Category Archives: office 365

Office 365 vs Office 2019 vs LibreOffice: some thoughts

What has rescued Microsoft in the cloud era? It seems to me that Office 365, rather than Azure, is its most strategic product. Users do not like too much change; and back when Office 365 was introduced in 2011 it offered an easy way for businesses small and large to retire their Exchange servers while retaining Outlook with all its functionality (Outlook works with other mail servers but with limited features). You also got SharePoint online, cloud storage, and in-browser versions of Word, Excel and PowerPoint.

There was always another aspect to Office 365 though, which is that it allowed you to buy the Office desktop applications as a subscription. Unless you are the kind of person (or business) that happily runs old software, the subscription is better value than a permanent license, especially for small businesses. Currently Office 365 Business Premium gets you Outlook, Word, Excel, PowerPoint, OneNote and Access, as well as hosted Exchange and SharePoint etc, for £9.40 per month. Office Home and Business (which does not include Access) is £250, or about the same as two years subscription, and can only be installed on one PC or Mac, versus 5 PCs or Macs, 5 tablets and 5 mobile devices for the subscription product.

The subscription product is called Office 365, and the latest version of the desktop suite is called Office 2019. Microsoft would much rather you bought the subscription, not only because it delivers recurring revenue, but also because Office 365 is a great upselling opportunity. Once you are on Office 365 and Azure Active Directory, products like Dynamics 365 are a natural fit.

Microsoft’s enthusiasm for the subscription product has resulted in a recent “Twins Challenge” campaign which features videos of identical twins trying the same task in both Office 365 and Office 2019. They are silly videos and do a poor job of selling the Office 365 features. For example, in one video the task is to “fill out a spreadsheet with data about all 50 states” (US centric or what?).

image

In the video, the Office 365 guy is done in seconds thanks to Excel Data Types, a new feature which uses online data from the Bing search engine to provide intelligent features like entering population, capital city and so on. It seems though that the twins were pre-provided with a spreadsheet that had a list of the 50 states, as Excel cannot enter these automatically. And when I tried my own exercise with a few capital cities I found it frustrating because not much data was available, and the data is inconsistent so that one city has fields not available for another city. So my results were not that great.

image

I’m also troubled to see data like population chucked into a spreadsheet with no information on its source or scope. Is that Greater London (technically a county) or something less than that? What year? Whose survey? These things matter.

Perhaps even more to the point, this is not what most users do with Office. It varies of course; but a lot of people type documents and do simple spreadsheets that do not stress the product. They care about things like will it print correctly, and if I email it, will the recipient be able to read it OK. Office to be fair is good in both respects, but Microsoft often struggles to bring new features to Office that matter to a large proportion of users (though every feature matters to someone).

It is interesting to browse through the new features in Office 2019, listed here. LaTeX equation support, nice. And a third time zone in Outlook, handy if you discover it in the convoluted Outlook UI (and yes, discoverability is a problem):

image

It is worth noting though that for document editing the free LibreOffice is excellent and good enough for a lot of purposes. You do not get Outlook though, and Calc is no Excel. If you mostly do word processing though, do look at LibreOffice, it is better in some respects than Word (style support, for example).

I use Office constantly and like all users, I do have a list of things I would like fixed or improved, that for the most part seem to be completely different from what the Office team focuses on. There are even longstanding bugs – see the recent comment. Ever had an email in Outlook, clicked Reply, and found that the the formatting and background of the original message affects your reply text as well and the only way to fix it is to remove all formatting? Or been frustrated that Outlook makes it so hard to make interline comments in a reply with sensible formatting? Or been driven crazy by Word paragraph numbering and indentation when you want to have more than one paragraph within the same numbered point? Little things; but they could be better.

Then again there is Autosave (note quite different from autorecover), which is both recent and a fantastic feature. Unfortunately it only works with OneDrive. The value of this feature was brought home to me by an anecdote: a teenager who lost all the work in their Word document because they had not previously encountered a Save button (Google docs save automatically). This becomes what you expect.

So yes, Office does improve, and for what you get it is great value. Will Office 2019 users miss lots of core features? No. In most cases though, the Office 365 subscription is much better value.

Microsoft quarterly financials: strong figures, note LinkedIn and Dynamics numbers

Microsoft has released its financial statements for the quarter ending December 31 2018. Sometimes it seems that all the talk is of Google, Facebook, Apple and Amazon, but Microsoft continues to deliver strong results.

That said, it is an increasingly corporate story. The company still has a presence in gaming, both on Xbox and PC, and reports Xbox software and services growth of 31%. Consumers still buy Windows and Office; there are now 33.3 million Office 365 consumer customers.

There is no longer a PC in every home though. There might be an old one; but PCs now  tend to be bought for specific purposes such as gaming or home working. There are plenty of other options for casual home computing. Windows OEM revenue is down 5%.

It is a different story in the business world. Office 365 is still motoring, with revenue growth of 34% year on year. A spin-off benefit is that Dynamics 365, once a poor cousin to Salesforce for cloud CRM, now reports revenue growth of 51% year on year, despite the product’s eccentricities and high price. The key is integration and upsell: get users hooked on Office 365 for email and documents, and compelling add-ons become an easy sell.

Rather to my surprise, Microsoft’s LinkedIn acquisition seems to be working. Revenue is up 29%, session numbers are up 30%. My anecdotal experience bears this out. People are actually acquiring and doing business via LinkedIn, even though it suffers from masses of bad data and the usual perils of social media (fake accounts, scammers, harassers and so on). For now, users seem to be able to manage these problems and interact with the right people.

Azure revenue is up 76%.

All well in Redmond then? The risk is that the company’s narrowing focus will leave it vulnerable to competitors who take advantage of their control of the end points (clients): smartphones, tablets, smart devices running Linux. Even now the web browser, with the Edge team now integrating Google’s browser engine, Chromium, rather than building their own.

For now though, Microsoft powers on.

Here is the breakdown by segment, such as it is:   

Quarter ending December 31st 2018 vs quarter ending December 31st 2017, $millions

Segment Revenue Change Operating income Change
Productivity and Business Processes 10100 +1147 4015 +678
Intelligent Cloud 9378 +1583 3279 +447
More Personal Computing 12993 +823 2964 +454

The segments break down as:

Productivity and Business Processes: Office, Office 365, Dynamics 365 and on-premises Dynamics, LinkedIn

Intelligent Cloud: Server products, Azure cloud services

More Personal Computing: Consumer including Windows, Xbox; Bing search; Surface hardware

OneDrive Upload Blocked and the “Use Office 2016 to sync Office files” setting

For several years the story with Office 365 was that email (essentially hosted Exchange) works great but OneDrive cloud storage, not so good. The main issues were not with the cloud storage as such, but with the sync client on Windows. It would mysteriously stop syncing and require a painful reset process to get it going again.

Microsoft squashed a lot of bugs and eventually released a much-improved “Next generation sync client” (NGSC) based on consumer OneDrive rather than Groove technology.

In the 2017 Windows 10 Fall Creators Update Microsoft also introduced Files on Demand, a brilliant feature that lists everything available but downloads only the files that you use.

The combination of the new sync client and Files on Demand means that life has got better for OneDrive users. It is not yet perfect though, and recently I came across another issue. This is where you get a strange “Upload blocked” message when attempting to save a document to the OneDrive location on your PC. Everything works fine if you go to the OneDrive site on the web; but this is not the way most users want to work.

The most popular fix for this problem is to go into OneDrive settings (right-click the little cloud icon to the right of the taskbar and choose Settings). Then find the Office tab and uncheck “Use Office 2016 to sync Office files that I open.” But don’t do that yet!

If you check this thread you will see that over a thousand users clicked to say they had the same problem, and over 400 clicked to say that the solution helped them. Significant numbers for one thread.

image

But what does this option do? It appears that checking the option makes big changes to the way Office files are saved. Here is the explanation:

Similar to how Office opens files, saves start with the locally synced file. After the file saves, Office will upload changes directly to the server. If Office can’t upload because the device is offline, you can keep working offline or close the file. Office will continue to save to the locally synced file, and OneDrive will handle the upload once the device gets back online. In this integration, Office works directly with the files that are currently open, enabling co-authoring in Office apps like Word on the desktop, which no competitor offers. For files that are not open in Office, OneDrive handles all syncing. This is the key difference between the old sync client integration and the NGSC, and this lets us achieve co-authoring along with the best  performance and sync reliability.

We can conclude from this that the “upload blocked” message comes when Office (not OneDrive) tries to “upload changes directly to the server”. Office as well as OneDrive needs to be signed in. The place to check these settings in on the Account tab of the File menu in an Office application like Word or Excel. There is a section called Connected Services and you need to make sure this lists all the OneDrive locations you use.

I suggest that you check these settings before unchecking the “use Office 2016 to sync” option in OneDrive. However, if it still does not work and you cannot troubleshoot it, it is worth a try to get reliable OneDrive sync

If you uncheck the “User Office 2016” option you will lose a couple of features:

  • Real-time co-authoring with the desktop application
  • Merge changes to resolve conflicts

The first of these features is amazing but many people rarely use it. It depends on the way you and your organization work. The second is to my mind a bit hazardous anyway.

Redesign coming to Outlook for Windows and Mac, but will Microsoft fix what matters most?

At its Ignite conference under way in Orlando, Microsoft has been talking about its plans for Outlook, the unavoidable email and personal information management client for Office 365 and Exchange.

A lot of UI design changes are on the way, as well as back-end changes that should improve our experience. One of the changes is that “AI-infused” search will surface top results, based on contacts we often communicate with, keyword matching and so on. Search is also getting faster; apparently it has already doubled in speed compared to earlier versions.

image

There will be a simplified ribbon, more use of colour, an improved calendar, and many small design changes.

On the Mac, this is what Outlook looks like today:

image

and this is what is planned:

image

The background shading is caused by transparency, which is configurable.

Nothing is set in stone and the previews we saw are just that, previews. Microsoft is looking for feedback via the Office Insider community, as well as previewing features in the application itself and inviting opinions.

It’s good to see redesign work on this application which is essential to many of us. However it is not clear that the things which matter most to me are being addressed. I had a chat with the speakers at the end and mentioned the following personal bugbears:

1. Message formatting still gets messed up especially if you want to do things like replying inline to an email. If you click in the wrong place you can still end up inheriting formatting from the message you are quoting such that you cannot easily get back to normal typing. It is all to do with the use of Word for the message editor, but without all the features of Word to control it.

2. I’d like to see something in the UI that would deter users from quoting a massive chain of previous correspondence in the message, sometimes sending content unawares that would better have remained confidential.

3. Something many have asked for: delayed send, so that when you reply too hastily there is a window of time when you delete or edit the message before it is sent. Configurable, of course.

4. Attention paid to the many obscure dialogs, some of which have not been touched for decades. Like the Open other user’s mailbox control, which is not even a picklist, you have to type it exactly right:

image

5. Ever had a call from someone who has inadvertently engaged Work Offline and does not know why mail is no longer arriving? I have.

6. In Outlook mobile, at least on Android, search is infuriating. It retrieves results, but if they are more than a couple of weeks old, you cannot see the message.

7. Better performance when your connection is poor. I realise it is challenging, but you would think that proper use of background processes could give the user a reasonable and informative experience. Whereas today you can get hangs, lies (“this folder is up to date”, when it is not), that certificate warning when you are on public wifi and have not logged in yet (why can’t Outlook detect this common scenario?), repeated password requests when there are network problems, and so on.

8. Why are Outlook profiles managed in a Mail applet in Control Panel? Admins know this, but why not make it an Outlook Configuration app that appears in the Start menu. It would be easier for those who get stumped when Outlook does not open.

I am sure you have your own list. The bottom line though is this: the cosmetics of the design do matter, but not as much as issues which can stop you getting things done.

Microsoft announces free version of Teams, ahead of Inspire partner conference

Microsoft’s partner conference, Inspire, kicks off in Las Vegas next week; and as part of the event the company has announced big news concerning Teams: a free version.

image

What is Teams? It is a collaboration tool for Office 365, or at least it was, since the new free version can be used with any email address and without Office 365. Here is what you get:

  • Chat
  • Audio and video calling
  • 10GB online storage, plus 2GB for each additional team member (SharePoint/OneDrive)
  • Word, Excel and PowerPoint online
  • Ability to install unlimited additional applications

Teams is a strategic product for Microsoft – see here for the reason. A free version is way for the company to promote Office 365, and you will see an upgrade link in the user interface.

There are also new features coming to Teams. One seems minor, but will be popular. It deals with the problem of video conferencing from home, and not being sure what may happen behind you. You may remember this:

image

So now Teams video conferencing will let you blur the background. Here is Raanah Amjadi, Marketing Manager, Microsoft Teams, demonstrating the feature:

image

In addition, Teams is getting a new Live Events feature. This is where you broadcast a presentation or meeting to others in your company. Automatic speech-to-text will do close captions (so you can watch with the sound done, if you trust it enough), and this then enables text search of the event with index points into the video. Bing Translate is also included in Teams so you can have multi-lingual conversations.

image

Microsoft Workplace Analytics is getting enhancements including “My Analytics” which will give you AI-powered “nudges” in Outlook online. I am not sure I trust this to be much real-world use; but the example shown was intriguing: alert you if you try to schedule a meeting with someone out of their working hours.

Whiteboard, a collaboration canvas, is now generally available for Windows 10 and mobile.

image

Free Teams is available immediately here.

On Microsoft Teams in Office 365, and why we prefer walled gardens to the Internet jungle

Gartner has recently delivered a report called Why Microsoft Teams will soon be just as common as Outlook, which gave me pause for reflection.

The initial success of Office 365 was almost all to do with email. Hosted Exchange at a reasonable cost is a an obvious win for businesses who were formerly on on-premises Exchange or Small Business Server. Microsoft worked to make the migration relatively seamless, and with strong Active Directory support it can be done with users hardly noticing. Exchange of course is more than just email, also handling calendars and tasks, and Outlook and Exchange are indispensable tools for many businesses.

The other pieces of Office 365, such as SharePoint, OneDrive and Skype for Business (formerly Lync) took longer to gain traction, in part because of flaws in the products. Exchange has always been an excellent email server, but in cloud document storage and collaboration Microsoft’s solution was less good than alternatives like DropBox and Box, and ties to desktop Office are a mixed blessing, welcome because Office is familiar and capable, but also causing friction thanks to the need for old-style software installations.

Microsoft needed to up its game in areas beyond email, and to its credit it has done so. SharePoint and OneDrive are much improved. In addition, the company has introduced a range of additional applications, including StaffHub for managing staff schedules, Planner for project planning and task assignment, and PowerApps for creating custom applications without writing code.

We have also seen a boost to the cloud-based Dynamics suite thanks to synergy between this and Office 365.

Having lots of features is one thing, winning adoption is another. Microsoft lacked a unifying piece that would integrate these various elements into a form that users could easily embrace. Teams is that piece. Introduced in March 2017, I initially thought there was nothing much to it: just a new user interface for existing features like SharePoint sites and Office 365/Exchange groups, with yet another business messaging service alongside Skype for Business and Yammer.

Software is about usability as much or more than features though, and Teams caught on. Users quickly demanded deeper integration between Teams and other parts of Office 365. It soon became obvious that from the user’s perspective there was too much overlap between Teams and Skype for Business, and in September 2017 Microsoft announced that Teams would replace Skype for Business, though this merging of two different tools is not yet complete.

image

To see why Teams has such potential you need only click Add a tab in the Windows client. Your screen fills with stuff you can add to a Team, from document links to Planner to third-party tools like Trello and Evernote.

image

This is only going to grow. Users will open Teams at the beginning of the day and live there, which is exactly the point Garner is making in its attention-grabbing title.

A good thing? Well, collaboration is good, and so is making better use of what you are paying for with an Office 365 subscription, so it has merit.

The part that troubles me is that we are losing diversity as well as granting Microsoft a firmer hold on its customers.

It all started with email, remember. But email is a disaster, replete with unwanted marketing, malware links, and some number of communications that have some possible value but which life is too short to investigate. In the consumer world, people prefer the safer world of Facebook Messenger or WhatsApp, where messages are more likely to be wanted. Email is also ancient, hard to extend with new features, and generally insecure.

Business-oriented messaging software like Slack and now Teams have moved in, to give users a safer and more usable way of communicating with colleagues. Consumers prefer Facebook’s walled garden to the internet jungle, and business users are no different.

It is a trade-off though. Email, for all its faults, is open and has multiple providers. Teams is not.

This will not stop Teams from succeeding, even though there are plenty of user requests and considerable dissatisfaction with the current release. Performance can be poor, the clients for Mac and mobile not as good as for Windows, and there is no Linux client at all.

Third-parties with applications or services that make sense in the Teams environment should hasten to get their stuff available there.

Microsoft announces Office 2019, Exchange Server 2019 and SharePoint Server 2019

This was not one of Microsoft’s most surprising announcements, but even so, confirmation that some of the company’s most significant products are to receive updates a year or so from now. The announcement was made at the SharePoint and OneDrive session at the Ignite event here in Orlando.

image

If you have an hour or so spare, you can view the session here:

Note that fewer people now use these products; that is, increasing numbers of users are on Exchange Online and Office 365. These are the same but not the same, and get updates earlier than the on-premises equivalents. Still, we may well see a makeover for Office 365 at around the time Office 2019 is released.

Either way, we should not expect a radical departure from the current Office. Rather, we can expect improvements in the area of collaboration and deeper integration with cloud services.

You will also need to think about the following dialog, if you have not already (the exact wording will vary according to the context):

image

The deal is that you send your document content to Microsoft in order to get AI-driven features.

OneDrive Files on Demand is back – will users get confused? And how does it look to applications?

Microsoft is restoring a much-requested feature to its OneDrive cloud storage: placeholders, or what is now called Files on Demand.

The issue is that when users have files in cloud storage, they want easy access to them at any time, but downloading everything to local storage may use too much disk space. There are also scenarios where you do not want a local copy, for example for confidential documents, especially if you do not enable Bitlocker encryption.

You can use OneDrive through the web browser, but Windows users expect File Explorer integration, the most natural way of working.

Windows 8.1 introduced placeholders, where OneDrive (then SkyDrive) files appeared in File Explorer but were not actually downloaded until you opened them. It was a popular feature, but Microsoft removed it in Windows 10, saying that users found it confusing. I suppose they might have thought a file was on their PC, boarded a plane, and then discovered they could not work on the document because they it was not actually there.

This was a user interface issue, but apparently there were other technical issues, particularly for applications using the Windows file APIs. Perhaps the problems were so intricate that the team did not think it could be fixed in the first releases of Windows 10.

Now the feature is back, and I have installed it on the latest Windows Insider build:

image

But could users still be confused? Files in OneDrive now have four possible states:

Hidden. You can still choose not to make all folders visible in File Explorer. In fact, hidden seems to be the default for folders previously not synced to the PC, though you can easily check an option to show them all:

image

Online-only: Files have a cloud icon and are offline until you open them:

image

Locally available:

image

Always available:

image

So what is the difference between “Locally available” and “Always available”? It really is not explained here but my assumption is that locally available files could automatically revert to online-only if there is pressure on disk space. It could catch you out, if you saw that a file was locally available and relied on that, only to find that Windows automatically reverted it without you realising.

If you right-click a file in OneDrive you can change its status or share a link. If you want to make a file online-only, you choose Free up space (I think it would be clearer if this option were called Online-only, but this is a preview so it might change).

image

How do online-only files look to applications? I ran up Visual Studio and wrote a utility that iterates through a folder and shows the file name and length:

image

You will note that the API reported the size of the file online, not on disk. This is the kind of thing that can cause issues, though if the file size were reported as zero bytes – well, that could cause issues too.

Incidentally, you can also now sort files in File Explorer by Status. I imagine the latest Windows 10 SDK will also have a way to report status so that applications can catch up.

New Office 365 OneDrive for Business sync client now supports team sites

Microsoft has announced new capabilities for its next-generation OneDrive for Business sync client – the software that lets users access OneDrive documents through Windows Explorer rather than having to go via a web browser.

Technically, there are two ways to access OneDrive with Windows Explorer. One uses WebDAV and only works online, the other makes a local copy of the documents and synchronises them when it can. Microsoft pushes users towards the second option. If you use WebDAV, repeated authentication prompts and lack of offline capabilities are annoyances that many find it hard to cope with.

Problem is that the old OneDrive for Business sync client, called Groove, is just not reliable. Every so often it stops syncing and there is often no solution other than to delete all the local copies and start again.

Microsoft is therefore replacing it with a new OneDrive for Business sync client, which has been in preview since September 2015. “The preview client adds OneDrive for Business connectivity to our proven OneDrive consumer client,” explained Microsoft, abandoning the problematic Groove.

There was a snag though. The new client did not support Team Sites, also known as SharePoint Online, but only personal OneDrive for Business cloud storage. Many businesses make more use of Team Sites than they do of the personal storage. Users with both had to run both the old and new sync clients side by side.

I was among those complaining so it is pleasing to see that Microsoft, a mere 15 months later, has met my request, by adding support for Team Sites to its new client.

image

(I had no idea until I looked today how much support the feedback had received).

Today’s announcement also includes a new standalone Mac client, which can be deployed centrally, and an enhancd UI with an Activity Center.

There are also new admin features in the Office 365 dashboard, like blocking syncing of specified file types, control over device access, and usage reporting.

There may still be some snags – and note that the new client is still a preview.

Competitors like DropBox and Box have some technical advantages, but Microsoft’s key benefit is integration with Office 365, and the fact that it comes as part of the bundle in most plans. If it can iron out the technical issues, of which sync has to date been the most annoying, it will significantly strengthen its cloud platform.

Hands on with Microsoft’s ADConnect

I’ve been trying Microsoft’s ADConnect tool, the replacement for the utility called DirSync, which synchronises on-premises Active Directory with Azure AD, the directory used by Office 365.

It is therefore a key piece in Microsoft’s hybrid cloud story.

In my case I have a small office set-up with Active Directory running on Server 2012 R2 VMs. I also have an Office 365 tenant that I use for testing Microsoft’s latest cloud stuff. I have long had a few basic questions about how the sync works so I created a small Server 2012 R2 VM on which to install it.

ADConnect can be installed on a Domain Controller, though this used to be unsupported for DirSync. However it seems to be tidier to give ADConnect its own server, and less likely to cause problems.

There are a number of pre-requisites but for me the only one that mattered was that your domain must be set up on the Office 365 tenant before you configure ADConnect. You cannot configure it using the default *.onmicrosoft.com domain.

Adding a domain to Office 365 is straightforward, provided you have access to the DNS records for the domain, and provided that the domain is not already linked to another Office 365 tenant. This last point can be problematic. For example, BT uses Office 365 to provide business email services to its customers. If you want to migrate from BT to your own Office 365, detaching the domain from BT’s tenant, to which you do not have admin access, is a hassle.

When I tried to set up my domain, I found another problem. At some point I must have signed up for a trial of Power BI, and without my realising it, this created an Office 365 tenant. I could not progress until I worked out how to get admin access to this Power BI tenant and assign my user account a different primary email address. The best way to discover such problems is to attempt to add the domain and note any error messages. And to resist the wizard’s efforts to get you to set up your domain in a different tenant to the one that you want.

That done, I ran the setup for ADConnect. If you use the Express settings, it is straightforward. It requires SQL Server, but installs its own instance of SQL Server Express LocalDB by default.

image

You enter credentials for your Office 365 tenant and for your on-premises AD, then the wizard tells you what it will do.

image

I was interested in the link on the next screen, which describes how to get all your Windows 10 domain-joined computers automatically “registered” to Azure AD, enabling smoother integration.

image

If you follow the link, and read the comments, you may be put off; I was. It involves configuring Active Directory Federation Services as well as Group Policy and looks fiddly. I suspect this is worth doing though, and hope that configuration will be more automated in due course.

The next step was to look at the outcome. One thing that is important to understand is that synced users are distinct from other Office 365 users. Imagine then that you have existing users in Office 365 and you want to match them with existing on-premises users, rather than creating new ones. This should work if ADConnect can match the primary email address. It will convert the matching Azure AD user into a synced user. Otherwise, it will just create new users, even if there are existing Azure AD users with the same names. If it goes wrong, there are ways to recover. Note that the users are not actually linked via the email address, they are linked by an attribute called an ImmutableID.

The Office 365 admin portal is fully aware of synced users and the user list shows the distinction. Users are designated as “In Cloud” or “Synced with Active Directory”.

image

Synced users cannot be deleted from the Office 365 portal. You delete them in on-premises AD and they disappear.

The next obvious issue is that if you dive in like me and just install ADConnect with Express Settings, you will get all your on-premises users and groups in Azure AD. In my case I have things like “ASP.NET Machine Account”, various IUSR* accounts, users created by various applications, and groups like “DHCP Administrators” and “Exchange Trusted Subsystem” that do not belong in Office 365.

These accounts do not do much harm; they do not consume licenses or mess up Office 365. On the other hand, they are annoying and confusing. You may also have business reasons to exclude some users from synchronization.

Fortunately, there are various ways to fine-tune, both before and after initial synchronization. You can read about it here. This document also states:

With filtering, you can control which objects should appear in Azure AD from your on-premises directory. The default configuration takes all objects in all domains in the configured forests. In general, this is the recommended configuration.

I find this puzzling, in that I cannot see the benefit in having irrelevant service accounts and groups synced to Office 365 – though it is not entirely obvious what is safe to exclude.

I went back to the ADConnect tool and reconfigured, using the Domain and OU filtering option. This time, I selected what seems to be a minimal configuration.

image

The excluded objects are meant to be deleted from Office 365, but so far they have not. I am not sure if this will fix itself. (Update: it did, though I also re-ran a full initial sync to help it along). If not, you can temporarily disable sync, manually delete them in the Office 365 portal, then re-enable sync.

What if you want to exclude a specific user? I used the steps described to create a DoNotSync filter based on setting extensionAttribute15. You use the ADConnect Synchrhonization Rules Editor to create the rule, then set the attribute using ADSIEdit or your favourite tool. This worked, and the user I marked disappeared from Office 365 on the next sync.

image

Incidentally, you can trigger an immediate sync using this PowerShell command:

Start-ADSyncSyncCycle -PolicyType Delta

Complications

Setting up ADConnect does introduce complexity into Office 365. You can no longer do everything through the portal. It is not only deletion that does not work. When I tried to set up a mailbox in Office 365 I hit this message:

image

“This user’s on-premises mailbox hasn’t been migrated to Exchange Online. The Exchange Online mailbox will be available after migration is completed.”

I can see the logic behind this, but there might be cases where you want a new empty mailbox; I am sure there is a way around it, but now there is more to go wrong.

Update: there is a rather important lesson hiding here. If you have are running Exchange on-premises and want to end up on Office 365 with ADConnect, you must take care about the order of events. Once ADConnect is running, you cannot do a cutover migration of Exchange, only a hybrid migration. If you don’t want hybrid (which adds complexity), then do the cutover migration first. Convert the on-premise mailboxes to mail-enabled users. Then run ADConnect, which will match the users based on the primary email address.

It is also obvious that ADConnect is designed for large organisations and for administrators who know their way around Active Directory. There is a simplified sync tool in Windows Server Essentials, though I have not used it. It would be good though to see something between Essentials and the complexity of ADConnect. For example, I had imagined that there might be a mapping tool that would let you see how ADConnect intends to match on-premises users with Office 365 users and let you amend and exclude users with a few clicks.

Microsoft has been working on this stuff for some time and is not done yet. In preview for example is Group Writeback, which lets you sync Office 365 groups back to on-premises AD.

image

Maybe Microsoft might also consider using different icons for the various ADConnect utilities as they do look a bit silly if you pin them to the taskbar:

image

The tools are:

  • Azure ADConnect (Wizard)
  • Synchronization Rules Editor (advanced filtering)
  • Synchronization Service WebService Connector Config (SOAP stuff)
  • Synchronization Service Key Management (what it says)

On the plus side, I have not hit any mysterious Active Directory errors and it has all worked without having to set up certificates, reverse proxies, special DNS entries (other than the standard ones for Office 365), or anything too fiddly, though note that I avoided ADFS and automatic Windows 10 registration.

Final thoughts

If you need to implement this, you will find doing what I did and trying it out on a test domain is worth it. There seem to be quite a few pitfalls, and as ever, it is easier to get it right at the start rather than trying to fix things up afterwards.