customer Johns and Associates Accountants

  • You will see on this invoice that there were no quantity changes made in the month.
  • As this is now a “billing in arrears” invoice you will only see a single line item for the 47 days of usage and no pre-payment line item.

Note: You will see in the footer of this invoice that it is payable in the usual 14 days and therefore due on 15 November 2017.


December Invoice
On 1st December, it’s back to the new normal, you will receive an invoice for your customers’ CSP license subscriptions for the period 1st November to 30th November (new billing cycle), in arrears.


Why is rhipe changing the CSP billing?

There are two main reasons for the change.

Firstly, Microsoft is changing some programmatic rules around their CSP program. Microsoft is removing the unbilled “grace period” between subscription start date and billing date in FY18 Q1. As such, rhipe is discontinuing this feature.

Secondly, rhipe has received feedback that that the CSP billing is complex and difficult to understand. As a service and customer oriented organization, rhipe has decided to make the change simplify the billing to enable our partners to view and understand their invoices more easily.


What are the benefits for me as a partner for the change to billing in arrears?

Our partners will get the following benefits as we switch to billing in arrears:

A much easier to understand CSP invoice will allow you to spend less time reconciling our invoice to you with your customers’ invoices. This will lower your operational overhead, reduce your operating cost and allow your staffs to focus on other important tasks.

You will also have better cashflow for your business after the change from prepayment to billing in arrears for your CSP subscriptions with rhipe.

 

What is the new billing cycle?

The billing cycle of the new CSP billing is the from the 1st of the month to the last day of the calendar month.

 

What is my payment due after the change to billing in arrears?

Your payment term remains unchanged. Your payment is due within 14 days (for AU/NZ partners) or 30 days (for SEA and Korea partners) upon invoice.


How do I pay my invoice?

The ways you can pay your invoice remain unchanged.

  • For Australia partners, you will need to set up Direct Debit when you sign up for CSP program.
  • For SEA partners, you can pay your invoice by cheque or electronic fund transfer to rhipe.
  • For Korea partners, you can pay by credit card or electronic fund transfer to rhipe.

You can view your invoice in the rhipe Prime Portal under Invoices.

When you pay by direct credit or cheque, please also include your invoice #, customer ID, date and amount enclosed in your remittance advice.

 

Who do I contact with any billing enquiries?

If you have any billing enquiries, please contact your account manager first.

For payment enquires, please contact: accounts@rhipe.com

For other queries (like invoice question etc.) contact program.operations@rhipe.com 

 

As there is no free period now, what can I do to avoid double billing when I transition my customers’ tenants to rhipe CSP?

Microsoft now has new free trial SKUs in CSP that you can leverage on to avoid double billing during the transition of tenants to rhipe CSP. The free trial SKUs that would soon be available are:

  • Office 365 E3
  • Office 365 E5
  • Enterprise Mobility & Security E5
  • Dynamics 365 Customer Engagement Plan 1
  • Dynamics 365 for Financials (Not available in APAC)

The 30-day trial licenses would let your customers try different Microsoft online services before they decide, or you can purchase them as interim SKUs before a customer tenant is fully transitioned from other programs/resellers to rhipe CSP to avoid double billing.

 

Do I need to opt in to the change to billing in arrears?

There is no need to opt in to the change to billing in arrears as the change will take place automatically for all rhipe CSP partners.

 

Can I opt out of the change to billing in arrears?

The change to billing in arrears applies to all rhipe CSP partners and there is no option to opt out.

 

 

Azure Policy based VPN's experience idle drop-outs. An alternative is route-based VPN method.

More detail on route-based VPN is in article below

http://packetlife.net/blog/2011/aug/17/policy-based-vs-route-based-vpns-part-2/

In this situation the only way to truly find out is by creating a route based VPN and testing it to see if there are any drop outs.

Route-based VPNs are always on

The SAs for a route-based VPN are always maintained, so long as the corresponding tunnel interface is up. This is in contrast to a policy-based VPN, which forms SAs in response to detecting traffic which matches the policy (and will eventually tear down the SAs in the absence of such traffic). This can be seen as a benefit of policy-based VPNs if your VPN experiences infrequent traffic load, but personally I prefer to have my crypto tunnels up all the time to avoid IKE negotiation delay.



PROBLEM
One or more Active Directory Domain Services (AD DS) objects or attributes don't sync to Microsoft Azure Active Directory (Azure AD) as expected. When Active Directory synchronization runs, an object doesn't sync, and you experience one of the following symptoms:
  • You receive an error message that states that an attribute has a duplicate value.
  • You receive an error message that states that one or more attributes violate formatting requirements such as character set or character length.
  • You don't receive an error message, and directory synchronization seems to be completed. However, some objects or attributes aren't updated as expected.
Some examples of the error message that you may receive include the following:
  • A synchronized object with the same proxy address already exists in your Microsoft Online Services directory.
  • Unable to update this object because the user ID is not found.
  • Unable to update this object in Microsoft Online Services because the following attributes associated with this object have values that may already be associated with another object in your local directory.
CAUSE
This issue occurs for one of the following reasons:
  • The domain value that's used by AD DS attributes hasn't been verified.
  • One or more object attributes that require a unique value have a duplicate attribute value (such as the proxyAddresses attribute or theUserPrincipalName attribute) in an existing user account.
  • One or more object attributes violate formatting requirements that restrict the characters and the character length of attribute values.
  • One or more object attributes match exclusion rules for directory synchronization.

    The following table shows the default sync scoping rules:
    Object type Attribute name Condition of attribute when synchronization fails
    Contact DisplayName Contains "MSOL"
      msExchHideFromAddressLists Is set to "True"
    Security-enabled group isCriticalSystemObject Is set to "True"
    Mail-enabled groups
    (security group or distribution list)
    proxyAddresses

    and

    mail
    Has no "SMTP:" address entry

    and

    is not present
    Mail-enabled contacts proxyAddresses

    and

    mail
    Has no "SMTP:" address entry

    and

    is not present
    iNetOrgPerson sAMAccountName Is not present
      isCriticalSystemObject Is present
    User mailNickName Starts with "SystemMailbox"
      mailNickName Starts with "CAS_"

    and

    contains "{"
      sAMAccountName Starts with "CAS_"

    and

    contains "}"
      sAMAccountName Equals "SUPPORT_388945a0"
      sAMAccountName Equals "MSOL_AD_Sync"
      sAMAccountName Is not present
      isCriticalSystemObject Is set to "True"
  • The user principal name (UPN) was changed after the initial synchronization and must be updated manually.
  • Exchange Online Simple Mail Transfer Protocol (SMTP) addresses of synced users aren't populated appropriately in the on-premises Active Directory schema.
SOLUTION
To resolve this issue, use one of the following methods, as appropriate for your situation.

Resolution 1: Run IdFix to check for duplicates, missing attributes, and rule violations

Use the IdFix DirSync Error Remediation Tool to find objects and errors that prevent synchronization to Azure AD.
  • If you see "Blank" in the ERROR column after you run IdFix, see the following Microsoft Knowledge Base article:
    2857349 "Blank" is displayed in the ERROR column for one or more objects after you run the IdFix tool
  • If you see "Format" in the ERROR column after you run IdFix, see the following Microsoft Knowledge Base article:
    2857351 "Format" is displayed in the ERROR column for one or more objects after you run the IdFix tool
  • If you see "Character" in the ERROR column after you run IdFix, see the following Microsoft Knowledge Base article:
    2857352 "Character" is displayed in the ERROR column for one or more objects after you run the IdFix tool
  • If you see "Duplicate" in the ERROR column after you run IdFix, see the following Microsoft Knowledge Base article:
    2857385 "Duplicate" is displayed in the ERROR column for one or more objects after you run the IdFix tool

Resolution 2: Determine attribute conflicts that are caused by objects that weren't created in Azure AD through directory synchronization

To determine attribute conflicts that are caused by user objects that were created by using management tools (and that weren't created in Azure AD through directory synchronization), follow these steps:
  1. Determine the unique attributes of the on-premises AD DS user account. To do this, on a computer that has Windows Support Tools installed, follow these steps:
    1. Click Start, click Run, type ldp.exe, and then click OK.
    2. Click Connection, click Connect, type the computer name of an AD DS domain controller, and then click OK.
    3. Click Connection, click Bind, and then click OK.
    4. Click View, click Tree View, select the AD DS domain in the BaseDN drop-down list, and then click OK.
    5. In the navigation pane, locate and then double-click the object that isn't syncing correctly. The Details pane on the right side of the window lists all object attributes. The following example shows the object attributes:

      Screen shot of the object attributes
    6. Record the values of the userPrincipalName attribute and each SMTP address in the multivalue proxyAddresses attribute. You'll need these values later.
      Attribute name Example Notes
      proxyAddresses proxyAddresses (3): x500:/o=Exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1ae75fca0d3a4303802cea9ca50fcd4f-7628376; smtp:7628376@service.contoso.com; SMTP:7628376@contoso.com;
      • The number that's displayed in parentheses next to the attribute label indicates the number of proxy address values in the multivalue attribute.
      • Each distinct proxy address value is indicated by a semicolon (;).
      • The primary SMTP proxy address value is indicated by uppercase "SMTP:"
      userPrincipalName 7628376@contoso.com  
      Note Ldp.exe is included in Windows Server 2008 and in the Windows Server 2003 Support Tools. The Windows Server 2003 Support Tools are included in the Windows Server 2003 installation media. Or, to obtain the Support Tools, go to the following Microsoft website:
  2. Connect to Azure AD by using the Azure Active Directory Module for Windows PowerShell. For more info, go to Manage Azure AD using Windows PowerShell.

    Leave the console window open. You'll need to use it in the next step.
  3. Check for the duplicate userPrincipalName attributes.

    In the console connection that you opened in step 2, type the following commands in the order in which they are presented, and then press Enter after each command:
    • $userUPN = "<search UPN>"
      Note In this command, the placeholder "<search UPN>" represents the UserPrincipalName attribute that you recorded in step 1f.
    • get-MSOLUser –UserPrincipalName $userUPN | where {$_.LastDirSyncTime -eq $null} 
    Leave the console window open. You'll use it again in the next step.
  4. Check for duplicate proxyAddresses attributes. In the console connection that you opened in step 2, type the following commands in the order in which they are presented, and then press Enter after each command:
    • $SessionExO = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic - AllowRedirection
    • Import-PSSession $sessionExO -prefix:Cloud 
  5. For each proxy address entry that you recorded in step 1f, type the following commands in the order in which they are presented, and then press Enter after each command:
    • $proxyAddress = "<search proxyAddress>" 
      Note In this command, the placeholder "<search proxyAddress>" represents the value of a proxyAddresses attribute that you recorded in step 1f.
    • get-cloudmailbox | where {[string] $str = ($_.EmailAddresses); $str.tolower().Contains($proxyAddress.tolower()) -eq $true} | foreach {get-MSOLUser -UserPrincipalName $_.MicrosoftOnlineServicesID | where {($_.LastDirSyncTime -eq $null)<AngularNoBind>}}</AngularNoBind> 
Items that are returned after you run the commands in step 3 and 4 represent user objects that weren't created through directory synchronization and that have attributes that conflict with the object that isn't syncing correctly.

Resolution 3: Update AD DS attributes to remove duplicates, rules violations, and scoping exclusions

Identify the specific attributes that are preventing synchronization based on the following information:
  • Administrative email messages
  • The report from the output of the Office 365 Deployment Readiness Tool
  • Default directory synchronization scoping rules and custom rules
After a specific attribute value is identified, use the Active Directory Users and Computers tool to edit the attribute value. To do this, follow these steps:
  1. Open Active Directory Users and Computers, and then select the root node of the AD DS domain.
  2. Click View, and then make sure that the Advanced Features option is selected.
  3. In the left navigation pane, locate the user object, right-click it, and then click Properties.
  4. On the Object Editor tab, locate the attribute that you want, click Edit, and then edit the attribute value to the value that you want.
  5. Click OK two times.
Or, you can use Active Directory Service Interfaces (ADSI) Edit to update object attributes in AD DS. You can download and install ADSI Edit as a part of the Windows Server Toolkit. To use ADSI Edit to edit attributes, follow these steps.

Warning This procedure requires ADSI Edit. Using ADSI Edit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems that result from the incorrect use of ADSI Edit can be resolved. Use ADSI Edit at your own risk.
  1. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  2. Right-click ADSI Edit in the navigation pane, click Connect to, and then click OK to load the domain partition.
  3. Locate the user object, right-click it, and then click Properties.
  4. In the Attributes list, locate the attribute that you want, click Edit, and then edit the attribute value to the value that you want.
  5. Click OK two times, and then exit ADSI Edit.

Resolution 4: Create a new group and add it to the built-in group that's not being synced

To resolve the issue in the scenario where some built-in groups (such as the Domain Users group) are not synced, create a new group that contains all the applicable members and appropriate permissions of the built-in group. Then, add that group as a member to the built-in group that's not synced. Use the new group instead of the built-in group to manage members. By doing this, you still manage only one group.

You don't want to change the attributes of the built-in group or change the scoping rules of the identity sync appliance to allow critical system objects to be synced, because this may trigger other unexpected behavior. 

Resolution 5: Use SMTP matching to cause an on-premises user object to sync to an existing user object

To do this, see the following Microsoft Knowledge article:  
2641663 How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization

Resolution 6: Manually update a user account UPN 

To update a user account UPN that was licensed after initial directory synchronization has occurred, follow these steps:
  1. Click Start, click All Programs, click Windows Azure Active Directory, and then click Windows Azure Active Directory Module for Windows PowerShell.
  2. Run the following cmdlets at the Windows PowerShell prompt:
    1. $cred = get-credential
      Note When you're prompted, enter your admin credentials.
    2. Connect-MSOLService
    3. Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]

Resolution 7: Update user SMTP addresses by using on-premises Active Directory attributes

When SMTP attributes aren't synced to Exchange Online in an expected way, you may have to update the on-premises Active Directory attributes. To update on-premises Active Directory attributes so that the correct email address displays in Exchange Online, use Resolution 2 to manipulate the attributes that are listed in the following table.
On-premises Active Directory attribute name Example On-premises Active Directory attribute value Example Exchange Online email addresses
proxyAddresses SMTP:user1@contoso.com Primary SMTP: user1@contoso.com
Secondary SMTP: user1@contoso.onmicrosoft.com
proxyAddresses smtp:user1@contoso.com Primary SMTP: user1@contoso.onmicrosoft.com Secondary SMTP: user1@contoso.com
proxyAddresses SMTP:user1@contoso.com
smtp:user1@sub.contoso.com
Primary SMTP: user1@contoso.com
Secondary SMTP: user1@sub.contoso.com
Secondary SMTP: user1@contoso.onmicrosoft.com
mail User1@contoso.com Primary SMTP: user1@contoso.com
Secondary SMTP: user1@contoso.onmicrosoft.com
UserPrincipalName User1@contoso.com Primary SMTP: user1@contoso.com
Secondary SMTP: user1@contoso.onmicrosoft.com
The Microsoft Online Email Routing Address (MOERA) entry that's associated with the default domain (such as user1@contoso.onmicrosoft.com) is an interpreted value that's based on a user account’s alias. This specialty email address is inextricably linked to each Exchange Online recipient, and you can't manage, delete, or create additional MOERA addresses for any recipient. However, the MOERA address can be over-ridden as the primary SMTP address by using the attributes in the on-premises Active Directory user object.

Note The presence of data in the proxyAddresses attribute completely masks data in the mail attribute for Exchange Online email address population.

Note The presence of data in the proxyAddresses attribute, the mail attribute, or both attributes completely mask UserPrincipalName data for Exchange Online email address population. The UPN can be used to manage email addresses. However, an admin can decide to manage the email address and UPN separately by populating proxyAddresses or mail attributes.

We highly recommend that one of these attributes be used consistently to manage Exchange Online email addresses for synced users.
MORE INFORMATION
The Windows PowerShell commands that are mentioned in this article require the Azure Active Directory Module for Windows PowerShell. For more information about the Azure Active Directory Module for Windows PowerShell, go to Manage Azure AD using Windows PowerShell.

For more information about filtering directory synchronization by attributes, see the following Microsoft TechNet wiki article:

Recommended steps

To resolve common issues, try one or more of the following steps.

  • Review your VM's console screenshot to correct boot problems
  • Reset Remote Access to address remote server issues 
  • Reset remote access using PowerShell or CLI
  • Restart the Virtual Machine to address startup issues by clicking 'Restart' at the top of the VM resource blade
  • RDP to your VM from Internet may not work with forced tunneling enabled. Review effective routes. With forced tunneling, all outbound traffic destined to Internet will be redirected to on-premises
  • To connect to your VM via RDP, please review effective security group rules to ensure inbound “Allow” NSG rule exists for RDP port(3389)
  • Address Azure host issues by redeploying, which will migrate the VM to a new Azure host
  • If you're getting an RDP license error, use 'mstsc/admin' as a work around. If needed, uninstall or buy an RDS license. 
  • Address Remote Desktop License Server error
  • Recommended documents

 

Troubleshoot Remote Desktop connections to an Azure virtual machine running Windows

 

The Remote Desktop Protocol (RDP) connection to your Windows-based Azure virtual machine (VM) can fail for various reasons, leaving you unable to access your VM. The issue can be with the Remote Desktop service on the VM, the network connection, or the Remote Desktop client on your host computer. This article guides you through some of the most common methods to resolve RDP connection issues. If your issue isn't listed here or you still can't connect to your VM via RDP, you can read more detailed RDP troubleshooting concepts and steps.

If you need more help at any point in this article, you can contact the Azure experts on the MSDN Azure and Stack Overflow forums. Alternatively, you can file an Azure support incident. Go to theAzure support site and select Get Support.

 

Quick troubleshooting steps

After each troubleshooting step, try reconnecting to the VM:

  1. Reset remote access using the Azure portal or Azure PowerShell
  2. Restart the VM
  3. Redeploy the VM
  4. Check Network Security Group / Cloud Services endpoint rules
  5. Review VM console logs in the Azure portal or Azure PowerShell
  6. Check the VM Resource Health in the Azure portal
  7. Reset your VM password

Continue reading if you need more detailed steps and explanations for both Resource Manager and Classic deployment models.

 

Troubleshoot VMs created by using the Resource Manager deployment model

After each troubleshooting step, try reconnecting to the VM.

Tip:

If the 'Connect' button in the portal is grayed out and you are not connected to Azure via anExpress Route or Site-to-Site VPN connection, you need to create and assign your VM a public IP address before you can use RDP. You can read more about public IP addresses in Azure.

  1. Reset remote access by using PowerShell.

    • If you haven't already, install and configure the latest Azure PowerShell.
    • Reset your RDP connection by using either of the following PowerShell commands. Replace the myRG, myVM, myVMAccessExtension, and location with values that are relevant to your setup.
    Copy
    Set-AzureRmVMExtension -ResourceGroupName "myRG" -VMName "myVM" `
        -Name "myVMAccessExtension" -ExtensionType "VMAccessAgent" `
        -Publisher "Microsoft.Compute" -typeHandlerVersion "2.0" `
        -Location Westus

    OR

    Copy
    Set-AzureRmVMAccessExtension -ResourceGroupName "myRG" `
        -VMName "myVM" -Name "myVMAccess" -Location Westus
    Note:

    In the preceding examples, myVMAccessExtension or MyVMAccess is a name that you specify for the new extension to install as part of the process. This is often set to the name of the VM. If you have previously worked with the VMAccessAgent, you can get the name of the existing extension by using Get-AzureRmVM -ResourceGroupName "myRG" -Name "myVM" to check the properties of the VM. Look under the 'Extensions' section of the output to view the name. Since only one VMAccessAgent can exist on a VM, you also need to add the -ForceReRun True parameter when using Set-AzureRmVMExtension to re-register the agent.

  2. Restart your VM to address other startup issues. Select Browse > Virtual machines > your VM >Restart.

  3. Redeploy VM to a new Azure node.

    After this operation finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

  4. Verify that your Network Security Group rules allow RDP traffic (TCP port 3389).

  5. Review your VM's console log or screenshot to correct boot problems. Select Browse > Virtual machines > your Windows virtual machine > Support + Troubleshooting > Boot diagnostics.

  6. Reset your VM's password.

If you are still encountering RDP issues, you can open a support request or read more detailed RDP troubleshooting concepts and steps.

Troubleshoot VMs created by using the Classic deployment model

After each troubleshooting step, try reconnecting to the VM.

  1. Reset the Remote Desktop service from the Azure portal. Select Browse > Virtual machines (classic) > your VM > Reset Remote....

  2. Restart your VM to address other startup issues. Select Browse > Virtual machines (classic) >your VM > Restart.

  3. Redeploy VM to a new Azure node.

    After this operation finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

  4. Verify that your Cloud Services endpoint allow RDP traffic.

  5. Review your VM’s console log or screenshot to correct boot problems. Select Browse > Virtual machines (classic) > your VM > Settings > Boot diagnostics.

  6. Check your VM's Resource Health for any platform issues. Select Browse > Virtual machines (classic) > your VM > Settings > Check Health.

  7. Reset your VM's password.

If you are still encountering RDP issues, you can open a support request or read more detailed RDP troubleshooting concepts and steps.

Troubleshoot specific Remote Desktop connection errors

You may receive a specific error when trying to connect to your VM via RDP. The following are the most common error messages:

 

The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.

Cause: The 120-day licensing grace period for the Remote Desktop Server role has expired and you need to install licenses.

As a workaround, save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. This disables licensing for just that connection:

Copy
    mstsc <File name>.RDP /admin

If you don't actually need more than two simultaneous Remote Desktop connections to the VM, you can use Server Manager to remove the Remote Desktop Server role.

For more information, see the blog post Azure VM fails with "No Remote Desktop License Servers available".

 

Remote Desktop can't find the computer "name".

Cause: The Remote Desktop client on your computer can't resolve the name of the computer in the settings of the RDP file.

Possible solutions:

  • If you're on an organization's intranet, make sure that your computer has access to the proxy server and can send HTTPS traffic to it.

  • If you're using a locally stored RDP file, try using the one that's generated by the portal. This ensures that you have the correct DNS name for the virtual machine, or the cloud service and the endpoint port of the VM. Here is a sample RDP file generated by the portal:

    Copy
    full address:s:tailspin-azdatatier.cloudapp.net:55919
    prompt for credentials:i:1

The address portion of this RDP file has: - The fully qualified domain name of the cloud service that contains the VM ("tailspin-azdatatier.cloudapp.net" in this example).

  • The external TCP port of the endpoint for Remote Desktop traffic (55919).

 

An authentication error has occurred. The Local Security Authority cannot be contacted.

Cause: The target VM can't locate the security authority in the user name portion of your credentials.

When your user name is in the form SecurityAuthority\UserName (example: CORP\User1), theSecurityAuthority portion is either the VM's computer name (for the local security authority) or an Active Directory domain name.

Possible solutions:

  • If the account is local to the VM, make sure that the VM name is spelled correctly.

  • If the account is on an Active Directory domain, check the spelling of the domain name.

  • If it is an Active Directory domain account and the domain name is spelled correctly, verify that a domain controller is available in that domain. It's a common issue in Azure virtual networks that contain domain controllers that a domain controller is unavailable because it hasn't been started. As a workaround, you can use a local administrator account instead of a domain account.

 

Windows Security error: Your credentials did not work.

Cause: The target VM can't validate your account name and password.

A Windows-based computer can validate the credentials of either a local account or a domain account.

  • For local accounts, use the ComputerName\UserName syntax (example: SQL1\Admin4798).
  • For domain accounts, use the DomainName\UserName syntax (example: CONTOSO\peterodman).

If you have promoted your VM to a domain controller in a new Active Directory forest, the local administrator account that you signed in with is converted to an equivalent account with the same password in the new forest and domain. The local account is then deleted.

For example, if you signed in with the local account DC1\DCAdmin, and then promoted the virtual machine as a domain controller in a new forest for the corp.contoso.com domain, the DC1\DCAdmin local account gets deleted and a new domain account (CORP\DCAdmin) is created with the same password.

Make sure that the account name is a name that the virtual machine can verify as a valid account, and that the password is correct.

If you need to change the password of the local administrator account, see How to reset a password or the Remote Desktop service for Windows virtual machines.

 

This computer can't connect to the remote computer.

Cause: The account that's used to connect does not have Remote Desktop sign-in rights.

Every Windows computer has a Remote Desktop users local group, which contains the accounts and groups that can sign into it remotely. Members of the local administrators group also have access, even though those accounts are not listed in the Remote Desktop users local group. For domain-joined machines, the local administrators group also contains the domain administrators for the domain.

Make sure that the account you're using to connect with has Remote Desktop sign-in rights. As a workaround, use a domain or local administrator account to connect over Remote Desktop. To add the desired account to the Remote Desktop users local group, use the Microsoft Management Console snap-in (System Tools > Local Users and Groups > Groups > Remote Desktop Users).

Troubleshoot Remote Desktop connections to an Azure virtual machine running Windows

Troubleshoot Remote Desktop connections to an Azure virtual machine running Windows

Updated: 09/01/2016
Contributors:
  • +2
Edit on GitHub

The Remote Desktop Protocol (RDP) connection to your Windows-based Azure virtual machine (VM) can fail for various reasons, leaving you unable to access your VM. The issue can be with the Remote Desktop service on the VM, the network connection, or the Remote Desktop client on your host computer. This article guides you through some of the most common methods to resolve RDP connection issues. If your issue isn't listed here or you still can't connect to your VM via RDP, you can read more detailed RDP troubleshooting concepts and steps.

If you need more help at any point in this article, you can contact the Azure experts on the MSDN Azure and Stack Overflow forums. Alternatively, you can file an Azure support incident. Go to theAzure support site and select Get Support.

 

Quick troubleshooting steps

After each troubleshooting step, try reconnecting to the VM:

  1. Reset remote access using the Azure portal or Azure PowerShell
  2. Restart the VM
  3. Redeploy the VM
  4. Check Network Security Group / Cloud Services endpoint rules
  5. Review VM console logs in the Azure portal or Azure PowerShell
  6. Check the VM Resource Health in the Azure portal
  7. Reset your VM password

Continue reading if you need more detailed steps and explanations for both Resource Manager and Classic deployment models.

 

Troubleshoot VMs created by using the Resource Manager deployment model

After each troubleshooting step, try reconnecting to the VM.

Tip:

If the 'Connect' button in the portal is grayed out and you are not connected to Azure via anExpress Route or Site-to-Site VPN connection, you need to create and assign your VM a public IP address before you can use RDP. You can read more about public IP addresses in Azure.

  1. Reset remote access by using PowerShell.

    • If you haven't already, install and configure the latest Azure PowerShell.
    • Reset your RDP connection by using either of the following PowerShell commands. Replace the myRG, myVM, myVMAccessExtension, and location with values that are relevant to your setup.
    Copy
    Set-AzureRmVMExtension -ResourceGroupName "myRG" -VMName "myVM" `
        -Name "myVMAccessExtension" -ExtensionType "VMAccessAgent" `
        -Publisher "Microsoft.Compute" -typeHandlerVersion "2.0" `
        -Location Westus

    OR

    Copy
    Set-AzureRmVMAccessExtension -ResourceGroupName "myRG" `
        -VMName "myVM" -Name "myVMAccess" -Location Westus
    Note:

    In the preceding examples, myVMAccessExtension or MyVMAccess is a name that you specify for the new extension to install as part of the process. This is often set to the name of the VM. If you have previously worked with the VMAccessAgent, you can get the name of the existing extension by using Get-AzureRmVM -ResourceGroupName "myRG" -Name "myVM" to check the properties of the VM. Look under the 'Extensions' section of the output to view the name. Since only one VMAccessAgent can exist on a VM, you also need to add the -ForceReRun True parameter when using Set-AzureRmVMExtension to re-register the agent.

  2. Restart your VM to address other startup issues. Select Browse > Virtual machines > your VM >Restart.

  3. Redeploy VM to a new Azure node.

    After this operation finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

  4. Verify that your Network Security Group rules allow RDP traffic (TCP port 3389).

  5. Review your VM's console log or screenshot to correct boot problems. Select Browse > Virtual machines > your Windows virtual machine > Support + Troubleshooting > Boot diagnostics.

  6. Reset your VM's password.

If you are still encountering RDP issues, you can open a support request or read more detailed RDP troubleshooting concepts and steps.

Troubleshoot VMs created by using the Classic deployment model

After each troubleshooting step, try reconnecting to the VM.

  1. Reset the Remote Desktop service from the Azure portal. Select Browse > Virtual machines (classic) > your VM > Reset Remote....

  2. Restart your VM to address other startup issues. Select Browse > Virtual machines (classic) >your VM > Restart.

  3. Redeploy VM to a new Azure node.

    After this operation finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

  4. Verify that your Cloud Services endpoint allow RDP traffic.

  5. Review your VM’s console log or screenshot to correct boot problems. Select Browse > Virtual machines (classic) > your VM > Settings > Boot diagnostics.

  6. Check your VM's Resource Health for any platform issues. Select Browse > Virtual machines (classic) > your VM > Settings > Check Health.

  7. Reset your VM's password.

If you are still encountering RDP issues, you can open a support request or read more detailed RDP troubleshooting concepts and steps.

Troubleshoot specific Remote Desktop connection errors

You may receive a specific error when trying to connect to your VM via RDP. The following are the most common error messages:

 

The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.

Cause: The 120-day licensing grace period for the Remote Desktop Server role has expired and you need to install licenses.

As a workaround, save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. This disables licensing for just that connection:

Copy
    mstsc <File name>.RDP /admin

If you don't actually need more than two simultaneous Remote Desktop connections to the VM, you can use Server Manager to remove the Remote Desktop Server role.

For more information, see the blog post Azure VM fails with "No Remote Desktop License Servers available".

 

Remote Desktop can't find the computer "name".

Cause: The Remote Desktop client on your computer can't resolve the name of the computer in the settings of the RDP file.

Possible solutions:

  • If you're on an organization's intranet, make sure that your computer has access to the proxy server and can send HTTPS traffic to it.

  • If you're using a locally stored RDP file, try using the one that's generated by the portal. This ensures that you have the correct DNS name for the virtual machine, or the cloud service and the endpoint port of the VM. Here is a sample RDP file generated by the portal:

    Copy
    full address:s:tailspin-azdatatier.cloudapp.net:55919
    prompt for credentials:i:1

The address portion of this RDP file has: - The fully qualified domain name of the cloud service that contains the VM ("tailspin-azdatatier.cloudapp.net" in this example).

  • The external TCP port of the endpoint for Remote Desktop traffic (55919).

 

An authentication error has occurred. The Local Security Authority cannot be contacted.

Cause: The target VM can't locate the security authority in the user name portion of your credentials.

When your user name is in the form SecurityAuthority\UserName (example: CORP\User1), theSecurityAuthority portion is either the VM's computer name (for the local security authority) or an Active Directory domain name.

Possible solutions:

  • If the account is local to the VM, make sure that the VM name is spelled correctly.

  • If the account is on an Active Directory domain, check the spelling of the domain name.

  • If it is an Active Directory domain account and the domain name is spelled correctly, verify that a domain controller is available in that domain. It's a common issue in Azure virtual networks that contain domain controllers that a domain controller is unavailable because it hasn't been started. As a workaround, you can use a local administrator account instead of a domain account.

 

Windows Security error: Your credentials did not work.

Cause: The target VM can't validate your account name and password.

A Windows-based computer can validate the credentials of either a local account or a domain account.

  • For local accounts, use the ComputerName\UserName syntax (example: SQL1\Admin4798).
  • For domain accounts, use the DomainName\UserName syntax (example: CONTOSO\peterodman).

If you have promoted your VM to a domain controller in a new Active Directory forest, the local administrator account that you signed in with is converted to an equivalent account with the same password in the new forest and domain. The local account is then deleted.

For example, if you signed in with the local account DC1\DCAdmin, and then promoted the virtual machine as a domain controller in a new forest for the corp.contoso.com domain, the DC1\DCAdmin local account gets deleted and a new domain account (CORP\DCAdmin) is created with the same password.

Make sure that the account name is a name that the virtual machine can verify as a valid account, and that the password is correct.

If you need to change the password of the local administrator account, see How to reset a password or the Remote Desktop service for Windows virtual machines.

 

This computer can't connect to the remote computer.

Cause: The account that's used to connect does not have Remote Desktop sign-in rights.

Every Windows computer has a Remote Desktop users local group, which contains the accounts and groups that can sign into it remotely. Members of the local administrators group also have access, even though those accounts are not listed in the Remote Desktop users local group. For domain-joined machines, the local administrators group also contains the domain administrators for the domain.

Make sure that the account you're using to connect with has Remote Desktop sign-in rights. As a workaround, use a domain or local administrator account to connect over Remote Desktop. To add the desired account to the Remote Desktop users local group, use the Microsoft Management Console snap-in (System Tools > Local Users and Groups > Groups > Remote Desktop Users).

Sample data gives you something to experiment with as you learn Microsoft Dynamics CRM, and helps you see how data is organized in the system. At some point, you’ll probably want to remove the sample data.

Or, if sample data isn’t installed on your system, you may want to add it for training purposes. Later, when you’re ready, you can remove it.


Important: Use sample data to learn and play around with system features. However, to avoid unwanted results, don’t associate it with any data you actually need.


  1. Make sure you have the System Administrator security role or equivalent permissions in Microsoft Dynamics CRM.

    Check your security role

  2. Go to Settings > Data Management.

  3. Click Sample Data. You’ll see a message that tells you whether the sample data is currently installed.

  4. Do one of the following:

    Click Remove Sample Data, and then click Close.

    -OR-

    Click Install Sample Data, and then click Close.

There are a large number is issues syncing Sharepoint Online libraries via OneDrive - least of all having to have a copy of all those files on your PC. This can fill your hard disk very easily with newer devices having faster, yest smaller Solid Sate Drives (SSD's) instead of the slower Hard Disks Drives (HDD's) which have more capacity but are slower.

OneDrive for Business has a hard limit of 20,000 files to be synced to your machine, so if you have more than this you are out of luck. There is also a limit of 5,000 files per library synced which many people also find a big limitation.

To get around this, we should be mapping the Sharepoint Library as a network location in Windows Explorer.

PLEASE NOTE: This procedure requires a 32-bit version of Internet Explorer, either version 10 or 11. No other browsers will work. If you attempt this in a 64-bit Internet Explorer session it will fail. Google Chrome, Mozilla Firefox or the new Microsoft Edge browser do not support this at all.

 

Initial steps:

  1. Add the following to Trusted sites in Internet Explorer:
    • https://*.sharepoint.com
    • https://*.microsoftonline.com
  2. Go to Internet Explorer settings – Tools, Options, Connections, LAN Settings, uncheck 'Automatically detect Settings' – this will significantly improve the connection to SharePoint.
  3. Before you map a drive, login to Office 365 at https://portal.office.com via Internet Explorer and tick 'Remember my credentials'. Once completed, close the Internet Explorer session.
  4. To test the saved credential, open the Sharepoint Online site in Internet Explorer again and make sure it does not prompt for credentials.
  5. Open services.msc (or via Control Panel > Administrative Tools > Services) and make sure WebClient service is set to Automatic.

 

Mapping Sharepoint on Windows 10:

  1. Open your Sharepoint site in Internet Explorer and navigate to the folder you wish to map. Usually this will be a Shared Documents folder.
  2. From the tool bar ribbon select Library and then select Open with Explorer (this will open the Library as a standard File Explorer folder).
  3. Highlight the address from the address bar in the Windows Explorer and copy to clipboard (Ctrl-C).
  4. Go to File Explorer and right click on "This PC" and select 'Map Network Drive'.
  5. In the Map Network Drive window, do not set a drive letter but tick the boxes marked 'Reconnect sign-in' and 'Connect using different credentials'. Then select the link below marked 'Connect to a Web site that you can store your documents and pictures'. Click through and paste the address you copied from the clipboard in step 3 and proceed.
  6. Enter your Office 365 credentials (username and password) and check the box marked 'Remember Credentials'. You will be prompted twice for the username and password, make sure you fill it in twice and twice select remember credentials.
  7. It will give you a folder win File Explorer listed under 'This PC' (or 'My Computer' if running Windows 7/8/8.1) like below:

CAUTION: If you do wish to map Sharepoint to a drive letter, be aware that the drive mapping will drop out after 8 hours. As this is problematic for some people, our recommendation is to create a network location which adds a folder under 'This Computer' in File Explorer.

This article shows you how you can diagnose common issues with your SharePoint Online site using Internet Explorer developer tools.

There are three different ways that you can identify that a page on a SharePoint Online site has a performance problem with the customizations.

  • The F12 tool bar network monitor

  • Comparison to a non-customized baseline

  • SharePoint Online response header metrics

This topic describes how to use each of these methods to diagnose performance issues. Once you've figured out the cause of the problem, you can work toward a solution using the articles about improving SharePoint performance that you can find on http://aka.ms/tune.

Using the F12 tool bar to diagnose performance in SharePoint Online

In this article we use Internet Explorer 11. Versions of the F12 developer tools on other browsers have similar features though they may look slightly different. For information on the F12 developer tools, see:

To bring up the developer tools press F12 and then click the Wi-Fi icon:

Screenshot of F12 developer tools wifi icon

On the Network tab, press the green play button to load a page. The tool returns all of the files that the browser requests in order to get the page you asked for. The following screen shot shows one such list.

Screenshot of the list of files returned with a page request.

You can also see the download times of the files on the right side as shown in this screen shot.

Diagram showing the time it takes to load the requested pages from SharePoint

This gives you a visual representation of how long the file took to load. The green line represents when the page is ready to be rendered by the browser. This can give you a quick view of the different files that might be causing slow page loads on your site.

Setting up a non-customized baseline for SharePoint Online

The best way to determine your site’s performance weak points is to set up a completely out-of-the-box site collection in SharePoint Online. This way you can compare all the various aspects of your site with what you would get with no customization on the page. The OneDrive for Business home page is a good example of a separate site collection that is unlikely to have any customizations.

Viewing SharePoint response header information

In SharePoint Online and SharePoint Server 2013 you can access the information that is sent back to the browser in the response header for each file. The two most useful values for diagnosing performance issues are SPRequestDuration and X-SharePointHealthScore:

  • SPRequestDuration

    This is the amount of time that the request took on the server to be processed. This can help determine if the request is very heavy and resource intensive. This is the best insight you have into how much work the server is doing to serve the page.

  • X-SharePointHealthScore

    This indicated the health of the server that your SharePoint instance is running on. This number ranges from 0 to 10 where 0 is the most healthy and 10 is the least healthy. This number helps you determine if the server is the bottleneck in your page loading or if it is something specific to your page. The server health score is almost always 0. In SharePoint Online, automated alerts when server health score degrades so you should never expect to see a non-0 score for long.

To view SharePoint response header information
  1. Ensure that you have the F12 tools installed. For more information on downloading and installing these tools, see What's new in F12 tools.

  2. In the F12 tools, on the Network tab, press the green play button to load a page.

  3. Click one of the .aspx files returned by the tool and then click DETAILS.

    Shows details of the response header
  4. Click Response headers.

    Diagram showing the URL of the response header

What do I need?

Before you get started with installation, be sure you have the following:

  • Notification of a purchased license for Project Pro via the rhipe CSP Program;

  • A user account to assign the license to;

  • The user has a Windows PC to install the program on. 

If you have a Mac, installation requires some extra steps. Take a look at this post on Microsoft's Project Support blog for more information, or possibly consider

 Project Online for browser-based, collaborative project management tools. Project Online requires a separate license from Project Pro for Office 365, and rhipe can provision that for you too.

Applying the license

  1. Log into the Office 365 Admin Center as an administrator, or delegated admin.
  2. Go to USERS > Active Users. Either find the user, or do a search to find them. Edit the user and go to the licensing page. Add the available Project Pro license to the user and save the changes.

Where do I go to install?

  1. Once the license is applied to the user, they should log into the Office 365 portal with their user account.

  2. The software assigned to their user account should be available on the Software page labelled as Project Pro for Office 365.

  3. Choose your language, and then click Install.

    Install
  4. Click Run.

    Choose Run
  5. Click Yes to allow the installation to run.

    You may need to close some programs before continuing with installation.

  6. Installation happens in the background. You'll know that Project Pro for Office 365 is being installed when you see a notification like this:
Notification about installation

When installation is done, you'll see another notification, and you can start digging in!

The user cannot see the software!

If you have assigned the license and the user cannot see the software, then please Submit a new incident

Rooms are a useful way to book a location or facility for meetings and other events. This may include things like Board or Meeting rooms, equipment such as shared laptops, company vehicles or even something like a visitor carpark space.

In Outlook, you can select the 'Room' the calendar entry once you select 'Add Invitees' to a calendar entry or meeting request. So while you might hear the concept of a Room, in terms of Exchange Online this sort of item is called a Resource Mailbox

 

Steps to create a Resource Mailbox

  1. Sign in to the Office 365 Admin Center.
  2. Click on the Admin link at the bottom of the menu, then Exchange. This opens up the Exchange Control Panel, or ECP.
  3. In Exchange Control Panel, select Recipients > Resources.
  4. Click the + to create a new resource mailbox. You can select either a Room mailbox, or an Equipment mailbox.
  5. In the Room name, Location, Phone and Capacity fields, and hit save. The resource will now be created.

Making Changes

  1. You can edit the Mailbox by highlighting it, then clicking the Pencil symbol above to edit the Resource Mailbox.
  2. Booking Delegates: You can have booking requests accept or decline automatically, based on other settings, then first-come, first-served basis. Otherwise, you can select delegates are a user responsible for approving requests to book the resource. If you assign more than one delegate, only one needs to approve or deny a specific meeting request. Use the + symbol to add a delegate, or highlight an existing delegate and click the - symbol to remove the delegate.
  3. Booking Options:  This section gives you various options including maximum booking lead time, or and maximim booking length in hours.
  4. Contact Information: Fill in the various information about the resource here.
  5. Email Address: You generally should not need to add any addresses here.
  6. Mail Tip: You can set a message here to display to those booking the resource. It could contain response times or who can approve requests. 
  7. Mailbox Delegation: You should not need to set anything here - leaving as default is strongly suggested. 
  8. When you are finished, click Save.

Note: Sometimes, when creating a new resource mailbox and assigning delegates, you may get an error if the system has not had time to actually create the mailbox. If you get error messages about delegates or delegates aren't added, wait 24 hours and try again.

The Visual Studio licences is billed against the Azure subscription and for them to be able to select the Azure subscription via the Visual Studio marketplace, partner/user must be given Owner permission to the Azure sub.  The following self-explanatory screenshots will be addition to the steps in the given PDF guide.

 

 

 

 

 

 

 

 

 

Note : You have to be a global administrator in Office 365 to perform the steps

 

Step 1 : Assign yourself eDiscovery Permission

The first step is to assign yourself the necessary permissions in Exchange Online so you can use the In-Place eDiscovery tool to search a user's mailbox. You only have to do this once. If you have to search another mailbox in the future, you can skip this step.

  1. Sign in to Office 365 
  2. Head to Admin Center > Select on Exchange 
  3. In Admin Exchange Center, Click on Permission, then click on Admin Roles
  4. Select Discovery Management, Click Edit

     5. In role group, under Members, click Add

  1. In Select Members, select yourself from the list of names, click Add, and then click OK.
  1. In Role Group, click Save.

     8. Sign out of office 365

*You have to sign out before you start the next step so the new permission will take effect.

 

Step 2 : Search the user's mailbox for deleted items

When you run an In-Place eDiscovery search, the Recoverable Items folder in the mailbox that you search is automatically included in the search. The Recoverable Items folder is where permanently deleted items are stored until they're purged (permanently removed) from the mailbox. So, if an item hasn't been purged, you should be able to find it by using the In-Place eDiscovery tool.

 

  1. Sign in to Office 365 with your work or school account.
  2. Select the app launcher icon in the upper-left and click Admin.
  3. In the left navigation in the Office 365 admin center, expand Admin, and then click Exchange.
  4. In the Exchange admin center, click Compliance management, click In-Place eDiscovery & Hold, and then click New .
  5. On the Name and description page, type a name for the search (such as the name of the user you're recovering email for), an optional description, and then click Next.
  6. On the Mailboxes page, click Specify mailboxes to search, and then click Add .
  7. Find and select the name of the user that you're recovering the deleted email for, click Add, and then click OK.
  8. Click Next. The Search query page is displayed. This is where you define the search criteria that will help you find the missing items in user's mailbox.
  9. On the Search query page, complete the following fields:
  • Include all contentSelect this option to include all content in the user's mailbox in the search results. If you select this option, you can’t specify additional search criteria.
  • Filter based on criteriaSelect this option to specify the search criteria, including keywords, start and end dates, sender and recipient addresses, and message types.

Click Next when you've completed the Search query page.

 

    10. On the In-Place Hold settings page, click Finish to start the search. To recover deleted email, there's no reason to place the user's mailbox on hold.

    11. Select the search you just created and click Refresh to update the information displayed in the details pane. The status of Estimate Succeeded indicates that the search has finished. Exchange also displays an estimate of the total number of items (and their size) found by the search based on the search criteria you specified in step 9.

    12. In the details pane, click Preview search results to view the items that were found. This might help you identify the item(s) that you're looking for. If you find the item(s) you're trying to recover, go to step 4 to export the search results to a PST file.

 

    13. If you don't find what you're looking for, you can revise your search criteria by selecting the search, clicking Edit , and then clicking Search query. Change the search criteria and then rerun the search

 

Step 3 : Copy the search result to a discovery mailbox

 

If you can't find an items by previewing the search results or if you want to see which items are in the user's Recoverable Items folder, then you can copy the search results to a special mailbox (called a discovery mailbox) and then open that mailbox in Outlook on the web to view the actual items. The best reason to copy the search results is so you can view the items in the user's Recoverable Items folder. More than likely, the item you're trying to recover is located in the Purges subfolder.

 

  1. In the Exchange admin center, go to Compliance management > In-Place eDiscovery & Hold.

  2. In the list of searches, select the search that you created in Step 2.

  3. Click Search search , and then click Copy search results from the drop-down list.

 

  1. On the Copy Search Results page, click Browse.

  1. Under Display Name, click Discovery Search Mailbox, and then click OK.

 

Note: The Discovery Search Mailbox is a default discovery mailbox that is automatically created in your Office 365 organization.

  1. Back on the Copy Search Results page, click Copy to start the process to copy the search results to the Discovery Search Mailbox.
  1. Click Refresh to update the information about the copying status that is displayed in the details pane.

      8. When the copying is complete, click Open to open the Discovery Search Mailbox to view the search results

 

The search results copied to the Discovery Search Mailbox are placed in a folder that has the same name as the In-Place eDiscovery search. You can click a folder to display the items in that folder.

 

 

When you run a search, the user's Recoverable Items folder is also searched. That means if items in the Recoverable Items folder meet the search criteria, they are included in the search results. Items in the Deletions folder are items that the user permanently deleted (by deleting an item from the Deleted Items folder or by selecting it and pressing Shift+Delete. A user can use the Recover Deleted Items tool in Outlook or Outlook on the web to recover items in the Deletions folder. Items in the Purges folder are items that the user purged by using the Recover Deleted Items tool or items they were automatically purged by a policy applied to the mailbox. In either case, only an admin can recover items in the Purges folder.

 

Step 4 : Export the search result to a PST file

 

After you find the item you're trying to recover for a user, the next step is to export the results from the search you ran in Step 2 to a PST file. The user will use this PST file in the next step to restore the deleted item to their mailbox.

  1. In the Exchange admin center, go to Compliance management > In-Place eDiscovery & Hold.
  2. In the list of searches, select the search that you created in Step 2.
  3. Click Export to a PST file.

 

     4. If you're prompted to install the eDiscovery Export Tool, click Run

  1. In the eDiscovery PST Export Tool, click Browse to specify the location where you want to download the PST file.

 

  1. Click Start to download the PST file to your computer.

The eDiscovery PST Export Tool displays status information about the export process. When the export is complete, you can access the file in the location where it was downloaded

 

 

If your getting the message 'Can't display. Try again' in the Groups section of the O365 Admin Center, this occurs because the tenancy doesn't have any active O365 licenses.

 

So the alternative way to do it via the Azure AD admin link on the bottom under 'Admin Centers' as per below from O365 portal.

 

 

This is in relation to the email you received when provisioning the Azure subscription and following the steps in the email to give access - Your Azure Subscription is ready as per below

Customer Access: We have created two access groups within your customer tenant for local users to gain access to the Azure Admin Portal. This is ideal for tenants who have the technical ability and want to manage their own Azure infrastructure, or Accounts personnel who require access to usage data.

 

Simply add the user account to either of the following groups, and they can then log in with their accounts via https://portal.azure.com/ 

 

AzureAdmin: For administrative access to the Azure Admin Portal, including setting up new services or editing existing services. We suggest you add the global administrator account of the tenancy to this group – usually admin@*.onmicrosoft.com

 

AzureView: For read-only access to the Azure Admin Portal, and to run reports.

 

 

 

Important: By default, when a resource is created, ANYONE can schedule/invite the resource. The event will show up within the resource calendar, but will require approval. You must be the primary owner of the resource to manage these settings. The primary owner can only be assigned by a domain administrator. Contact your domain administrator to find out who the primary owner of a resource.

  1. Log into Office 365 account via Outlook on the web.
  2. Click your name in the top right corner and select Open another mailbox from the dropdown list.
  3. Enter the resource name and either select it from the automatic look up list or click Search Contacts & Directory link to find the room in the open another mailbox field. Note: If the resource is not found, enter in the fully qualified email address of the resource and search again.
  4. Click Open. The resource account will open in a new browser tab.

Once logged in, depending on the access provided, you may:

  • Accept meeting invitations if necessary
  • Send email messages
  • Create, modify meeting requests sent from the resource

Accessing the resource scheduling settings

  1. Sign into OWA outlook.office365.com as yourself who has full permission to access the Calendar
  2. Click on the Settings Icon Settings Gear Icon in the top right corner and choose open another users folder and open the desired resource.
  3. Once you have opened the Calendar resource
  4. Expand the Calendar section in the left navigation pane.
  5. Click Resource scheduling from with the listing. You will see the following screen.

    Resource Settings Screen

  6. Configure the Scheduling Options and Scheduling Permissions using the following tables to assist with option selections.
  7. Click SAVE once you have finished making your changes.

Configure the connection filter policy

Exchange Online
 
 Applies to: Exchange Online, Exchange Online Protection

Topic Last Modified: 2016-04-05

Most of us have friends and business partners we trust. It can be frustrating to find email from them in your junk email folder, or even blocked entirely by a spam filter. If you want to make sure that email sent from people you trust isn’t blocked, you can use the connection filter policy to create an Allow list, also known as a safe sender list, of IP addresses that you trust. You can also create a blocked senders list, which is a list of IP addresses, typically from known spammers, that you don’t ever want to receive email messages from.

For more spam settings that apply to the whole organization, take a look at How to help ensure that a message isn't marked as spam or Block email spam with the Office 365 spam filter to prevent false negative issues. These are helpful if you have administrator-level control and you want to prevent false positives or false negatives.

The following video shows the configuration steps for the connection filter policy:

 

You create an IP Allow list or IP Block list by editing the connection filter policy in the Exchange admin center (EAC). The connection filter policy settings are applied to inbound messages only.

  1. In the Exchange admin center (EAC), navigate to Protection > Connection filter, and then double-click the default policy.

  2. Click the Connection filtering menu item and then create the lists you want: an IP Allow list, an IP Block list, or both.

    To create these lists, click Add Icon. In the subsequent dialog box, specify the IP address or address range, and then click ok. Repeat this process to add additional addresses. (You can also edit or remove IP addresses after they have been added.)

    NoteNote:
    • If you add an IP address to both lists, email sent from it is allowed.

    • IPV4 IP addresses must be specified in the format nnn.nnn.nnn.nnn where nnn is a number from 0 to 255. You can also specify Classless Inter-Domain Routing (CIDR) ranges in the format nnn.nnn.nnn.nnn/rr where rr is a number from 24 to 32. To specify ranges outside of the 24 to 32 range, see Additional considerations when configuring IP Allow lists.

    • You can specify a maximum of 1273 entries, where an entry is either a single IP address or a CIDR range of IP addresses from /24 to /32.

    • If you’re sending TLS-encrypted messages, IPv6 addresses and address ranges are not supported.

  3. Optionally, select the Enable safe list check box to prevent missing email from certain well-known senders. How? Microsoft subscribes to third-party sources of trusted senders. Using this safe list means that these trusted senders aren’t mistakenly marked as spam. We recommend selecting this option because it should reduce the number of false positives (good mail that’s classified as spam) you receive.

  4. Click save. A summary of your default policy settings appears in the right pane.

The following are additional considerations you may want to consider or that you should be aware of when configuring an IP Allow list.

To specify a CIDR IP address range from /1 to /23, you must create a Transport rule that operates on the IP address range that sets the spam confidence level (SCL) to Bypass spam filtering (meaning that all messages received from within this IP address range are set to “not spam�? and no additional filtering is performed by the service). However, if any of these IP addresses appear on any of Microsoft’s proprietary block lists or on any of our third-party block lists, these messages will still be blocked. It is therefore strongly recommended that you use the /32 to /24 IP address range.

To create this Transport rule, perform the following steps.

  1. In the EAC, navigate to Mail flow > Rules.

  2. Click Add Icon and then select Create a new rule.

  3. Give the rule a name and then click More options.

  4. Under Apply this rule if, select The sender and then choose IP address is in any of these ranges or exactly matches.

  5. In the specify IP addresses, specify the IP address range, click Add Add Icon, and then click ok.

  6. Under Do the following box, set the action by choosing Modify the message properties and then set the spam confidence level (SCL). In the specify SCL box, select Bypass spam filtering, and click ok.

  7. If you’d like, you can make selections to audit the rule, test the rule, activate the rule during a specific time period, and other selections. We recommend testing the rule for a period before you enforce it. Manage mail flow rules contains more information about these selections.

  8. Click the save button to save the rule. It appears in your list of rules.

After you create and enforce the rule, spam filtering is bypassed for the IP address range you specified.

In general, we recommend that you add the IP addresses (or IP address ranges) for all your domains that you consider safe to the IP Allow list. However, if you don’t want your IP Allow List entry to apply to all your domains, you can create a Transport rule that excepts specific domains.

For example, let’s say you have three domains: ContosoA.com, ContosoB.com, and ContosoC.com, and you want to add the IP address (for simplicity’s sake, let’s use 1.2.3.4) and skip filtering only for domain ContosoB.com. You would create an IP Allow list for 1.2.3.4, which sets the spam confidence level (SCL) to -1 (meaning it is classified as non-spam) for all domains. You can then create a Transport rule that sets the SCL for all domains except ContosoB.com to 0. This results in the message being rescanned for all domains associated with the IP address except for ContosoB.com which is the domain listed as the exception in the rule. ContosoB.com still has an SCL of -1 which means skip filtering, whereas ContosoA.com and ContosoC.com have SCLs of 0, meaning they will be rescanned by the content filter.

To do this, perform the following steps:

  1. In the EAC, navigate to Mail flow > Rules.

  2. Click Add Icon and then select Create a new rule.

  3. Give the rule a name and then click More options.

  4. Under Apply this rule if, select The sender and then choose IP address is in any of these ranges or exactly matches.

  5. In the specify IP addresses box, specify the IP address or IP address range you entered in the IP Allow list, click Add Add Icon, and then click ok.

  6. Under Do the following, set the action by choosing Modify the message properties and then set the spam confidence level (SCL). In the specify SCL box, select 0, and click ok.

  7. Click add exception, and under Except if, select The sender and choose domain is.

  8. In the specify domain box, enter the domain for which you want to bypass spam filtering, such as contosob.com. Click Add Add Icon to move it to the list of phrases. Repeat this step if you want to add additional domains as exceptions, and click ok when you are finished.

  9. If you’d like, you can make selections to audit the rule, test the rule, activate the rule during a specific time period, and other selections. We recommend testing the rule for a period before you enforce it. Manage mail flow rules contains more information about these selections.

  10. Click the save button to save the rule. It appears in your list of rules.

After you create and enforce the rule, spam filtering for the IP address or IP address range you specified is bypassed only for the domain exception you entered.

 
 

Email deliverability and Spam issues are specific exclusions under the included support with CSP. Our partners are expected to do the day to day administration of their client's tenancies and make the changes required to fix issues. In the case of service or infrastructure issues then you can request an escalation case to Microsoft. 

I would start by reviewing https://support.office.com/en-US/article/Office-365-Email-Anti-Spam-Protection-6a601501-a6a8-4559-b2e7-56b59c96a586  and using some of the suggestions and sub-pages there. You will also need to review the headers of some of these emails and work out why they are being delivered to inboxes and by what method they are also. This article is a little old but the questions in it still apply today and will start putting you on the right track.

The second thing you should be doing is confirming is that your SPF records are set for all domains added to the tenancy, and they are correctly configured and are not letting spam through (confirm ending with -all, not ~all). DKIM configuration should also be completed and these two things in place should reduce your inbound spam load significantly as the messages will be rejected at the perimeter.

Finally, you should be getting users to report the spam that is making it through to the inboxes. You will need to install the add-in for Outlook viahttps://www.microsoft.com/en-au/download/details.aspx?id=18275 or they can simply right click and select 'Report spam' if in OWA/Webmail. 

Set email forwarding for your account

 

  • Sign in to Outlook Web App.
  • At the top of the page, choose Outlook (or Mail). Or, choose the app launcher> Mail.
  • At the top of the page, select Settings > Options, and then select one of the following:
  • Account > Connected accounts

OR

  • Mail > Accounts > Forwarding

 

Do one of the following, depending on the options you see:

  • Under Forwarding, enter the email address you want to forward your Outlook Web App email to, set or clear the Keep a copy of forwarded messages check box, and then select Start forwarding.
  • Select Start forwarding, enter the email address you want, set or clear the Keep a copy of forwarded messages in Outlook Web App check box, and then select Save.

 

 

Stop email forwarding

 

  •  In Outlook Web App, select Settings > Options > Account > Forwarding (or Mail > Accounts > Forwarding).
  • Select Stop forwarding.

 

Change email forwarding

  • Sign in to your Office 365 
  • At the top page, choose Outlook (Mail)
  • At the top of the page, Select Settings > Options and select the following :
  • Account > Forwarding

OR

  • Mail > Accounts > Forwarding

 

  • Do one or both of the following:

* To change the email address your email should be forwarded to, in the Forward my email to box, edit the email address

* To change settings for keeping a copy message in your mailbox, select or clear the Keep a copy forwarded messages check box

 

  • Select Save

Applies to: Exchange Online, Exchange Online Protection

Topic Last Modified: 2016-08-24

When a customer's email system has been compromised by malware or a malicious spam attack, and it's sending outbound spam through the hosted filtering service, this can result in the IP addresses of the Office 365 data center servers being listed on third-party block lists. Destination servers that do not use the hosted filtering service, but do use these block lists, reject all email sent from any of the hosted filtering IP addresses that have been added to those lists. To prevent this, all outbound messages that exceed the spam threshold are sent through a high-risk delivery pool. This secondary outbound email pool is only used to send messages that may be of low quality. This helps to protect the rest of the network from sending messages that are more likely to result in the sending IP address being blocked.

The use of a dedicated high-risk delivery pool helps ensure that the normal outbound pool is only sending messages that are known to be of a high-quality. Using this secondary IP pool helps to reduce the probability of the normal outbound-IP pool being added to a blocked list. The possibility of the high-risk delivery pool being placed on a blocked list remains a risk. This is by design.

Messages where the sending domain has no address record (A record), which gives you the IP address of the domain, and no MX record, which helps direct mail to the servers that should receive the mail for a particular domain in the DNS, are always routed through the high-risk delivery pool regardless of their spam disposition.

Understanding Delivery Status Notification (DSN) messages

The outbound high-risk delivery pool manages the delivery for all “bounced” or “failed” (DSN) messages.

Possible causes for a surge in DSN messages include the following:

  • A spoofing campaign affecting one of the customers using the service
  • A directory harvest attack
  • A spam attack
  • A rogue SMTP server

All of these issues can result in a sudden increase in the number of DSN messages being processed by the service. Many times, these DSN messages appear to be spam to other email servers and services.

If you can't find a file or folder in your OneDrive, try these tips.

NOTE: If you’re using OneDrive for Business, you might have accidentally saved your files to your business account instead of your personal account. To check for the files in OneDrive for Business, go to http://portal.office.com/onedrive. If you've lost files in OneDrive for Business, you can ask your question in the OneDrive for Business community forum. For more help, contact your IT department or administrator.

Check the recycle bin

The files or folders might have been accidentally deleted (by you or by someone else if they're in a shared folder). Go to the recycle bin on the OneDrive website. If you're syncing your OneDrive on a computer, check your desktop Recycle Bin (on a PC) or Trash (on a Mac).

Recycle bin on the OneDrive website
  • Remember that when you delete a file in OneDrive from one device, it deletes it from your OneDrive everywhere. And if you move a file from OneDrive to a different location on a device, it removes it from your OneDrive.

  • OneDrive automatically empties files from the recycle bin if they've been there for 30 days. If you want to keep a file that's in your recycle bin, make sure to restore it within 30 days. For more info about restoring files, see Delete or restore files and folders.

  • If you shared a folder with other people and you no longer want them to be able to delete items from the folder, you can change the permissions for the folder. For more info, see Share files and folders and change permissions.

Make sure you're signed in with the correct Microsoft account

If you have multiple accounts, make sure you're signed in with the one you use for OneDrive. Go to the OneDrive website, tap or click your name in the upper-right corner, and then tap or click Edit profile. The profile page shows which Microsoft account you're using.

Recently upgraded from Windows 8.1 to Windows 10? Make sure you're syncing the folders containing the files you expect to see

Unlike in Windows 8.1, OneDrive in Windows 10 doesn’t use placeholder files to indicate files that are online only. Instead, you see only the files you choose to sync to your computer.

To set the folders that get synchronized, use OneDrive settings from your computer's notification area on the right side of the taskbar.

  1. Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow next to the notification area to see the OneDrive icon.)

  2. Click Settings.

  3. On the Account tab, at Choose folders to sync on this device, click Choose folders.

    OneDrive Web settings window

  4. To make all your OneDrive files available on your computer, check the box at Sync all files and folders in my OneDrive.

    To have fewer files on your computer, under Sync only these folders, check the boxes for the folders you want to sync.

Search for the missing files or folders

You might have saved the files to a location you didn't intend to, or moved the files by mistake. Go to the OneDrive websiteand use the Search everything box in the upper-left corner.

TIP: Search in OneDrive not only searches the names of files, it also searches the contents of the files, including text in documents, as well as file metadata, photo tags and even text shown in photos.

If you're syncing files, open File Explorer on your PC and browse to your OneDrive folder. Use the search box in the upper right to search for the missing files or folders.

Change how your files are sorted

If you can't remember the name of the file you're looking for, but remember when you last worked on it, try sorting the folder by Date modified or Date created. You can do this on the OneDrive website by tapping or clicking Sort in the upper-right corner.

Check the device you used to upload the files or folders

There might have been a problem uploading the items, or the device might have lost its Internet connection before the items were done uploading.

NOTE: Keep in mind that it takes time for files to upload and download. Make sure your files have finished uploading before checking other devices for the files. To learn what you can do to help files sync as quickly as possible, see Maximize upload and download speed.

If shared items no longer appear, check with the owner of the items

If someone stops sharing files or folders with you, they'll be removed from your Shared list. If you want to access the items, ask the owner to share them with you again.

Check Recent for the missing items

The recent list can help you find documents that you've opened recently from anywhere in your OneDrive. Go to the OneDrive website and tap or click Recent in the left pane.

Check for other OneDrive folders on your PC

Try this if you have Windows 8.1 or Windows RT 8.1.

  1. Press Windows logo key+R.

  2. Type %userprofile%. This opens a File Explorer window that has your name at the top.

  3. Look for an extra folder named "OneDrive" or "SkyDrive," that has an older Date created or Date modified, and search for the missing files and folders in it. The folder name might also end in ".old."

  4. If you find the missing files, copy and paste the ones you want to keep into the more recent OneDrive folder.

If you can’t sync files between your computer and OneDrive, it might be due to problems with the OneDrive desktop sync app.

This article is for OneDrive with Windows 10, Windows 8, Windows 7, or Windows Vista. These steps also apply for syncing OneDrive for Business files, if you're already using the new OneDrive for Business sync client. Which OneDrive sync client am I using?

Got another version? Windows 8.1 or Windows RT 8.1 | OneDrive for Business (old sync client) | On a Mac

Things to check first

Try these steps first, before getting into more in-depth troubleshooting:

  • Verify that the size of your file doesn't exceed the OneDrive file size limit of 10GB. Possible errors include: "This file is too big to upload" or "Reduce the size of this file to upload to…"

  • Verify you have the latest Windows updates installed. For more information, see Updating your computer.

  • Make sure you have the latest version of OneDrive on your computer. To get the latest version, see Download OneDrive.

If none of these steps work, try the following solutions in order.

Restart the OneDrive desktop sync app

  1. Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow The Show hidden icons button. next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Click Start, type OneDrive in the search box, and then click OneDrive in the search results.)

  2. Click Exit.

  3. In Windows 10, type OneDrive in the search box, and then click OneDrive. In Windows 7 or Windows Vista, click Start, type OneDrive in the search box, and then click Microsoft OneDrive.

    This opens your OneDrive folder and starts the OneDrive app.

(Windows 10) Make sure your OneDrive account is connected to Windows

  1. Go to Start, then select Settings > Accounts > Your email and accounts.

  2. Select Sign in with a Microsoft account instead.

  3. Follow the prompts to switch to a Microsoft account. You may need to verify your identity by entering a confirmation code.

NOTE: If you’re signed into Windows with the Microsoft account you use for OneDrive and you still don’t see your files, your organization may have a corporate firewall or Group Policy that blocks OneDrive.

(Windows 10) Finish setting up OneDrive

If you’re signed into Windows 10 with the Microsoft account you use for OneDrive and you still don’t see your files, you may have more than 500MB of content and setup didn't finish. To make sure you don’t fill up your PC with OneDrive content, you can select which files and folders you want to sync to this computer.

  1. Open File Explorer.

  2. Click the OneDrive folder. In the Finish setting up OneDrive wizard, select the files and folders you want to sync to this computer.

Recently upgraded from Windows 8.1 to Windows 10? Make sure you're syncing the folders containing the files you expect to see

Unlike in Windows 8.1, OneDrive in Windows 10 doesn’t use placeholder files to indicate files that are online only. Instead, you see only the files you choose to sync to your computer.

To set the folders that get synchronized, use OneDrive settings from your computer's notification area on the right side of the taskbar.

  1. Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow The Show hidden icons button. next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Click Start, type OneDrive in the search box, and then click OneDrive in the search results.)

  2. Click Settings.

  3. On the Account tab, at Choose folders to sync on this device, click Choose folders.

    Choose folders for OneDrive selective sync

  4. To make all your OneDrive files available on your computer, check the box at Sync all files and folders in my OneDrive.

    To have fewer files on your computer, under Sync only these folders, check the boxes for the folders you want to sync.

Turn off Office Upload

If you’re having trouble syncing Office files, the Office Upload cache system may be interfering with OneDrive sync. Try turning off the related setting in OneDrive settings.

  1. Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow The Show hidden icons button. next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Click Start, type OneDrive in the search box, and then click OneDrive in the search results.)

  2. Click Settings, and then clear the Use Office to work on files with other people at the same time check box.

IMPORTANT: When you turn off the Use Office to work on files with other people at the same time setting, any changes that you and other people make to Office files in your OneDrive will no longer merge together automatically.

Make sure the file path isn't too long

Example of a file path - C:\Users\<UserName>\Pictures\Saved\2014\January\Holiday\NewYears\Family…

The entire path, including the file name, must contain fewer than 255 characters. Shorten the name of your file or the name of subfolders in OneDrive, or select a subfolder that's closer to the top-level folder.

Make sure you have permissions to the file or folder you tried to add

Try to open the file or folder and make sure that you have permission to save a copy of it. If you're having problems seeing a file on a network, contact your network administrator.

Check whether there's already a file or folder with the same name in the same location

You may have conflicts if you're uploading multiple files on the OneDrive website at the same time, or if you made changes in your OneDrive folder on another PC that is syncing at the same time. Rename the file or folder, and then try to add it again.

Make sure your PC has enough disk space and restart sync

Free up disk space by moving or deleting files, and then follow these steps to start syncing your OneDrive folder on the PC again:

  1. Check your Storage page on the OneDrive web site and compare the size of your OneDrive to the available disk space on your PC. If necessary, move or delete some files.

  2. To restart sync: Click Start, enter OneDrive in the search box, and then click Microsoft OneDrive.

  3. Follow the steps to select your OneDrive settings again, including picking the location of your OneDrive folder and choosing whether to turn on the Fetch files option.

Unlink OneDrive and run OneDrive setup again

  1. Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow The Show hidden icons button. next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Click Start, type OneDrive in the search box, and then click OneDrive in the search results.)

  2. Click Settings, and then click Unlink.

  3. Follow the steps in the Welcome to OneDrive wizard to set up OneDrive.

Reset OneDrive

If OneDrive sync seems to be stuck for a long time and nothing else is working, try a reset. Be aware that resetting OneDrive re-syncs all your OneDrive files, which could take some time depending on how many files you’re syncing.

  1. Press the Windows key + R.

  2. In the Run window, enter: %localappdata%\Microsoft\OneDrive\onedrive.exe /reset

  3. Click OK.

  4. Make sure the OneDrive icon in the notification area of the taskbar disappears and then re-appears after a minute or two. Here’s how to check: Right-click the white OneDrive cloud icon in the notification area, at the far right of the taskbar.

    OneDrive app in System Tray

    (You might need to click the Show hidden icons arrow The Show hidden icons button. next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Click Start, type OneDrive in the search box, and then click OneDrive in the search results.)

  5. If the OneDrive icon doesn’t re-appear after a few minutes, open the Run window again and enter:%localappdata%\Microsoft\OneDrive\onedrive.exe

OneDrive can't upload this file

Errors :

  • There was a problem with OneDrive. Try to upload the file again.

  • The connection to OneDrive was lost during the file transfer, or you weren't signed in to OneDrive. Sign in to OneDrive with your Microsoft account, and then try to upload the file again.

  • You don't have permission to access the file. If the file is on a server, make sure you can open the file, and then try to upload it again. For more info about getting permission to access the file, contact your network administrator.

  • You don't have permission to upload the file to the folder that you selected. Select a folder that you have permission to edit, and then try to upload the file again.

A file with this name already exists

  • Choose "Replace" or choose "Keep Both" in order to rename your existing file.

This file is too big

  • In recent web browsers (Google Chrome, Firefox or Microsoft Edge), you can upload files up to 10GB in size directly to the OneDrive website.
  • For older browsers, upload file size is capped at 300MB due to limitations in these browsers.

You're out of storage

  • You will not be able to upload an files if you have reached your account limit.
  • In order to check your storage usage, please log into the OneDrive for Business site by clicking the OneDrive tile when logged into https://portal.office.com 

OneDrive can't upload this file to this location

  • Full path (including file name) is too long.
  • Path must be fewer than 442 characters
  • Shorten the file name / sub-folders in OneDrive, OR select a sub-folder closer to the top-level folder, then try uploading the file again.

This file contains restricted characters

  • The file contains characters that are not allowed. 
  • Change the file name that does not start or end with a space, end with a period, or include any of these characters: / \ < > : * " ? |
  • These names aren't allowed for files or folders: AUX, PRN, NUL, CON, COM0, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT0, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9

OneDrive can't find this file

  • Possibly the file has been moved, renamed or been deleted by another person. Locate the file, and try again.

OneDrive can't access this file

  • File might be open another program. Save any changes in the file, close OneDrive and try again to upload the file.
  • File is on removable device (CD, Hard Disk, USB flash drive) the file is not available in OneDrive.
  • Make sure the component is connected to the computer and try again to upload the file to OneDrive.

 

Limitations of OneDrive

  • Maximum file size for OneDrive is 10 GB. If your file size exceeds 10 GB, you may see one of the following errors:

    • "This file is too big to upload"
    • "Reduce the size of this file to upload it to…"
  • Certain characters are not allowed in file or folder names. These characters include: / \ < > : * " ? |

  • Files or folders in OneDrive cannot begin or end with a space, end with a period, or begin with two periods

  • Files in OneDrive cannot include any of the following character strings: AUX, PRN, NUL, CON, COM0, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT0, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9

  • For OneDrive desktop, the path of the file, including the file name, must be less than 255 characters.

    Example file path: C:\Users\\Pictures\Saved\2014\January\Holiday\NewYears\Family

  • OneDrive cannot be accessed via Outlook on the web 'Light' - a work around is to install and use the desktop version of OneDrive.

Known Issues

  • External users will not be able access a OneDrive folder or file shared with them

    If you share a folder or file from your OneDrive with an external user, the user will get a mail notification. When the user clicks on the link in the email message to access the folder or file, he or she will see a dialog box with an "access denied" message. This dialog box will block the external user from accessing the contents of the folder or file.

  • The "Get Link" option is not available when attempting to share a file or folder in OneDrive.
Applies To: Office for business, Office 365 Admin, Office 365 Small Business Admin, Skype for Business, Skype for Business Online, Skype for Business admin center.
 

Do you want the people in your organization to use Skype for Business to contact people in specific businesses outside of your organization? If so, you and the admin in the other organization can set it up.

Enable business-to-business communications for your users

You must have admin permissions in Office 365 to do this.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center preview > Settings > Services and add-ins.

  3. Choose Skype for Business.

    In the Office 365 admin center, choose Skype for Business.

  4. On the External sharing page, turn on the toggle for Let people in your organization contact people with Skype for Business in other organizations.

    Allow contacts with other organizations using Skype for Business

  5. On the same page, choose All domains are blocked except, and then add the name of the organization's domain that you want to communicate with.

    Choose which domains to allow or block

  6. Choose Save.

  7. Now make sure the admin in the other organization does these same steps in their Office 365 admin center. For example, in the All domains are blocked except box, their admin needs to enter the domain for your business.

  8. If you have a firewall, make sure you've added the following FQDNs: *.api.skype.com, *.users.storage.live.com, and graph.skype.com.

    That's it! Now your users can IM, hold meetings, and share desktops. And they can see who's online and available just by checking their contacts lists.

Tip: If you also want your users to be able to communicate with everyone who uses Skype, the free consumer app, see Let users contact other Skype users.

 
Turn off external communication for specific individuals
 
Let your users contact Skype for Business users in another organization (classic admin center)
 

Tips on setting up external communications

  • If the other organization is using Lync or Skype for Business Server on premises, they can learn more about setting up the required options by reading this TechNet article: Configuring Federation Support for a Lync Online Customer.

  • When two Skype for Business users in Office 365 are communicating with each other on separate domains, they can only use Skype for Business features (for example, video conversations or desktop sharing) that are turned on in both organizations.

  • If you change the setting from Only for allowed domain to Except for blocked domain, the list of domains isn’t kept.

  • If a Skype for Business user in your organization is put on an In-place or Litigation Hold, any IM conversations between that user and other Skype for Business or Skype users will be saved in Recoverable Items in their mailbox. These conversations aren't saved in the Conversations History folder in their mailbox.

Interface Overview

 

Access your notes anywhere

What good are notes, plans, and ideas if they’re trapped on a hard drive?
Keep your notebooks available to you by signing in with your free Microsoft account when you first start OneNote on your PC.
There’s even a free OneNote app for all of your preferred devices to stay in sync wherever you go.

 

Save your work automatically

OneNote automatically saves all of your changes as you work — so you never have to. Even when you close the app or your PC goes to sleep, your notes are always saved, so you can continue right where you left off.
To see when OneNote last synced your changes, click File > Info > View Sync Status.

 

Never run out of paper

OneNote doesn’t have any of the limitations of a traditional paper notebook. When you run out of room, you can just make more.

To create a new page in the current section, click the (+) Add Page button at the top of the page tabs column. You can also right-click any page tab and then click New Page, or press Ctrl+N on your keyboard.

To create a new section in the current notebook, click the small tab with the plus sign [+] to the right of the section tab bar, or right-click any section tab and then click New Section.

When you first launch OneNote, a default notebook with a Quick Notes section is created for you, but you can easily create any number of additional notebooks for the subjects and projects you want by clicking File > New.

You can create new notebooks on your local hard drive, or you can store them on your free OneDrive account so your notes are always accessible on all your devices. The choice is yours!

 

Tag selected notes

The Tags gallery on the Home tab lets you visually prioritize or categorize selected notes. Tagged notes are marked with icons that prompt you to follow up on your important action items or to check off completed tasks on your to-do lists.

 

Create wiki-style hyperlinks

Turn your notebook into a functional wiki by creating links to specific sections or pages. Right-click the tab of the section or page that the link should point to. Next, click Copy Link to Section or Copy Link to Page, and then paste the link wherever you want it.

 

Organise information in tables

Whenever a spreadsheet is overkill, use simple OneNote tables to make sense of information. Start on a new line of text by typing a word, phrase, or number, and then press the Tab key to create the next column. Press Enter to create a new row. Alternately, you can click Insert > Table on the ribbon to draw a table.
Once your table is created and selected, use the commands on the Table Tools tab on the ribbon, or right-click any part of your table for the same Table options.

 

Copy text from pictures

OneNote can recognize text in pictures. On any page, insert a picture containing legible text (for example, a cell phone photo of a receipt), right- click the picture, click Copy Text from Picture, and then paste the copied text where you want it.

 

Share your work with others

In OneNote, your cloud-based notebooks remain private unless you choose to invite other people to view or edit information in the current notebook.

To begin collaborating with others, click File > Share, and then choose what you want to do.

 

Get help with OneNote

On the ribbon, click the ? button to open the OneNote 2016 Help window, where you can enter keywords or phrases to look for assistance with OneNote features, commands, and tasks.

 

Interface Overview

 

Create something

Begin with a Blank Presentation to get right to work. Or save yourself a bunch of time by selecting and then customizing a template that resembles what you need.
Click File > New, and then select or search for the template you want.

 

Find recent files

Whether you only work with files stored on your PC’s local hard drive or you roam across various cloud services, clicking File > Open takes you to your recently used presentations and any files that you may have pinned to your list.

 

Stay connected

Need to work on the go and across different devices? Click File > Account to sign in and access your recently used files anywhere, on any device, through seamless integration between Office, OneDrive, OneDrive for Business, and SharePoint.

 

Set your preferences

Something not working quite as expected? It’s easy to change and customize options at any time. Click File > Options, and then set up PowerPoint 2016 the way you want.

 

Change your layout

Good presentations adapt their structure to the points that are being presented. Switch things around on the fly to make them fit — literally or figuratively. On the Home tab, click Layout, and then browse through the available options. New slides will adopt your current choice, which you can just as easily replace with a new one.

 

Keep slide notes handy

The cornerstone of any good factual presentation is the data that backs up your points. Avoid overwhelming your audience by front-loading every detail in your deck; instead, keep important facts and figures in the Notes pane for easy lookup — either while you rehearse, or in the heat of the moment.

 

Format shapes with precision

Achieve precise picture, shape, and object formatting with the comprehensive formatting tools in PowerPoint. Start by making a selection on your current slide. On the Home tab, in the lower right corner of the Drawing ribbon group, click the Format Shape button to open the task bar.

 

Share your work with others

To invite others to view or edit your presentations in the cloud, click the Share button in the top right corner of the app window. In the Share pane that opens, you can get a sharing link or send invitations to the people you select.

  

Get help with PowerPoint

Type a keyword or phrase into the Tell me what you want to do box on the ribbon to find the PowerPoint features and commands that you’re looking for, read our online Help content, or perform a Smart Lookup on the Web.

 

Interface Overview

 

Create Something

Begin with a Blank workbook to get right to work. Or save yourself a bunch of time by selecting and then customizing a template that resembles what you need.
Click File > New, and then select or search for the
template you want.

 

Find recent files

Whether you only work with files stored on your PC’s local hard drive or you roam across various cloud services, clicking File > Open takes you to your recently used workbooks and any files that you may have pinned to your list.

 

Stay connected

Need to work on the go and across different devices?
Click File > Account to sign in and access your recently used files anywhere, on any device, through seamless integration between Office, OneDrive, OneDrive for Business, and SharePoint.

 

Set your preferences

Something not working quite as expected?
It’s easy to change and customize options at any time.
Click File > Options, and then set up Excel 2016 the way you want.

 

Discover contextual tools

You can make contextual ribbon commands available by selecting relevant objects in your workbook. For example, clicking a chart element displays the Chart Tools tabs, and clicking any inserted picture displays the Picture Tools tab.

 

Enable optional add-ins

Get all of the statistical functions you need by enabling the optional add-ins you want. To display the list of available add-ins, click File > Options. In the Options dialog box that opens, click Add-ins, and then click the Go button next to Manage: Excel Add-ins.

 

Insert functions, build formulas

On the Formulas tab, click Insert Function to display the Insert Function dialog box. Here, you can search for and insert functions, look up the correct syntax, and even get in-depth help about your selected functions.

 

Share your work with others

To invite others to view or edit your workbooks in the cloud, click the Share button in the top right corner of the app window. In the Share pane that opens, you can get a sharing link or send invitations to the people you select.

 

Get help with Excel

Type a keyword or phrase into the Tell me what you want to do box on the ribbon to find the Excel features and commands that you’re looking for, read our online Help content, or perform a Smart Lookup on the Web for more insights.

 

Currently there is no way to upload fonts into the web apps.

There are however small exceptions and work-around. Please see below article for more detailed information.

http://answers.microsoft.com/en-us/msoffice/forum/msoffice_word-mso_other/how-to-install-additional-fonts-in-office-web-apps/da5d5ac8-4820-4e01-a303-4b5858c5f20e

 

 

 

Interface Overview

 

Setup your account

You can use Outlook 2016 as soon as you enter your account info. On the ribbon, click File > Info and then click the Add Account button. Sign in with your preferred email address, or use the information provided by your company or school.

 

Create new items

In Mail view, on the Home tab, click New Email to compose a new email message, or click New Items and choose the type of item you want to create.

 

Organise mail with rules

If you regularly receive large amounts of email from different sources, consider setting up rules that automatically file messages into mail folders you’ve created. Start by clicking the Organize tab, and then click Rules > Create Rule.

 

Discover contextual tools

You can make contextual ribbon commands available by selecting relevant objects in your document. For example, clicking within a table displays the Table Tools tab, which offers additional options for the Design and Layout of your tables.

 

Switch between views

There’s much more to Outlook than email. At the bottom of the app window, you can easily switch between the Mail, Calendar, People, Tasks, Notes, and Folders views to manage all aspects of your busy life.
Commands on the ribbon will switch to match the view you’ve selected, as will the information shown on the Outlook status bar at the bottom of the app window.

 

There is more to Outlook than email

Switch to the other views to manage all aspects of your busy life.

 

Set your preferences

Something not working quite as expected? It’s easy to change and customize options at any time. Click File > Options, and then set up Outlook 2016 the way you want.

 

Get help with Outlook

Type a keyword or phrase into the Tell me what you want to do box on the ribbon to find the Outlook features and commands that you’re looking for, to read our online Help content, or perform a Smart Lookup on the Web for more insights.

Are you having trouble starting Outlook 2016, Outlook 2013, or Outlook 2010, or receiving "Cannot start Microsoft Outlook. Cannot open the Outlook window" error messages? We can fix the problem for you, or you can use the troubleshooting steps we're providing below to help resolve these startup issues.

 

  • Start Outlook in safe mode and disable add-ins

Start Outlook in safe mode

  1. Choose Start > Run.

  2. Type Outlook /safe, and choose OK.

  3. In the Choose Profiles dialog box, accept the default setting of Outlook and choose OK.

    Accept default setting of Outlook in Choose Profile dialog box

  4. If prompted, enter your password and choose Accept.

 

Disable add-ins

  1. In the upper-left corner of Outlook, choose File > Options > Add-ins.

  2. At the bottom of the View and manage Office Add-ins, make sure the Manage box shows COM Add-ins, and then choose Go.

  3. As a precaution, when the COM Add-ins listing of your current add-ins opens, do one of the following:

    • Manually record the title of every selected add-in listed under Available Add-ins.

      or

    • Take a screenshot of the property sheet and save the image to a location of your choice.

  4. After you've captured the titles of the selected add-ins, clear all selected check boxes, and then choose OK.

    CAUTION: Click a check box to clear it. Don't select an add-in and choose Remove. If you have administrator rights, you could actually delete the add-in. For this troubleshooting exercise, you want to disable, not delete, an add-in.

  5. Choose File > Exit.

Restart

  1. Choose Start > Run, and in the Open box, type Outlook.

    NOTE: If the program loads properly, it's likely that one of your add-ins is the source of the error and you need to identify which one. To determine which add-in is the problem, enable one add-in at a time.

  2. In the upper-left corner of Outlook, choose File > Options > Add-ins.

  3. Select the check box next to an add-in you want to re-enable, and then choose OK.

  4. Repeat all steps until you've re-enabled all of the original add-ins and revealed the source of the error.

    IMPORTANT: Remember, if Outlook opens in safe mode, you've revealed the add-in you just enabled as a source of the error.

    • Restart Outlook again and disable the add-in you enabled that produced the problem, and then start Outlook.

    • Make sure you go through the restart-disable-restart process for every add-in that was originally enabled in Outlook. An error could be caused by more than one add-in.

  • Create a new Outlook Profile
  1. To open the Control Panel, do one of the following:

    • For Windows Vista or Windows 7, choose Start > Control Panel.

    • For Windows 8 and Windows 10, choose Start, and then type Control Panel.

      NOTE: For Windows 10, in Control Panel, make sure the View by box in the upper-right corner is set to Category.

  2. Choose Mail.

  3. In the Mail Setup - Outlook dialog box, choose Show Profiles > Add.

    Mail property sheet used to add or remove a profile for your Outlook account

  4. In the Profile Name box, type the name you want to use for your new profile.

    New Outlook mail profile being set up for kerimills

  5. On the Auto Account Setup page for the Add Account Wizard, under E-mail Account, fill in Your Name, E-mail Address, and Password, and then choose Next.

    Use Auto Account Setup to add email account as part of newly created profile for Outlook

    NOTE: The Add Account Wizard automatically searches for your mail server settings.

  6. Choose Finish and you'll find the new profile name you added listed on the General tab in the Mail dialog box.

  7. Under When starting Microsoft Outlook, use this profile, choose Prompt for a profile to be used, and then choose OK.

Use a different profile

  1. Restart Outlook

  2. In the drop-down list in the Choose Profile dialog box, choose the new profile name you created.

    Choose profile dialog box with the name of the new profile

  3. Choose OK.

    NOTE: If Outlook starts normally, then you've identified your Outlook profile as being corrupt and the source of your problem.

 

  • Repair your Outlook data files

Outlook stores all your email messages, meetings and events, contacts, and tasks in data files. These files occasionally might become corrupted. You can run the Inbox Repair Tool (scanpst.exe) to scan your Outlook data files and repair errors.

  1. Exit Outlook to use the Inbox Repair Tool.

    NOTE: The content in the left pane is determined by the Outlook version you're using.

  2. Visit the links below for instructions based on your version of Outlook.

 

 

  • Run the /resetnavpane command 

The navigation pane is the leftmost pane in Outlook where you'll find your folder list and the icons to move between Mail, Calendar, People, and Tasks. Running the /resetnavpanecommand removes all customizations to the navigation pane.

  1. Close Outlook.

  2. Choose Start > Run.

  3. In the Open box, type Outlook.exe /resetnavpane, and then choose OK.

 

 

  • Check if Outlook is running in compatibility mode
  1. Find the Outlook.exe file on your computer.

    • For Outlook 2016, you can find this file in C:\Program Files\Microsoft Office\root\Office16 or C:\Program Files (x86)\Microsoft Office\root\Office16

    • For Outlook 2013, you can find this file in C:\Program Files\Microsoft Office\Office 15\ or C:\Program Files (x86)\Microsoft Office\Office 15\

    • For Outlook 2010, you can find this file in C:\Program Files\Microsoft Office\Office 14\ or C:\Program Files (x86)\Microsoft Office\Office 14\

  2. Right-click the Outlook.exe file, choose Properties, and then choose the Compatibility tab.

  3. If any of the boxes on the Compatibility tab are checked, uncheck them, then choose Apply > OK.

  4. Restart Outlook.

In Microsoft Office 365 dedicated, calendar items are visible when you open a shared calendar in Microsoft Outlook Web App (OWA). However, these calendar items are not visible for the shared calendar when you perform the following actions:

  • You use Microsoft Office Outlook to view Free/Busy data for the shared calendar.
  • You use Outlook to open the shared calendar.

Note You have limited Free/Busy permissions for the shared calendar.

 

This behavior is by design. When the Read permissions level for the shared calendar is set to Free/Busy time or Free/Busy time, subject, location, Outlook does not display an item that is marked as Free.

 

To resolve this issue, set the Read permissions for the shared calendar to Full Details. For an example of Read permissions information, see the information in the following screen shot:

Click on Calendar 

Click on Calendar Permission

Select on Full Details 

Click Apply and OK

Create a signature

  1. Open a new message. On the Message tab, in the Include group, click Signature, and then click Signatures.

    Signatures command on the ribbon

  2. On the E-mail Signature tab, click New.

  3. Type a name for the signature, and then click OK.

  4. In the Edit signature box, type the text that you want to include in the signature.

  5. To format the text, select the text, and then use the style and formatting buttons to select the options that you want.

  6. To add elements besides text, click where you want the element to appear, and then do any of the following:

    Options

    How to

    To add an electronic business card

    Click Business Card, and then click a contact in the Filed As list. Then click OK

    To add a hyperlink

    Click Insert hyperlink icon Insert Hyperlink, type in the information or browse to a hyperlink, click to select it, and then click OK

    To add a picture

    Click Insert a picture icon Picture, browse to a picture, click to select it, and then click OK. Common image file formats for pictures include .bmp, .gif, .jpg, and .png.

  7. To finish creating the signature, click OK.

    NOTE:  The signature that you just created or modified won't appear in the open message; it must be inserted into the message.

Top of page

Add a signature to messages

Signatures can be added automatically to all outgoing messages, or you can choose which messages include a signature.

NOTE:  Each message can contain only one signature.

Insert a signature automatically

  1. On the Message tab, in the Include group, click Signature, and then click Signatures.

    Signatures command on the ribbon

  2. Under Choose default signature, in the E-mail account list, click an email account with which you want to associate the signature.

  3. In the New messages list, select the signature that you want to include.

  4. If you want a signature to be included when you reply to or forward messages, in the Replies/forwards list, select the signature. Otherwise, click (none).

Insert a signature manually

  • In a new message, on the Message tab, in the Include group, click Signature, and then click the signature that you want.

    Signatures command on the ribbon

    TIP:  To remove a signature from an open message, select the signature in the message body, and then press DELETE.

I have an Office 365 for business or an Exchange server account

The Automatic Replies feature is only available if you have an Office 365 for business or an Exchange server account.

Set up automatic replies when you're out of the office

  1. Choose File > Automatic Replies.

    Automatic replies

    NOTE: If you don’t see Automatic Replies, you probably don’t have an Exchange server account. See I have an account with Office 365 Home, Outlook.com, Hotmail, Gmail, Yahoo! or other POP or IMAP email account.

  2. In the Automatic Replies box, select Send automatic replies.

    TIP: You can check the Only send during this time range box to schedule when your out of office replies are active. If you don’t specify a start and end time, auto-replies are sent until you select the Do not send automatic replies check box to turn them off.

  3. On the Inside My Organization tab, type the response that you want to send to teammates or colleagues while you are out of the office.

    Send automatic replies

  4. Optionally, if you'd like your automatic replies to be sent to people outside your organization, choose the Outside My Organization tab, check the Auto-reply to people outside my organization box, and then type the response you want to send while you are out of the office. Select whether you want replies sent to My contacts only or to Anyone outside my organization who sends you messages.

    Note:    Sending automatic replies to anyone outside my organization will send your automatic reply to every email, including newsletters, advertisements, and potentially, junk email. If you want to send automatic replies to those outside your organization, we recommend choosing My contacts only.

    Outside your organization

Turn off automatic replies

  1. Choose File > Automatic Replies.

    Automatic replies

  2. In the Automatic Replies box, choose Do not send automatic replies.

*Each Outlook folder, such as Inbox and Calendar, displays its items in a layout called a view. And each folder has several predefined views that you can choose from, or you can create custom views.

 

*A view is composed of a view type, fields, colors, fonts, and many other settings, and gives you different ways to look at items in a folder. You can build a new view based on an existing one, or you can create a new, custom view.

 

Create a new view

  1. On the View tab, in the Current View group, choose Change View > Manage Views.
  2. In the Manage All Views dialog box, choose New.
  3. In the Create a New View dialog box, enter a name for your new view, and then choose the type of view.
  4. Under Can be used on, accept the default setting of All Mail and Post folders or choose another option, and then choose OK.
  5. In the Advanced View Settings: New View dialog box, choose the options that you want to use, and then choose OK.
  6. To use the view immediately, choose Apply View.

 

Build a view based on Predefined view

  1. On the View tab, in the Current View group, choose View Settings.
  2. In the Advanced View Settings: Compact dialog box, under Description, choose the button associated with the settings you want to change, make your changes, and then choose OK when finished.
  3. On the View tab, in the Current View group, choose Change View > Manage Views.
  4. UnderViews for folder, select Current view settings.
  5. Click Copy, and in the Copy New View dialog box, in the Name of new view box, enter a name.
  6. Under Can be used on, accept the setting of All Mail and Post folders or choose another option to change where the view is available.
  7. Choose OK when you're finished.

 

Delete a custom view

IMPORTANT: You can't delete a predefined view, even if you changed its settings.

  1. On the View tab, in the Current View group, choose Change View > Manage Views.
  2. Under Views for folder, select the custom view that you want to remove.
  3. Choose Delete, confirm deletion, and then choose OK.

 

Interface Overview

 

Create something

Begin with a Blank document to get right to work. Or save yourself a bunch of time by selecting and then customizing a template that resembles what you need.
Click File > New, and then select or search for the template you want.

 

Find recent files

Whether you only work with files stored on your PC’s local hard drive or you roam across various cloud services, clicking File > Open takes you to
your recently used documents and any files that you may have pinned to your list.

 

Stay connected

Need to work on the go and across different devices?
Click File > Account to sign in and access your recently used files anywhere, on any device, through seamless integration between Office, OneDrive, OneDrive for
Business, and SharePoint.

 

Discover contextual tools

You can make contextual ribbon commands available by selecting relevant objects in your document. For example, clicking within a table displays the Table Tools tab, which offers additional options for the Design and Layout of your tables.

 

Format documents with style

On the Home tab, in the lower right corner of the Styles gallery, click the small arrow to open the Styles pane, where you can visually create, apply, and review formatting styles in your current document.

 

Review and track changes

Whether you just want to check spelling, keep your word count in check, or fully collaborate with other people, the Review tab unveils essential commands to track, discuss, and manage all of the changes made to your documents.

 

Share your work with others

To invite others to view or edit your documents in the cloud, click the Share button in the top right corner of the app window. In the Share pane that opens, you can get a sharing link or send invitations to the people you select.

 

See who else is typing

Co-authoring in Word documents that are shared on OneDrive or SharePoint happens in real-time, which means you can easily see where other authors are making changes in the same document that you’re currently working in.

 

Get help with Word

Type a keyword or phrase into the Tell me what you want to do box on the ribbon to find the Word features and commands that you’re looking for, to read our online Help content, or to find information on the Web.

 

Lookup relevant information

With Smart Lookup, Word searches the Internet for relevant information to define words, phrases, and concepts. The information and images on the task pane can also provide useful context to the ideas outlined in your documents.

Domain join is the traditional way organizations have connected devices for work for the last 15 years and more. It has enabled users to sign in to their devices by using their Windows Server Active Directory (Active Directory) work or school accounts and allowed IT to fully manage these devices. Organizations typically rely on imaging methods to provision devices to users and generally use System Center Configuration Manager (SCCM) or Group Policy to manage them.

Domain join in Windows 10 will provide the following benefits after you connect devices to Azure Active Directory (Azure AD):

  • Single sign-on (SSO) to Azure AD resources from anywhere
  • Access to the enterprise Windows Store by using work or school accounts (no Microsoft account required)
  • Enterprise-compliant roaming of user settings across devices by using work or school accounts (no Microsoft account required)
  • Strong authentication and convenient sign-in for work or school accounts with Microsoft Passport and Windows Hello
  • Ability to restrict access only to devices that comply with organizational device Group Policy settings

Prerequisites

Domain join continues to be useful. However, to get the Azure AD benefits of SSO, roaming of settings with work or school accounts, and access to Windows Store with work or school accounts, you will need the following:

  • Azure AD subscription
  • Azure AD Connect to extend the on-premises directory to Azure AD
  • Policy that's set to connect domain-joined devices to Azure AD
  • Windows 10 build (build 10551 or newer) for devices

To enable Microsoft Passport for Work and Windows Hello, you will also need the following:

As an alternative to the PKI deployment requirement, you can do the following:

  • Have a few domain controllers with Windows Server 2016 Active Directory Domain Services.

To enable conditional access, you can create Group Policy settings that allow access to domain-joined devices with no additional deployments. To manage access control based on compliance of the device, you will need the following:

  • System Center Configuration Manager version 1509 for Technical Preview for Passport scenarios

Deployment instructions

Step 1: Deploy Azure Active Directory Connect

Azure AD Connect will enable you to provision computers on-premises as device objects in the cloud. To deploy Azure AD Connect, refer to "Install Azure AD Connect" in the article Integrating your on-premises identities with Azure Active Directory.

  • If you followed a custom installation for Azure AD Connect (not the Express installation), then follow the procedure Create a service connection point in on-premises Active Directory, later in this step.
  • If you have a federated configuration with Azure AD before installing Azure AD Connect (for example, if you have deployed Active Directory Federation Services (AD FS) before), then follow the Configure AD FS claim rules procedure, later in this step.

Create a service connection point in on-premises Active Directory

Domain-joined devices will use the service connection point to discover Azure AD tenant information at the time of automatic registration with the Azure device registration service.

On the Azure AD Connect server, run the following PowerShell commands:

Copy
 
Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1";

$aadAdminCred = Get-Credential;

Initialize-ADSyncDomainJoinedComputerSync –AdConnectorAccount [connector account name] -AzureADCredentials $aadAdminCred;

When running the cmdlet $aadAdminCred = Get-Credential, use the format user@example.com for the user name of the credential that's entered when the Get-Credential pop-up appears.

When running the cmdlet Initialize-ADSyncDomainJoinedComputerSync ..., replace [connector account name] with the domain account that's used as the Active Directory connector account.

Configure AD FS claim rules

Configuring the AD FS claim rules enables instantaneous registration of a computer with Azure device registration service by allowing computers to authenticate by using Kerberos/NTLM via AD FS. Without this step, computers will get to Azure AD in a delayed manner (subject to Azure AD Connect sync times).

Note

If you don’t have AD FS as the federation server on-premises, follow the instructions of your vendor to create the claim rules.

On the AD FS server (or on a session connected to the AD FS server), run the following PowerShell commands:

Copy
 
  <#----------------------------------------------------------------------
 |   Modify the Azure AD Relying Party to include the claims needed
 |   for DomainJoin++. The rules include:
 |   -ObjectGuid
 |   -AccountType
 |   -ObjectSid
 +---------------------------------------------------------------------#>

$existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules

$rule1 = '@RuleName = "Issue object GUID"
      c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&
      c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
      => issue(store = "Active Directory", types = ("http://schemas.microsoft.com/identity/claims/onpremobjectguid"), query = ";objectguid;{0}", param = c2.Value);'

$rule2 = '@RuleName = "Issue account type for domain joined computers"
      c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
      => issue(Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "DJ");'

$rule3 = '@RuleName = "Pass through primary SID"
      c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&
      c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
      => issue(claim = c2);'

$updatedRules = $existingRules + $rule1 + $rule2 + $rule3

$crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules

Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString
Note

Windows 10 computers will authenticate by using Windows Integrated authentication to an active WS-Trust endpoint hosted by AD FS. Ensure that this endpoint is enabled. If you are using the Web Authentication Proxy, also ensure that this endpoint is published through the proxy. You can do this by checking the adfs/services/trust/13/windowstransport. It should show as enabled in the AD FS management console under Service > Endpoints.

Step 2: Configure automatic device registration via Group Policy in Active Directory

You can use Group Policy in Active Directory to configure your Windows 10 domain-joined devices to automatically register with Azure AD.

Note

For latest instructions on how to set up automatic device registration see, How to set up automatic registration of Windows domain joined devices with Azure Active Directory.

This Group Policy template has been renamed in Windows 10. If you are running the Group Policy tool from a Windows 10 computer, the policy will appear as:
Register domain joined computers as devices
The policy is in the following location:
Computer Configuration/Policies/Administrative Templates/Windows Components/Device Registration

 

To use Azure Active Directory device-based conditional access, your computers must be registered with Azure Active Directory (Azure AD). This article provides you with the steps for configuring the automatic registration of Windows domain-joined devices with Azure AD in your organization.

For devices running Windows, you can register some earlier versions of Windows, including:

  • Windows 8.1
  • Windows 7

For devices running Windows Server, you can register the following platforms:

  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2

Prerequisites

The main requirement for automatic registration of domain-joined devices by using Azure AD is to have an up-to-date version of Azure Active Directory Connect (Azure AD Connect).

Depending on how you deployed Azure AD Connect, and whether you used an express or custom installation or an in-place upgrade, the following prerequisites might have been configured automatically:

  • Service connection point in on-premises Active Directory - For discovery of Azure AD tenant information by computers that register for Azure AD.

  • Active Directory Federation Services (AD FS) issuance transform rules - For computer authentication on registration (applicable to federated configurations).

If some devices in your organizations are not Windows 10 domain-joined devices, perform the following steps:

  • Set a policy in Azure AD to enable users to register devices
  • Set Integrated Windows Authentication (IWA) as a valid alternative to multi-factor authentication in AD FS

Step 1: Configure service connection point

A service connection point (SCP) object must exist in the configuration naming context partition of the computer's domain. The service connection point holds discovery information about the Azure AD tenant where computers register. In a multi-forest Active Directory configuration, the service connection point must exist in all forests that have domain-joined computers.

The SCP is located at:

CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,[Your Configuration Naming Context]

For a forest with the Active Directory domain name example.com, the configuration naming context is:

CN=Configuration,DC=example,DC=com

With the following Windows PowerShell script, you can verify the existence of the object and retrieve the discovery values:

===//

$scp = New-Object System.DirectoryServices.DirectoryEntry;

$scp.Path = "LDAP://CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=example,DC=com";

$scp.Keywords;

===\\

The $scp.Keywords output shows the Azure AD tenant information, for example:

azureADName:microsoft.com
azureADId:72f988bf-86f1-41af-91ab-2d7cd011db47

If the service connection point doesn’t exist, create it by running the following PowerShell script on your Azure AD Connect server:

===//

Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1";

$aadAdminCred = Get-Credential;

Initialize-ADSyncDomainJoinedComputerSync –AdConnectorAccount [connector account name] -AzureADCredentials $aadAdminCred;

===\\

Remarks:

  • When you run $aadAdminCred = Get-Credential, you are required to type a user name. For the user name, use the following format: user@example.com

  • When you run the Initialize-ADSyncDomainJoinedComputerSync cmdlet, replace [connector account name] with the domain account that's used in the Active Directory connector account.

  • The cmdlet uses the Active Directory PowerShell module, which relies on Active Directory Web Services in a domain controller. Active Directory Web Services is supported on domain controllers in Windows Server 2008 R2 and later. For domain controllers in Windows Server 2008 or earlier versions, use the System.DirectoryServices API via PowerShell to create the service connection point, and then assign the Keywords values.

Step 2: Register your devices

The right steps for registering your device depend on whether your organization is federated or not.

Device registration in non-federated organizations

Device registration in a non-federated organization is only supported if the following is true:

  • You are either running Windows 10 and Windows Server 2016 on your device
  • Your devices are domain-joined
  • Password sync using Azure AD Connect is enabled

If all of these requirements are satisfied, you don't have to do anything to get your devices registered.

Device registration in federated organizations

In a federated Azure AD configuration, devices rely on AD FS (or on the on-premises federation server) to authenticate to Azure AD. They register against Azure Active Directory Device Registration Service.

For Windows 10 and Windows Server 2016 computers, Azure AD Connect associates the device object in Azure AD with the on-premises computer account object. The following claims must exist during authentication for Azure AD Device Registration Service to complete registration and create the device object:

For more details about verified domain names, see Add a custom domain name to Azure Active Directory.
To get a list of your verified company domains, you can use the Get-MsolDomain cmdlet.

Windows 10 and Windows Server 2016 domain joined computers authenticate using Windows Integrated authentication to an active WS-Trust endpoint hosted by AD FS. Ensure that this endpoint is enabled. If you are using the Web Authentication Proxy, also ensure that this endpoint is published through the proxy. The end-point is adfs/services/trust/13/windowstransport.

It should be enabled in the AD FS management console under Service > Endpoints. If you don’t have AD FS as your on-premises federation server, follow the instructions of your vendor to make sure the corresponding end-point is enabled.

NOTE: If you don’t use AD FS for your on-premises federation server, follow your vendor's instructions to create the rules that issue these claims.

To create the rules manually, in AD FS:

  • Select the one of the following Windows PowerShell scripts
  • Run the Windows PowerShell script in a session that is connected to your server.
  • Replace the first line with your organization's validated domain name in Azure AD.

Setting AD FS rules in a single domain environment

Use the following script to add the AD FS rules if you only have one verified domain:

===//

<#----------------------------------------------------------------------
| Modify the Azure AD Relying Party to include the claims needed
| for DomainJoin++. The rules include:
| -ObjectGuid
| -AccountType
| -ObjectSid
+---------------------------------------------------------------------#>

$rule1 = '@RuleName = "Issue object GUID"

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&

c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/identity/claims/onpremobjectguid"), query = ";objectguid;{0}", param = c2.Value);'

$rule2 = '@RuleName = "Issue account type for domain joined computers"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "DJ");'

$rule3 = '@RuleName = "Pass through primary SID"

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&

c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(claim = c2);'

$existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules

$updatedRules = $existingRules + $rule1 + $rule2 + $rule3

$crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules

Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString

===\\

 

Setting AD FS rules in a multi domain environment

If you have more than one verified domain, perform the following steps:

  1. Remove the existing IssuerID rule created by Azure AD Connect.
    Here is an example for this rule: c:[Type == "http://schemas.xmlsoap.org/claims/UPN"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?.+)", "http://${domain}/adfs/services/trust/"));

     

  2. Run this script:

===//

<#----------------------------------------------------------------------
| Modify the Azure AD Relying Party to include the claims needed
| for DomainJoin++. The rules include:
| -ObjectGuid
| -AccountType
| -ObjectSid
+---------------------------------------------------------------------#>

$VerifiedDomain = 'example.com' # Replace example.com with one of your verified domains

$rule1 = '@RuleName = "Issue object GUID"

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&

c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/identity/claims/onpremobjectguid"), query = ";objectguid;{0}", param = c2.Value);'

$rule2 = '@RuleName = "Issue account type for domain joined computers"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "DJ");'

$rule3 = '@RuleName = "Pass through primary SID"

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "-515$", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"] &&

c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]

=> issue(claim = c2);'

$rule4 = '@RuleName = "Issue AccountType with the value User when its not a computer account"

NOT EXISTS([Type == "http://schemas.microsoft.com/ws/2012/01/accounttype", Value == "DJ"])

=> add(Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "User");'

$rule5 = '@RuleName = "Capture UPN when AccountType is User and issue the IssuerID"

c1:[Type == "http://schemas.xmlsoap.org/claims/UPN"] &&

c2:[Type == "http://schemas.microsoft.com/ws/2012/01/accounttype", Value == "User"]

=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c1.Value, ".+@(?<domain>.+)", "http://${domain}/adfs/services/trust/"));'

$rule6 = '@RuleName = "Update issuer for DJ computer auth"

c1:[Type == "http://schemas.microsoft.com/ws/2012/01/accounttype", Value == "DJ"]

=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = "http://'+$VerifiedDomain+'/adfs/services/trust/");'

$existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules

$updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4+ $rule5+ $rule6

$crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules

Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString

===\\

 

Step 3: Setup AD FS for authentication of device registration

Make sure that WIA is set as a valid alternative to multi-factor authentication for device registration in AD FS. To do this, you need to have an issuance transform rule that passes through the authentication method.

  1. In the AD FS management console, go to AD FS > Trust Relationships > Relying Party Trusts.
  2. Right-click the Microsoft Office 365 Identity Platform relying party trust object, and then select Edit Claim Rules.
  3. On the Issuance Transform Rules tab, select Add Rule.
  4. In the Claim rule template list, select Send Claims Using a Custom Rule.
  5. Select Next.
  6. In the Claim rule name box, type Auth Method Claim Rule.
  7. In the Claim rule box, type this rule:
    c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences"] => issue(claim = c);
  8. On your federation server, type this PowerShell command:

    Set-AdfsRelyingPartyTrust -TargetName <RPObjectName> -AllowedAuthenticationClassReferences wiaormultiauthn

<RPObjectName> is the relying party object name for your Azure AD relying party trust object. This object usually is named Microsoft Office 365 Identity Platform.

Step 4: Deployment and rollout

When domain-joined computers meet the prerequisites, they are ready to register with Azure AD.

The Windows 10 Anniversary Update and Windows Server 2016 domain-joined computers automatically register with Azure AD the next time the device restarts or when a user signs in to Windows. New computers that are joined to the domain register with Azure AD when the device restarts after the domain join operation.

Note

Windows 10 domain-joined computers running Windows 10 November Update will automatically register with Azure AD, only if the rollout Group Policy object is set.

You can use a Group Policy object to control the rollout of automatic registration of Windows 10 and Windows Server 2016 domain-joined computers.

To roll out automatic registration of non-Windows 10 domain-joined computers, you can deploy a Windows Installer package to computers that you select.

Note

For all non-Windows 10/Windows Server 2016 computers it is recommended to use the Windows Installer package as described below in this document.

Create a Group Policy object to control the rollout of automatic registration

To control the rollout of automatic registration of domain-joined computers with Azure AD, you can deploy the Register domain-joined computers as devices Group Policy to the computers you want to register. For example, you can deploy the policy to an organizational unit or to a security group.

To set the policy:

  1. Open Server Manager, and then go to Tools > Group Policy Management.
  2. Go to the domain node that corresponds to the domain where you want to activate auto-registration of Windows 10 or Windows Server 2016 computers.
  3. Right-click Group Policy Objects, and then select New.
  4. Type a name for your Group Policy object. For example, Automatic Registration to Azure AD. Select OK.
  5. Right-click your new Group Policy object, and then select Edit.
  6. Go to Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain joined computers as devices, and then select Edit.

    Note

    This Group Policy template has been renamed from earlier versions of the Group Policy Management console. If you are using an earlier version of the console, go to Computer Configuration > Policies > Administrative Templates > Windows Components> Workplace Join > Automatically workplace join client computers.

  7. Select Enabled, and then select Apply.
  8. Select OK.
  9. Link the Group Policy object to a location of your choice. For example, you can link it to a specific organizational unit. You also could link it to a specific security group of computers that automatically register with Azure AD. To set this policy for all domain-joined Windows 10 and Windows Server 2016 computers in your organization, link the Group Policy object to the domain.

Windows Installer packages for non-Windows 10 computers

To register domain-joined computers running Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 in a federated environment, you can download and install these Windows Installer package (.msi) files:

Deploy the package by using a software distribution system like System Center Configuration Manager. The package supports the standard silent install options with the quiet parameter. System Center Configuration Manager 2016 offers additional benefits from earlier versions, like the ability to track completed registrations. For more information, see System Center 2016.

The installer creates a scheduled task on the system that runs in the user’s context. The task is triggered when the user signs in to Windows. The task silently registers the device with Azure AD with the user credentials after authenticating through IWA. To see the scheduled task, go to Microsoft > Workplace Join, and then go to the Task Scheduler library.

 

 

 

 

Some of the questions we often get is, "What do I do to protect data when an employee leaves the organization?" and "How do I block a former employees access to Office 365 after they leave?" This topic discusses the steps you should take and how to secure your data after an employee leaves your company. Office 365 admins can choose how to handle a user's Office 365 data and subscription when the user is in the process of leaving or has left your organization.

IMPORTANT: The steps in this article are for Office 365 Business Essentials, Office 365 Business Premium and Office 365 Enterprise.

A quick overview of the of the process looks like this:

  • Block employee access to Office 365 data.

  • (Optional) Get access to the data of the former employee.

  • (Optional) Send the former employee's email to another employee.

  • Delete the former employee's user account.

IMPORTANT: You need to be a member of the Office 365 global admin role to perform the steps in this topic. Make sure the user that performs these steps has the right permissions to complete these steps.

Block employee access to Office 365 data

The first thing you'll want to do is block the former employee from logging in and accessing Office 365 data. There are a few steps you'll want to take to make this happen.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. Go to Users > Active Users. Select the employee that you want to block, and then click EditEdit.

  4. Click the Settings tab, and under Set sign-in status, select Blocked, and then Save.

    NOTE: If you block a user from having sign-in access to Office 365, it might take as long as 24 hours to take effect on all that user’s devices and clients. Also, make sure that you remove or disable the user from your on-premises Blackberry Enterprise Service. You should also disable any Blackberry devices for the user. Refer to the Blackberry Business Cloud Services Administration Guide if you need specific steps on how to disable the user.

Stop access to Exchange Online

If you have Exchange Online as part of your Office 365 subscription, you need to log in to the Exchange admin center to follow these steps to block your former employee from accessing their email.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. In the lower-left navigation pane, expand Admin and select Exchange.

    Expand Admin to see the available admin centers

  4. In the Exchange admin center, navigate to Recipients > Mailboxes.

  5. Select the user, and on the user properties page, under Mobile Devices, select or click Disable Exchange ActiveSync and Disable OWA for Devices, and Disable email connectivity.

  6. Under Email Connectivity, select Disable.

Wipe and block the former employee's mobile device

If your former employee had a company phone, you can use the Exchange Admin Center to wipe and block that device so that all company data is removed from the device and so that device can no longer connect to Office 365

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. In the lower-left navigation pane, expand Admin and select Exchange.

    Expand Admin to see the available admin centers

  4. In the Exchange admin center, navigate to Recipients > Mailboxes.

  5. Select the user, and under Mobile Devices, choose View details.

  6. On the Mobile Device Details page, under Mobile devices, select the mobile device, select Wipe Data, and then select Block.

  7. Select Save.

Get access to the data of the former employee

The next thing you'll want to do is preserve the email and business documents or files created by the former employee, and make them available to your new employee or others in your organization. Learn more about individual document storage in What is OneDrive for Business.

To gain access to a former employee’s OneDrive for Business documents, you can sign in to Office 365 as that user (which can require first changing that user’s password), then move those files to an easily accessible location. Or, you can take over the former employee’s OneDrive for Business, and move the files yourself. The following steps explain this approach.

To gain access to a former employee's email, you'll want to export the user's Outlook email information to a .pst file and then import it into another employee's Outlook inbox.

Part 1 – Get access to the former employee’s OneDrive for Business documents

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. In the lower-left navigation, expand Admin, and select SharePoint.

    Expand Admin to see the available admin centers

  4. Choose user profiles.

  5. Choose Manage User Profiles.

  6. Search for the former employee’s name (use their alias or full name).

  7. Select the drop-down menu beside their name, and choose Manage site collection owners.

    Manage personal site

  8. In the Site Collection Administrators field, add your name, the administrator’s name (see the example below), or the future employee’s name (if known).

    Add yourself to site collection administrators

  9. Scroll down, and select OK.

Part 2 – Copy the former employee’s OneDrive for Business documents to a shared location

  1. With the former employee’s name selected under Manage User Profiles, select the drop-down menu again, and select Manage Personal Site.

    Manage site collections owners

    NOTE: This is a shortcut to the OneDrive for Business site. Alternatively, you can enter: https://<company_name>-my.sharepoint.com/personal/<employee>_<company name>_onmicrosoft_com.

  2. Select Documents in the left navigation.

    Select documents from personal site

  3. You should see your former employee’s OneDrive for Business documents.

    see OneDrive for business documents

  4. From here, copy them to your own OneDrive for Business or a common location, like your team site.

There are a few ways to copy files in Office 365. See Video: Set up document storage and sharing in Office 365 orSync OneDrive for Business files locally, and then upload those files to your OneDrive for Business or your team site.

Part 3 - Get access to the Outlook information of the former employee

To save the email messages, calendar, tasks, and contacts of the former employee, export the information to an Outlook Data File (.pst).

  1. Click File > Open & Export > Import/Export.

    Import/Export command in the Backstage view

  2. Click Export to a file, and then click Next.

    Export to a file option in the Import and Export Wizard

  3. Click Outlook Data File (.pst), and then click Next.

  4. Select the account you want to export by clicking the name or email address, such as Mailbox – Anne Weileror anne@contoso.com. If you want to export everything in your account, including mail, calendar, contacts, tasks, and notes, make sure the Include subfolders check box is selected.

    NOTE:  You can export one account at a time. If you want to export multiple accounts, after one account is exported, repeat these steps.

    Export Outlook Data File dialog box with top folder selected and Include subfolders checked

  5. Click Next.

  6. Click Browse to select where to save the Outlook Data File (.pst). Type a file name, and then click OK to continue.

    NOTE:  If you’ve used export before, the previous folder location and file name appear. Type a different file name before clicking OK.

  7. If you are exporting to an existing Outlook Data File (.pst), under Options, specify what to do when exporting items that already exist in the file.

  8. Click Finish.

Outlook begins the export immediately unless a new Outlook Data File (.pst) is created or a password-protected file is used.

  1. If you’re creating an Outlook Data File (.pst), an optional password can help protect the file. When the Create Outlook Data File dialog box appears, type the password in the Password and Verify Password boxes, and then click OK. In the Outlook Data File Password dialog box, type the password, and then click OK.

  2. If you’re exporting to an existing Outlook Data File (.pst) that is password protected, in the Outlook Data File Password dialog box, type the password, and then click OK.

Check out Export or backup email, contacts, and calendar to an Outlook .pst file for the steps for Outlook 2010.

Part 4 - Give access of former employee's email to another user

To give access of the email messages, calendar, tasks, and contacts of the former employee to another employee, import the information to another employee's Outlook inbox.

  1. Click File > Open & Export > Import/Export.

    This starts the Import and Export Wizard.

  2. Choose Import from another program or file, and then click Next.

    Import and Export Wizard

  3. Choose Outlook Data File (.pst), and click Next.

  4. Browse to the .pst file you want to import.

  5. Under Options, choose how you want to deal with duplicates

  6. Click Next.

  7. If a password was assigned to the Outlook Data File (.pst), enter the password, and then click OK.

  8. Set the options for importing items. The default settings usually don’t need to be changed.

  9. Click Finish.

 

Send the former employee's new email to another employee

These steps are optional, but you can send any new email to the former employee's email address to another person by adding the former employee's email address to a secondary employee. By doing this, any new emails sent to the former employee's email address will be sent to the employee you specify.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. Go to Admin > Users > Active users.

  4. On the Active users page, select the check box next to the user, click Edit Edit, and then click the email addresses tab.

  5. On the Manage email addresses tab, in the text box under Add more email address, type the first part of the new email alias. If you added your own domain to Office 365, you can choose the domain for the new email alias by using the drop-down list.

  6. Next to the email alias you want to add, click Add.

  7. When you're done, click Save.

Remove license from employee

The next step, you'll want to take is to remove the Office 365 license from your former employee. When you remove the license, all that user's data is held for 30 days. After 30 days, all the user's data (except for documents stored on SharePoint Online) is deleted from Office 365 and can't be recovered. If you reassign a license to the user within 30 days, the user's mailbox and data will be saved. Once you remove the license from this user, their license becomes available for another user.

NOTE: All additional email addresses that go with this user are also deleted. If you need someone to receive emails, assign the email address to another user.

NOTE: The user's Lync Online Contacts list may also be deleted. If you restore the Exchange Online license within 30 days, the Contacts list will be restored as well. For more information, see Removing a user’s license for Exchange Online may also remove their Lync Online Contacts list.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. Select Users > Active Users.

  4. Check the box for your former employee.

  5. Click Edit Edit

    Edit a user account

  6. Select Licenses.

    Click Licenses

  7. Under Assign licenses, clear the box for the former employee to remove the license.

  8. Click Save.

Delete the former employee's user account

After you've saved and accessed all the former employee's user data, you can delete the former employee's account.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. Go to Users > Active Users.

  4. Choose the names of the users that you want to delete, and then select DELETE Delete.

  5. In the confirmation box, select Yes.

When you delete a user, the user becomes inactive. However, for approximately 30 days after you have deleted the user, you can restore the user.

 

  1. Office 365 sign-in page, select Forgot your password?.

    Can't access your account?

    NOTE: If you don't see this link, go to self-service password reset tool to try to reset your password.

  2. On the User verification page, type your work or school account name, enter the characters to verify that you're not a robot, and then select Next.

  3. Select the contact method to use for verification.

    Screen shot that shows the contact method options to use for verification: email, text, or call my mobile phone.
  4. Complete the steps for the contact method you selected, as shown in the following table.

    Contact method

    Steps

    Email my alternate email

    1. Select Email.

    2. Keep the Office 365 browser window open while you go to your alternate email to get the verification code.

    3. Go back to the Office 365 browser window, enter the code you received in email, and select Next.

    Text my mobile phone

    1. Enter the mobile phone number you've provided for your account, and select Text.

    2. Enter the verification code you received from the text message, and select Next.

    Call my mobile phone

    1. Enter the mobile phone number you've provided for your account, and select Call.

    2. Answer the call, and follow the instructions given.

    3. Go back to the Office 365 browser window.

    IMPORTANT: You need to respond within 60 minutes to the email and to the text message. Complete the reset process by using the same computer and browser session. If you close your browser window or take longer than 60 minutes to respond, you'll have to restart the process.

  5. If you have a custom domain like Contoso.com, select a second contact method for verification, and then follow the steps for that contact method from step 4.

  6. Enter a new password, confirm it, and then select Finish.

  7. When you receive confirmation that your password has been reset, select the link on the confirmation page, and then sign in to Office 365 with your new password.

    Screen shot that shows the link to sign in with your new password.

Prepare to be a CSP Partner 

In order to purchase Microsoft CSP Subscriptions for Office 365, EMS (Enterprise Mobility Suite) and Dynamics CRM Online, you need to

  • be registered with Microsoft as a Reseller, for which you will receive a MPNID (Microsoft Partner Network ID) to use with your CSP orders;
  • be authorized to purchase CSP Subscriptions by having agreed to the terms and conditions of the MOSPA (Microsoft Online Partner Services Agreement); 
  • ensure that your Company Profile within Microsoft Partner Network is filled out completely.

You may not have needed a MOSPA to sell Office 365 under other licensing models, but it is required to sell CSP Subscriptions of Office 365, EMS and Dynamics CRM Online.

Become a Microsoft Partner

If you have not already done so, enroll in the Microsoft Partner Network at https://mspartner.microsoft.com. You will receive an MPN ID as proof of your registration, and you need to submit this MPN to rhipe when creating your reselelr agreement for CSP.

Sign the MOSPA

If you not already done so, you must sign the Microsoft Online Partner Services Agreement at https://partners.microsoft.com/PartnerProgram/PsaSubprogramLegalAgreement.aspx

  • If you have not signed the MOSPA, your orders for CSP Subscriptions will be rejected by Microsoft and will fail to provision.
  • The MOSPA is effective for 12 months from the date of acceptance and then expires. If your MOSPA is expired then you will not be able to place any CSP orders. You will need to return to your MPN portal to renew your MOSPA for another 12 month period.
  • Please allow a minimum 3 business days between signing your initial MOSPA in the Microsoft Partner Network and placing your first CSP order with rhipe. It takes some time for Microsoft to propagate your MOSPA details to all systems used for provisioning CSP Subscriptions.

 

Complete Company Profile Information

Though it may not have been required by Microsoft before, in order to purchase CSP Subscriptions you must completely and correctly fill out the Company Profile page in your Microsoft Partner Network portal. Microsoft requires that the address, phone, email and other contact information in your MPN Profile matches the information submitted by rhipe on every CSP order.

If you have not already done so, you must update your company profile:

  • Click on Partner Membership Center

 

  • Update your Company Profile details.
  • If this information is missing, or does not match what you have entered into your profile on the rhipe portal, orders for CSP Subscriptions may be rejected by Microsoft and fail to provision.
  • Microsoft runs an address verification algorithm on your information for fraud detection purposes. It is also helpful to make sure there are no trailing spaces in the fields, and you may want to put your address as listed into Bing Maps and confirm that the address shows correctly.

A number of partners and customers have requirements around blocking or restricting access to trusted IP addresses and ranges in order to secure their data and meet various internal requirements and industry certifications.

One way that partners achieve this is by instituting Conditional Access Policies in Azure AD. This means you can restrict access to your tenancy as a whole, or by discrete services. Unfortunately by doing this, it can affect our technical support team to assist you define, isolate, replicate and resolve your issues. We are also often unable to raise an escalation request as we require access via Delegated Admin Permissions to your Office 365 or other Microsoft administration portals to raise these cases.

Where partners have restricted access globally, we ask that you create a 'rhipe' conditional access location, and add the following IP's to it. When you need to grant us access, simply mark that range as trusted until we have been able to resolve your issue, then remove the trusted flag once the issue is resolved.

Our support teams IP addresses are:

  • 61.68.26.210
  • 103.228.59.178
  • 203.220.13.226
  • 209.146.25.90
  • 218.185.237.130
  • 223.130.19.2
  • 211.24.107.228

Please note that this list is subject to change and you should check this KB article (and last revised date) to ensure your conditional access group matches the above.

Conditional Access network locations require CIDR notation within AzureAD. For a single IPv4 address, add '/32' to the end of the IP which signifies a single IP range. IPv6 addressing can vary in local networks, but a single IPv6 address will require a '/128' as a suffix.

Last update: 21/3/2018

This is Microsoft To-Do

 This article shows availability of Microsoft To-Do to a set list of Office 365 licenses and also steps to enable it within the Office Admin Center (please expand the FAQ in the article).

Fully compatible with Skype for Business online and assured to increase functionality, licensing and partner opportunity in addition to simplifying the meeting process.

 

https://www.youtube.com/watch?v=hCGBArWyVUs

 

 

Microsoft has released Not-For-Profit products available via CSP. This is not available to existing Office 365 tenants directly.

If your NFP customer has a tenant which was directly approved for CSP, then you can now move them to rhipe CSP licensing by following the standard tenant transitioning process today.

The following are the processes for different NFP customer scenarios.

Scenario 1: NFP customer with no Microsoft Tenant

  1. Customer must register as NFP with Microsoft at www.microsoft.com/nonprofits 
  2. Microsoft will either approve or deny the Non-Profit application (can take up to up to 3 weeks). Once approved, a tenant is created as a part of the application approval process.
  3. You transition the NFP tenant to rhipe and add NFP SKUs.

Scenario 2: NFP customer with existing Microsoft tenant already tagged as NFP

  1. Transition the NFP tenant to rhipe and add NFP SKUs.

Scenario 3: NFP customer with existing Microsoft tenant NOT tagged as NFP

  1. Customer must register as NFP with Microsoft at www.microsoft.com/nonprofits 
  2. Microsoft will either approve or deny the Non-Profit application (can take up to up to 3 weeks). Once approved, a tenant is created as a part of the application approval process.
  3. Go to Contact Us and submit request for updating existing tenant for nonprofit status. Customer needs to provide the both new and existing tenant information to Microsoft. They will then enable the move of the NFP status from the newly created tenant to the existing tenant.
  4. You can then transition the existing tenant to rhipe and add NFP SKUs.

If the customer is already licensed with NFP products, there is no new process or no special step to remember. Just remember that the tenant must have the NFP status tagged on it or the order provisioning will fail.