by Brett

One of SharePoint Online’s most useful features is the ability to check in and check out documents. This feature works automatically with Microsoft Office so you can open a document stored in a document library on SharePoint Online, check out the document, work on it offline, then check it back in. Other’s will see the document is checked out (as shown with the green arrow attached to the word document as shown below) and have the option to download a read-only version.

Click here for the rest of the article posted on the Microsoft Team Blog 

by Brett

Domain Validation and BPOS
Tips and Tricks

By Brett Hill for Microsoft Corp.

When you sign up for an email service like Exchange Online, you’re probably planning on using your own domain name for signing in and for your email addresses. I can actually validate a domain in about 2 minutes or less, but there are a couple of things to know.

When you first signup for BPOS, you’re asked to provide a domain name. This is used to create a base domain like “myverycooldomainname.microsoftonline.com”. You’re issued a microsoftonline.com domain (sometimes called the Microsoft Online Default Routing Domain [or MSODRD for the real trivia geeks out there]) as it is certain to be unique to the Microsoft Online AD and you don’t have to immediately prove ownership. In this way Microsoft can immediately configure your BPOS account.

After you have logged in to admin.microsoftonline.com, you’re ready to validate your domain. The super easy way is if you happen to have your account hosted at Enom.com. In this case, the validation and configuration can occur through web services through an agreement with Microsoft and Enom. This is truly the fast-track for domain validation.

However, for the rest of the world, you have to go through a straightforward, but precise set of steps. What follows are a few tips and tricks as well as a troubleshooting suggestion if you have problems.

Let’s get started.

First, add a domain to the Administration center at https://admim.microsoftonline.com (under the Users tab). Select New and enter the domain name you want to use.

Here you have to choose between Authoritative and External Relay. This one is simple. Choose authoritative when Exchange Online is the service that will receive all the email for this domain. In the case, I’m using Contoso7.com, and I want all mail sent to Exchange Online. After accepting this, you get a prompt to optionally start the verification wizard which looks like this:

In this case I could actually choose Enom, but then we’d be done. We’re doing it the “hard” way so on to Other.

Now for the fun stuff. Take a look at the next screen; there will be quiz.

This is where it gets a bit confusing because of the way the HOST name is described. Here’s the quiz - given the name MS98145153.contoso7.com what part is the Host name? Well, contoso7.com is the domain so the Host name is ms98145153. Together they create the entire fully qualified domain name.

So, when I go to my DNS configuration page, this is how it is entered for my provider. Keep in mind that the specifics of how the UI works is entirely up to the application you’re using to configure DNS. For example, an obtuse DNS rule is that an address for a CNAME entry must end in a “.”. The UI for the DNS manager at Enom handles that for you, but if you are editing DNS settings in a text file, you have to know what you’re doing. In fact, some ISPs don’t let you modify this information at all. That’s one reason why this is a good idea to try out before you make a purchase.

After adding the correct CNAME entry, all I need to do is Save this then validate the domain.

Of course, I want to do this immediately because I have no patience and want to get things working, but take a look at step 4 above “Wait at least 15 minutes….”. And if that wasn’t hard enough, the note that follows “It may take up to 48 hours”! Grrrr.

TIP: There’s no harm in attempting to validate the domain right away. It will either succeed or fail and in my experience, you can usually validate a domain hosted at Enom after about 5 mins.

ANOTHER TIP: How can you know if it’s 15 mins or 48 hours? Use NSLOOKUP as follows:

Open command prompt and type NSLOOKUP, then Enter. You’ll get a little prompt (you’re now inside the NSLOOKUP command processor). Type set q=CNAME . Then . When I do this, I get the following result.

The TTL setting stands for Time To Live and is the duration that DNS queries from this DNS server are cached. In this case, I should be able to safely validate my custom domain after waiting 3 minutes and 1 second. Each DNS provider is free to set this to any value they choose so results will vary.

STILL ANOTHER TIP: Use Ping to see if the updates are published.

Yes, you can just PING the FQDN and see what happens.

If you get result shown here, you are ready to validate. You may need to do use the  ipconfig /flushdns command to get the most current results.  If you get the updated hostname as shown, just return to the administration center and validate the domain to see:

Don’t worry if your session timed out before you can get to the validation button. You can start the wizard again, and it will keep the same validation information.

At this point, you should:

1. Set the domain to the default domain.

2. Enable incoming email.

3. Add users.

4. Set your MX record to point to Exchange Online

Note that step 4 will change your email routing for your domain so that all mail goes to Exchange Online. Don’t proceed with that step ‘till you’re ready, but when you’re ready, it’s simple to do. Just add the MX record to your DNS server as instructed by the wizard. No additional validation is required, but the same TTL applies to your MX record updates as to your validation procedure, so it may take a little while for the MX record change to take effect.

So that’s it! Here are a couple of other bits. If you have a subdomain like accounting.contoso.com it will automatically be valid when you enter it. Also, keep in mind that if you use a domain for trial account, be sure to delete it if you don’t plan on turning your trial into an paid subscription BEFORE the subscription expires.  That way, if you start another trial or purchase a subscription with a different account, you can re-validate without an issue.

See ya in the Cloud.

-Brett

by Brett

Hey,

There is a good convesation on the BPOS Meet up Group about Exchange Online and encryption. In short, you can get encryption services for as little as $9.40 a month that works with Exchange Online. That allows 5 simultanous users.  That means that if you had 200 users, any 5 of them could be using the services at the same time. http://www.microsoft.com/online/exchange-hosted-services/encryption.mspx

Check out this post:

Susan Melchert • Any BPOS customer may purchase a minimum of 5 Encryption services at $9.40 per month. Once BPOS sets it up at MS, anyone in that domain, up to 5 simultaneously, may use the Encryption service. In other words, if there are 100 users in the BPOS domain, any of the 100 users may use encryption because it is based on active (encryption) users, in this case 5. If you or anyone would like to see it in action I can put together a Live Meeting and demo.

At LinkedIn

by Brett

http://blogs.technet.com/b/msonline/archive/2010/07/12/service-update-july-2010-release-availability-features-announced.aspx

Microsoft announced an update to BPOS services that includes a new UI for managing blackberry services.  This update is rolloing out starting July 12th so it should be appearing shortly. You may wonder why they dont have a "date" where the service just appears to everyone at the same time and if not then just skip to the end.

BPOS service updates go through several rounds of releases internally before they are deployed to the data center. Then, updates are rolled through the services until all systems are updated. This process proceeds typically in NA first since it's on the same time zone ad most of the data center support/design/architects so they can respond in case there is a deployment issue. Issues can arise for a freature during deployment that cannot be discovered until you deploy as a worldwide data center environment is not something you can fully replicate in a lab. Usually, by the time an anoucement appers on the Microsoft team blog, there is a high probablity that the update is good to go and should proceed without issue. That is not always the case, but is typically the case.

SO, keep checking http://admin.microsoftonline.com for the new blackberry content!

by Brett

Secunia reports: " A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed". Also, this blog post states "Apple may be the industry leader in software vulnerabilities with a terrible record on patching speed."

Why am I posting this? Cause it's from people that are Microsoft fans. Having taught IIS　5/6/7 security for quite a while, I've caught more than my share of arguments that Microsoft's software is inherently insecure. I don't apologize nor attempt to minimize the impacts of really huge security problems that have happened. But by in large, most of that is history. The infamous declaration by Bill Gates, post Code-Red, that security is job 1 at Microsoft had real meaning. Not just a marketing story, but everything changed at Microsoft and Windows Server 2003 was far, far more solid than anything they had ever done.　 Goto Secunia and compare the track record of IIS 6 to any other web server. Facts are facts.

The point here is that Microsoft knows a great deal about security and pioneered the massively scaled Windows Update program that keeps millions of systems updated worldwide. That's free, btw. I've known other providers that charge you for security updates. Also, even though there are thousands of Microsoft products, there is a single security policy and practice for communicating, replying, and releasing security updates in real time. That's a great value that's built into those who use MS products and service that is unparalleled in its scope and sophistication. I know some of these guys and trust me; you want them to be in running the show if there is a serious security issue.

All in all, Microsoft gets a bum rap on this and it's too bad cause the industry as a whole would do well to acknowledge that Microsoft has been leading in this area for quite a while. Of course, all you hear about are the complaints. If you worked for a year to design some code that prevented a major attack from occurring a year later, you wouldn't hear anything about it, but it still took a years’ worth of work. In the end, you have code that is solid and the number should reflect that. And they do.　See

 http://blogs.pcmag.com/securitywatch/2010/07/secunia_report_paints_bleak_pi.php#more

  http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

  http://secunia.com/advisories/historic/