Monday, May 9, 2011

Office365 - Step by step

- Apply online for Office365 Beta for Enterprises at http://g.microsoftonline.com/0BXPS00EN/1130?OfferId=B07A1127-DE83-4a6d-9F85-2C104BDAE8B4&dl=ENTERPRISEPACK&culture=en-us&Country=US, fill in your data and you are ready to go in a few minutes.

- Logon to https://login.microsoftonline.com/ with your new admin account



Info: If you have only one admin and you lost the password you can request for password reset at https://portal.microsoftonline.com/Support/NewSignupServiceRequest.aspx


- add your real domain name to Office365. You must have access to the DNS settings of your domain. That is the way how Office365 checks your domain ownership. It can take a while till your new DNS settings are published and replicated to all internet DNS servers. Microsoft says it can take up to 72 hours before the update is propagated properly. In our case it was 24h, others were ready in 15 minutes.

- NEXT: Configure Single Sign-On with AD Federation Services
Note: Run this from your AD FS Server
Go and download the Powershell Online Services to this machine needs internet access.

Microsoft Online Services Sign-In Assistent
http://office.microsoft.com/en-us/word-help/redir/XT102098593.aspx?CTT=5&origin=HA102065466


Microsoft Online Services Module for Windows PowerShell
http://g.microsoftonline.com/0BD00en-US/126
 
After you have installed both packages run "Microsoft Online Services Module for Windows PowerShell" from Start Menu.



Set-ExecutionPolicy RemoteSigned

$cred = Get-Credential

Connect-MsolService -Credential $cred

convert-MSOLDomainToFederated -DomainName crypto-live.org

Set-MsolAdfscontext -Computer win4011


 
- Install and configurea Directory Sync
You cannot create users in O365 for Single Sign-On from the web interface. You need the Dirsync tool to sync your AD users to the O365.
 
Go to your O365 Admin Web


Admin Overview/Users/Active Directory synchronization: Set up

Activate Active Directory synchronization

Dirsync requires:

1) .Net framework 3.5 http://download.microsoft.com/download/2/0/e/20e90413-712f-438c-988e-fdaa79a8ac3d/dotnetfx35.exe
Hint: run dotnetfx35.exe /q for silent installation

2) Powershell (comes with 2008)
servermanagercmd -install Powershell

DO NOT install DirSync on your ADFS server. Since Nov 2011 you have the option to run DirSync on 32 bit or on 64bit OS. 32 bit runs on Windows 2003 and 2008, 64bit on Windows 2008 and 2008 R2.


Now download DirSync 32bit from http://g.microsoftonline.com/0BX10en/216

Or DirSync 64bit from https://bposast.vo.msecnd.net/dirsync/prod64/dirsync.exe


Start dirsync and have a Enterprise admin near you.

Note: If you ave more than 10.000 objects tell this in a ticket to Microsoft to increase the limit of directory imports on their side.


Note: If you have more than 50.000 objects to sync tell this Microsoft as well and install Dirsync with a full SQL server, e.g. SQL Server 2008 R2. Dirsync comes with the express version of SQL 2008 R2 and has a database limit of 10GB.



How to setup dirsync for more than 50.000 users:
- dirsync /fullsql
- start powershell (I use always an elevated prompt)
- Add-PSSnapin Coexistence-Install
- $cred = Get-Credential ; creds of your dirsync service account
- Install-OnlineCoexistenceTool –UseSQLServer –SqlServer  sqlservername -SqlServerInstance dirsync -ServiceCredential $cred –Verbose ; make sure you have the SQLServerInstance specified

- Run Config Wizard from the start menu, now you need your Enterprise Admin :-)






Thursday, May 5, 2011

CryptoLive in the Cloud with Microsoft Office365

Crypto Live is joining the Office365 beta

See what Microsoft Office365 can do for you:
http://www.microsoft.com/en-us/office365

Monday, May 2, 2011

ProRMS Alliance - Rights Management

I am proud to announce a new group for data security methods, the ProRMS Alliance. Right Management overcomes a lot of restrictions and problems we had in the past and today with traditionell data encryption. It adds two more layers, usage and identity. So the data owner has full control even she has sent the document out to someone on the internet.

http://www.prorms-alliance.org/