Office365

Office 365 Offline Installer

A office 365 offline installer is a nice thing to have.
Nice for the customer that might have a slow internet connection on the one hand.
And on the other hand nice to have included in a base image that you can roll out to new devices.

I want to give you a short rundown on how to create one.
Download the Office Deployment Tool.

Then go to config.office.com and create a configuration XML.
You can define settings like the installed office language, license, processor architecture etc.

Once you have turned all the switches and knobs the way you want then, you can export this into a XML file.

Start a CMD and run the setup.exe (Office Deployment Tool) with the parameter /download <Path to the XML file>.

This will download a Folder "Office" to the location of the Setup.exe
Copy that folder and the setup.exe into the same folder on the target machine and run the setup.exe with the parameter /configure <Path to the XML file>.

This will start a offline Office installation.

Cheers,
Ori

by Ori

Export AzureAD data via Powershell

This article describes how you can export data from AzureAD using the PowerShell.

At first you have to connect your PowerShell with an AzureAD.
To do this we use the connect-azuread commandlet.

This generates a pop-up asking for login credentials.
Use an account that has access to the information you want to export.

Afterwards you should see a line like this.

Getting data

The following Microsoft page provides a good overview of AzureAD related PowerShell commandlets.
https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0

We use get-azureaddevice to get a list of device objects in this domain.

As you can see the devices have the related information ObjectID, DeviceID and a DisplayName.
These are the values get-azureaddevicedisplays by default but there are way more.
We get an overview of all available values if we take a random device (-objectid) and pipe the output to format list (fl).

In this example I am interested in the values of DisplayName, ObjectId, ObjectType und ApproximateLastLogonTimeStamp.

We can now explicitly list these in a desired order.
get-azureaddevice | select DisplayName, ObjectId, ObjectType, ApproximateLastLogonTimeStamp

Exporting the data

For better visibility you can export this data to a CSV file.
To do this we pipe STDOUT to the export-csv commandlet and provide a local storage path.

In this case the command looks like this:
get-azureaddevice | select DisplayName, ObjectId, ObjectType, ApproximateLastLogonTimeStamp | export-csv C:\temp\foo.csv

Now we can open this exported CSV with excel for example.
Just go to File > From Text / CSV.

In the following dialogue we define that the values presented are comma seperated and confirm with load.

This way you can easily sort alphabeticly and provide the output to a customer.

Cheers,
Ori

by Ori

Enable Multi Factor Authentication

In this article I want to show how you can add another layer of security to the O365 login by enabaling multi factor authentication (MFA).
We have to start by looking at the different options of MFA the microsoft portal offers.

• Multi-Factor Authentication for Office 365 - free
• Multi-Factor Authentication für Azure AD-Administratoren - free
• Azure Multi-Factor Authentication - extra license

This article covers the free MFA for Office 365.
It can only be used by accounts with an aktive O365 license.

Preparation

The changes you are about to enable will impact the way people use thier account.
Think about how you communicate this and when to roll it out.

At first you should think about what your second factor is going to be.
In the free version it coud be one of the following:

• A call to your phone number providing a code
• An SMS to your phone number providing a code
• An App you use to scan a QR code on the screen

In this example I will be using the SMS as the second factor.

In addition the the code that is beeing sent via SMS, the user will be asked to generate a so-called "app-password" when configuring 2FA.
This is needed to bypass 2fa when using the local office apps running on the users machine. (Outook for example)

Setup in the O365 portal

At first you login with an administrative account to the O365 admin panel.

Here you select User > Active Users > More > Setup Azure multi factor authentication.

This will open a new tab in wich you can handle the MFA settings of every O365 user.
Search for an account, select it and click enable on the right hand side.

You will have to confirm that you really want to enable MFA for this account and microsoft provides a usefull link that lets users edit thier provided phone number.
https://aka.ms/MFASetup

After you have confirmed, the users MFA status should be enforced.

Login as a user

Wenn you are logging in as a user to office.com, after MFA has been enabled, werdet Ihr aufgefordert die MFA einzurichten.

Following the Setup now link you get to a configuration page where you can enter you phone number.

Once you get the code via SMS...

... you can verify your account for MFA.

Finally you will be displayed an App-Password, that is needed for the Office Apps.
The user (or person setting up the mfa) whould write this down or copy it somewhere.

Configuration of the Office-Apps

When you start the Outlook client after setting up MFA, you will be asked for a username and password.

Username: user@domain
Password: App-Password

This password is effectivley bypassing 2FA since otherwise you would have to enter a code every time outlook is pulling new mails.

Cheers,
Ori

by Ori

Office 365 Admin Panel

You manage Office 365 using the O365 Admin Panel or Admin "App".
When you login unsing an administrative account you will find an App called Admin.

You can could also click on the nine dots on the upper left hand side of the startpage and select the app.

When you start the app you will find a navigation bar on the left hand screen that is currently set to home.
To better understand the structure of the menu and the handeling of users you have to think of how the licensing model works.

On the users section you can generate user logins.
Licenses get booked and bound to the users account, that defines what apps the user can use.
User get sorted into groups, that defines what resources and privileges the user can access inside of an app.

The onboarding of a new user looks like this:

• Buying of a monthley subcription e.g. rase the overall ammount of payed subcriptions
• Adding a new user
• Apply the license to the user
• Adding the user to the appropriate groups

Cheers,
Ori

by Ori

Office 365

In this article I will try to explain what O365 is and how it can be used.
With Office 365 Microsoft is providing the office.com platform that allows using the office suite in the browser or as an installed app and allowes the integration of third party products.

Another big difference to the previous office versions is licensing.
You do not buy and own the software anymore, you rather rent them for a monthly price.
The subscription fee is depending on what apps you want to use.

Depending on the license type you also get an Exchange Online License with a 50GB inbox with your subscription.
While it is hard to justify renting the office suite when it comes down to numbers, this is a real game changer.
No on-prem Exchange Server means no need for updates, maintenance and migrations (e.g. money and downtime).

The same goes for Azure Active-Directory that might replace an on-prem DC.

I wont comment on data privacy regarding the 1TB OneDrive Cloudstorage comming with the lincese.

The O365 wikipedia page provides quite a good overview.

The O365 Products

Main Online- oder Desktop Apps:

• Word
• Excel
• PowerPoint
• OneNote
• Outlook

Other Products are:

• Publisher
• Access
• OneDrive
• Skype for Business
• OneNote
• SharePoint
• Flow
• Tasks (Oultlook Desktop App integrated)
• Calendar (Oultlook Desktop App integrated)
• Dynamics 365 (ERP and CRM tool)
• Forms (Umfrage, Fragebögen, Anforderungsformulare)

Also you have acces to third party apps using the store.

Cheers,
Ori

by Ori