Remove Microsoft Account or Work Account

If you’re using Office 365 and/or Azure, you may have run into this scenario. If you want detailed information about Microsoft Accounts vs Work or school accounts, read this¬†comprehensive article.

For people who set up a Microsoft Account on a work email address, and then configured it for Office 365/Azure, you’d be used to seeing this screen every time you log in:

It’s necessary, but annoying when you’re signing in a lot. I’m not sure how long this has been around, but you can change the email address associated with your Microsoft account, and move it away from your work email address.

And you may notice, there’s that ‘Tired of seeing this?’ message. My brain blocked that out, so you can follow that link too ūüôā

Atwork¬†have a writeup on how to change the email address (the first link gives a 404 message, but you’re still in the right place to make the changes). I tested this on my own account, and within a few minutes I was no longer seeing the choice between Work or Personal when signing into Office 365/Azure services.

Combine that with ADFS or Azure AD Connect Pass-Through Authentication to make your Microsoft sign-ins a quicker process!

Microsoft StaffHub General Availability

Microsoft StaffHub has now globally been released (General Availability). StaffHub is a very simple web and smartphone app based scheduling system, primarily designed for shifts.

It lets admins set and modify member’s shifts, and gives simple day/week/month overviews. I quite like this simplistic approach, sometimes these solutions can be a bit overwhelming when it’s linked to several other Office 365 features that you haven’t used yet.

Microsoft StaffHub

I was honestly up and running with this in 5 minutes, including the tutorial. I’ve¬†invited other staff members as part of adding them, and both web and smartphone views are clean and easy to read. The product itself doesn’t really do anything else – there’s chat options for the app, and file sharing, but it’s perfect for staff that don’t do much (or any) of their work on computers; or just staff that want to be able to see what shift they’re on quickly.

One point of confusion I noticed, was the invite it sends out to staff you invite only wants them to use the smartphone app, and that link won’t work from a browser. They’ll need to manually go to¬†https://staffhub.office.com for the browser experience.

Microsoft have a great starter page¬†along with video showing how it works. There doesn’t seem to be any integration with other systems – It’d be nice to be able to send shifts as calendar appointments and maybe we’ll see that in the future.

It’s part of the Office 365 suite, so if you already have a license you should be able to go to http://staffhub.ms/¬†and start playing.

Google Daydream View Review

Google released their Daydream View VR headset in late 2016, and I picked one up to go along with my Google Pixel XL for a bit of fun.

I’ll note that I’m still reasonably happy with the Pixel XL and my opinion hasn’t changed from that review. It’s still going pretty strong, and a good but expensive all-rounder.

Google says¬†“Daydream takes you on incredible adventures in virtual reality. Get ready to immerse yourself in all the things you love.” I say “Don’t get your hopes up”. Going on from the general success of Google Cardboard, it seems they thought there was a market in VR, going along the media successes of Microsoft Hololens, HTC Vive and Sony Playstations VR. Don’t mistake this device on being in the same playing field, it’s a lot worse.

AU$119 for the Google Daydream View

If you’ve already tried Google Cardboard (I hadn’t) then you’ve got a reasonable idea already. Your phone slips into this headset, which instead of being folded cardboard, is now lovely breathable fabric with a head strap and cushions for your face. Inside the headset are two lenses that magnify the phone screen, and a front flap that has a NFC chip to tell the phone that it’s inserted.

The phone itself has the Daydream app, which is a wrapper to a Daydream App Store as well as giving you a platform to get to all VR things, along with a tutorial.

This is what the phone displays inside the Daydream

The real difference between Google Cardboard and Google Daydream, is that you’ll also get a remote. This is a very light and small remote. that charges via USB-C. There’s 3 buttons, with the top also being a trackpad. There’s also volume up/down buttons on the right hand side.

Google Daydream Remote

Think of it as a more basic Nintendo Wii remote, without as many sensors (it still seems to have gyro). This remote lets you control a cursor on screen, or a wand if you’re playing that Harry Potter game that doesn’t have Harry Potter in it.

I mentioned the Daydream demo – that was the most fun I had with the kit, and it wend downhill from there. The demo is fun and well designed; it teaches you how to use all the controls and look around in a 3D world. Anyone watching you do this however, will think you look silly – everyone looks silly doing this. Android Authority have a great clip on using Daydream:

Going beyond the demo, I started to realise the picture actually wasn’t that great. Unless the headset was in the absolute most perfect spot, I had blurryness around the edges of my vision. Watching YouTube through this sounds cool, but all you really get is a 3D room where you can zoom in, out and around a video. You also can’t use this lying down, orientation can be reset on an X axis, but not a Y if you’re thinking about lying in bed to watch a movie. The graphics a game will show are rather low end too, because you’re using a super thin device that’s never going to get close to what a PC or console can do.

Also, you can watch 360 degree videos on YouTube with this, or use Google Street View to pretend you’re walking down a street – but to me, moving your head around to see in a full 360 degrees gets tiring quickly.

Even more worrying, is the Google Pixel XL’s extreme heat generated by running this. We’ve got a top end, brand new phone that can barely run Daydream; and when I say barely run, on more than 1 occasion the device has given a warning that it’s too hot and has to stop operating. This was widely reported¬†and doesn’t seem to be fixed yet.

There’s very few apps which I’ll assume is due to the limited customer base who have both a Pixel phone, and then a Daydream View. A few are free, enough to play around with different things. There’s a racer game that lets you use the remote like a steering wheel (again, think Nintendo Wii) but when are you really going to sit there with a headset on, closing yourself off to the world, to focus on playing a few low end games that require you to move your head instead of your eyes? Maybe that’s part of the problem where it feels unnatural, a glance changes to a more tedious head and neck movement with this device.

As you can probably tell, I don’t recommend buying one. It is a fun novelty for a short time, so try one if you can to see what VR is about, but the experience is just that average. This recent reddit thread asks “Those of you who have a daydream headset, what do you think of it after a few months?” and you can see the general consensus there.

I think VR/AR (Augmented Reality) itself is still taking off and will do well, but these lower end experiences won’t and it’ll be another abandoned Google idea. However, if they worked out how to do AR with the inbuilt camera, that’s a different story…

 

Searching Multi-Valued Properties in PowerShell

I’ve been playing with Office 365 commands in PowerShell and had to do a search. Sounds simple, but depending on what you’re searching, some scenarios are less basic than others.

Everything in PowerShell is an object. Usually, a property in PowerShell has a single value, such as:

UserPrincipalName: afowler@contoso.com

which is one of the results from Get-MsolUser. However, another property is different:

AlternateEmailAddresses: {microsoft@contoso2.com}

Visually, the difference is just the {} braces that contain the value. These braces mean that the property has been built to contain multiple items, rather than a single item.

If I wanted to see a list of all UserPrincipalNames, I’d use this command:

Get-MsolUser -all | select UserPrincipalName

A nice list of UPNs would display on the screen. However, that same command against AlternateEmailAddress, all that comes up is a bunch of blank lines.

To make this work, we need to select the value and show all the expressions of each value:

get-msoluser -all | select @{Name=‚ÄúAlternateEmailAddresses‚ÄĚ;Expression={$_.AlternateEmailAddresses}}

To then search on those values with the ‘where’ command, you’d have to write it like this:

get-msoluser -all | select @{Name=‚ÄúAlternateEmailAddresses‚ÄĚ;Expression={$_.AlternateEmailAddresses}} | where {$_.AlternateEmailAddresses -like "*contoso*"}

The good news is, for a where search by itself, you can forget all that and go back to basics:

Get-MsolUser -all | Where AlternateEmailAddresses -like "*contoso*"

Because of this requirement on the Select command, it lead me down the wrong path for a bit. There’s other reading on how to list all the values of a multi-valued property

If you’re still lost and want to get started with PowerShell, try checking out this PowerShell Basics video

Welcome to 2017

Welcome to 2017! I figured this was a great time to reflect over 2016, as well as looking forward to what 2017 holds.

Last year I wrote New Year 2016 Resolutions which is worth a rehash to see how I went:

1. Be more personal in what I do (selectively).
I did this a little, but can probably do it a little more. My last blog post in 2016 was an opinion piece, but I need to do more personal I believe.

2. Get less caught up in particular individuals or situations.
Mostly achieved ūüôā It still happened a few times but I walked away quicker, continue working on this one too.

3. Be more positive
I think I did fairly well on this – I’ll still call someone out on it when I don’t agree, but overall I feel like I didn’t dwell on many negative things.

4. Get more involved in communities
Tick ūüôā I was handed the Adelaide Windows User Group to run, and merged with Adelaide System Center User Community to become Adelaide Windows and System Center Community. I’ve also presented in the user group a few times, as well as another short presentation at itSMF. More presentations needed

5. Helping others
I always want to do this more, but I’ve tried to do this where possible. It’s been happening, which is great!

6. Do more writing
I did more but could have done more again. Will see how 2017 goes, I have a few external posts scheduled, and writing this post is a good start.

You can probably see a theme here – I worked towards what I wanted but felt I could have done more. What will 2017 hold for me then?

I’m off to a pretty good start. I was awarded the Microsoft MVP title in the area of Cloud and Datacenter Management! I can proudly display this logo now:

This category covers all these areas:

 

  • Azure Stack
  • Datacenter Management
  • PowerShell
  • Hyper-V
  • Storage
  • Networking
  • High Availability
  • Installation and Servicing
  • Enterprise Security
  • Group Policy
  • Windows Server for Small & Medium Business
  • Linux on Hyper-V
  • Chef/Puppet in Datacenter
  • Container Management
  • Linux in System Center/Operations Management Suite

This doesn’t mean I’m a pro at all of them either… don’t bother asking me about Chef/Puppet right now for example, as I’ve never had to use them in real life! If you want to know what a MVP is, have a look at Microsoft’s overview.

Who knows what this new title will bring, but it’s incredibly rewarding to be recognised at this level. I’m hoping to be able to visit Microsoft HQ as part of the MVP Global Summit later this year too ūüôā

I’ve had a huge response to announcing my MVP title which has been very touching in itself; just people bothering to respond with a ‘congratulatons’ is a very nice feeling – thank you all who have!

Beyond that, I’m really going to be continuing on the points I set back at the start of 2016. Nothing’s really changed there, so I’ll continue down that path.

Right now, I aim to make the most of being an MVP and continuing to do what I do; there’s always lots more to learn, and plenty of opportunities to pass on those new skills and tips.

An area of focus for me will be Azure and Office 365 which is ever changing, and it’s where all the exciting new things are these days ūüėČ

Looking forward to 2017 both work wise and family wise (and continuing to keep the balance between both) – bring it on!

 

 

Opinion: Australia’s New Website Blocking

Australians may find that over the Christmas break their favorite torrent site will no longer load.¬†Certain websites are getting¬†blocked in Australia due to a court ruling¬†which is going to accomplish very little in my opinion, and here’s why:

Copyright holders have had a successful ruling that Australian ISPs have to block five torrent websites РThe Pirate Bay, Torrentz, TorrentHound, IsoHunt and SolarMovie. Each domain blocked will cost the copyright holders $50.

Looking past any piracy arguments beyond the fact that piracy is copyright infringement (not theft) Рthere are many glaringly obvious problems with this ruling that will end up achieving very little.

this is a mere selection of the torrent sites that exist, and many people will just move onto another.

If they don’t do that, they might google ‘how to access piratebay’ and click on one of the first hits:¬†https://thepiratebay-proxylist.org/ – which is a list of sites that proxy through the original website’s content via a ‘middle’ domain.

The time the courts has given ISPs to negotiate with the copyright holders, decide on a method of blocking, and implement was 15 days – a ridiculously short time to do something like this well.

Telstra have already implemented DNS blocking which is one of the easiest to implement, and also one of the easiest to work around.

DNS blocking works by redirecting traffic from a client when it requests to go to a certain site – e.g.¬†https://thepiratebay.org/ – which would normally have the site owner’s IP address mapped to it. Instead they’re¬†getting in the middle and presenting their own warning page. You can also just use a different DNS server than what your ISP automatically gives you, such as Google’s own at IP 8.8.8.8 – making this fairly pointless. Anyone that’s worked out how to torrent, can work out one of the several ways to bypass a DNS block.

If ISPs choose to do IP blocking instead, that will lead to other issues¬†as well, and still won’t do any blocking about the proxy sites. Of course sites can also change IPs regularly.

Edit: While writing this it appears other ISPs such as Optus have implemented the same DNS blocking:

What is all this trying to achieve then?

There is the whole fear factor aspect of big brother watching which may convince people that see these messages to swear off pirating for the rest of their life. The recent letters for Australians caught downloading¬†Dallas Buyers Club¬†scared some people, but everyone I’ve spoken to that was worried either started using a VPN, or went back to the old sneakernet method of getting material from others who hadn’t changed their ways.

If anything, services like Getflix were the only winners, proving both DNS bypassing for overseas content as well as VPN services.

I don’t see any difference in this particular legal case. It gives more attention to the topic, but nothing will really change.

The whole ‘make getting material easy, cheap and worldwide’ argument still applies as demonstrated by services like Netflix, iTunes and the Apple store.

Maybe the best approach would be micro transaction fines to copyright infringement, payable online at the time of downloading a movie or TV show. Wait, that’s pretty much what iTunes is anyway!

It is an unwinnable battle for the copyright holders to go after pirates (rightly or wrongly it’s still how it is) which leaves them the single answer of providing a reasonable, paid service most will use to consume their media.

Azure AD Connect Pass-Through Authentication Tips

A few days ago, an updated version of Azure AD Connect was released –¬†1.1.371.0 (download). This included the public preview of Passthrough Authentication and Seamless Single Sign-on which lets an internal domain connected computer authenticate against an internal domain controller and sign into Office 365 resources. This gives a great cheap option to do this rather than requiring ADFS on premise to do this or just entering user credentials to authenticate against Azure AD; but there are caveats I’ll cover below.

Install Gotcha

After you’ve updated the client (regardless of the authentication type chosen), there’s a quick ‘gotcha’:¬†The Azure AD Connect application shows a different message when you launch it:

“Synchronization has been disabled to allow changes to your current configuration. Azure Active Directory will not receive further updates until reconfiguration is complete.”

 

This is very different from previous versions:

As I was testing passthrough authentication at the time, I misunderstood this message to mean that something was being configured, and I had to wait. What it actually means is that by launching the application, syncs are now paused until you go finish with this program; either by making a configuration change or just exiting.

This also means that if you leave this window open, synchronization will not occur again until it’s closed – even if you have multiple servers set up. If you get an email alert saying synchronisation hasn’t occurred for a while, this is the first thing to is to check that someone didn’t leave the application open.

Azure AD Connect Passthru Auth

I’ve been waiting all year for this option, but there is a lot of misinformation around what it actually can do. After having the privilege of speaking¬†to the Senior Program Manager on SSO and Passthru Auth for Azure AD Connect Ross Adams for two hours (thanks Ross for your invaluable time!) I found out about these key points:

  • Passthrough Authentication right now does¬†not give you a pure automatic authentication experience. It avoids the requirement of having to retype your password, you still need to choose your account
  • Azure AD App Proxy is required for Single Sign-on and Passthrough Authentication, but won’t function for actual application proxying when in this mode. You’ll need a different box running App Proxy if you use it this way.
  • Appending your domain onto supported urls with WHR¬†(Custom login page e.g. https://login.microsoftonline.com/?whr=contoso.com) will reduce the amount of clicks a user needs to get in – generally a single click to pick their account

This doesn’t quite match the experience compared to having ADFS on premise, as I confirmed with friend ¬† ¬† Ken Goodwin. This is his explanation of the ADFS experience:

If you just go to office.com to logon, after you type in your email address it’ll redirect you to the adfs server which will automatically log you on (assuming internal). If you pre-specify the domain using https://login.microsoftonline.com/?whr=domin.com, then the logon will be automatic.

This might act differently if you’re able to enable auto-acceleration on your SharePoint sites at least which drops the WHM requirement – as long as you have Azure Active Directory Premium.

Keep in mind, Passthrough Authentication and Single Sign-On are still in public preview so this may change and improve. I’m still having a mixed experience on a few items, so don’t go too crazy with rolling this out to your live setup yet. I expect we’ll see some updates soon, and finish up with a really solid new feature to improve the experience for all.

Update: Another tip – if you disable and re-enable Pass Through Auth then your old Kerberos tickets will be invalid. Wait 10 hours or run the command “Klist purge”¬†on an affected PCs – otherwise you’ll get weird authentication errors when trying to log into a site.