Quadra

Connecting Technology and Business.

Signing in to O365 - three identity models

​The three identity models you can use with Office 365 range from the very simple with no installation required to the very capable with support for many usage scenarios. By starting with the simplest identity model that meets your needs, you can quickly and easily get your users on-boarded with Office 365.

Identity Models in O365.png 

In the diagram above the three identity models are shown in order of increasing amount of effort to implement from left to right. Microsoft's recommendation for successful Office 365 on-boarding is to start with the simplest identity model that meets a business's needs so that users can start using Office 365 right away. Then, as the business determines additional necessary business requirements, they can move to a more capable identity model over time. The way to think about these is that the Cloud Identity model is the simplest to implement, the Federated Identity model is the most capable, and the Synchronized Identity model is the one we expect most customers to end up with.

Cloud Identity model

In this model a user is created and managed in Office 365 and stored in Azure Active Directory, and the password is verified by Azure Active Directory. Azure Active Directory is the cloud directory that is used by Office 365. There is no equivalent user account on-premises, and there is nothing that needs to be configured to use this other than to create users in the Office 365 admin center.

Synchronized Identity model

In this model the user identity is managed in an on-premises server and the accounts and password hashes are synchronized to the cloud. The user enters the same password on-premises as they do in the cloud, and at sign-in the password is verified by Azure Active Directory. This model uses the Microsoft Azure Active Directory Sync Tool (DirSync).

Federated Identity

This model requires a synchronized identity but with one change to that model: the user password is verified by the on-premises identity provider. This means that the password hash does not need to be synchronized to Azure Active Directory. This model uses Active Directory Federation Services (AD FS) or a third- party identity provider.

Enterprises using O365 can switch between models depending on the changing needs of the business.

-Office Blogs - Andy O'Donald

Accessing Other People’s Mailboxes in O365

​The Full Access permission is required for a delegate to open a user's mailbox and access the contents of the mailbox. It doesn't allow the delegate to send email from the mailbox. The administrator has to additionally assign the delegate the Send As or the Send on Behalf permission to send email.

If you are using Outlook 2013 or Outlook 2010, the mailbox for which you have been granted access automatically display in your folder list.

In the example below, Adam Barr has been granted access to the mailbox of Kim Akers. Kim's mailbox displays automatically in Adam's folder list in Outlook 2013.

Note: If you were recently granted access to the mailbox, it may take a few hours for the other user's mailbox to display in your folder list.

Other Peoples mailbox Outlook.png 

If you are using OWA, the person's mailbox for which you have been provided access to will display in your Outlook Web App folder list every time you open Outlook Web App.

  1. Log in to your mailbox using Outlook Web App.
  2. Right-click your name in the folder list, and click Add shared folder.
    Other Peoples mailbox OWA1.png 
  3. In the Add shared folder dialog box, type the name of the mailbox that you have been provided access, and click Add.

Other Peoples mailbox OWA2.png 

  1. The mailbox appears in your Outlook Web App folder list.

Other Peoples mailbox OWA3.png 

If you have only been provided access to specific folders in the other user's mailbox, you will only see the folders for which you have been granted access.

If you decide that you no longer want to see the other person's mailbox every time you open Outlook Web App, right-click the folder, and click Remove shared folder.

Other Peoples mailbox OWA4.png

Creating and Managing a Conference Room in Office 365

You need to sign is as administrator at the Exchange Administration Centre (EAC) of the Microsoft Online Portal to create a Conference room mail box (or an Equipment or another Resource mail =box)
  1. In the EAC, navigate to Recipients > Resources.
  2. To create a room mailbox, click New Room mailbox.
  3. Use the options on the page to specify the settings for the new resource mailbox.

After you create a room mailbox or equipment mailbox, you manage its settings by editing the resource mailbox using EAC.

  1. Room name   (Mandatory field) Use this box to type a name for the room mailbox. This is the name that's listed in the resource mailbox list in the EAC and in your organization's address book. This name is required and it can't exceed 64 characters. Although there are other fields that describe the details of the room, for example, Location and Capacity, consider summarizing the most important details in the room name using a consistent naming convention. This will enable the users to see easily the details when they select the room from the address book in the meeting request.
  2.  Email address (Mandatory field) A room mailbox has an email address so it can receive booking requests. The email address consists of an alias on the left side of the @ symbol, which must be unique in the forest, and your domain name on the right. The email address is required.
  3. Organizational unit - You can select an organizational unit (OU) other than the default (which is the recipient scope). If the recipient scope is set to the forest, the default value is set to the Users container in the Active Directory domain that contains the computer on which the EAC is running. If the recipient scope is set to a specific domain, the Users container in that domain is selected by default. If the recipient scope is set to a specific OU, that OU is selected by default. To select a different OU, click Browse. The dialog box displays all OUs in the forest that are within the specified scope. Select the desired OU, and then click OK.
  4. Location, Phone, Capacity - You can use these fields to enter details about the room. However, as explained earlier, you can include some or all of this information in the room name so users can see it.
  5. Booking requests   Use this section to configure how the room mailbox handles reservation requests.
    • Automatically accept or decline booking requests    A valid meeting request automatically reserves the resource. If there's a scheduling conflict with an existing reservation, or if the booking request violates the scheduling limits of the resource, for example, the reservation duration is too long, the meeting request is automatically declined.
    • Select delegates to accept or decline booking requests   The delegates are responsible for accepting or declining meeting requests that are sent to the room mailbox. If you assign more than one resource delegate, only one of them has to act on a specific meeting request.
  6. Delegates   If you selected the option requiring that booking requests are sent to delegates, use this section to select delegates. To add a delegate, click Add. On the Select Delegates page, select a user, click Add, and then click OK to return to the New room mailbox page.

Thereafter, end-users will be able to select this Room (and automatically its email address) when they send a meeting request.

A similar procedure is carried out to create an Equipment mail box or any other resource mail box in Exchange online.

Sending Email From Another Person's Mailbox – Play The Proxy

If you want to send a mail from another person's mail box, you need to be a delegate with permission (granted by the administrator) to Send as or Send on behalf of the owner of that mailbox. If you also want to open or view the content of the respective mailbox, you need to have Full Permission (again granted by the administrator).

  • The Send As permission allows the delegate to send email from this mailbox.
  • The Send on Behalf permission allows the delegate to send email on behalf of this mailbox. The "From" line in any message sent by a delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.

    If you are an Outlook client user, here is how you will send a mail as or on behalf of another person:
  1. In Mail, click Home > New Email. (Keyboard shortcut to create an email message - Ctrl+Shift+M).
  2. On the Options tab, in the Show Fields group, click From.
  3. In the From box, type the name of the person on whose behalf you are sending the message.
    To select the name from a list in the Address Book, click From.
  4. Add recipients, a subject, and the contents of the message as you typically do.

    If you are using OWA, then here is how you can do the same:
  1. Log in to your mailbox using Outlook Web App
  2. Click New mail above the folder list. A new message form will appear in the reading pane.
  3. Click the extended menu, and then click Show from. Send mail as in OWA.gif
  1. Select the email address that displays in the From field and delete it.
  2. Type the name of the user for which you have permission to send email. If you don't see the name in of the person you want to send From box, you can click Search contact & directory to search the directory of your organization.
  3. Add recipients, a subject, and the contents of the message as you typically do, and then click Send

Windows Azure – A Simple And Reliable Backup

Backup and recovery are critical tasks for any organization. Keeping data safe, however, can prove to be a complex procedure. Backup and recovery often requires the installation of additional software, training, the creation and testing of processes, and the purchasing, management, and storage of backup media, often offsite. Offsite storage can help protect media, but can also lengthen time to recovery.

Windows Azure Backup helps protect server data against loss and corruption by enabling backup to offsite cloud storage in Windows Azure. By extending Windows Server Backup and Microsoft System Center Data Protection Manager, Windows Azure Backup enables you to use familiar tools to configure, monitor, and manage backups to the cloud similarly to how you backup to local media.

For organizations of any size looking for cloud-based backup, Windows Azure Backup provides an easy-to-use solution that's scalable, reliable, and supported by enterprise-class cloud storage. From a single-server organization to enterprises using System Center Data Protection Manager, Windows Azure Backup easily integrates with different infrastructures, reducing the complexity of data backup and eliminating the need for additional training.

Customers can easily sign up in Windows Azure, then install the software agent and configure servers for backup. Recovery, when needed, uses the same familiar tools already in your environment.

Reliable offsite data protection

Windows Azure Backup encrypts and protects your backups in offsite cloud storage with Windows Azure, adding a layer of protection against data loss or disaster.

  • Convenient offsite protection: Windows Azure Backup provides convenient, automated offsite data protection — away from your premises — reducing the need to secure and protect onsite or offsite backup media.
  • Safe data: Data stored in Windows Azure is geo-replicated among Windows Azure datacenters, for additional protection.
  • Encrypted backups: Windows Azure Backup encrypts your data before it leaves your premises. Your data remains encrypted in Windows Azure — only you have the key.

A simple integrated solution

Because Windows Azure Backup integrates with backup tools in Windows Server or System Center Data Protection Manager, you can easily manage cloud backups using familiar tools and configure, monitor, and recover backups across local disk and cloud storage.

  • Familiar interface: Small businesses protecting a single server or a few servers can use the familiar in-box Windows Server Backup tool to manually protect data or set a regular, automated schedule. Larger organizations with System Center 2012 or later can use the Data Protection Manager component to centrally manage backups across multiple servers.
  • Windows Azure integration: Windows Azure Backup fully integrates with the Azure Management Portal for sign-up, billing, and management.

Efficient backup and recovery

Windows Azure Backup minimizes network bandwidth use, provides flexible data retention policies, and provides a cost-effective data protection solution.

  • Efficient use of bandwidth and storage: Windows Azure Backup conserves WAN bandwidth and Windows Azure storage by sending only changes to files with incremental backups.
  • Flexibility in recovery: Incremental backups allow point-in-time recovery of multiple versions of the data. Plus, you can recover just what you need with file-level recovery.
  • Flexible configuration: Configurable data retention policies, data compression, and data transfer throttling provide both flexible backup policies and backup efficiency.
  • Cost-effective: Windows Azure Backup reduces the need for local storage and offsite media management, while offering simple storage-based pricing with no per-server or data transfer fees.

Windows Azure Backup charges by the amount of data stored in the backup service. Businesses have two options, a Pay-As-You-Go Plan or a fixed-length 6- or 12-month plan. Both plans provide 5GB free. Costs per GB after the first 5GB vary by plan.

Windows Azure for Old Hardware

Microsoft India has come up with a novel way to help Small and Medium enterprises in India leverage its Windows Azure online services by offering a trade in program – Azure credits for old server hardware.

Windows Azure is a purpose-built cloud-based platform. Designed to surpass typical cloud advantage, Azure is what customers need to succeed in a fast growing and deeply connected IT environment. Its unique integrated infrastructure makes building and deploying applications easy, reducing time to market. Businesses can accelerate with the help of this trusted Microsoft ecosystem, minimizing costs at every step. It also enables transforming a data center, experiencing on-demand scalability and leveraging the power of the hybrid cloud.

Azure is growing fast, at a rate of over 200% globally but in India, cloud computing is yet to gain momentum. Still, according to Microsoft, Azure is gaining in popularity with about 2000 Indian customers added each month. With 5crore+ SMEs in India, the current offer should incentivize a large majority of these enterprises to make the switch to cloud.

The main reservation for today's business not adopting the cloud platform is the existing set up at the datacentres. All these years they have invested hugely in acquiring hardware to build an infrastructure as large as is demanded by their business and in many instances, several times more than the demand. Now, all of a sudden there is a splurge in the online services that offer much more than what the on premise setup offers and that on a sustainable financial model. It is certainly an attractive proposition. But now, the question is what do we do with all that we already have – and more importantly - all the money that has been spent on the hardware – the costliest component of the on premise model.

This is where Microsoft jumps in to rescue the IT decision makers from an embarrassing situation. They will appoint a local agency called the Recycle partner to evaluate the customers' hardware and depending on the value of the hardware that is proposed to be traded in, the customers can get financial credit towards Azure services.

Finally, here are some numbers…Any SME that has a minimum of 250 desktops or users can avail this offer. A minimum sign in commitment of $3000 per month from the customer is required as eligibility for the trade in program. The credits will be adjusted against billable Azure subscriptions from two to four months. Customers can save from at least $1000 through this trade in program. Azure Services worth $4000 can be availed for $3000 - $1000 adjustable over a period of 2 months@ $500 per month. Services worth $37000 can be availed for $25000 - $12000 adjustable over a period of 4 months @ $4000 per month.

In order to get started an enterprise owner would have to call Microsoft's number 1800 3070 4660 or log in to http://www.microsoft.com/india/movetoazure .

Manage Identity, Mobility and Information the Modern Way

Some of the IT challenges faced by business today are listed hereunder:

  • Businesses need to unify their infrastructure technology environment with a common identity across on–premises Active Directory Domain Services (AD DS) and the cloud, with deeply integrated capabilities for PC and mobile device management.
  • Users expect to be productive across a variety of device types, with access to the applications they need.
  • Businesses must protect their data, so they require a comprehensive set of access control and data–protection capabilities.

Microsoft cloud has a single solution to meet these challenges head-on with its Enterprise Mobility Suite. The three components of this solution are:

  1. Azure Active Directory (Azure AD) Premium for Hybrid Identity management
  2. Windows Intune for mobile device and PC management
  3. Azure Rights Management for information protection

Hybrid Identity and Access Management

Azure AD Premium delivers robust identity and access management from the cloud, in sync with existing on-premises deployments:

  • Cloud–based self–service password reset for employees
  • Group Management, including user self–service management of groups
  • Group–based provisioning and access management for hundreds of Software as a Service applications
  • Machine learning–driven security reports to show log–in anomalies and other threats
  • Rich and robust synchronization of user identities from on–premises directories, including write back of changes
  • Reduce risk and support compliance requirements with comprehensive Multi–Factor Authentication (MFA) options

Mobile Device Management

Windows Intune enables you to manage PCs and mobile devices from the cloud. People can use the devices they love for work while protecting corporate data and adhering to security policies:

  • Deliver and manage apps across a broad range of devices.
  • Manage variety of device types, from Windows, Windows RT, and Windows Phone 8 to Apple iOS and Google Android.
  • Configure and deploy policies, and inventory hardware and software.

Data protection

Azure AD Premium and Azure Rights Management can help protect corporate assets:

  • Deliver information protection in the cloud or in a hybrid model with your existing on–premises infrastructure.
  • Integrate information protection into your native applications with an easy–to–use software development kit (SDK).

Message Encryption for added Security, Reliability and Control

​Today, it is possible to deliver confidential business communications with enhanced security by allowing users to send and receive encrypted email as easily as regular email directly from their desktops. Microsoft has included this feature in its O365 offering lately. Business Enterprises can now encrypt emails without purchasing complex hardware and software to configure or maintain this. This helps organizations minimize capital investment, free up IT resources, and mitigate messaging risks. The email viewing portal can also be customized to enhance an organization's brand.

Improve security and reliability

Office 365 Message Encryption provides advanced security and reliability to help protect users' information. Users can send encrypted email messages to anyone, regardless of the recipient's email address. The feature provides strong, automated encryption with a cost-effective infrastructure. The need for certificates is eliminated and a recipient's email address is used as the public key. As this communication happens through a TLS-enabled network, it further enhances message security. It also enhances the security of subsequent email responses by encrypting each message in the thread.

Stay in control

Office 365 Message Encryption helps keep users' data safe, while allowing them to maintain control over their environment. This encryption can be easily set up using the single action Exchange transport rules. Users can prevent sensitive information and data from leaving their gateway or protect it, consistently and automatically. Policy rules can be put in place so that Policy-based encryption encrypts messages at the gateway based on these rules. Strong integration with data loss prevention helps organizations manage compliance. The technology is versatile as this feature can integrate with existing email infrastructure and as a result requires minimal up-front capital investment.

Easy to Use and Maintain

Messaging Encryption is really easy to use and it is easier than ever to protect an organization's email. Users can easily navigate through the encrypted message with the clean Office 365 interface. The encrypted emails are delivered directly to recipients' inbox and not to a Web service. Emails are decrypted and can be read with confidence without installing any additional client software. It simplifies user management by eliminating the need for certificate maintenance. The encryption process is transparent to the sender, who does not need to do anything other than write and send the message as usual.

An additional bonus feature is that organizations can grow their brand by using custom branding text or disclaimers and a custom logo on their email viewing portal.

Binary Large Object Bitmap (BLOB) Storage in the Cloud

Very large digital objects that are unstructured and could not be fit in databases directly are today stored by database management systems as Binary Large Objects (BLOBs) or Basic large Objects. Such kind of data could be graphical images, audio or video or even binary executable codes (or simply .exe files). Though not every database system supports this kind of data type, all major database systems like SQL, Oracle and DB2 help store such BLOBs. In fact, DB2 was the earliest to popularize this technology and allowed users to store such collection of binary data as a single entity and consume them in their systems as complete units at a time.

Originally, BLOB was not an acronym and stood for just unstructured chunks of data. Later it was given the current expansion of Basic large object or the latest and widely used expansion Binary large Object.

At the time when data came to be stored in databases, there was no means of storing this kind of large data in any particular field with a defined data type. With limited storage available at a huge cost, storing such data in databases were not even thought of and were stored as separate simple single continuous sequential files. After the storage spaces for data became cheap, databases started supporting this large data type that can contain amorphous or unstructured data.

Today, Remote BLOB store (RBS) for SQL Server lets database administrators store binary large objects (BLOBs) in commodity storage solutions instead of directly on the server. This saves a significant amount of space and avoids wasting expensive server hardware resources. RBS provides a set of API libraries that define a standardized model for applications to access BLOB data. RBS also includes maintenance tools, such as garbage collection, to help manage remote BLOB data.

Microsoft's online Infrastructure and Platform as services Windows Azure and SQL Azure store all data in the cloud in this format. Since this data in replicated multiple times in the various datacentres to provide redundancy, Multiple downloads of the same chunk of data becomes simplified and much faster because of the convenience this kind of BLOB storage offers.

Microsoft Access tables also allows storage of Blobs in a field with the OLE Object data type.

Propel your business on Cloud

Propel your business on cloud : Quadra tells you how?

"Our industry is going through quite a wave of innovation and it's being powered by a phenomenon which is referred to as the cloud.

India will not only see a surge in cloud computing services but companies all over the world will look to India to support their transition to cloud computing." – Steve Ballmer, CEO Microsoft

A majority of us are paranoid and confused by the prospects of business in the cloud. Many even see it as a real threat to a business model that has been productive and profitable for decades. With a sea full of uncertainties and a lot of business up for grabs, Quadra makes you transit to cloud with ease and tells you how you can act strategically, gather meaningful information using cloud platforms which will win you both your wallet and mind share.

With the cloud, you can snap your fingers and instantly set up enterprise-class services. You will now have the ability to use the same tools and techniques that larger companies enjoyed for years. You can leverage Social Media tools to connect with prospects / customers, build their brands, and use Enterprise tools to automate systems within their workplace using free, inexpensive and simple tools and platforms.

And with the rapid evolution of the cloud as a viable IT implementation model, let's take a brief look at the various cloud platforms and the manner in which they have evolved. 2013 saw all the major players consistently offering various services which enhance their already diverse cloud portfolio.

Amazon continued to maintain an impressive product portfolio, it now offers over 30 services ranging from transcoding media files to compatible formats playable in various devices ranging from smart phones and tablets to solutions for protecting sensitive data subject to rigorous contractual or regulatory requirements. The most exciting announcement of the year was Amazon Kinesis, a fully managed service for real-time processing of streaming data at massive scale. Amazon Kinesis can collect and process hundreds of terabytes of data per hour from hundreds of thousands of sources, allowing you to easily write applications that process information in real-time, from sources such as web site click-streams, marketing and financial information, manufacturing instrumentation and social media, and operational logs and metering data.

Google Cloud is now versatile and powerful with the Google Compute Engine moving into General Availability with offering virtual machines that are scalable, reliable, and offer industry-leading security features like encryption of data at rest. Compute Engine is available with 24/7 support and a 99.95% monthly SLA for mission-critical workloads. Google focused on making sure that the CPU, disk I/O and network I/O are optimized to deliver the best possible performance. Virtual machines, Managed platforms, Blob storage, Block storage, NoSQL data store, MySQL database, Big Data analytics are some of the features offered by the Google platform.

HP Cloud was one of the first to go live based on the open source cloud management software. Through its commitment to OpenStack, HP is delivering open standards–based hybrid solutions that provide enterprises the agility of interoperable cloud solutions along with enterprise-grade security and manageability. HP wants to shift its focus to hybrid cloud by pushing the HP Cloud OS agenda to its partners and customers. HP Cloud OS is an attempt to push OpenStack, HP Cloud and HP services in the enterprise market.

IBM attempted to gain a foothold into commodity hosting/IaaS market dominated so far by AWS and Rackspace by acquiring Soft Layer. Its existing Smart Cloud Enterprise brand has been closed with its existing customer base transitioning to Soft Layer. This transition is being driven by Mirantis, an established open stack services company. On the PaaS front, IBM and Pivotal partnered to bring WebSphere to Cloud Foundry. Time will decide on the efficacy of IBM's strategy of investing in two leading open source cloud technologies.

Microsoft made the transition from PaaS to IaaS with Windows Azure Infrastructure Services (WAIS). WAIS supports popular variants of Linux, Java, WebLogic and Databases in its Windows Azure platform. Acquisition of datacenters in China was also noteworthy in 2013. Presently, Microsoft is well positioned in the cloud market with robust offerings.

Oracle is the corporate sponsor of OpenStackFoundation in 2013 with plans to integrate its virtualization infrastructure, Java, middleware and database products with OpenStack. However, clarity on its core competence is still to emerge with Oracle Fusion and Financials forming the SaaS layer, a robust PaaS platform and with the acquisition of Nimbula it also has a presence in in IaaS domain.

2013 saw declining revenues for Rackspace, it is hopeful that its open stack offerings in public cloud will bridge the existing divide. Red Hat's PaaS offering, OpenShift has moved to its second version this year, OpenShift is positioned as the true open source PaaS with its developers continuing to be extremely active. Salesforce continued its dominance in the SaaS domain, but 2013 saw Salesforce enter the PaaS domain with Heroku, the generic, polyglot PaaS.

VMware clearly demonstrated its intent to continue its market dominance in the private cloud domain by launching vCloud Hybrid Service (vCHS) to combat the emerging threat of Amazon in the enterprise cloud market. It sent a clear message to the industry and its customer base that its primary focus remains cloud by selling Wavemaker, Zimbra and SlideRocket.

With alternatives available in abundance, Quadra can help you with your Cloud requirements. And as an organization, we have built deep experience across both private and public cloud deployments, and have been early adopters of the cloud for our own internal applications. Our vendor agnostic, multi-platform approach, together with proven skills and certifications from major cloud vendors means that we are uniquely poised to provide you a holistic and balanced perspective on building a hybrid cloud infrastructure. We also bring to the table skills on federated identity management, and partnerships with cloud integration offerings, along with tried and trusted management and deployment capabilities that are critical in establishing a hybrid infrastructure.