Category: BPOS/Office 365


Installing and Configuring Rights Management Services (RMS) for Office 365 Preview

Rights Management can be used to safeguard sensitive information created using Office applications such as email or other memos or correspondence that requires confidential treatment. Rights are assigned to content when it is published and the content is distributed in an encrypted form that provides persistent protection wherever the content travels. Rights that can be assigned include the ability to allow or deny viewing, printing, copying of messages or documents as needed using template-based assignment.

Enabling services with Exchange Online

  1. Install Windows PowerShell for Rights Management (http://technet.microsoft.com/en-us/library/jj585012.aspx)
  2. Connect to your Exchange Online account using Windows PowerShell (per http://technet.microsoft.com/en-us/library/jj585001.aspx): Enable-OrganizationCustomization
  3. If you’re located in North America, run the following command to set the key sharing URL: Set-IRMConfiguration –RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”
  4. Run the following command to import the trusted publishing domain (TPD): Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
  5. To support OWA functionality, change the IRM configuration in PowerShell for internal licensing: Set-IRMConfiguration –InternalLicensingEnabled $true
  6. Test the configuration by running the following command: Test-IRMConfiguration -RMSOnline

Office Integration with Rights Management

When creating or consuming information rights management (IRM) protected content, updates may be required.  The requirements for each version of Office can be found here: http://technet.microsoft.com/en-us/library/jj585031.aspx

If these updates are not applied, you will not be able to download the templates.

Using RMS with Outlook

If the templates are installed, you can now select templates to use on an individual email (only for users within your Organization, or with users that have an Office 365 login)

Now when the email is sent with the proper template applied,                                                  
the receiver is unable to manipulate the message per the template:

Find complete details on information protection with Office 365 here: http://blogs.technet.com/b/rhalbheer/archive/2012/09/27/paper-information-protection-and-control-ipc-in-office-365-preview-with-windows-azure-ad-rights-management.aspx

Update: Another blog has just been released in regards to this technology: http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=1048

Data Loss Prevention templates are offered in the upcoming 2013 version of Office 365 and, while these sound great, there isn’t a lot of detail on what rules are put in to place when these templates are implemented. I have gone through each of the US-based templates (there are many other nation’s laws accounted for, as well) and built a table showing the content. If you’re considering deploying one of these DLP policies, review the rules to determine if it meets your needs, or if additional rules are required. Remember, just because you choose to deploy a DLP policy does not mean you’re restricted to only those rules the policy provides!

 

Template If the message… Do the following…
U.S. Federal Trade Commission (FTC) Consumer   Rules (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘ABA Routing Number’
  3. (High count) Is sent to        ‘Outside the organization’ and the message contains these sensitive information types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or        ‘ABA Routing Number’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. Financial Data (15.0.3.2)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘ABA Routing Number’
  3. (High count) Is sent to        ‘Outside the organization’ and the message contains these sensitive information types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or        ‘ABA Routing Number’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. Gramm-Leach Biley Act (GLBA)   (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’
  3. (High count) Is sent to        ‘Outside the organization’ and the message contains these sensitive information types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ’U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. Health Insurance Act (HIPAA)   (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘U.S. Social Security Number (SSN)’ or ‘Drug Enforcement Agency        (DEA) Number’
  3. (High count) Is sent to ‘Outside the organization’ and the message contains these sensitive information types: ‘U.S. Social Security Number (SSN)’ or ‘Drug Enforcement Agency (DEA) Number’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. Patriot Act (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’
  3. (High count) Is sent to ‘Outside the organization’ and the message contains these sensitive information types: ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. Personally Identifiable   Information (PII) Data (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S.        Social Security Number (SSN)’ or ‘U.S. / U.K. Passport Number’
  3. (High count) Is sent to        ‘Outside the organization’ and the message contains these sensitive information types: ‘U.S. Individual Taxpayer Identification Number        (ITIN)’ or ‘U.S. Social Security Number (SSN)’ or ‘U.S. / U.K. Passport Number’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ’X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. State Breach Notification Laws   (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the   organization’ and the message contains these sensitive information types:   ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘U.S. Driver’s License Number’ or ‘U.S. Social Security Number (SSN)’
  3. (High count) Is sent to ‘Outside the organization’ and the message contains these sensitive information types:   ‘Credit Card Number’ or ‘U.S. Bank Account Number’ or ‘U.S. Driver’s License Number’ or ‘U.S. Social Security Number (SSN)’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ‘X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to        ‘Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status        code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’
U.S. State Social Security Number   Confidentiality Laws (15.0.3.0)
  1. Includes these patterns in the message subject: ‘override’
  2. (Low count) Is sent to ‘Outside the organization’ and the message contains these sensitive information        types: ‘U.S. Social Security Number (SSN)’
  3. (High count) Is sent to        ‘Outside the organization’ and the message contains these sensitive information types: ‘U.S. Social Security Number (SSN)’
  4. Includes an attachment that cannot be fully processed due to text extraction or other limits
  5. Includes an attachment with content that can’t be inspected
  1. Set message header ’X-Ms-Exchange-Organization-Dlp-SenderOverrideJustification’ with the value ‘TransportRule override’
  2. Set audit severity level to ’Medium’ and notify the sender that the message violates a DLP policy, but send the message
  3. Set audit severity level to        ‘High’ and notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the        explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status code ’5.7.1′
  4. Set audit severity level to        ‘High’
  5. Set audit severity level to        ‘Medium’

 

 

Now that the Office 365 Preview site is up for those that want to see what the new wave of Office 365 looks like, I am taking the opportunity to provide a high level preview for those that are interested.  This is by no means an in-depth look at any new features (those will be next), but rather a bird’s eye view of things to get excited about.  The screen prints below are rather small, but you can click on them to expand to a larger size.

For those that have taken part in the Office 2013 preview (http://www.microsoft.com/office/preview/en), the new Office 365 environment will offer many similarities.  Obviously all the Microsoft teams are working together on the upcoming wave of software/services rollouts to ensure a consistent look and feel.

Additionally, the often annoying characteristic of multiple windows popping up when navigating the Office 365 portal has been changed to a more streamlined single-window pane.  You can see below that the majority of the administration options are presented in the same location, with the selected user’s data displaying off to the right.

Of course, a separate window still pops up for editing the user, but I like the more neutral tones and classier fonts:

Ok, enough of the “look and feel” you say, and on to the new stuff!  Well, in case you didn’t see it in the earlier screen print, Office 365 is now supporting Public Folders! (That’s right…despite years of being told they would go away at some point even for Exchange on-premises…).  Now you will be able to create Public Folder Mailboxes and populate them with Public Folders:

Data Loss Prevention templates are now available to actively monitor all email for sensitive content and enforce protection requirements.  A subset of the templates are seen here:

As has been Microsoft’s tendency, they have again added even more functionality in to the GUI, rather than leaving admins as dependent on PowerShell as they were in previous versions.  For example, you can now create Equipment mailboxes straight from the GUI:

Lync Online provides more customization, and includes more GUI access to their newly available Lync Online Plan 3 (Lync to Phone).  Additionally, Meeting Invitation customization is now available:

Although SharePoint isn’t my forté, it’s clear to see that a change has been made here as well:

Above and beyond the Office 2013 download being available, Office 365 now also includes SharePoint Designer 2013 as well:

The whole experience is very exciting, as Microsoft continues to rapidly grow their Office 365 offerings while staying competitively priced in the market.  I’m anxious to see what the final product will look like!

In order to manage Office 365 via Remote PowerShell, there are a number of commands required.  For anyone finding themselves jumping in and out of a remote powershell session, or moving between multiple tenants, continuously going through the authentication commands can be tedious. Upon opening a standard PowerShell command prompt via Windows 7, the following commands are run to authenticate:

$cred = get-credential

$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection

$importresults = Import-PSSession $s

import-module msonline

Rather than typing this in to a PowerShell command prompt every time I want to connect, I instead added all of these commands in Notepad and saved the file as a .ps1.  Additionally, I’ve set my Execution Policy to allow unrestricted scripts (set-executionpolicy unrestricted).  Now, when I want to connect, all I have to do is drag and drop my MSOnline.ps1 file in to PowerShell, fill in the appropriate Office 365 administrator credentials, and I’m logged in and ready to go.

 

 

 

 

Much easier!

When I work with clients on Exchange upgrades/migrations, I go through a standard list of questions to get their current state environment.  These questions are important in terms of appropriately sizing a messaging environment, and very often the clients end up estimating numbers because they don’t have any empirical data to work with.  Enter Quest and their MessageStats software.

MessageStats aggregates Exchange data and provides easy to use reports at the click of a button.  A few of the reports available can be seen in the Report List image.  Many of the current state assessment questions can be easily answered with these stock reports.  Want to know average message size or how many messages are sent/received per day?  One click.  Want to know top senders and/or receivers?  I can provide a graph and specific details easily.

 

 

 

 

 

 

 

Above and beyond the stock reports is the ability to create my own meaningful reports for “at a glance” environment reporting and even provide some internal numbers to allow for financial assessments.  For a per-mailbox cost, this tool pays for itself in the amount of effort it saves (and how good it makes me look when management asks questions about Exchange).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I recommend this tool to every client I work with, and offer to set up the free 90-day demo environment to show them how it is effective and easy to use.  It can be used for Exchange 2007/2010 and/or Exchange Online (Office 365).  There are additional reporting packs not only for OWA, but also for OCS 2007/Lync 2010 and a variety of other Exchange-integrated applications.  Project Leadership Associates is a Quest partner and can assist with not only MessageStats deployments, but also any of their other tools used for managing a messaging solution.

http://www.quest.com/messagestats/

 

 

During my client interactions, a couple of recurring confusions continue to plague the decision making process to move to Office 365.  I wanted to take a moment to document them for other to get some fast answers.

1. Directory Synchronization is Required for Single Sign-On with Office 365.

The two main components of SSO with Office 365 are Directory Synchronization and Active Directory Federation Services 2.0 (ADFS 2.0).  They are both necessary for a client to log on to Office 365 using their current Active Directory credentials.  The key road block for some clients is that Directory Synchronization synchronizes the entire directory; all users, all groups.  Yes, there are ways around this; no, they are not supported by Microsoft.  Additionally, Directory Synchronization is limited to a single AD Forest at this time.  Future functionality may provide solutions to these two concerns, but they are facts that have to be communicated today.

2. Lync Federation is Not the Same as Active Directory Federation Services.

Lync Federation is  the ability to IM other companies that also use Lync Online or Lync on-premises, as well as see Presence and limited status information (depending on the configuration settings).  This is not SSO.

3. Exchange Federation is (also) Not the Same as Active Directory Federation Services.

Exchange Federation allows Exchange Online and Exchange 2010 environments to share Calendaring information, depending on configuration settings.  This is not the same as SSO.

3. Lync On-Premise and Lync Online Cannot Share the Same SIP Domain

At this time, Lync On-Premise and Lync Online cannot share the same SIP domain.  In order to have coexistence between the two within a single organization, two separate SIP domains and Lync Federation between those domains needs to be configured.  This will likely change in the future.

4. ADFS 1.0 is Not Used for Office 365

ADFS 1.0 is the version available in Windows Server 2008 within the Roles configuration settings.  This will not work for Office 365 federation configuration.  ADFS 2.0 is a separate download that will need to be installed.

Hopefully these points will help clear up any confusion during your planning process and allow you to focus on the other hurdles that come along with any migration effort.

What other deployment confusion have you seen in the field?  I’m always ready to learn from someone else’s hard work…

Active Directory Synchronization in Office 365 differed from BPOS in a major way in that once it was activated, you could not turn it off – until now… (trying to make the topic as exciting as possible)

Keep in mind that if you choose to deactivate AD Synchronization in Office 365 it can take up to 72 hours to complete, during which time no synchronization from the existing environment would occur (obviously) but also you cannot immediately configure synchronization to another environment until this is completed.

 

 

While waiting for DirSync to finish for the first time at a client site, we received the following email (partially edited for confidentiality):

Hello <user>,

See Directory
Synchronization errors
for more information about the errors listed in this
email message.

The Directory Synchronization batch run was
completed on Tuesday, 03 January 2012 23:54:02 GMT for tenant <client>, Inc..

The following errors occurred during synchronization:

Synchronization has been stopped. The company has
exceeded the number of objects that can be synchronized. Contact Technical
Support and ask for an increase in your company’s quota..

Tracking ID: cb441337-5739-4d70-9b2e-4f10d87598a0

_____________________________________________________

Directory Synchronization has a 20,000 object limit (or 10,000 for tenants created before Oct. 5, 2011); that may seem like a lot, but remember you do not get to control with the application synchronizes.  DirSync will grab every user, contact and group.  Luckily the way around this is simply to request a quota increase from the MSO support team.  Keep this in mind during design sessions and it can save you a time-consuming hurdle during implementation.

More information on identifying and resolving the problem can be found here: http://support.microsoft.com/kb/2459803

As promised, Microsoft continues to roll out new and improved functionality in Office 365 as it is available.  The following updates summarize what is planned for December (through April, technically).  The link at the end will show you all the updates rolled out since Office 365 was officially released.

 

Exchange Hybrid Configuration Wizard* (Not available for Professional and Small Business users)
This new wizard will help streamline the hybrid deployment process by simplifying the configuration of Exchange Online features and services, including calendar and free/busy information sharing, mailbox moves, secure mail flow and Exchange Online Archiving.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:
To lean more, refer to the EHLO Blog Released: Exchange Server 2010 SP2

For more detail on the Exchange Hybrid Configuration Wizard, refer to TechNet What’s New in Exchange 2010 SP2

 

 

Exchange enhancements to email migrations*
Two new enhancements to migration features will bring greater efficiency to email migrations.
1.  Enhanced Management Capabilities: The new Exchange Online migration dashboard helps to improve administrative efficiency during a cutover Exchange migration, a staged Exchange migration, or an IMAP migration. Tenant administrators can schedule multiple migration batches, obtain migration status information for migration batches, view per user details, and see skipped items. Improved reporting and diagnostics tools also improve the troubleshooting experience.
2.  Number of Concurrent Migrations: Administrators can now use Exchange Management Shell to increase the value for a migration batch to as high as 50.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

For more detail on email migrations, refer to the Help article E-Mail Migration Overview

 

 

Exchange enhancements to multi-mailbox search* (Not available for Professional and Small Business users)
Users can now launch a separate window to preview message hits and statistics for each query. Search performance has also been improved with reduced impact of retried query failures, as well as enhancements to scalability and availability.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

 

Additional Information:
To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

For more detail on multi-mailbox search, refer to the Help article Multi-Mailbox Searches

 

 

Exchange retention policy and tag management*

We have improved the mailbox retention settings so it is easier to manage user mailboxes in an organization. Users can now use the mail control settings in Exchange Control Panel to create and manage retention tags and policies.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update
For more detail on retention policies, refer to the Help article Set Up and Manage Retention Policies in Exchange Online

 

 

Exchange group naming policy*

Administrators can now standardize and manage the names of distribution groups—also known as public groups—created by users in their organization. They can require that a specific prefix and suffix be added to names for distribution groups when created, and block specific words from being used. This feature helps to minimize the use of inappropriate words in group names.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update
For more detail on setting up a group naming policy, refer to the Help article Create a Naming Policy for Distribution Groups

 

 

Exchange high availability architecture enhancements*  (Not available for Professional and Small Business users)
We have extended the high availability architecture for Exchange Online across additional sites to provide greater resilience in the event of network failures. Administrators and end users may notice changes to server names in URLs and in protocol settings, although bookmarks for Outlook Web App should not be affected. The connection for client applications and devices, including those configured to connect directly to server addresses, will automatically redirect when the mailbox is migrated to the latest software. A very small percentage of mobile devices are not 100% compliant and may have to be reconfigured to connect to a changed pod address.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

 

Additional Information:

Refer to the Help article Mobile Phone Setup Wizard for connection procedures

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

 

Outlook Web App in Internet Explorer 9 App Mode*
Outlook Web App can now be pinned to the task bar using Internet Explorer 9 App Mode. This feature gives users the ability to launch Outlook Web App with one click and run it with fewer distractions because it is separated from other browsing sessions. It also keeps users informed of incoming email and IM when minimized or hidden, and offers quick access to common Outlook Web App commands from the taskbar.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

 

Sender photos in Outlook Web App*
Users can now match faces to names in their organization with photos displayed next to sender information in emails. The display of photos is enabled by default, but administrators can modify the settings of Outlook Web App mailbox policy to disable this feature.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

User Name Self-Update for Admins
Admin users now have the ability to update their own alias after adding a domain. Previously, Admins required another Admin user to make this change or they needed to create one in the case of a single-user account. To complete this task, sign in to Office 365 and go to the user management experience. Selects your username and click edit.  In the edit experience, you can change your username from yourname@yourcompany.onmicrosoft.com to yourname@yourcompany.com.  Once you have clicked save, you will need to sign out and sign back in to complete the change.

 

Microsoft Online Services ID moniker changing to user ID
We have changed text in the product and in the sign-up pages from “Microsoft Online Services ID” (MOS ID) to “user ID” to reduce confusion around what the MOS ID is.

See all the Office 365 changes implemented here: http://community.office365.com/en-us/w/office_365_service_updates/service-updates-for-office-365-for-enterprises.aspx

 

Microsoft Enterprise Agreements (EAs) are required to be tied to a single tenant. Businesses with an EA in place need to keep this in mind when establishing an Office 365 tenant – especially if they have separate business units that make use of the EA discounts. It’s easy to let independent organizations under an umbrella corporate take advantage of discounts in Microsoft Office, Windows or Server software, but it is impossible (at this time) to establish multiple tenants under the same EA. Once the EA is tied to a tenant, any other subscribers will need to subscribe from the portal and pay the portal prices.

UPDATED: Microsoft now allows for multi-tenant support until a single EA.  The owner of the EA must agree to allow the additional tenants and sign an addendum to their contract, but the capability now exists.