Archive for the ‘BPOS / Office 365 / Microsoft Online Services’ Category

Lançamento do Office 365 no Brasil

novembro 9, 2011

 

São Carlos (FYI) Apenas para registro, à partir de ontem (08/11/2011), a venda do Office 365 foi liberada no Brasil.

Abraços,

Carlos Monteiro.

Case BPOS–Grupo Confidence troca Software Livre pela plataforma Microsoft

outubro 26, 2011

 

São Carlos (que pé d’água tomei no lombo ontem) Segue mais um case BPOS interessante.

Grupo Confidence troca software livre por plataforma Microsoft

Para José de Carvalho Júnior, CIO da companhia, sistemas anteriores não atendiam mais à demanda de crescimento da empresa

Por seis anos o Grupo Confidence, um dos maiores da área de câmbio no País, conviveu com softwares livres em seu dia a dia. E-mail e comunicador interno rodavam em uma infraestrutura própria. Mas, na medida em que a companhia cresceu, os problemas começaram a surgir. De acordo com o CIO do grupo, José de Carvalho Júnior, havia um desgaste muito grande e uso intenso da equipe de suporte. “Tinha muita ocorrência e gerava insegurança”, completa.

Diante do desafio, em 2009, quando se observou um pico de crescimento na empresa e o software livre já não atendia às necessidades, o executivo passou a avaliar outras soluções. Google e Microsoft foram os fornecedores mais bem cotados. As plataformas Google Apps e Productivity Online Standard Suite (BPOS) tinham, na análise do CIO, as mesmas funcionalidades. “Mas o que mais pesou foi a interface de e-mail”, lembra. “A da BPOS é muito parecida com a do Outlook e a resistência à mudança foi menor”, completa, justificando a migração para a solução da fabricante do Windows.

A contratação da Microsoft ocorreu em novembro de 2010 e, em um mês, 800 contas de e-mail estavam migradas. O comunicador levou outros 30 dias. Esse processo incluiu o cadastramento dos usuário no Active Directory para a transferência dos dados. “Para a migração do e-mail, basicamente, carregamos as caixas em nuvem. Como a ferramenta faz boa parta da migração em paralelo, até tivemos alguns problemas pontuais, mas tudo acontecia em ambiente externo e com suporte. O atendimento era muito rápido”, comenta. No caso do comunicador, o processo foi bem mais simples, ressaltou o executivo.

Além dos ganhos em processo, suporte e disponibilidade da ferramenta, Júnior acredita que o maior benefício foi em termos de segurança para envio e recebimento de mensagens. Antes, tudo era interno, desde a segurança até o suporte técnico e, hoje, quase não se tem reclamações desses serviços. “Tivemos uma redução de 90% nos chamados para o help desk por falta de acesso a e-mail ou não envio de mensagem.” Trata-se de uma boa redução se levar em consideração que entre 40% e 50% das ligações para o suporte estavam relacionadas com esses produtos.

Quando se fala em migrar de software livre para proprietário, uma questão que se levanta rapidamente é a do custo e ele realmente ficou maior. O Grupo Confidence fechou um contrato de três anos com a Microsoft no valor de US$ 300 mil, mas o CIO justifica dizendo que, junto com e-mail e comunicador, ganhou todo o ambiente desktop com Windows e Office. E a plataforma BPOS traz, também, o SharePoint para colaboração, que já é usado no departamento de tecnologia e será levado a outras áreas da empresa.

Atualmente, a companhia já tem 900 usuários na plataforma e a perspectiva é de crescimento. O ROI é composto por diversos pontos, entre eles custo de manutenção, redução de chamados no help desk e andamento dos processos nas áreas de negócio. O SLA acordado com a fabricante para a plataforma online é de 99,9%. “Desde que passamos a usar a BPOS, teve uma vez que precisamos acionar a Microsoft. Ou seja, foram de dez a 15 minutos de instabilidade em um ano”, comemora a estabilidade atingida.

Fonte:http://informationweek.itweb.com.br/5070/grupo-confidence-troca-software-livre-por-plataforma-microsoft/

Abraços,

Carlos Monteiro.

Vídeo sobre o Forefront Microsoft Online Protection for Exchange (FOPE)

outubro 6, 2011

 

São Carlos (bom dia!) O  pessoal do Technet, Blain Barton e John Baker, recentemente lançaram um vídeo, TechNet Radio: IT Time–An Introduction to Forefront Online Protection for Exchange, no TechNet Edge, onde eles entrevistaram Curtis Parker, um expert em segurança de mensageria e Forefront Online Protection for Exchange (FOPE). Eles discutem o que é o FOPE, como ele cria uma proteção contra problemas de segurança relativos à mensagens, como virus e spams, e como isso se integra com o Office 365.

Enjoy it!

Abraços,

Carlos Monteiro.

Scritps do Office 365 – parte 8: importando contatos externos para o Exchange Online

setembro 30, 2011

 

São Paulo (Chega por hoje) Esse post foi divulgado no blog do tim do Office 365. Trata sobre como importar contatos externos para o Exchange Online, usando um arquivo CVS.

Audience: Office 365/Exchange Online administrators

Author: Mark Johnson, Senior Technical Writer – Exchange Online

Do you have lots of existing business contacts that you want to include in the shared address book in Exchange Online? Or add your contacts as members of distribution groups, just like you can with users inside your company? If so, you can use Windows PowerShell and a CSV (Comma Separated Value) file to bulk import external contacts into Exchange Online. It’s a three-step process:

  1. Create a CSV file that contains information about the external contacts.
  2. Create the external contacts with PowerShell.
  3. Add information to the properties of each external contact with PowerShell.

Step1: Create a CSV file

Download the sample CSV file posted on the Downloads forum on the Office 365 community site. The sample file is actually a .txt file. So open it in Microsoft Excel, and save it as a CSV file. Use commas as the delimiters.

It includes sample data, which you can delete. But don’t delete the first row. It contains all of the properties for the external contacts. Create a row for each contact that you want to import to Exchange Online. Populate as many of the cells as possible. This information will be displayed in the shared address book for each contact.

However, the following parameters (which are the first four columns in the sample CSV file) are required to create an external contact and must be populated:

  • ExternalEmailAddress
  • Name
  • FirstName
  • LastName

When you’re finished preparing the CSV file, copy it to your desktop. Name it ExternalContacts.csv.

Step 2: Create the external contacts

In this step (and the next one), you have to use Windows PowerShell. To connect PowerShell to your Exchange Online organization, see Use Windows PowerShell in Exchange Online.

After you connect PowerShell to your cloud-based organization, run the following command to create the external contacts:

Import-Csv .\ExternalContacts.csv|%{New-MailContact -Name $_.Name -DisplayName $_.Name -ExternalEmailAddress $_.ExternalEmailAddress -FirstName $_.FirstName -LastName $_.LastName}

Note: This command assumes that you are in the desktop directory in PowerShell. For example, C:\Users\Administrator\desktop.

To view the new external contacts, in the Exchange Control Panel, click Users & Groups > External Contacts > Refresh. They also appear in the shared address book in Outlook and Outlook Web App.

Step 3: Add information to the properties of the external contacts

After you run the command in step 2, the external contacts are created, but they don’t contain any of the contact or organization information, which is the information from the most of the cells in the CSV file).

Run the following commands to add the other properties from the CSV file to the external contacts you created:

$Contacts = Import-CSV .\externalcontacts.csv

$contacts | ForEach {Set-Contact $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}

Don’t worry if you don’t have all the information populated in the CSV file. If it’s not there, it won’t be added.

Note: The Manager parameter can be problematic. If the cell is blank in the CSV file, you will get an error and none of the property information will be added to the contact. If you don’t need to specify a manager, then just delete –Manager $_.Manager from the previous PowerShell command.

That’s it. You can view the contact properties in the Exchange Control Panel. Users can see the contacts in the address book Outlook and Outlook Web App.

Adding more external contacts

You can repeats steps 1 through 3 to add new external contacts in Exchange Online. You or users in your company can just add a new row in the CSV file for the new contact. Then you can run the PowerShell commands from steps 2 and 3 to create and add information to the properties of the new contacts.

Note: When you run the command to create new contacts, you will get errors saying that the contacts that were created earlier already exist. But any new contact added to the CSV file is created.

Hide external contacts from the shared address book

Some companies may use external contacts only so they can be added as members of distribution groups. In this scenario, they may want to hide external contacts from the shared address book. Here’s how:

Hide a single external contact

Set-MailContact <external contact> -HiddenFromAddressListsEnabled $true

For example, to hide Franz Kohl from the shared address book:

Set-MailContact “Franz Kohl” -HiddenFromAddressListsEnabled $true

Hide all external contacts

Run the following command to hide all external contacts from the shared address book:

Get-Contact -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘MailContact’)} | Set-MailContact -HiddenFromAddressListsEnabled $true

After you hide them, external contacts aren’t displayed in the shared address book, but you can still add them as members of a distribution group.

 

Abraços,

Carlos Monteiro.

Scritps do Office 365 – parte 7: migrando usuários no Exchange Online via script, com o conteúdo do mailbox

setembro 30, 2011

 

 

São Paulo (Mais um) Vamos continuar com a nossa série de posts sobre os scripts para administração e deploy do Office365 / BPOS, tanto em PowerShell quanto em VBS. Vale lembrar que esse scritp foi gentilmente disponibilizado pelo grande profissional em Office365, o Cristiano Gonçalves.

Nesse script (em PowerShell), vamos abordar como migrar um usuários on-premises para o Office 365, já criando o endereço de forward. A diferença do post anterior, é que esse script também move o conteúdo do mailbox.

Como parâmetros, deveremos passar as credenciais de conexão e o arquivo texto com a lista de usuários.

Eis o código:

###############################################################################
# PowerShell Source Code
#
# SCRIPT NAME  :  BulkMigrateUsersandMailboxes.ps1
#
# SYNOPSIS     :  Activates a user for Exchange Online and migrates mail content
#          from the on-premise Microsoft Exchange to Microsoft Online
#          Services. Also sets the users MigrationStatus property
###############################################################################

###############################################################################
Set-PsDebug -Strict
###############################################################################

$script:LogFolder   = "MigrationLogs"
$OnPremCred         = Get-Credential "DOMAIN\Administrator"
$MSOLCred           = Get-Credential "admin@impbpos1.microsoftonline.com"
$OnPremiseCas        = "BPOSDEMO1"
$MSOnlineCas        = "red001.mail.microsoftonline.com"

###############################################################################

 

###########################################################################
# Main function and entry to script.
###########################################################################
function Main {

    $LogDir = Get-LogDirectory
   
    # If log file folder doesn’t exist, create it
    if (!(Test-Path $LogDir)){
        New-Item $LogDir -type directory   
    }
   
    $users = Import-Csv -Path "Users.csv"
   
    # Returns active subscriptions only (use DisplayAll to return active and non-active subscriptions)
    $Subscriptions = Get-MSOnlineSubscription  -Credential $MSOLCred
    
    $users | ForEach-Object {
   
        $UserIdentity = $_.Identity
        $UserPassword = $_.Password
        $UserLocation = $_.UserLocation
   
        Start-Transcript -Path "$LogDir\$UserIdentity.txt" -Append
   
        # Enable User in MS Online
        Enable-MSOnlineUser -Credential $MSOLCred -Identity $UserIdentity -Password $UserPassword -SubscriptionIds $Subscriptions.SubscriptionId -UserLocation $UserLocation
   
        # Add Forwarding Address
        Add-XsExchangeForwardingAddress -SourceIdentity $UserIdentity -SourceCredential $OnPremCred -TargetCredential $MSOLCred -Verbose
   
        "Sleeping for 20 seconds"
        # 15 seconds still had failures
        Start-Sleep 20
   
        # Get Local Exchange Mailbox Data
        $LocalMbx = Get-XsHostedExchangeMailbox -SourceIdentity $UserIdentity -SourceServer $OnPremiseCas -SourceAdminCredential $OnPremCred
   
        # Move Mailbox Content
        Move-XsExchangeMailboxToExchangeOnline -SourceIdentity $UserIdentity -SourceCredential $OnPremCred -TargetCredential $MSOLCred  -AllowUnsecureConnection -Verbose
   
        # Get MSOL Mailbox Data
    $OnlineMbx = Get-XsHostedExchangeMailbox -SourceIdentity $UserIdentity -SourceServer $MSOnlineCas -SourceAdminCredential $MSOLCred

    # Compare mailboxes and write result to the Migration Status property of the Microsoft Online User
    $MigrationStatus = Compare-Mailboxes $LocalMbx, $OnlineMbx
        Set-xsMicrosoftOnlineMigrationStatus -Identity  $UserIdentity -MigrationStatus $MigrationStatus -Credential $MSOLcred
       
        Stop-Transcript
    }
}

###########################################################################
# The function to compare the itemcount of mailboxes.
###########################################################################
function Compare-Mailboxes($LocalMbx, $OnlineMbx)
{
    $SourceMailboxItems = 0
    $OnlineMailboxItems = 0

    $LocalMbx.folders  | foreach {$SourceMailboxItems += $_.ItemCount}
    $OnlineMbx.folders | foreach {$OnlineMailboxItems += $_.ItemCount}

    if ($SourceMailboxItems -ne $OnlineMailboxItems)
    {
        "Failed"
    } else {
        "Completed"
    }
}

###########################################################################
# The function sends plain text email to recipient passed in to function.
###########################################################################
function Send-Message($To, $From, $Subject, $Body)
{
    $Msg = new-object System.Net.Mail.MailMessage

    $MsgTo = new-object System.Net.Mail.MailAddress $To

    $Msg.To.Add($MsgTo)
    $Msg.From = $From
    $Msg.Subject = $Subject
    $Msg.Body = $Body   
    $Msg.Bcc.Add($BccTo)
 
    $SmtpClient = new-object system.net.mail.smtpClient
    $SmtpClient.host = $SmtpServer
   
    &{
        trap
        {
            Add-Content $ErrorFile "$([Datetime]::Now) ERROR: $UserLine – $_"
            Write-host -ForegroundColor "red" "Error sending message to $To. Error: $($_.Exception.Message)"
            $Script:TotalNumberOfFailures++
            Continue
        }
        &{
            $SmtpClient.Send($Msg)   
            Add-Content $SuccessFile "$([Datetime]::Now) $UserLine – Mail sent"
        }
    }
}

###########################################################################
# The function returns the log folder required to store transcript files.
###########################################################################
Function Get-LogDirectory
{
    (Split-Path $MyInvocation.ScriptName) + "\$LogFolder"
}

# Start Script
. Main

Abraços,

Carlos Monteiro.

Scritps do Office 365 – parte 6: migrando usuários no Exchange Online via script

setembro 30, 2011

 

São Paulo (E o Alvaro Rezendo está trolando o Cleber Marques, pra variar) Vamos continuar com a nossa série de posts sobre os scripts para administração e deploy do Office365 / BPOS, tanto em PowerShell quanto em VBS. Vale lembrar que esse scritp foi gentilmente disponibilizado pelo grande profissional em Office365, o Cristiano Gonçalves.

Nesse script (em PowerShell), vamos abordar como migrar um usuários on-premises para o Office 365, já criando o endereço de forward.

Como parâmetros, deveremos passar as credenciais de conexão e o arquivo texto com a lista de usuários.

Eis o código:

$Users = Import-Csv -Path "Users.csv"

$MSOLCred = Get-Credential “admin@xxxx.microsoftonline.com

$users | ForEach-Object {
    Move-XsExchangeMailboxToExchangeOnline -SourceIdentity $_.Identity -TargetCredential $MSOLCred  -AllowUnsecureConnection -Verbose
    Add-XsExchangeForwardingAddress -SourceIdentity $_.Identity -TargetCredential $MSOLCred -Verbose
}

Abraços,

Carlos Monteiro.

Scritps do Office 365 – parte 5: contar a quantidade de usuários que estão no Office 365

setembro 30, 2011

 

São Paulo (Ah, TechEd…) Vamos continuar com a nossa série de posts sobre os scripts para administração e deploy do Office365 / BPOS, tanto em PowerShell quanto em VBS. Vale lembrar que esse scritp foi gentilmente disponibilizado pelo grande profissional em Office365, o Cristiano Gonçalves.

No script (em PowerShell), vamos abordar como retornar informações sobre quantos usuários existem em um teenant do Office 365.

Como parâmetros, deveremos passar as credenciais de conexão.

Eis o código:

#getting credentials
$targetcred = $host.ui.PromptForCredential("Need credentials", "Please enter ONLINE ORG ADMIN credentials.", "", "NetBiosUserName")

#Getting all users
$enabledusers = get-msonlineuser -Credential $targetcred -Enabled -ResultSize 10000

$enabledusers.Count

Abraços,

Carlos Monteiro.

Scritps do Office 365 – parte 4: ativando multiplos usuários em lote, via powershell

setembro 30, 2011

 

São Paulo (Embalei! Bom dia!)

Vamos continuar com a nossa série de posts sobre os scripts para administração e deploy do Office365 / BPOS, tanto em PowerShell quanto em VBS. Vale lembrar que esse scritp foi gentilmente disponibilizado pelo grande profissional em Office365, o Cristiano Gonçalves.

Como ativar múltiplos usuários? É possível? Sim, através desse script.

Como parâmetros, deveremos passar as credenciais de conexão e o arquivo texto com os usuários.

Eis o código:

$Users = Import-Csv -Path "Users.csv"

$MSOLCred = Get-Credential “admin@xxx.microsoftonline.com

$Subscriptions = Get-MSOnlineSubscription -Credential $MSOLCred

$users | ForEach-Object {
    Enable-MSOnlineUser -Credential $MSOLCred -Identity $_.Identity -Password $_.Password -SubscriptionIds $Subscriptions.SubscriptionId -UserLocation $_.UserLocation
}

Abraços,

Carlos Monteiro.

Voz no Link Online?

setembro 29, 2011

 

São Paulo (Ufa, Congonhas fechou!) Qual a real sobre o uso da voz no Link Online? Esse reportagem da networkword.com pode ser um indício do que vem por aí. Usar os números do Skype? Quem sabe…

Microsoft plans big Skype/Lync integration

Ballmer promises Lync won’t be harmed by Skype purchase

http://www.networkworld.com/news/2011/071211-microsoft-skype-lync.html

By Jon Brodkin, Network World
July 12, 2011 08:48 AM ET

Skype will be thoroughly integrated with Microsoft‘s Lync communications software, assuming regulators approve the $8.5 billion acquisition, Microsoft CEO Steve Ballmer said this week.

Lync, which is being sold both as a server product and a cloud-based service, will not lose any prominence in the Microsoft software lineup once Skype comes on board, Ballmer said in a keynote at the Microsoft Worldwide Partner Conference in Los Angeles.

Skype will be thoroughly integrated with Microsoft‘s Lync communications software, assuming regulators approve the $8.5 billion acquisition, Microsoft CEO Steve Ballmer said this week.

Lync, which is being sold both as a server product and a cloud-based service, will not lose any prominence in the Microsoft software lineup once Skype comes on board, Ballmer said in a keynote at the Microsoft Worldwide Partner Conference in Los Angeles.

"With the combination of the power of Lync and Skype under the same umbrella, we think we’re going to be able to do even more fantastic things together," Ballmer said.

Small businesses and enterprises deploying Lync will gain a secure form of communication with consumers and businesses because of integration between Lync and Skype, the latter of which offers Internet-based chats and voice and video calls, he said.

"I’ve been asked by partners if this Skype acquisition somehow means we’re not serious or enthusiastic about Lync," Ballmer said. "Quite to the contrary. One of the great motivations in acquiring Skype is to enable the enterprise to have all the control it wants in communication and collaboration through Active Directory and Lync, and yet be able to connect people within enterprises to consumers, businesses and trading partners around the world. Lync, in some sense with Skype is a strategy that will allow the consumerization of IT to really proceed with full vim and vigor."

Microsoft’s purchase of Skype is still waiting for regulatory approval, so the integration between Lync and Skype can’t happen yet.

"Just like with any big acquisition, we have contact with Skype, certainly," Kirk Gregersen, Lync senior director, told Network World in an interview after Ballmer’s speech. "We just can’t start the integration until regulators have approved things."

Gregersen says he’s not a Skype user himself, but that "for a lot of people there is obviously great value, for the 600 million Skype users out there. As Steve said, connecting all these people is great value both for the enterprise customers and those consumers out there."

Lync Server is positioned as a replacement for legacy PBX phone systems, and Ballmer praised the product’s momentum. Lync provides "eye candy" to enterprise customers just as Xbox Kinect does to the consumer market, he said.

"Seventy percent of the Fortune 500 is now on Lync," Ballmer said. "Certainly if you look at a product from Microsoft that is growing most quickly, it is Lync in the enterprise."

While the exact nature of Skype’s future integration with Lync remains unclear, there is also uncertainty over when the cloud-based version of Lync will become as robust as its on-premises sibling.

Lync Online, part of Office 365, is not yet a full PBX replacement, Microsoft acknowledges. The company’s advice for Office 365 customers who want a robust unified communications platform is to deploy Lync Server within their own networks.

Lync provides three types of workloads: messaging and presence, conferencing, and voice, says Ashima Singhal, Lync group product manager. Lync Online users get the same IM, presence, and audio, video and Web conferencing capabilities – including desktop sharing – as customers who deploy Lync in-house, but the cloud-based voice capabilities are not as robust, she says.

Specifically, Lync Online offers PC-to-PC voice and video calling, but not the ability to call landlines and cell phones.

Microsoft has partnerships to bring the ability to call regular phone numbers to customers in the United States and United Kingdom later this year, Gregersen said. But Lync Online still won’t be considered a full PBX-replacement for "quite some time," certainly not in 2011, he said.

"For full PBX enterprise-level telephony capabilities, we’re going to add more and more functionality over time, but there’s a whole level of on-premises integration with legacy infrastructure, gateways, the old PBXs, IP phones, you name it, that we probably won’t have in the cloud for quite some time."

Branch office support and 911 capabilities are also challenges for Lync in the cloud, he said.

"Most customers we’re seeing are still wanting to manage telephony on-premises," he said. "There is so much on-premises legacy equipment, that to open up the cloud to all of that, plus manage devices on-premise, it’s a challenging thing in the cloud environment."

However, small customers that lack a robust unified communications platform may find Lync Online a step up. Although Lync Online clearly lags Exchange and SharePoint Online, the existence of Lync Online still benefits Microsoft and customers, Gregersen said.

"For us, Office 365 will get Lync in front of a whole new set of customers that we’ve never really marketed to," he said.

One other tidbit: Gregerson said Lync clients for Windows Phone 7, iPhone and Android are coming later this year, a significant move given that most of Microsoft’s mobile productivity tools are for Windows phones only. (See also: Microsoft’s aversion to iOS and Android gives QuickOffice.)

Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Abraços,

Carlos Monteiro.

Como criar smartlinks no Office 365

setembro 29, 2011

 

São Paulo (Congonhas não fecha as 22:30?) Já ouviram dizer algo sobre smartlinks, no Office 365. Eu também não, até ler o post que reproduzo abaixo, do blog http://community.office365.com. Nele é demontrado como o uso de smartlinks pode facilitar a nossa vida (e a dos usuários também) dentro da organização.

How to create Office 365 smart links

What is a smart link?

Traditionally when a customer sets up single sign-on (identity federation) to Office 365, the authentication mechanism used for web browser applications uses the WS-federation passive profile. More details on this mechanism can be found in the blog post “How identity federation works”. Core to this mechanism is a process called “home realm discovery”, whereby the end user needs to provide information to the Office 365 login server, so that the login server can determine if it should authenticate the user, or redirect the user to the on-premise identity provider (the authoritative authentication provider) for that user. In the federation case, this redirect constructs a URL that:

1. Sends the browser to the authoritative AD FS 2.0 server passive login endpoint

2. Encodes where any SAML token issued by the AD FS 2.0 server needs to be posted (i.e. to the Office 365 identity platform)

3. Encodes the relying party service that the user was trying to reach (like the URL for Exchange Online or the Office 365 portal)

This URL is commonly termed a smart link or also an identity provider initiated sign in link.

Why should I care about smart links?

Organizations can deploy smart links internally (by creating a vanity URL that maps to the smart link) that provide:

1. An easier to remember vanity URL for your organization’s users to use when going to Office 365 services, reducing support calls to your IT helpdesk. These vanity URLs can also be written to user’s IE favorites as part of a global policy setting.

2. An improved end user experience when accessing Office 365 services, which increases end user customer satisfaction:

a. Faster authentication to the Office 365 service (two fewer redirects)

b. Users will not have to go through the home realm discovery service

This post describes how an organization can create and deploy smart links for their users.

How to deploy smart links for my organization

Once you understand how to construct a smart link for the target Office 365 service, you can deploy a 302 redirection service on your on-premise web servers. This assumes that you have already set up Single Sign-On (Identity Federation) for Office 365 and have verified that it is working correctly.

Creating a smart link

The simplest way to create a smart link is to turn on an HTTP tracing tool and authenticate to the desired service. In the future, Office 365 may provide a service for administrators to that automatically constructs the smart link. Until that time, please follow the manual instructions below.

1. Open IE and turn on HTTP tracing

2. Perform a federated authentication to the service that you want a smart link for by going to the service (like https://portal.microsoftonline.com) and signing in.

3. From the HTTP trace tool, find the last line of data that has your AD FS 2.0 address (in the form of https://<your_AD_FS_2.0_Server_public_URL>/adfs/ls) in the list of URLs

4. Copy and paste this line into Microsoft Notepad or a similar editor. You should see something similar to the following (using Contoso and the Office 365 portal as examples):

https://sts.contoso.com/adfs/ls/?cbcxt=&vv=&username=johndoe%40contoso.com&mkt=&lc=1033&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=MEST%3D0%26LoginOptions%3D2%26wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1292977249%26rver%3D6.1.6206.0%26wp%3DMCMBI%26wreply%3Dhttps:%252F%252Fportal.microsoftonline.com%252FDefault.aspx%26lc%3D1033%26id%3D271345%26bk%3D1292977249

You’ll need to edit this by removing everything up to the “wa” querystring parameter and also remove the last QS parameter “bk”. See “For reference: Smart Link URL template” for more details on the format of the smart link.

https://sts.contoso.com/adfs/ls/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=MEST%3D0%26LoginOptions%3D2%26wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1292977249%26rver%3D6.1.6206.0%26wp%3DMCMBI%26wreply%3Dhttps:%252F%252Fportal.microsoftonline.com%252FDefault.aspx%26lc%3D1033%26id%3D271345

5. Your edited URL forms the smart link that you will use to create a vanity URL for users to reach the Office 365 portal in the most seamless single sign on fashion, by following the steps in “Deploying a smart link”.

Deploying and verifying the smart link

Once you’ve created your smart link, you’ll need to deploy it by creating a vanity URL for your organization’s users to use. In the example above we created a smart link for the Office 365 portal (https://portal.microsoftonline.com). Now we’ll create a vanity URL that will redirect (302[1]) to the smart link above.

1. Create a new A record in your domain registrar (like portal.contoso.com) and point this to the IP address of your IIS server that will host your redirection service

2. Create a new web site (portal.contoso.com) on your IIS server

3. Create a 302 redirection service, and paste the smart link into the target address

4. Test that portal.contoso.com resolves to the correct IP address inside and outside your corporate network.

5. Open IE and type http://portal.contoso.com and you should get seamless single sign-on directly to the Office 365 portal.

For reference: Smart Link URL template

[[AD_FS_2.0_WebLoginURL]]?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=[[Custom_Value]]

Values for HTTP Message

Value

Description

AD_FS_2.0_WebLoginURL

This is your ADFS passive endpoint URL. It’s normally something like https://<your_AD_FS_2.0_Server_public_URL>/adfs/ls. For example: https://sts.contoso.com/adfs/ls.

Query-string Parameter Semantics

Parameter

Description

wa=wsignin1.0

Indicates that the request is for sign-in.

wtrealm= urn:federation:MicrosoftOnline

Indicates that the token is requested by the Office 365 identity system.

Wctx

This value must be returned with the authentication token that is issued by the AD FS 2.0 server. Typically the wctx parameter contains information relevant to the resource that the user is trying to access.

Creating the value for the Wctx parameter is non-trivial, which is why it is recommended that you use the approach described in “Creating a smart link”.


[1] We’re using a 302 redirection service rather than a DNS CNAME record, because otherwise the user will get a certificate pop-up that the site requested does not match the name on the certificate of the site visited.

 

Abraços,

Carlos Monteiro.