Meeting notes made easy..

With the increase in remote working and many of my clients moving to Office 365, it has meant that more and more of my meetings these days are using Lync Online. Generally when I get into a meeting the first thing I do is fire up OneNote and start jotting down notes. With Lync Online there is some really nice integration with OneNote that makes this even easier.

When you are in your meeting click the ‘Presentation’ icon and select OneNote:


If you have the option for  Shared Notes this is because you have another Notebook added into your OneNote, this allows you to save to that Notebook as well. ‘My Notes’ obviously refers to you saving the meeting notes into your own Notebook.


Once you have selected the location to add your notes into, OneNote is automatically launched. The meeting date is stamped in the title, the content is listed, in this case a PowerPoint presentation; and all participants are listed as well.


If you expand the Participants list, everyone is hyperlinked and if you click on their name it launches an e-mail to their address.

one2Office 365 working in harmony with Office 2013.

UPN’s in a Hybrid environment

In a hybrid environment the attribute that defines your logon name for  Office 365 is the Active Directory User Principal Name. It is good practice to set the AD UPN to match the users primary SMTP address. This means that the users primary SMTP, Office 365 Logon Name and Lync SIP address (which is derived from the UPN) will be a single identity. Making it easier for users as they just have to remember one address.

In some cases a user may fall through the net and end up with a Office 365 logon name and Lync address that does not match their primary SMTP address. In these instances it is possible to change the UPN but there are consequences. UPN changes can take up to 24 hours and it involves the old Lync account being removed and a new one created. This means any Lync meeting’s need to be rescheduled, Lync contacts must be recreated and any external contacts need to be notified of your new Lync address. Usually this is not a major issue if the person has just been migrated.

In an Office 365 hybrid environment, DirSync is deployed to synchronise Active Directory objects. You can continue to edit and manage user information as before with your on-premise Active Directory. However once a user has been licensed the UPN value can not be changed by updating your AD for the obvious knock-on effects to access to the service and Lync. So, the UPN can be changed in two ways either from the Office 365 Admin Center or PowerShell.

Office 365 Admin Center

  • Logon and select Users and Groups
  • Search for the relevant user
  • Change the DNS suffix to the required domain


When you make the change you will be prompted with this rather useful reminder:


You will notice that you can only change the DNS suffix using the Office 365 Admin Center. If you need to change the username prefix then you must use PowerShell.


  • Logon to PowerShell
  • Run the following cmdlet
  • Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName


No friendly warnings in PowerShell it just does it!

I would also take the time to modify the on-premises UPN as it prevents confusion in the long run with support if all values are the same. You can do this in various ways but my particular favourite is:

  • Set-mailbox bob.two -UserPrincipalName

The case of the malevolent malware!

Standard reporting has been developed over the past couple of years by Microsoft. In the Wave 15 version of the tenant this has been extended further with a Reports page in the Office 365 Admin Center. This covers some of the most requested reports for Exchange, Lync and SharePoint Online. One area that administrators are used to reporting and analysing in more detail is mail traffic for spam, malware or rules.

Using the standard reports in the Office 365 Admin Center you can get an overview of this information. For example, I have been asked to produce a report listing any malware that has been sent or received within our organisation. Thankfully Microsoft has got two ingeniously named reports in the Admin Center that cover this:


When I checked the reports I found that there were no mailware detections received but some were being sent! The report by default showed the last 14 days but you can change this to go from 7-60 days.


Unfortunately, I can’t see from this report who the culprit was sending the malware. The Admin Center provides standard reports and an overview of the mail data.  If you want the ability to dig into the detail and view the information on which senders or recipients are breaching these rules then Microsoft have developed an Excel-based tool. You can download it from the Reports overview page in the portal. The tool requires Excel 2013 and there are other system requirements, so please review before installing.


Once installed it provides you with an overview on each of the key areas of mail flow; Traffic, Malware, Rules and Data Loss Prevention. The first worksheet is Traffic and gives an overview of data. The Malware worksheet has a dashboard with totals for sent malware (28) and received malware (0 in this instance so no graph), and a pivot table to filter by day. It also lists the top offending malware.


In addition the daily breakdown table allows you to click into the last week’s data and generate a detailed report listing the individual e-mails that have been detected. When clicking on the hyperlinks it launches another query to the Exchange Control Panel Reporting service.


Once this query is complete you then have a detailed report on the individual e-mail that was infected with malware.


So the Office 365 Admin Center can be used to provide management level reporting and an overview of the service. If you want to get into the technical detail and pinpoint individual mail items then the Mail Protection Reports for Office 365 is the tool to use. Looks like has been tracked and caught!

OWA for Devices

In July Microsoft released their OWA app for iPhone and iPad. The feedback regarding this app has been excellent however it has raised questions about information security. The default setting for each user mailbox allows the app to connect, therefore it is important to be able to disable the app if required. This can be done using both the portal and PowerShell.

Portal Management

Logon to the Exchange Admin Center in the portal and select Recipients | Mailboxes. Highlight the relevant user and select Disable OWA for Devices


PowerShell Management

As you can guess this could get a bit laborious with a few thousand users so PowerShell comes to the rescue. This feature is managed by the Set-CASMailbox cmdlet.

Set-CASMailbox -OWAforDevicesEnabled $false

The command above will disable the app for the relevant person listed, and scripts can be developed to apply this to multiple people.