Changelog

Click here if you like to subscribe the ChangeLog as an RSS feed.

Components of Delegate365

Monday, February 27, 2017

Since the beginning, Delegate365 developed to an extensive cloud solution for Microsoft Office 365. This article delivers a short overview about the components of Delegate365 in the Microsoft Cloud.

The following graphics shows the involved Azure services that are used in D365.

image

Delegate365 is using Platform-as-a-Service components that are maintenance-free. In detail, Delegate365 consists of the following Azure services.

  • Web App – this hosts the Delegeate365 portal website.
  • Jobs – these are tasks that run automatically in the background, currently these are the Synchronization Job, the License Aggregator Job, the Log Sink Job and the Sync Notifications.
  • Cloud Service – handles operations against AAD and Exchange Online.
  • Database – is used for caching objects to deliver a good user experience and for storing OU assignments.
  • Storage – Audit Logs are stored in Azure Table Storage. In former versions the logs were stored as log files. With version 6 this has been changed to Azure Table Storage. This storage can be accessed directly if needed, for example for further use of the logs with Excel or Power BI.
  • Monitoring – anonymized usage data is sent to a central App data pool to get metrics about the usage of pages and functions and monitoring.
  • AAD – this is your Office365 tenant which is bound to the D365 tenant.

When provisioned, every customer gets his own environment which looks as described above. The provisioning process is done with a management tool called “D365 Worker”. This tool runs completely in Azure as well and takes care about automated provisioning of all necessary components and the upgrade process.

Since Delegate365 is provided as Software-as-a-Service, there is no need for customers to install any software or to take care about update process. See the latest Delegate365 features here.

Happy Delegate-ing!




Delegate365 changelog version 6.1-at a glance

Wednesday, February 22, 2017

At the end of last year, Delegate365 version 6 was announced. We added a bunch of features and before updating all tenants, we wanted to improve some functionality. So it took some time to develop and test new features. Now it’s time to update all existing Delegate365 tenants to the latest version 6.1. See the most relevant news at a glance here!

Important: Some customers are already using Delegate365 version 6. All D365 tenants will be upgraded to version 6.1 in the next days. All customers will also receive an email notification about the exact upgrade time. If you have any reservation against the D365 tenant upgrade time please contact us at support@atwork.at.

This article includes all changes of Delegate365 changelog version 6-overview and all new features of version 6.1 (so there is no need to check out older articles). Some new features will be described more detailed in extra articles in the next days.

  • Delegate365 stays as it is. No worries, Delegate365 will not change and you can benefit from improved and new features. The “biggest” change in the UI is the restructured left menu as follows.
  • New menu: The menu has been simplified by using groups. Pls. see the details – where to find what – in this article: Delegate365 changelog version 6-Menu restructuring. To download an Excel sheet with all menus and a comparison between v6 and previous versions, click here.
    image
    We think the new menu is more structured (much smaller) and helps to find related functions quicker.
    image
    Hope you like it!
  • New Audit Logging: Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. We wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The audit logs (what happened when in D365 by which user) are now stored in the D365 database for up to 90 days for quick access. Additionally, the audit logs are no longer in the file system, but stored in Azure Table Storage. See more details at Delegate365 changelog version 6-Logging.
    The audit logs (from the database) can be filtered in administration / audit / auditing.
    image
    The information is now structured with toggles. You can expand the desired information as here. In this sample, that user has been assigned to E5 plan.
    image
    We think this new visualization helps to find information faster and in a more structured way. In the background, all data is stored as JSON object in the logs which helps for using this data in Power BI later. The D365 module will show the latest audit logs up to 90 days.
  • Export Audit Logs: In administration / audit / reporting the audit logs can be consumed directly and then exported with a tool as Microsoft Azure Storage Explorer. In here Portal Admins can access the key to the D365 Azure storage and download a sample Power BI dashboard file for further use.
    image
    An article about the possibilities and the How-To will follow shortly.
  • Historic Audit Logs: “Old” audit log files (in CSV format) are still accessible in the administration / audit / history module. All audit log data is currently additionally written to these logfiles as well. Our plan is to remove this “old” logging in one of the next versions. We encourage our customers to download existing log files if needed.
    image
    In future versions, this logging and this module will be removed and only the new auditing functions will be available.
  • Power-BI (Beta): The new logging allows the protocolled data to be used in Microsoft Power-BI. Data can be exported and reused directly from the D365 Azure Storage. In return, the reports section in Delegate365 will be removed in one of the next versions. There will be an article showing the steps shortly.
    image
  • New PowerShell (Beta): For Portal Admins, there’s now a scripting module available. This allows to write and execute PowerShell scripts and to load and save them in a small management console. The important part here is, that you can easily define the scope, you want to execute the current script: on Office 365 tenant level, for specific OU’s or for custom objects. To see all details of this module, pls. see the upcoming article about scripting.
    image
    This module is currently just for demo purposes and will be enhanced in the next version, more to come.
  • Assign licenses: The visualization and the “toggle” function (like in the audit logs) are now used in the licenses / assign licenses module as well.
    image
    This enables a much better presentation of the relevant data. There are helpful links for expanding or collapsing all nodes with one click as follows:
    image
    That’s smart and handy, right? Winking smile
  • New Daily License Statistics: This new statistics delivers the daily status of Office 365 licenses used per OU. This historic data can be used for cost centers or other purposes to see the exact license statistics per OU and per day.
    image
    The data can be filtered by date and OU and can be exported with one click as CSV or Excel file.
  • New: Mail flow: Admins can now activate Mail flow tracing in D365 in the new more / mail flow module! This feature can be configured for specific senders and recipients and for a date range for the past 24 hours, 78 hours or 7 days.
    image
    Find more about Mail Flow in Exchange Online here.
  • New Sync Options for Security Groups: Security Groups now can be automatically assigned in administration / sync / sync options by their name (since they do not have any properties to control automatic assignment as other objects in Office 365). A free prefix can be defined to split an OU name and the group name, for example, “New York_HR” would assign that security group to OU “New York”.
    image
    By default, this new switch is turned off. Configure and use this option as desired for your organization. Now you can even auto-assign Security Groups by name.
  • New: Test the service account: One issue that happens easily is that the Office 365 service account expires (or gets disabled or the password must be changed). In such a case, Exchange operations fail in D365. Now D365 checks the validity of that account automatically when starting. Additionally, Portal Admins can now test the saved credentials anytime in administration / configuration / office 365 account with the new “Test credentials” button. This makes sense, if you just changed the account or if operations fail and you want to test the saved service account. Simply click the button!
    image
    D365 tries to access Office 365 with that account and informs about success or failure as shown above.
  • New: Test SMTP settings: In administration / configuration / settings , the Portal Admins can now also test the validity of the saved SMTP settings and use the new “Test your SMTP configuration” setting to send emails to check if this works out of D365.
    image
    Enter a valid email address, click the “Test” button and check the result to see if the stored configuration works.
    image
    This ensures that D365 can send notifications in specific scenarios (for example when license orders are sent). The recipient will get a email message (using the new D365 email template) as here.
    image
  • New: Delegate licensing: The bell icon in the top menu bar shows the number of consumed D365 licenses. D365 changes the color of the licenses are about to end or are used completely (traffic signal colors green, orange, red).
    image
  • New and updated Jobs: In former versions, there was only the SyncOp job running in the background. Now there are more background operations in place, as described in this list:
    Synchronization Job: This job synchronizes all modifications from Office 365 to Delegate365 and runs every 4 hours. The same job can be executed manually anytime in Delegate365.
    License Aggregator Job: This new job runs all 6 hours and protocols the daily status of Office 365 licenses used per OU for further usage.
    Log Sink Job: This job runs all 5 minutes and pulls out messages from the logging queue and persists the data to the Delegate365 database and to Azure Storage.
    Sync Notifications: To optimize the transportation to the notification center, now this job takes care about checking for news all 3 hours and delivers them to the Delegate365 database.
  • Fixes: Syncing of Dynamic Groups could produce an error because the API simply does not deliver the Object ID. We built a workaround for that, this is now fixed.
  • Small changes: We took care of typos, we are using new email templates for notification emails, used better wording in some pages and added some descriptions in various pages.

So, there are a lot of improvements in Delegate365 version 6.1. New features will be described in own articles.

Existing D365 customers will be upgraded until end of February automatically. New Trials will also get this latest version from now on.

We are continuing to improve D365. So, stay tuned for the next versions of Delegate365!




Delegate365 changelog version 6-Menu restructuring

Tuesday, January 17, 2017

With Delegate365 version 6 there comes a slightly restructured menu. See the differences here.

The existing left menu got a little bit disordered, so we reorganized it with groups to make it easier for admins to find related features. Enlarge the following graphics to see all menus and their new position.

The left side (gray) shows the menu of D365 version 5, the right side (green) shows the new menu D365 version 6.

d365-menu-compare

The graphics shows all menus. Now there are up to 3 menu levels instead of 2 and some new menus have been added.

If you prefer the text form, the following table shows the menus. Alternatively you can download an Excel sheet with that comparison here.

Version5

 

 

Version6

   

dashboard

   

dashboard

   

administration

   

administration

   

administrator dashboard

 

sync

 

sync

 

 

sync operations

sync options

 

 

sync options

manage administrators

 

 

scripts*

organizational units

 

manage administrators

 

ou overview

 

organizational units

 

assign

 

 

manage ou's

unassign

 

 

license report*

usage locations

 

 

ou overview

license information

 

 

assign

license quotas

 

 

unassign  

administrator account

 

license management

 

configuration

 

 

license aggregation*

password policy

 

 

license mapping

auditing

 

 

license quotas

deleted users

 

 

usage locations

reports

   

user management

 

management statistics

 

 

password policy

spam & malware

 

 

deleted users

operating systems

 

audit

 

browser usage

 

 

auditing*

mailbox types

 

 

reporting*

mailbox traffic

 

 

history

mailbox usage

 

configuration

 

mailbox stale

 

 

office 365 account

mailbox connections

 

 

settings

mailbox activity

 

reports

   

group activity

 

management statistics

 

users

   

spam & malware

 

assign licenses

   

operating systems

 

license statistics

   

browser usage

 

distribution groups

   

mailbox types

 

dynamic groups

   

mailbox traffic

 

security groups

   

mailbox usage

 

shared mailboxes

   

mailbox stale

 

resources

   

mailbox connections

 

contacts

   

mailbox activity

 

license orders

   

group activity

 

import users

   

users

   

support

   

licenses

   
     

assign licenses

 
     

license statistics

 
     

license orders

 
     

import users

 
     

groups

   
     

security groups

 
     

distribution groups

 
     

dynamic groups

 
     

more

   
     

shared mailboxes

 
     

resources

 
     

contacts

 
     

mail flow*

 
     

support

   

Menus marked with a star (*) are new features which will be described in following articles.

Note: The “reports” menu will be removed in future versions and replaced by the export features for further reporting with tools as Microsoft Power BI. The “audit / reporting” menu already provides this function.

It takes a little bit to get used to the new menu, but we think, the new structure provides a better overview and the grouping makes sense. Hope you like it!




Delegate365 changelog version 6-Logging

Thursday, December 1, 2016

Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. To optimize the logging and to offer export and further use of the operations data, the audit logging changes with this version. See the details here.

  • Previous versions: Let’s have a look back into the logging in the past. In the early versions of Delegate365, the logging was done in a database which blew up the database (unnecessarily). So, with version 2, we changed the logging to simple text files in CSV format to make it very easy to work with the protocolled data, for example, in Microsoft Excel. This format is used up to Delegate365 version 5.x.
  • Room for improvement: For the logging in the existing form, we were struggling with three difficulties:
    First, if an admin wants to work with the protocolled data, the logfiles need to be downloaded manually from the Delegate365 portal (as ZIP file including multiple CSV files or as XLSX file with one day in one sheet).
    image
    Secondly, the log shows the changed data in a long text string (separated with comma, as in the sample below).
    image
    One log entry looks as here:
    22,11/29/2016 11:04:53 AM,User,admin@CIE123815.onmicrosoft.com,mollyc@CIE123815.onmicrosoft.com,
    Modified,Seattle,"License: none; Field: City, OldValue: , NewValue: Seattle;
    Field: PhysicalDeliveryOfficeName, OldValue: , NewValue: Seattle; Field: StateOrProvince, OldValue: , NewValue: Washington"

    Thirdly, the web space is limited. So, if large logs are produced, the website cannot store the logfiles forever, but just maybe for a year. We wanted to improve that.
  • New Logging (overview): As explained above, we wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The following graphics gives an overview how the logging in version 6 works: The “old” logging still is in place and will be removed in near future. The “new” logging inserts any operation into a queue. An own job reads the new messages of the logging queue and processes the messages. There’s a switch that protocols the message into the Delegate365 database and additionally in an Azure storage.
    image15
    So, from now on, there is “short-term logging” and “long-term logging” (colored green in the the graphics above).
  • Old logging: Until version 5.x, logging is done only into the web storage of the Delegate365 instance. This space is limited (usually about 10GB). This logging is still in place additionally, to make the old logs available for some time. We plan to remove the old logging completely in one of the next versions.
  • Logging in the database: In the database, the log entries will be existing up to 3 months (90 days). The idea is to have the last log data available in the UI very quickly and searchable within the Delegate365 portal. Usually, if any actions concerning specific users need to be found, the admin gets an information from his colleagues within days. So he can look into the last operations – if they happened within the last 90 days - within the portal quickly. The logging system takes care about the cleanup and removes all older entries automatically.
  • Logging in a storage: One goal was to have (more or less) unlimited storage for logs, so that Portal Admins no longer have to take care of downloading logfiles themselves, if the limited space runs out. The second goal was to provide an easy access for Portal Admins to get the logs without the need for manual downloading them from the Delegate365 portal. So we introduced Azure Table Storage into the Delegate365 ecosystem. Every Delegate365 instance gets an own Azure storage for their logs. This happens automatically with the upgrade to version 6.
  • New logging format: Instead of values separated with commas we now use own columns and JSON format. We will post the new format here shortly.
  • Direct Access of Azure storage: Besides the theoretically unlimited space in Azure storage, data in that storage can be accessed directly (if you have permissions). As tool for accessing your Delegate365 logfiles we recommend to download the cost free Microsoft Azure Storage Explorer (see also here).
    This allows Portal Admins to connect to an Azure Storage to query and to download the produced log files. The key will be available in the Delegate365 portal.
  • Support for Power-BI: With the new logging, you can connect directly to the Delegate365 Audit Logs and use the data for your own queries. We will show guidelines or a ready to use dashboard in the next weeks. This was one of our goals to make Power BI available for all operations data.
  • Removing reports: In return, we will remove the reporting section in Delegate365 in one of the next versions. Admins shall benefit from pivoting their Delegate365 logs as needed. We think this is the better approach to work with the data in other systems as Microsoft Excel or Power-BI.
  • How To use logging data and Power-BI: There will be a step-by-step blogpost here shortly showing the procedure of exporting data and using data from Delegate365 with Power-BI.

We are currently still doing the final touches on version 6. This update will take some more days, but we are working intensively on the new version and testing. So, stay tuned, more will follow!




Delegate365 changelog version 6-overview

Thursday, December 1, 2016

As posted in September at Delegate365 announcement about upcoming changes in version 6, we will update Delegate365 to version 6 shortly. Actually, we wanted to update all Delegate365 tenants already this November, but we have been very busy, so this update comes a little bit delayed. See the details here.

  • Delegate365 stays as it is. We just figured out some things we can improve and add to the existing functionality. So, no worries, Delegate365 will stay as it is, but you can benefit from improved and new features.
  • New Logging: Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. We wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The graphics below gives an overview about the logging system components and their properties.
    image[1]
    To see more details of this module, pls. check out the article Delegate365 changelog version 6-Logging.
  • Power-BI: The new logging allows the protocolled data to be used in Microsoft Power-BI. Data can be exported and reused directly. In return, the reports section in Delegate365 will be removed in one of the next versions.
  • New PowerShell: For Portal Admins, there’s now a scripting module available. This allows to write and execute PowerShell scripts and to load and save them in a small management console. The important part here is, that you can easily define the scope, you want to execute the current script: on Office 365 tenant level, for specific OU’s or for custom objects. To see all details of this module, pls. see the upcoming article about scripting.
  • New Daily License Statistics: This new statistics delivers the daily status of Office 365 licenses used per OU. This data will be available in future versions.
  • New and updated Jobs: In former versions, there was only the SyncOp job running in the background. Now there are more background operations in place, as described in this list:
    Synchronization Job: This job synchronizes all modifications from Office 365 to Delegate365 and runs every 4 hours. The same job can be executed manually anytime in Delegate365.
    License Aggregator Job: This new job runs all 6 hours and protocols the daily status of Office 365 licenses used per OU for further usage.
    Log Sink Job: This job runs all 5 minutes and pulls out messages from the logging queue and persists the data to the Delegate365 database and to Azure Storage.
    Sync Notifications: To optimize the transportation to the notification center, now this job takes care about checking for news all 3 hours and delivers them to the Delegate365 database.
  • New Sync Options for Security Groups: Security Groups now can be automatically assigned by their name. A free prefix can be defined to split an OU name and the group name, for example, “New York_HR” would assign that security group to OU “New York”.
  • New Menu structure: To clear up the administration menu, this is restructured.
  • Fixes: Syncing of Dynamic Groups could produce an error because the API simply does not deliver the Object ID. We built a workaround for that, this is now fixed.
  • Small changes: We took care of typos, used better wording in some pages and added some descriptions in various pages.

The new features will be described in own articles. Existing Delegate365 tenants will be updated during December. We will inform about the schedule as soon as we are done with the final testing's. So, stay tuned for the new version of Delegate365!




Delegate365 announcement about upcoming changes in version 6

Monday, September 12, 2016

Delegate365 will receive a major update in October. This will be Delegate365 version 6 and will include a change in the audit logging system, a new license history and a preview for more custom automation features. Read the first details here.

  • Change of logging: With the next update to version 6, the audit logging will be changed. There is a switch implemented which allows D365 to store logged data in various spaces and formats. The following graphics shows an overview at a glance about the planned features.
    image
    Data will no longer be stored in the Web in CSV format, but in the D365 database for up to 90 days and in Azure storage in JSON format forever.
  • Direct Access of Azure storage: Besides of the almost unlimited space in Azure storage, data in that storage can be accessed directly (if you have the permissions). This allows Portal Admins to generate a URL with a token with an expiration date to download the produced log files. The token is issued by D365, as tool you can download the logs with the cost free Microsoft Azure Storage Explorer.
  • Daily Office 365 license statistics: To see the real usage of licenses per OU and per day, week, month or year, D365 stores daily data from now on. This data will be available for further usage.
  • More Automation: We got a lot of feedback about implementing custom actions in D365, for example setting specific user properties, assigning custom licenses for specific users, setting Skype for Business policies for users in OU’s and so on. To avoid a cost intensive customization we decided to go another way: We are implementing scripts (like “Macros”) with a powerful editor with intellisense that can execute… PowerShell!
    Yes, you read correctly. D365 will support PowerShell commands and whole scripts for fulfilling custom tasks in Office 365!
    image
    We are currently developing and testing and plan to update D365 with this module in mid to late October. The working title for this feature is “D365 Automation”. Any other suggestions?
  • More: Improvements in the Sync operation, fixes and some more features…

You see there are cool features coming to Delegate365 version 6. Stay tuned!

Extra articles will inform about the new features when available and will show the HowTos with Delegate365 version 6 shortly.




Delegate365 Roles and Notifications

Saturday, September 10, 2016

Delegate365 can send notifications for specific operations. Here’s a short overview of roles and in which situations notifications are sent.

Who can get notifications?

In Delegate365 we have these roles a user can have for using the portal.

  1. Portal Admins: They have full access to all features and can configure D365.
  2. Scope Admins: They have administrative management features for “their” users, licenses and groups. The difference between Portal and Scope Admins is simply the switch “Is Portal Admin” in the administration / manage administrators and Edit admin feature (see the full screenshot below).
    image
  3. License Admins: This can be Portal Admins or Scope Admins. They are defined in the administration / manage administrators and Edit admin feature with the switch “License Administrator” (see the full screenshot below). They can manage license requests.
    image
  4. Users: Standard users who can use the D365 Self service password reset feature (SSPR).

All user types can receive emails (or SMS) from D365, but their email notification must be configured.

Requirements for users

Standard users can receive emails (or SMS) when the have configured the SSPR and they want to reset their password. For using SSPR, the email contact type and address can be configured by the user (if allowed by the Portal Admins) himself with this URL:

https://[companyname].delegate365.com/passwordnotification

Then, the SSPR can be reached anytime with that URL:

https://[companyname].delegate365.com/passwordreset

See the process for doing the setup in How to manage self service password reset for users in Delegate365. Users who reset their password will receive an email and can proceed with changing their password as described in that article.

Requirements for Admins

On order to receive emails, the Portal Administrator must open the administration / manage administrators and Edit admin feature of the Admin and set the Notifications switch to YES. There must be an email address stored as in the screenshot below. The email address used can be any email address (this means it can be the same as the Admin’s UPN or a different as in the sample above where another domain is used).

image

After clicking Save, these settings are stored for that admin. This procedure must be followed for each Admin who shall receive emails (so the Portal Admin has to set this for Scope his Admins).

Note: All Admins will be able to do this for their account in the properties in near future – this will come with one of the next updates.

image

E-Mail or SMS?

In D365 we offer to send SMS as well. Since email usually is the preferred notification method and it’s free, most of our customers do not use SMS notifications. If enabled, the Notification phone field (see screenshot above) is active and can be used. If you are interested to receive SMS notifications pls. contact us for a quote.

What notifications are sent?

In D365 there are currently these situations, where notifications are sent to Admins:

  • An email is sent, when a license request is sent (menu “License orders”)
  • An email is sent, when the quota is reached or exceeded for OU’s.

The purpose is that the license admin see that there’s a need for more Office 365 licenses instantly so that they can react and take care of the Office 365 licenses needed.

So, D365 is not very noisy. Just the license orders and license quota exceeded messages are sent to admins if the notification is configured. Users receive only emails from D365 when they have SSPR configured and reset their password.




Delegate365 changelog version 5.3.2-Fixes

Saturday, August 27, 2016

Summertime (and holiday season) is almost over and we were busy to advance Delegate365. In the last weeks we concentrated on smaller fixes which resulted in Delegate365 version 5.3.2. Major updates will follow in fall time. So here’s a list of the current fixes:

  • Auditing: When selecting and downloading multiple log files in the administration / auditing menu, there was an issue if the Excel format was created. Then the name of the sheets in the Excel file were too long (since the created filenames were extended with the instance name in previous versions). Therefore the creation of the download package did not work. We fixed that with version 5.3.1 and later versions.
    image
    Pls. remember that the logfiles can be extensive and the creation of the ZIP or XLSX files can take a while. We recommend not to select too many files in one step but to select only a handful of files to download. We are working on an automation of logfile downloads which will be available in future.
  • Displaying the MFA status: In very large Office 365 tenants with (some ten thousand users) there was an issue with displaying the correct MFA status of some user accounts. This has been fixed. Now the status is displayed correctly for all users correctly.
    image
  • User Edit: The Microsoft GraphAPI in the current version has an issue when updating the mobile phone number of a user. In D365 we fixed this with a workaround so that mobile phone numbers now can be updated and the write back into AAD works.
  • Syncing CustomAttributes: As above, in very large Office 365 tenants, the Sync operation could run into timeouts when reading the Exchange properties (as the CustomAttributes1 to 15 which are often used for auto assignments in D365). This behavior was caused by throttling mechanisms of the cloud APIs or timeouts. We needed to split the API operations to get the user’s exchange attributes correctly so that only some hundred user properties are requested per time. With the workaround in the SyncOp this hnow has been fixed (and the user information are correctly present in D365 for further usage after a SyncOp).
  • Minor fixes (removed no longer existing icons, replaced the RegEx client side validation for People Picker and some more small improvements).

We plan to update all existing Delegate365 tenants to the last Delegate365 version 5.3.2 in the following week (around 31th August). There’s no change and no impact to existing D365 tenants. The update process will be made outside of business hours and will take only some minutes.




Access or export mailbox content in Delegate365 and eDiscovery

Wednesday, July 27, 2016

We sometimes receive questions how users can access the content of another user’s mailbox. Well, in Delegate365 you can manage the permissions, but not the content. See how to access other mailboxes, how to export and what eDiscovery is for.

First, let’s see how we can assign permissions to another users mailbox in Delegate365.

Assign permissions to a mailbox in Delegate365

The easiest way is, to assign mailbox permissions to another user. In Delegate365 this can be accomplished in the users list. Select the user and click “Mailbox”. (If that menu is missing in your Delegate365 portal, ask your Portal Admins to assign you the permission to use that feature.)

image

Then add the users who shall get access to the mailbox as follows.

image

In that sample, Christa Geller gets access to the mailbox of Alan Steiner.

The Full Access permission allows a delegate to open that mailbox and behave as the mailbox owner.

See the content in Outlook for the Web (OWA)

When Christa now logs in and opens her mails (https://outlook.office365.com/owa/…), she can open the mailbox of Alan by clicking on her user account picture on the top right corner and click the “Open another mailbox…” menu.

image

Now the mailbox can be search and selected.

image

Now another browser tab opens with the mailbox of Alan. Christa can now act as the owner of the mailbox (Alan). You also see that the user account in the top right corner shows Alan instead of Christa.

image

In that mailbox everything works as if Alan would do so, for example sending a new mail will be sent from Alan.

image

Exporting

If you want to export a user’s mailbox, you need to have a tool or an email client as Outlook.

Since Delegate365 is for the management of objects and not for working with data (as mailbox content), we recommend to use Outlook. Using eDiscovery is usually used as evidence in legal cases or to set a mailbox on hold. With eDiscovery, Admins can search content over the Office 365 tenant (see below), but you cannot export mailbox content into a PST file. So, if you want to export specific user mailboxes, pls. add mailbox permissions for your (or another) user (in D365 or in the Office365 portal), then open your mailbox in the Desktop version of Outlook and export the mailbox to a PST file as described as follows.

In Outlook (Desktop version)…

This works basically in the same way as in Outlook for the web, but there’s no need to explicitly open another mailbox – it’s already there (once it was synced). In the screenshot below you can see that Christa sees her own mailbox and the mailbox of Alan as well.

image

Just to be clear: Christa has only provided her credentials for accessing her mailbox in Outlook. If she would have permissions for more mailboxes, they would show up in her Outlook account as well.

image

Export a mailbox to a PST file

If you want to export the mailbox of Alan, you can do so in the Outlook’s File menu with “Open & Export” as follows. Use “Import/Export”. Remember, we can do so because we have Full Access permissions to the mailbox (I am logged in as Christa and work with the mailbox of Alan).

image

Now the export can be selected…

image

…choose the file format (usually PST).

image

Now select the desired content (mark the mailbox name for exporting all data).

image

Finally, select the path and filename of the export.pst file.

image

If you wish, use an extra password for that file (or not).

image

As result the alans.pst file was created.

image

Open the PST file

To use that alans.pst file in any Outlook account, use the File / Open & Export menu and “Open Outlook Data File”.

SNAGHTML32e0fb8

That’s it. The opened file shows up as “outlook data file” with the content of the export.

image

eDiscovery

As mentioned above, Electronic discovery (eDiscovery) allows Admins to get access to the content of a user’s data in Office 365. eDiscovery is used for the discovery of content in electronic format for litigation or investigation and is usually used as evidence in legal cases.

You can search for content in Exchange Online mailboxes, Office 365 groups, SharePoint Online and sites, and Skype for Business conversations. For searching mailboxes only, you can use In-Place eDiscovery in the Exchange admin center (EAC), otherwise use the Content Search in the Office 365 Security & Compliance Center (as shown below) Admins can identify, hold, and export content found in mailboxes and sites.

image

To make it clear: eDicsovery is mostly used for legal cases and provides search mechanisms for Admins over the Office 365 tenant. It’s not for exporting content. For that, use third party tools, email clients as Outlook or custom solutions.

Find more about eDiscovery in Office 365 here:

Hope this article helps!




Delegate365 changelog version 5.3-Auto licensing for existing users

Monday, May 16, 2016

Delegate365 version 5.2 has many new features (see here). In D365 version 5.3 we have a new feature for changing Office 365 licenses for users with already assigned OU’s. This article describes how this works in detail with an example, step by step.

Why did we add this feature? Well, a D365 customer had the requirement to auto assign Office 365 licenses. This could already be done in the previous versions of D365. But the peculiarity was that Office 365 licenses should be set gradually. So for example, in May users of an OU should get a license for SharePoint Online, in June for Yammer and in July for Exchange Online. This is a special use case which could only be done in D365 manually or partly, but not automatically. So we added this feature in the product.

Our sample starts with a demo Office 365 tenant where we have a Delegate365 tenant bound to. In the Office 365 tenant there are enough licenses available and some users are already existing (and assigned to an OU). We want to use Auto Assignment where users are assigned to an OU based on settings in their user properties automatically. In this demo we are Portal Admin in D365.

  1. First we check if our test user Alan Steiner (the UPN is alans@somedomain.com, herein “alans”) has any licenses assigned. Currently there are no Office 365 licenses assigned.
    image
    We plan to play around with E5 licenses in this scenario.
  2. Now we check the OU’s in D365. We want that the OU “New York” will use Auto License Assignment. So we select New York and click “Edit licenses”.
    image
    In the OU settings the switch “Use license auto assignment” must be set to Yes.
    This means that – if a user is assigned to the OU New York – he shall receive the selected licenses below (additionally to his existing licenses). Just to remind ourselves: It does not matter how a user OU is changed: manually by an admin or by a SyncOp (manually or automatically) – the result is the same.
    The second switch “Check existing OU assignments” is brand new with this version. If set to Yes, users who are already assigned to that OU New York are checked as well: If a user stays in this OU he will receive the selected licenses. If set to No (which is default), only users who are NEWLY assigned to that OU will receive the licenses. So this switch controls if licenses shall be set for users who are already assigned to an OU as well.
    image
    In this scenario we want all users in New York to receive the Office 365 license for SharePoint Online (SPO) and Office Web Apps. So we select these licenses and Save the settings for New York.
  3. Now we want to ensure that this user will automatically be assigned to a specific OU depending on their user properties.
    SNAGHTML14dfbd9e
    Here we set “Use user sync options” in the “users” section to Yes. Secondly, we select that the SyncOp must check the field department. So we select “Department” with priority “1” and click “Save” at the page bottom. This means that if SyncOp finds the name of any OU in the users department, this user will be assigned to that OU.
  4. If a user is assigned to an OU and the OU license auto assignment is set to yes, that user will receive Office 365 licenses (as shown in 2). So we run the SyncOp manually to see the results immediately.
    image
  5. After the SyncOp was executed, let’s check the user’s licenses: So we open the users list, select “alans” and click “License”. As result of the SyncOp we should see that alans (who is still assigned to “New York”) has new licenses set: Both licenses of the OU New York have been added (as well as two dependent licenses).
    image
    So we see that the automatic license assignment of existing users has worked.
  6. Let’s add another test: In the OU “New York” we add another license for “Yammer”. Again, we leave “Check existing OU assignments” set to Yes, so that all users in “New York” shall receive that additional licenses.
    image
    We click Save…
  7. …and run the SyncOp again – as in 4).
  8. Again we check the result of user alans. Now SyncOp has added the “Yammer” license (for ALL users in “New York”).
    image

Important: As before, SyncOp only adds licenses for users and never removes licenses.

In our scenario, if we remove “Yammer” in “New York” and SyncOp runs, all already assigned licenses of the users assigned to New York will stay untouched (and the users will still have the Yammer license because it was assigned before). D365 never removes licenses so that it never will be the case that D365 is responsible for a possible reduced user functionality. The only exception is the menu “assign licenses” where Admins can set licenses manually as needed – this makes the removal of licenses possible.

We hope this short demo scenario describes the new functionality. With Delegate365 version 5.3 automatic license assignment of existing users is possible easily.




If you want to see the full changelog, please visit our blog.