Delegate365 changelog 9.2.5-Message Trace optimization

Thursday, April 14, 2022

Exchange Online message tracking logs can be searched by sender or recipient email address to find specific email messages. This update improves the speed of the runtime behavior of the message trace function in Delegate365.

• Message Trace: The Mailboxes / Message Trace module allows to query the Exchange logs for email messages with a specific sender or recipient within the last seven days. This works for internal and external email addresses, also for Alias addresses if required.
  
• Tip: Use the Include alias ​​addresses switch only, if you want to search through alternative email addresses. As the description says "(Only for users in their OU, can have an impact on the performance)", activating the switch can be much more time-consuming due to the many requests to Exchange Online. Avoid this switch if possible. The default is off.
• Options to run: If you expect not too many results, try the Run now button. This runs the operation and shows the result instantly below in the Message trace result section. If you expect a larger result set, or if the Run now result delivers no result after 1-2 minutes, try the Run as job button. This schedules the request and informs you via email, when the result is ready.
  
• Result: The found messages can be exported as CSV and Excel files…
  
  …and viewed with their details.
  
• Optimization: This action may take a long time on the Microsoft side. Because Delegate365 also has to filter the results according to OUs, this function could lead to very long waiting times in the past due to a large number of queries to Exchange Online. The runtime behavior was significantly improved by optimizing the function. In some cases, this means reducing runtime from hours to a minute or a few minutes.

All existing Delegate365 versions v9.2.5 have been already updated with this version. No interaction is required on the part of the customer. All minor versions will be updated this month in consultation with customers.

Troubleshoot Delegate365 email delivery

Monday, March 28, 2022

When using Delegate365, the system sends emails for various notifications. If the email is not received, check this configuration.

Check these relevant points:

• Sender requirements: Check whether you are using an Office 365 email address that has an Exchange license. The sender address needs to have a mailbox that can be used for sending.
  As a Portal Admin, open the Administration / App settings menu, and open the Email configuration section.
  
  After clicking the Save button, try it out by sending a test email to a user below.
  
  The mailbox should get a test message. If this does not work, use another (service) mail account and retry.
• Recipient of Tickets: Admins can configure, which email receives support cases that are opened within Delegate365 in the Administration / General settings section.
  
  If the switch Use support administrator is set to No, tickets are sent to the support email address of atwork. Usually, we recommend to use your organization´s first level support email address here.
• Support Tickets: To open a support case within Delegate365 simply fill out the form in the Support menu and click Send.
  
  The support request will be sent to the configured email address. Also, the request will be added to the Delegate365 notification center.
  
  The notification center is refreshing about every minute. See also Delegate365 - Open a support case.
• Other notifications: Delegate365 is using the configured mailbox from above to send notifications that run asynchronously, like the generation of reports, overviews, sending of keys, etc. If you are not sure, if the email sending works properly, pls. try it out as above.

We hope this quick overview helps. For more troubleshooting tips, see Troubleshooting Delegate365 - Why does Delegate365 not show users?

Delegate365 changelog 9.2.5-License order document

Thursday, February 17, 2022

Delegate365 v9.2.5 got another update: The license ordering module can display a custom file to provide additional ordering information for administrators when requesting new licenses.

This option supports administrators in their ordering process and can provide company-specific information about the order. The document is then displayed with a link in the license ordering module.

• Upload a document: As Portal Admin, open Administration / General settings and scroll down to the License order process section. The document part for the license order is integrated here. The file can be any file in any format such as PDF, Word, Excel or similar. One file can be uploaded, not multiple files.
  
  Click on the Upload document button and select a file from your computer. Then, click on the Save button.
  
  In this sample, a document license-order-info.pdf has been uploaded. The file is stored in the Delegate365 Azure Storage (and could be accessed in the storage directly as well).
• Remove a license order document: To remove such a file, click on the small X-icon to the right of the filename. This deletes the file from the storage and removes the link in the license order module.
• See the license order document: If configured as above, the file is shown in the Licenses / License orders module, below the title and the description. When a user clicks on the link, the file is downloaded or opened (depending on the file type and the browser).
  
  For example, if the file is an Excel file, the Edge browser can open the document directly in the browser, depending on browser settings. This could be a description of the ordering process, or a price list or something similar.

We think this simple method will help admins to appropriately describe the ordering process for their organization. All existing Delegate365 versions v9.2.4 and v9.2.5 will be updated with this version in the next days. No interaction is required on the part of the customer.

Delegate365 changelog 9.2.5-License management for Shared and Resource Mailboxes

Wednesday, February 9, 2022

With this update, Delegate365 allows viewing and changing licenses for shared mailboxes and resource mailboxes. Since each mailbox is a user mailbox and Delegate365 works with the OU scopes, the behavior of the new license management depends on the assigned OUs and objects. Details can be found here.

New menu license in Shared Mailboxes and Resource Mailboxes

The modules Mailboxes / Shared mailboxes and Mailboxes / Resources now show a module Licenses in the context menu on the right when a mailbox is selected in the list.

The Licenses menu is always visible. But, there can be some scenarios regarding the behavior of that men. In the following we show examples of this.

Sample scenario with license quotas

Here, Adele is a scope admin, responsible for 2 OUs, New York and London. The Admin, with the portal admin role, has access to New York, London and Seattle.

Also, the Admin has created license quotas for all OUs. London has a quota of 5 x Office 365 E3 licenses, and New York and Seattle have a quota of 10 x Office 365 E3 licenses.

Case 1 - unassigned user

Here, Adele is a Scope Admin, responsible for 2 OUs, New York and London. She created a new Shared Mailbox Shared1 in Delegate365, assigned to London. When Adele opens the Licenses menu, she can view the licenses that are assigned to Shared1, but she cannot modify the licenses. A message says: "Assign License. This mailbox licenses cannot be changed because the user mailbox is unassigned in Delegate365. Please contact your administrator to assign the relevant user to an OU that you can manage."

The reason lies in the technical and licensing model of Microsoft 365: Each mailbox is a user mailbox, and a license can only be assigned to the user mailbox.

In this case, a shared mailbox has been created, but the user mailbox is not assigned to an OU in Delegate365. Therefore, any license quotas would not work because the user license is missing in the model.

Solution: An admin should assign the user mailbox to an OU in Delegate365 that the scope admin Adele can manage. In this sample, the Admin manually assigns the user Shared1 to OU London (which Adele can manage). See the required steps here.

This is it. The Shared1 user mailbox is now visible in the Delegate365 Users list and assigned to OU London. Now the behavior is as follows.

Case 2 - assigned user

Back to our scope admin Adele: When she opens the Licenses menu for Shared1, she now can fully manage the Microsoft 365 licenses for that mailbox. She assigns 1 Office 365 E3 license, as here.

A notification is shown with the operation result:

Note: The assigned license counts against the defined quota of London. Now, there´s 1 Office 365 E3 license used out of 5 available licenses. Also, Adele sees the user mailbox Shared1 in the Users module.

Solution + recommendation: This is the desired setup. Admins should assure that user mailboxes are assigned to an OU in Delegate365, manually or automatically.

Case 3 - Unassigned OU

The third scenario is, if a user mailbox is assigned to an OU, but the scope admin can not manage that OU. Here, the user mailbox Shared2 is assigned to OU Seattle, but Adele has only access to OU  New York and London. The Admin assigns Shared2 to Seattle.

When we remember, Adele created Shared2 and assigned the shared mailbox to London. So, the user mailbox Shared2 is assigned to Seattle, but the shared mailbox is assigned to London…

When Adele opens the Licenses menu, the licenses can be viewed, and she gets the following message: "Assign License. The user mailbox is assigned to OU Seattle. Therefore, the licenses cannot be changed because the user mailbox is assigned to an OU that you are not allowed to manage. Please contact an administrator who can manage the user mailbox in the corresponding OU."

In this case, Shared2 has no Office 365 E3 license assigned, but other M365 licenses are assigned. Assigned licenses count against any quota in the user mailbox corresponding OU, here it´s Seattle. Adele can view the licenses, but she cannot modify them.

To clarify, if an Admin now assigns an Office 365 E3 license to Shared2 in the user´s module, this license is counting for OU Seattle. Then, there is 1 out of 10 licenses used in Seattle, as shown here.

If Adele now checks Shared2 in the Shared Mailboxes module, she sees the assigned license with the quotas of Seattle (1/10). Again, she has no access to modify that mailbox license in Seattle, as here.

Solution: An admin should assign the user mailbox to an OU in Delegate365 that the scope admin Adele can manage, as in case 1. In this sample, the Admin manually assigns the user Shared1 to OU London (which Adele can manage). See the required steps here.

In the Users module, the Admin selects Shared2 and opens the Switch OU menu.

The OU is changed from Seattle to London.

When this is done by the Admin, Adele can now fully manage the Shared2 mailbox license. Also, the license counts against the quota of London (1/5).

Case 4 - Unassign users

If admins don't want their scope admins to be able to manage licenses in shared mailboxes and resource mailboxes, they should be removed as a user from the OU, as here.

Then, Scope Admins as Adele can (always) view assigned licenses, but they can not modify them. In this case, assigned licenses do NOT count against any OU quota in Delegate365 (as you can see, the quota shows the number of available licenses in the M365 tenant, here 2 for E3, and not the E3 quota of 5 for London or 10 for Seattle).

This is the default behavior, as described in Case 1.

This works for Shared Mailboxes and Resource Mailboxes and quotas

• It should be mentioned that the behavior is as described for shared mailboxes and resource mailboxes (rooms and devices).
• In order for scope admins to be able to edit licenses from such mailboxes, the user mailbox must be assigned to an OU in Delegate365.
• The same applies if you want allocated licenses to be included in the Delegate365 quotas. In that case, assign the user mailboxes as described above.

This update will be deployed to all Delegate365 v9.2.4  and v9.2.5 tenants automatically in the next days. In case of any questions, pls. contact us.

Delegate365 changelog 9.2.5-Authentication methods

Monday, February 7, 2022

Delegate365 v9.2.5 includes a new module showing a user´s authentication methods and the assigned devices. See the details here.

• Note: This update does not require a new setup, if the previous version was v9.2.4. Otherwise, the Admin has to run the setup after the update process.
• New authentication methods menu in Users: In the Users module, when a user is selected, the context menu shows the Authentication methods item.
  
• View and delete devices: After opening the Authentication methods menu, a panel opens and shows the assigned devices, and the last login to that device, as here.
  
  The admin can remove devices by clicking on the Delete icon per device. A confirmation with the device name follows, like for "Deleted Device" here:
  
  When confirmed, a toaster notification in the bottom right corner shows the successful removal of the device.
  
  That´s it. Continue as needed to cleanup old devices.
• Permission for the authentication methods menu: In the Policies / Permission Policies, the Users / Multi Factor Authentication flag controls if admins with that policy see that new menu, or not. By default, the Multi Factor Authentication is set to Yes for Portal Admins, and No for Scope Admins. When Delegate365 is updated, the existing settings are not changed.
  

This update will be deployed to all Delegate365 v9.2.4 tenants automatically in the next days. For Delegate365 tenants with previous versions (less than v9.2.4), this version will be deployed with the next update. In this case, a setup by the Admin is required once to enable Delegate365 to access this feature. In case of any questions, pls. contact us.

Delegate365 changelog 9.2.4-Service health, guests, and teams templates

Wednesday, January 19, 2022

Delegate365 v9.2.4 is the latest update that brings new service health, guest user information, teams templates and other improvements. See the details here.

• Important: To upgrade to this version, Delegate365 setup must be run. We will inform all customers to make an appointment for the setup. This is required because the Delegate365 app needs additional permissions to read the service health (see below). Follow the steps at Delegate365-(Re)run the setup.
• The dashboard service health: As described at Delegate365 changelog 9.3-Service health, the old Microsoft Service Communications API has been retired by Microsoft. Therefore, the service health components in Delegate365 had to be changed. After the setup, the dashboard shows the service health properly again. The new service health shows more detailed information. Each service can be opened by clicking on it.
  
• New Health menu: The Health menu now includes the Service health (as in the dashboard) with status, overview and history, and the new Message center. The Service health is specific to your own Microsoft 365 tenant and provides up-to-date data on each cloud service for up to 60 days.
  
• New message center: Another new module is the Microsoft 365 message center that provides an overview of planned changes and how it may affect your tenant and services for up to 200 days.
  
  The list can be filtered by Service, by Tag, and with a Search text.
  
  Also, the messages can be opened by clicking on the item. Click outside of the panel to close the message.
  
• The user list explicitly shows guest users: The users list now shows a new column with the "User type". Internal users in your tenant have Member status, while external users have Guest status. The column "Type" has been renamed to "Mailbox type" (which can have User, Shared, Resource, and Equipment as value).
  
  The export also includes this new column so it can be easily filtered.
• Guest user status: When a user is opened with Edit, the title now shows the Guest status as well. Guests who have been invited are given a status of PendingAcceptance,
  
  Guests who have already accepted the invitation to the organization's tenant are given a status of Accepted.
  
  Also, the date of the last status change is shown. This helps to identify inactive users.
• OU Assign/Unassign new filter: To filter users more easily, a filter for the user type was added in the OU / Assign and OU / Unassign module. This allows you to filter by members, guests, and all user types. The default is set to Members.
  
• Sync rules with comma as separator: All sync rules available for DisplayName now include a comma as a new separator. The OU name can also be extracted if the DisplayName of an object contains a "," between the OU name and the group name, like "New York,Human Resources".
  
  

• Create a new team with a teams template: Delegate365 allows to add teams templates that can be used for creating a new team and for converting a Microsoft 365 group to a team. See a description at Teams templates.
  
• Clone a team: This feature allows to duplicate an existing team with selected properties. See a description at Teams templates.
  
• Fix Add user to group: Previously, admins could add a user to a group that was assigned as Group OU only. The feature was recently added to users, but in this case this was incorrect as the intent for Group OU´s is to be read-only. This has been fixed, so that Group OU objects are no longer be available in that function.
• Fixes: Various minor fixes are included in this release.

This version will be updated in all Delegate365 tenants over the next month. New Delegate365 tenants will automatically get the latest version.

Delegate365 changelog 9.2.4-Teams templates

Tuesday, January 18, 2022

In Delegate365, a new Microsoft Team can be deployed using a teams template. Teams can also be cloned. Details can be found here.

• Menu Teams: A Microsoft Team is built on a Microsoft 365 Group. The Teams module can be found in the Groups / Teams menu. The following screenshot shows the new and adjusted functions.
  
• Create a new team with a teams template: As usual, click on the plus icon in the top left of the list. In the groups pane, enter the new team name and properties. By default, the Create a Team switch is set to Yes. Below that, there is a new dropdown control Template that allows to specify which teams template shall be applied to the new team.
  
  When done, click Save at the bottom of the panel. Usually the new team is ready after a few seconds to a minute.
• Available templates: By default, one template is available, which is also the default choice: the Standard template. To make more templates available, an admin needs to create team templates that need to be added to the Delegate365 administration, as described here.
• Create a new teams template: The quickest way to create a teams template is to customize an existing team. For example, new channels are created here in a team and a tab with an app or a link (here it is the tab Website) is added.
  
  When finished, the team can be used for the template creation. As a Microsoft 365 Global Administrator, open https://admin.teams.microsoft.com/teams/templates. Click Add.
  
  The wizard allows to create a new template, use an existing team as a template, and to start with an existing template. Here, we select the second option and click Next.
  
  Now we select the Project Tango team and click Next.
  
  In the next step, the template description must be added. It is absolutely necessary to set the LOCALE to ENGLISH (UNITED STATES)!
  
  Currently, the provisioning process only works when the locale is set to "en-US". This is a known issue at Microsoft and will hopefully be fixed at some point. Therefore, please make sure that the locale is correctly set to "English (United States)". Click Next.
  In the last step, modify the Channels or Apps, if needed. Click Submit when done.
  
  The template is created and will be shown in the list of the Team templates.
  
  Now, click on the template. We need to copy the Template ID (here it´s 02b3…) to insert it into Delegate365.
  
  We´re done in the Teams Admin Center. See more about this process at Create a custom team template in Microsoft Teams.
• Add a teams template to Delegate365: In Delegate365, open Administration / Teams Templates. This new module allows to manage these templates.
  
  Click on the plus icon to add the new template. In the panel, add the name and paste the Template ID that we remembered earlier (here 02b3…). The Active switch allows the template to be made available to the users.
  
  Click Save when done. The teams template is now available. Only templates that are active are available in the selection.
  
• Apply a teams template: As described above, select the new template when a new team is created, as here.
  
• Check the new team: In the Teams app, find the provisioned team and see the predefined channels and apps. Here, "Project Victor" looks the same as the underlying template "New project".
  
• Teamify with a template: An existing Microsoft 365 Group can be converted to a team with a template as well. Select the group and open Convert to team.
  
  Select the template to use. By default, Standard is selected.
  
  After the conversion, the team will be available based on the selected template. It might take some time until the team shows up in the Teams app.
• Clone a team: This new option allows to duplicate an existing team with selected properties. Select the group and open Clone team.
  
  The panel looks very similar to the "Create Team" panel, but allows you to choose which data to clone. By default, all options are selected. Note that some parts are dependent on others.
  
  Click Clone when done and check the new team once it shows up in the Teams app.
  
  The cloned team is a copy of the source team, depending on the parts selected.

The new Teams capabilities provide more options for managing Microsoft Teams for your OUs and for the organization. More new features in this update are available at Delegate365 changelog 9.2.4-Service health, guests, and teams templates.

Delegate365 changelog 9.3-Service health

Wednesday, December 8, 2021

Microsoft announced the retirement of the Microsoft Service Communications API (Msg MC299902). Therefore, we changed the service health components in Delegate365 to use the successor API functions with immediate effect and to get more data. A new setup of Delegate365 is required. See the details here.

The Service health module in Delegate365 shows, what´s happening in a specific Microsoft 365 tenant at a glance to all authorized users. Contrary to the required authorizations in M365, this is not necessary in Delegate365. All admins can view the service health and the message center posts.

With this update, this module changed.

• The old Service Health module showed a list of M365 services, and messages from the last 14 days, as here.
  
• When the user opens a message, all notifications for that topic are shown.
  
• The new Health module consists of two features: Service Health and the (new) Message center.
• Service Health now shows shows only the latest news (and no longer all messages from the past two weeks). Closed messages are not displayed by default. These messages can be shown in the View history panel. The icons are now the same as in the M365 admin center, and the status is the current status, delivered from the health service of the tenant.
  
• The details are now shown more clearly:
  
• The View history panel shows messages, that are already closed. These are messages are no longer valid:
  
• The new Message center shows tenant-information to keep track of upcoming changes, including new and changed features, planned maintenance, or other important announcements. The list shows any messages from the last 200 days.
  
• Here, each message informs, how the topic may affect your users, and links out to more detailed information to help you prepare.
  
  Close the message panel, or simply click outside of the panel to close it.

Since the old Service health API will be deactivated on December 17th, 2021, it is required for a Delegate365 Admin to renew the Delegate365 app and to consent to the new required permissions as a global administrator. Pls. see the article Run the Delegate365 setup and follow the steps.

All Delegate365 tenants will be upgraded to the new version this December.

Delegate365-Empty Reports

Wednesday, September 8, 2021

In some tenants, sometimes reports appear blank. This can happen when reports are obfuscated in the Microsoft 365 admin center. See more here.

Reports can be scheduled and downloaded in the Reports menu. When the report generation is completed, they show up in the list, as here.

When the report is open and "no data available" is displayed (although you see users and groups in the Delegate365 pages)…

…the reason will likely be that Microsoft 365 obfuscates user, group and site data in the report settings. In this case, as administrator, check as Admin Center / Settings / Org Settings / Reports settings (Microsoft 365 admin center), as here. Note that in new tenants this feature can be set to On by default.

While it may be understandable to activate this "report obfuscation" feature for reasons of security and compliance, it results in Delegate365 receiving no data and displaying empty reports when users, groups or SharePoint sites are included. M365 then only delivers Id´s that cannot be mapped to a user that is assigned to an OU in Delegate365.

If your organization's compliance guidelines allow, disable this report setting in your M365 tenant to view report data.

As a result, data will appear again in Delegeate365 in newly created reports. You can find a list and samples of all available reports in Delegate365 here.

Delegate365 changelog 9.2.3-Add users to groups

Monday, July 26, 2021

Delegate365 v9.2.3 brings a fix for the Message Trace function and offers a mechanism to add multiple users to one or more groups directly from the user list. See it here.

• Bulk add users to groups: In the users list, select more than one user. The menu on the right then shows the new option "Add users to group". In this sample, 3 users are selected: Debra, Pradeep and Lee.
  
  The panel "Add users to group" opens and allows to select multiple groups of all types: Security groups, Distribution Groups, and Microsoft 365 Groups. The admin can search for the groups and add them to the Groups picker. By clicking on the Save button, a confirmation popup appears. When clicking Ok, the selected users will be added as members to these groups.
  
  A quick toast message shows the result in the bottom right corner.
  
  If the user already was a member of a group, this is ignored.
• Check group assignments: As before, admins can check existing group assignments anytime in the Users list as well by opening the "Member of" function.
  
  A panel then shows all groups where Debrah is member of.
  
• Trace Messages Shared/Resource Mailbox Fix: If a message trace was executed, and the traced mailbox was a Shared Mailbox, or a Resource Mailbox, in some scenarios the output did not show all results. Also, SM and RM OU assignments are now fully considered. Both issues that could happen in some scenarios have been fixed.

This version has already been updated in all Delegate365 tenants and is available as of today.

If you want to see the full changelog, please visit our blog.