Microsoft Azure and Office 365 Canadian Region Datacenters Now Live

by Ed Sparks

An announcement we've all been waiting to hear finally happened today. Microsoft has indicated that they have launched the Canadian datacenters, which are located in Toronto and Quebec City. 

We look forward to moving all of our Canadian-based clients to this new infrastructure, and all of the new opportunities it will bring for industries that were previously blocked from using Microsoft's cloud services.

Following up from our announcements of new datacenter regions in Japan, Australia and India over the last 18 months, today we are announcing the general availability of a new Office 365 datacenter region in Canada. The new datacenter region adds in-country data residency, failover and disaster recovery for core customer data at rest to customers in Canada. Canadian customers continue to have access to the full breadth of productivity and collaboration services available in Office 365 today.

The full announcement is available here.

Contact us today for assistance with your Exchange, SharePoint or VM cloud migration.

Office 365 / Azure AD Password Synchronization Security

by Ed Sparks

We are often asked by customers how secure it really is to synchronize their passwords to and from Azure AD, be it standalone or as part of Office 365.

Our short answer:

The passwords themselves are never sent over the wire in either direction. In all cases only password hashes are sent.

The longer answer is easily derived and supported both from TechNet articles and various third-party sites. The key take-away is that only the hashes are ever retrieved, additional encryption applied, and then that is sent to Azure AD or back.  The passwords themselves are never used or sent.

From TechNet:

The Active Directory Domain Service stores passwords in form of a hash value representation of the actual user password. The Password hash cannot be used to login to your on-premises network. It is also designed so that it cannot be reversed in order to gain access to the user’s plain text password. To synchronize a password, the Directory Sync tool extracts the user password hash from the on-premises Active Directory. Additional security processing is applied to the password hash before it is synchronized to the Azure Active Directory Authentication service.

When synchronizing passwords using the password sync feature, the plain text version of a user’s password is neither exposed to the password sync tool nor to Azure AD or any of the associated services.

Additionally, there is no requirement on the on-premises Active Directory to store the password in a reversibly encrypted format. A digest of the Windows Active Directory password hash is used for the transmission between the on-premises AD and Azure Active Directory. The digest of the password hash cannot be used to access resources in the customer's on-premises environment.

https://technet.microsoft.com/en-us/library/dn246918.aspx

From A Third-Party

An independent company that makes SharePoint and Office 365 tools also performed their own analysis, down to the packet capture level. What they found was:

The hash over the wire that is captured is not an MD4 hash of clear text password. It is a secure PBKDF2 key derived from SHA256 hash of the MD4 hash (derived from crypto API documented at http://msdn.microsoft.com/en-us/library/windows/desktop/dd433795(v=vs.85).aspx) per RFC 2898.

Read more at their blog post:
https://www.cogmotive.com/blog/office-365-tips/how-secure-is-dirsync-with-password-synchronisation

Overall we're very confident using this functionality at our customer deployments, and Microsoft have created a well thought out and secure implementation.

Microsoft Finally Building Canadian Data Centres and Region

by Ed Sparks

We were very excited today with Microsoft's announcement that they will be building data centres in Ontario and Quebec, and creating a Canadian region for Azure and Office 365.

This will dramatically expand the potential to help more of our customers move their data to the cloud, while ensuring they meet privacy and regulatory requirements to keep data in Canada.

Unfortunately, this doesn't appear to be live until 2016, but superb news nonetheless.

They even flew Kevin Turner in to help make the announcement.

Microsoft today announced plans to deliver commercial cloud services from Canada. Azure, Office 365 and Dynamics CRM Online will be delivered from Toronto and Quebec City in 2016, further strengthening Microsoft’s footprint in Canada’s competitive cloud landscape.

These new locally deployed services will address data residency considerations for Microsoft customers and partners of all shapes and sizes who are embracing cloud computing to transform their businesses, better manage variable workloads and deliver new digital services and experiences to customers and employees. General availability of Azure is anticipated in early 2016, followed by Office 365 and Dynamics CRM Online later in 2016

The full press release is available here.

We look forward to helping more Canadian customers migrate to the cloud soon!

Contact us today to get planning!

So, Office 365 is what, exactly?

by Ed Sparks

As we help more and more of our customers migrate from their existing on-premise Exchange 2007, 2010 and 2013 environments to the Office 365, the number one question we get is: "So, umm, what is Office 365 again?"  The biggest misconception that exists (and one we're not entirely sure how it came to be) is that Office 365 is the actual Office software suite, versus the cloud services. Microsoft's ever-growing and ridiculous amount of versions and names certainly doesn't help the cause.

Blogging genius, and all around swell guy Paul Thurrott once again does a great service to the community by summarizing the many, many options available. 

Which Office 365

Microsoft offers a wide range of Office 365 subscription plans that target individuals, households, and businesses (and business-like entities) of all sizes. But given the tremendous value and the sheer amount of choice here, how do you choose? Ultimately, it just comes down comparing the consumer and business versions of Office 365, and then understanding the benefits of each subscription.


Now that you've figured out which version you want and need, get in touch with us and let us help with your migration.  We'll do it right, the first time.

Source: https://www.thurrott.com/cloud/office-365/...

Living Microsoft in an iPhone World

by Ed Sparks

With the continued struggle of Windows Phone to get any kind of market traction, despite finally being mostly on par functionality wise, most of us in the Microsoft world have switched to using iOS or Android mobile hardware.

Surprisingly, these days, it's actually quite an easy coexistence.

Paul Thurrott recently discussed this very topic in an excellent blog post we recommend

Microsoft + iPhone

What surprised most about this article is just how many applications Microsoft makes for iOS. Well worth a read.

Smarter Room and Equipment Booking Response Emails in Exchange

by Ed Sparks

Room and Equipment mailboxes are extremely useful in Exchange, especially when combined with the Resource Booking Attendant to automatically accept or reject invites.

What isn't well implemented is the ability to have the Booking Attendant respond with information that is relevant to the response.  Microsoft provide's the More Information option which allows the response to include some extra text, but this information is unfortunately sent with every response - accept, deny, or change.

For resources like conference call lines, or specialized meeting rooms with booking restrictions this can lead to confusion.  Why is the room denying my request, then sending me useful information about the room?  

Behold the Transport Rule

To work around this limitation, an administrator must instead turn to the flexibility of Transport Rules.  Transport Rules allow for the checking of the response type and then including more relevant information for the end user.  Why was my request denied? What do I do next? What do I need to know about the resource?

The trick to making these work is the Append Disclaimer Text Rule Action, which will then allow some basic HTML to be entered.  This will get appended to the response message from the Booking Attendant (below the canned information that Exchange adds).  One caveat is that due to the way Exchange and Outlook utilize embedded special messages for Calendar Response Emails, most HTML is stripped.  Therefore the disclaimer text should only use very simple HTML tags like <FONT>, <B>, <BR>, etc. Most notably Tables and CSS will be stripped. However, if all your users are using OWA instead of desktop Outlook, quite full featured HTML is allowed. YMMV.

Putting it all Together

  1. Modify all of your Resource Mailboxes to remove any Add Additional Text settings under the Resource Information tab.
  2. Create a new Transport Rule under Organization Configuration/Hub Transport.  One rule for each type of response is necessary.  i.e. "Room Booking Accepted" and "Room Booking Denied for Permissions" or "Room Booking Conflict"
  3. For the Condition of the rule, choose the From People and When the Subject Field or Message Body Contains specific words.  Be sure NOT to choose the text patterns option, as this will not work for calendar responses.
  4. Click on these new rule conditions in the bottom pane and select each of the Resource Mailboxes in the From settings.  Then, in the subject or body selection, type the exact phrase that is part of the appropriate built-in Exchange meeting response.  For example, "your request was accepted" (no quotes)
  5. Click next, then choose Append disclaimer text and fallback to action if unable to apply for the Action.  Click in the bottom pane on append and enter the raw HTML for your response.  It is best to create and test the HTML elsewhere, than paste it into the box as there is no sort of preview or editor.
  6. For the rest of the settings of the Transport Rule accept the defaults.  Finish and close the rule.
  7. The responses should work within about 30 seconds of creating or modifying the rule
  8. Repeat as necessary for different resource types and responses. 

Note, this works equally well for Office 365/Exchange 2013/Online, but obviously the steps are slightly different through Exchange Admin Center.  An additional item to keep in mind is that it is unfortunately not possible remove the embedded canned response text that Exchange always includes. We refer to this as the "above the line" text, as exchange puts a horizontal rule and "Sent by Microsoft Exchange Server..."

This method has been of tremendous value to many of our clients to get much more useful responses, and happier staff.

Need help configuring this in your environment? Is your Exchange server out of control?  Contact us today!

Well Played Microsoft, Well Played

by Ed Sparks

April Fools Day seems to be on an upswing of increasingly clever and complex hoaxes the last few years, and Microsoft was no exception for 2015. 

Beautifully skewering their own naming practices, and particularly Apple's over-the-top design videos, Microsoft released MS-DOS Mobile.  

Today Microsoft launches MS-DOS Mobile, a new OS designed especially for Lumia smartphones.
Microsoft is going back to where productivity started for millions of people, launching a beautifully simple OS.

Today Microsoft launch MS-DOS Mobile, a new OS designed especially for Lumia smartphones. Microsoft are going back to where productivity started for millions of people, launching a beautifully simple OS. The MS-DOS Mobile preview is an essential download for those who remember life before Windows, those who want to go back to BASIC, or even those looking to boot into DOS for the first time.

“Turning our back on graphics was hugely liberating. We’ve dropped the resolution, and in doing so re-discovered our roots.”

The best part of this?  You can actually download and run this thing!  Set Blaster=A220! Oh the memories.


Not to be outdone, the Mountain View folks launched com.google.

Try it yourself.    !desirprus eb thgim ouY