Office 365 Sign in and Access Panel Page Branding

Office 365 Sign in and Access Panel Page Branding

Office 365 sign in and access panel page branding is a premium feature which gives the ability to apply consistent look and feel across all the websites. With Azure Active Directory, you can now customize the Office 365 sign in and access panel page branding across the organization. Office 365 Sign in and Access Panel Page branding requires Azure AD Basic license. Apart from company branding we do have many other features that are available with Azure Active Directory but the focus of this post will be around company branding. Below table shows different editions of Azure Active Directory and the features available in each edition. You can review all the features available with each edition of Azure Active Directory in more detail on TechNet.

 

Office 365 Sign in and Access Panel Page Branding

 Company branding is a feature that is available only if you upgraded to the Premium or Basic edition of Azure Active Directory. Azure AD Premium is not currently supported in China.

Following attributes can be customized for your company branding purpose.

  • Banner logo
  • Tile Logo
  • Sign in page text
  • Sign in page username label
  • Background color
  • Page Illustration

More details on customizable attributes can be found on TechNet. User will see a branded sign in page when they visit a tenant-specific URL such as https://outlook.com/domain.com, or https://mail.domain.com assuming that you’ve created a CNAME record for mail.domain.com pointing to your tenant.

If a user visit a service with non-tenant specific URLs (such as https://portal.office.com or https://mail.office365.com) he/she will see a non-branded sign in page. The sign in page will refresh to show your branding once users have entered their user ID or selected a user tile.

Access and Login Page Customization

The Access Panel is a web-based portal that allows an end user with account in an Azure AD directory to view and launch cloud-based applications to which he/she has been granted access by the Azure AD administrator. The Access Panel is accessible to all users in your organization at myapps.microsoft.com.

Sign in or Login page is where users are redirected when they are signing in to Office 365 or other web-based and modern applications that use Azure AD as your identity provider.  To customize access and login page, follow the steps mentioned below.

  • Go to Azure Active Directory –> Configure and Click on Customize Branding

Customizing Access Panel

  • Select branding for specific language and choose the language and click next. In my case, I’ve selected English language.

Access Panel Customization

  • Edit the fields for which you want to configure language-specific overrides. Please note that all fields are optional. If a field is left blank, then the custom default value will be displayed instead.

Company Branding

  • Click finish to save the configuration.

To verify the customized Sign in and access panel page, please go to https://outlook.com/domain.com, or https://mail.domain.com.

 

Moving to Exchange Online Session — Microsoft Innovation Center Lahore

Join me for detailed session about planning your migration to Exchange Online in Office 365. This session will cover planning your migration to office 365, how to decide what type of migration best fits to your requirements, best practices for during and after your migration, and some of the common mistakes organizations make on their road to Office 365.

Event Details

Agenda:

  • Why Exchange Online
  • Exchange Online Migration Options
  • IMAP Migration
  • Cutover Migration
  • Stagged Migration
  • Remote Migration
  • Pros & Cons of Migration options
  • Choose Best Migration Option

Date:

9th June, 2015 (Tuesday)

Venue:

MIC Lahore, Office: 1, Level: 5, Arfa Software Technology Park Ferozepur Road Lahore.

Time:

11:30 AM to 2:00 PM

Registration

For Registration: kindly register here

P.S. We have got limited seats so the registration would be on first come first serve basis.

Kindly bring your original CNIC with you for ASTP security clearance.

For Queries – Please Contact

MIC Lahore: 042-35972044-6

 

Single Sign on with Office 365

Single Sign on with Office 365

Single Sign on with office 365 is mostly used by organization to provide seamless experience to their end users. This article will help you setting up Single Sign on with office 365 using ADFS 3.0. Before we start setting up Single Sign on with office 365 using ADFS 3.0, let’s review few important per-requisites for SSO.

You can also download the complete guide on Setting up Single Sign on with office 365 from Technet

  1. You need internet route-able domain name to setup SSO. e.g. contoso.com, mstechtalk.com etc
  2. SSL Certificate from public certificate authorities like GoDaddy
  3. Office 365 global admin permission
  4. Service account for ADFS 3.0
  5. Web Application Proxy
  6. AAD Sync tool to synchronize identities with Office 365

If you have a internal domain name which is not routeable to the internet then you will have to add a custom UPN suffix that matches external name space. You can add UPN Suffix to your forest by following the instructions provided on Microsoft Knowledge Base.

Lab Details

Currently i’ve the following infrastructure in my lab for setting up Single Sign on with Office 365.

  • 2 x Windows Server 2012 R2 Domain controller (Domain Name: enpointelab.net)
  • 1 x Azure AD Sync tool
  • 1 x Windows 2012 R2 servers for ADFS 3.0 in production zone
  • 1 x windows 2012 R2 servers in DMZ for Web Application Proxy

Let’s get started with the lab and setup Single Sign on with office 365.

Activate Single Sign on

Before we start installing ADFS 3.0, we need to first enable Single Sign on in office 365. To activate single sign on in office 365 follow the steps as shown below.

****Before we start this step i assume you’ve already setup your office 365 tenant and configured your custom domain in office 365******

To activate Single Sign on, Go to Office 365 portal –> Active Users –> Click on Set Up as shown below

Single Sign on with office 365 Single Sign on with Office 365

Once you’re done with your planning & preparation for single sign on, move on to 2nd Step and deploy your ADFS servers.

Create SSL Certificate Request for AD FS 3.0

Before we start installing and configuring AD FS 3.0 for Single Sign on, Let’s first create the SSL certificate request to procure a SSL certificate from public authority like GoDaddy.

****I’ve procured my SSL certificate from GoDaddy for this lab****

To create a SSL certificate request, Go to MMC Console

1

Click on Add/Remove Snap-in and Select Certificate and click on Add button

 

2

Select Computer Account and click next

3

Right click on Personal –> All Tasks –> Advanced Options –> Create Custom Request

4

Certificate enrollment wizard will start, click on Next

5

Click Next

6

Click Next

7

Click Next8

Click on Details9

Click on Properties10

Enter friendly name of your certificate.  Click Subject Tab

12

From the drop down menu, select Common name and provide the value and click on Add button

13

Click on Private key tab14

Select Key Size and checkbox for “Make Private Key exportable” and click on Apply and hit OK.

15

Click Next

16

Click Finish. Copy the request file and provide to your SSL certificate provider and procure the certificate. Once procured, complete the certificate request.

Import SSL Certificate

Once you got the certificate from public DNS provider. Go to mmc –> Add/Remove Snap-in –> Certificate –> Computer Certificate –>

Personal –> Right click –> All Tasks –> Import

1

2

3

4

5

6

Installing AD FS 3.0

To install AD FS 3.0, Go to Server Manager –> Add roles and Features

3

4

5

6

7

7

1

2

3

4

We’re done with the installation of our first ADFS 3.0 server.

Configure AD FS 3.0

As we’re done with the installation of AD FS 3.0 on first server, lets follow the steps to configure AD FS 3.0

Go to server Manager –> Click Configure the Federation Service on this Server

1

2

3

4

5

6

We’re using Windows Internal Database for AD FS deployment, WID can support up to 5 AD FS servers in AD FS server farm and use SQL Express 2012 with a limitation of 10 GB database size.

7

8

9

10

Your ADFS 3.0 server is installed and configured now. To test your ADFS deployment, please go to https://fs.mydomain.com/adfs/ls/IdpInitiatedSignon.aspx. I’ve created “A” record in my DNS for “FS” pointing to ADFS server. After installing the 2nd ADFS server, I’ll add that server to my load balancer as well.

1 Read more

New Office 365 Import Service

Office 365 Import Service

Office 365 Import Service !!

Manual migration of PST file to Exchange Online mailbox has always been a challenging task. Couple of years ago Microsoft released the PST Capture Tool which makes process bit easier and allowed you to organize all of your PST files to one location and then upload the content directly to exchange online. No matter how you cut it, moving dozens or hundreds of GB across your Internet connection is always a costly and lengthy process and you always have user concerns when their data will be available to them in Exchange online mailbox. Many of the customers and partners approached Microsoft asking for help with migrations that could easily take multiple years to complete, because of the time required to move data across the wire. But finally ! Microsoft announce the public preview of the new Office 365 Import Service, which provides two new options for speeding up the process of importing PST files into Exchange Online mailboxes.

  • Option 1: For smaller sets of data, we are enabling network uploads of PST files to Microsoft servers, which we then import into Exchange Online mailboxes.
  • Option 2: For larger datasets, you can copy PST archive files onto hard drives and mail them directly to Microsoft data centers. Once we receive the drives, we copy the PST files to internal servers and then import the mail into Exchange Online mailboxes.

Both of these options will use Microsoft data center network which is obviously much much faster and reliable then our data center network to dump the data to user exchange online mailbox.

Currently 3.5 inch SATA II/III hard drives are supported by the PST Import service. Hard drives larger than 4 TB are not supported.

Requirements for Office 365 Import Service

To use Office 365 import services, we need to fulfill the following requirements.

  • User performing the job in Office 365 Portal must have “Mailbox Import Export” Role assigned in Exchange Admin Center.
  • All data stored on HDD must be encrypted using BitLocker encryption.
  • A carrier account with FedEx or DHL.
  • PST to user mapping file
  • NTFS formatted data volumes

Office 365 Email Archive migration

 

More details of Office 365 Import tool can be found on TechNet.

First look at new Exchange Server 2016 !!!

Exchange Server 2016

Let’s Meet Exchange Server 2016

Ignite 2015, Microsoft has announced the new version of on prem Exchange server i.e. Exchange 2016. It’s time to have a first look at new Exchange Server 2016 and few enhancement in upcoming Exchange 2016.

  1. Server Role Consolidation
  2. Office Web App Server
  3. DAG without administrative access point
  4. ReFS file system for Exchange 2016. ReFS was first introduced with Windows Server 2012

Details on Resilient File System can be found on Technet.

Exchange Server 2016 Ignite Video

More information on Exchange 2016 is in below video.

[iframe src=”//channel9.msdn.com/Events/Ignite/2015/FND2204/player” width=”960″ height=”540″ allowFullScreen frameBorder=”0″]

1 2