Michael Epping discusses in detail the following questions related to Office 365 management:
- What management capabilities does Microsoft provide Office 365 customers?
- How are users managed in Office 365 in a basic scenario where there is no integration with on-premise servers? What options are available?
- How are users managed when Active Directory is synchronized with Office 365?
- How are users managed when the customer is using Exchange Hybrid?
- What management can be done using Remote PowerShell? Michael mentions his blog post "PowerShell for Office 365 and Exchange Online" in the podcast where he is offering a shortcut script.
- How do you connect PowerShell to Office 365?
- What are the benefits of using PowerShell over the web portal?
- Where can I learn more about using PowerShell?
Transcript of this podcast:
Marek: Today we welcome back Michael Epping, one of Concurrency's engineers. Hi, Michael.
Michael: Hi, Marek.
Marek: Hey Michael, would you tell us what's new in Office 365 technology area.
Michael: Well, since the last time we talked there was a pretty big announcement. It was actually this past Wednesday and Microsoft released the new version of Office 365. It's basically an evolution of the previous version and where the previous version of Office 365 was based on Exchange, SharePoint, and Lync 2010. The new version is based on Exchange, SharePoint, and Lync 2013. So there are a lot of new capabilities coming with that.
With Exchange you get new site mailboxes that they're kind of like the replacement for public folders and they integrate with SharePoint and SharePoint is getting new social features. You'll be able to use public folders in Exchange online now and then there's a new road map for Lync were eventually sometime in the next 18 months or so Lync online is going to support Enterprise Voice. So full PSTN dialing from Office 365.
Marek: That sounds good.
Michael: Yes. There's a lot of new stuff coming out.
Marek: I'm sure we can probably talk more about that at some point, but today I would like to discuss a little bit more in depth about some of the management functionality and so fourth in Office 365. So, let's start with this question...What management capabilities does Microsoft provide Office 365 customers?
Michael: So if you used an older version of Microsoft's online services like, the Business Productivity Online Suite management capabilities were pretty limited. You basically had a couple very simple web pages in which to manage different user accounts and any settings. Microsoft wanted to change that for Office 365 and they've made a lot more possible in the Office 365 web interface and in Office 365 they introduced Remote PowerShell, which is based on PowerShell 2.0 and PowerShell 3.0 so you can use it with Windows 7 or Windows 8.
With Office 365 now what you get is a web page and there's a basic portal for managing user accounts. It's sort of like the active directory it ties the other services together so when you're an administrator and you log in you can provision users, activate users, buy licenses, change licenses, all that kind of basic stuff. Then from there there's links to the Exchange management portal and the SharePoint management portal and the Lync management portal. So, in the Exchange portal you can manage mailboxes and in the SharePoint one you can manage permissions and sites and in the Lync one you can do things like, manage whether federation is enabled for certain users, what capabilities they have in the Lync client.
Then in addition to that in the previous version of Office 365 so anybody with an existing Office 365 tenant you get Remote PowerShell access to the main portal and it's through a PowerShell module called Microsoft Online Services PowerShell module and it gives you capabilities to change user accounts, apply licenses in bulk so you can do like, a get dash MSOL user and then pipe that into a command to apply licenses to all your users. That way you don't have to go through the portal and click hundreds of times if you have a lot of users. In the previous version of Office 365 there is also remote PowerShell access to Exchange. So you don't get all the low level Exchange commands like, none of the database commands you don't have access to, but a lot of the higher level commands for like, managing mailboxes, managing distribution groups, all of that sort of stuff. It's all built in there so there are a lot of really useful capabilities there. So, say you need to create contacts for your global address list; maybe you need to make thousands of them. It would take you forever to do it in the web page and with PowerShell in Exchange online you just upload a CSV, issue this command for importing content from the CSV file and you have thousands of contacts in your global address list within minutes.
Marek: How are users managed in Office 365 in a basic scenario were there is no integration with on premise servers and what options are available?
Michael: There are two basic models for administering Office 365. Smaller organizations probably aren't going to use directory synchronization. They probably aren't going to use active directory federation services so, basically their Office 365 accounts will just be Cloud accounts. They want be synchronized to anything on premise, not really tied to on premise at all. So that kind of changes the management a little bit since you're only dealing in the Office 365 version of Active Directory. So when you're managing those users like I said you can use the portal, you can use PowerShell, but basically all user management is done in the Cloud. So when you're in the Office 365 portal there's a users menu, you can go to a user select them, change their SMPP address, change basically anything about them that you need in a smaller organization just right there from the menu.
Marek: Michael, how are users managed when Active Directory is synchronized with Office 365?
Michael: Things get a little more interesting when you have a lot of integration with on premise servers. So when you're using Active Directory synchronization there are a lot of values that you can't modify in the Office 365 portal or through remote PowerShell. You need to modify them on premise and then synchronize them to Office 365 using the directory synchronization tool you should have installed on a domain joint server in your company. Basically, say you have Exchange 2007 and you're using directory synchronization because you're using the staged cut over migration model for Exchange. You may need to do things like change peoples email addresses. Well that sort of stuff you would do through AD users and computers or through ADSI edit on premise on one of your domain controllers and then synchronize it with Office 365. So when you're in the Office 365 portal in this scenario a lot of the options on a user will be grayed out. So you can see information about them in the portal, but you can't modify it and Office 365 will let you know that this is a directory synced?? user and you need to change them in your on premise directory, but things are a little bit different if you have Exchange 2010 in the environment because Exchange 2010 or Exchange 2013 full support hybrid.
So you basically have your Exchange environment split between the Cloud and on premise. In Exchange 2010 and 2013 you can basically add Office 365 as a forest in your Exchange management council or your Exchange administration center and that allows you to see mailboxes that are stored in Office 365 right in your Exchange management tools that you're use to. So when you're using Exchange 2010 or Exchange 2013 management becomes a little easier because you have an interface that's a little simpler and a little less dangerous than ADSI edit.
I want to talk a little bit more about how to set up user management when you're in Exchange hybrid. So basically when you deploy the Exchange Hybrid role you probably already have Exchange 2010 on premise or you're using it as a middle man between Exchange 2007 and the Cloud and basically you deploy directory synchronization first and get all your users synchronized with Office 365 and when you synchronize the directory the users will get populated automatically in Office 365. You don't need to go in the portal and create user accounts first for the directory synchronization tool to find. It takes care of everything on it's own and then once you have that up and running you want to go to your Exchange server and use the Exchange management council.
Basically if you right click on highest hierarchy level on the left side of the Exchange management council there's this option for add forest and that allows you to add the Office 365 forest and there's a little drop down and you can select Exchange online and it'll just ask you for your Office 365 administrator credentials. One of the cool things you can do from the Exchange management council once you've set it up to integrate with Office 365 is you can deploy mailboxes directly to Office 365, deploy new mailboxes. You don't need to create a mailbox on premise and then migrate them to the Cloud. You can issue this command called new remote mailbox and it'll create a user account in AD and then it'll automatically provision that AD user account with a mailbox that's in the Cloud. So, there's no intermediary step there. I think that's one of the neat reasons to use Exchange 2010 or Exchange 2013 to manage your on premise and Cloud users.
Marek: Now Michael, what management can be done using Remote PowerShell?
Michael: So with remote PowerShell a lot of the underline functionality of the products are exposed to you as an administrator that aren't available to you in the gooey interface either because it would make the gooey interface to cluttered or it's the type of functionality that would just be difficult to put into an interface. Office 365 portal for example you can mange user accounts like I've said, but one of the things you can't do is manage the way that users log in. You can't manage their password expiration
?policies. All that sort of stuff is exposed through the Microsoft online services PowerShell module, which is really easy to use. Similarly in Exchange there's all sorts of stuff you can't do like, you can't set certain policies on the way that mail flow works, you can't do bulk actions in the gooey interface, but all that stuff is really easy using Exchange online or using the Exchange online PowerShell module. One of the really nice things about the PowerShell module is that it works exactly the same as the Exchange 2010 on premise PowerShell. So if you've already gotten used to using PowerShell with Exchange 2007 or 2010 then you'll be right at home in the Office 365 version, Just some of the more technical commands have been removed because Microsoft handles all that stuff on the back end.
Marek: Now how do you connect PowerShell to Office 365?
Michael: So I've mentioned that there are basically two modules right now that are primarily used. I believe pretty soon there's going to be a Lync module so you can manage Lync users using Remote PowerShell, but we want talk about that too much. The basic one that allows you to manage user accounts and it's kind of like an active directory type module and there's not to many commands in it is called the Microsoft Online Services PowerShell module. You may also find it named the Windows AZURE active directory PowerShell module. It's got a couple of different long names, but you can basically download and install this from the users menu in the Office 365 portal under the ADFS set up section. Once you have downloaded and installed it you just double click the icon for the module and it opens up, it just looks like a PowerShell window and you just type the command connect-msol service, hit enter. It'll ask you for Office 365 administrator credentials and you hit enter again and you're basically logged in. It wont show you any of the commands that you're able to use, but you can use basic PowerShell commands like, get-command and -modulemsonline and it'll show you all the commands that are available for use with that module.
The Exchange PowerShell module is a little more difficult to get into. Basically it requires setting up. It requires about three commands in order to get set up in it and they're a little bit longer than the Microsoft Online Services PowerShell modules so I'm not going to go into detail describing exactly what they are, but I have a pretty cool blog post up on the Concurrency blog about making access to Office 365 through PowerShell easier. What I've done is just come up with a really basic little script that you can turn into an icon on your start menu or your start screen if you're on Windows 8 and you just click it. It asks you for credentials type them in hit enter and it's got you logged into both the Exchange and the Microsoft Online Services PowerShell modules. So if you're interested in that just go to Concurrency.com/blog and just find my blog post on the Office 365 PowerShell modules.
Marek: Great. Yeah, look for Michael Epping. He is one of the prolific writers and authors of blog posts on Concurrency blog. Excellent. Michael, would you tell us what are the benefits of using PowerShell over the web portal.
Michael:? I'm a pretty big advocate of doing as much in PowerShell as you can in Office 365. Really basic stuff like resetting a users password tends to be easier in the Gooey, but a lot of management can be done through PowerShell that is much much simpler. You just issue a command that takes you two seconds rather than getting to the web page, logging in, finding the right section, sometimes it's nested deeply within multiple web pages and it just takes a lot of time and the interface for the Office 365 website is constantly changing or it's changing a lot right now because we're transitioning from the 2010 to the 2013 technologies, but PowerShell commands are consistent. I think one of the really big benefits of using PowerShell is it helps you gain a better understanding of exactly what the product is doing.
Microsoft has done a lot of work to structure PowerShell in a way that is really logical and if you just take a little bit of time to understand how it works it'll really help you gain some insights into the way the products are functioning and the best ways to manage users. There's a lot of documentation on how to use PowerShell in Exchange Online on TechNet or on our blogs or in the Office 365 community website. So if there's ever PowerShell commands that you don't understand I guarantee there is someone out there who's already written something on how to use it.
Marek: Michael would you tell the listeners where can I learn more about using PowerShell.
Michael: Like I said you want to check out TechNet for sure. Then there's the Microsoft Office 365 community and it's basically forums and blog posts done by Microsoft employees and there's questions submitted by Office 365 customers and a lot of them do deal with Powershell because people are trying to wrap their heads around how to use the PowerShell because a lot of people haven't used it before, ?especially if you're coming from Exchange 2003 or a non-Microsoft email system. Those are two really good resources and then beyond that I would recommend a couple of books. There's really great PowerShell books specifically ones focused on Exchange 2010 tend to be really valuable for using with Office 365 because all those Exchange 2010 commandlets with just a couple of exceptions exist in Office 365 as well.
Marek:? I want to encourage all the listeners to check out Concurrency.com and find the blog. Follow Michael, Michael is also active on Twitter. Connect with him as well as many other Concurrency engineers were you can follow and learn about a lot of interesting things on Office 365 and many other Microsoft technologies. Michael I want to thank you very much for your time today and I was wondering if we can tap you in soon were you can maybe share with us what's new in the Office 365 release.
Michael: Yeah, that would be great.
Marek: Excellent. Talk to you soon.