Office 365 will remove support for TLS 1.0 and TLS 1.1 starting October 31, 2018

As of October 31, 2018, Microsoft Office 365 will remove support for TLS 1.0 and 1.1. This means that if you have issues connecting to Office 365 services because of weaker protocols, no support tickets would be generated.

By October 31, 2018, all client-server and browser-server combinations should use TLS version 1.2 (or a later version) to ensure connection without issues to Office 365 services. This may require updates to certain client-server and browser-server combinations.

If you do not update to TLS version 1.2 (or later) by October 31, 2018, you may experience issues when connecting to Office 365. If you experience an issue related to the use of an old TLS version after October 31, 2018, you will be required to update to TLS 1.2 as part of the resolution.

The following are some clients that we know are unable to use TLS 1.2. Please update your clients to ensure uninterrupted access to the service.

•  Android 4.3 and earlier versions
•  Firefox version 5.0 and earlier versions
•  Internet Explorer 8-10 on Windows 7 and earlier versions
•  Internet Explorer 10 on Win Phone 8.0
•  Safari 6.0.4/OS X10.8.4 and earlier versions


This change comes in the context where of all major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether announced October 15, 2018 to remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols in the first half of 2020.

See the official articles here:


Office 365 migration – design your local network to improve performance

Optimizing Office 365 network performance comes down to removing unnecessary impediments.

User data and processing in Office 365 is distributed between many Microsoft datacenters. There is no single network endpoint to which client machines can connect. Services are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.

Shortening the network path to Office 365 entry points by allowing client traffic to egress as close as possible to their geographic location can improve connectivity performance and the end user experience in Office 365. By treating Office 365 connections as trusted traffic, you can prevent latency from being introduced by packet inspection and competition for proxy bandwidth. Allowing local connections between client machines and Office 365 endpoints enables traffic to be dynamically routed through the Microsoft Global Network.

The optimum connectivity model is to always provide network egress at the user’s location, regardless of whether this is on the corporate network or remote locations such as home, hotels, coffee shops and airports. Generic Internet traffic and WAN based corporate network traffic would be separately routed and not use the local direct egress model. This local direct egress model is represented by Microsoft in the diagram above.

Office 365: 10 hands on tips for a successful migration

These are my top 10 tips and learnings made by leading Office 365 migration projects:

1. Plan your User Identities

Identities are everything in Office 365. Spend more time on planning the identities than on any other service. While for SharePoint/Exchange/Skype/etc. you will be able to do some changes during the migration, if you need to change something for the identities or authentication it can become a nightmare as it affects everything in Office 365.

e.g. you cannot change the sourceAnchor attribute (it is immutable during the lifetime of an object)

2. Use idFix to fix your Active Directory before uploading the users to the cloud.

IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory.

3. Create a proof of concept (Poc)

Test the complete migration procedure in a lab or test environment. You will be able to use the environment also for additional testing or issues that might encounter post migration.

4. Evaluate 3rd party tools and ask for trial licenses

Sometimes the Microsoft tools are not enough and you need to go for third party tools. Contact the sales persons and ask for a demo. Many times the sales persons are also the ones that can give you a free trial to evaluate the tool in your test environment.

5. Create a migration runbook for sysadmins

IT administrators from other locations should be able to perform a complete migration by following the steps in the runbook. It doesn’t need to have a specific format, but it needs to be very well documented so every newbie would be able to follow it.

6. Migrate some test users and the IT administrators first

Do not start the velocity migration before getting the confirmation from the local departments that all processes and tools work as expected.

7. Office 365 throttling

Office 365 uses various throttling mechanisms to help ensure security and service availability. You might fight out during the migration that data is being transferred to the cloud at a low speed, and not because of your local network. There are various methods to overcome those throttling policies (e.g. for Exchange you can ask Microsoft support to „relax” the throttling for your tenant during the migration).

8. Change Management

Take care of your users. Communicate all change to users and train them before the migration itself. Remember that a successful project is being measured through happy users.

9. Have a disaster recovery and backup plan

Mistakes can happen. But if they happen, you need to solve them fast.

10. Use the FasTrack Center Benefits

If you have 500 or more Office 365 licenses per tenant, you qualify for the FastTrack center migration services. Do not hope that FastTrack will do the migration for you 😊

Their benefits are described here:

Configure folder redirection to OneDrive. Sync your Desktop, Documents and Favorites folders to the cloud.

In a recent customer project, we have redirected the user’s personal Desktop, Documents and Favorites folders to the cloud using OneDrive. Users can get to their files from anywhere and the files are safe in OneDrive if anything happens to the devices.

Configure folder redirection in 3 steps

  1. Prevent users from changing the location of their OneDrive folder
  2. Create an environment variable for the OneDrive folder
  3. Configure redirection of Documents, Desktop & Favorites folders to OneDrive
1        Prevent users from changing the location of their OneDrive folder

We will configure a group policy to make sure users sync their OneDrive to the default location and do not change the location of their OneDrive folder.

The group policy is located under:

User Configuration\Policies\Administrative Templates\OneDrive\Prevent users from changing the location of their OneDrive folder


2        Create an environment variable for the OneDrive folder

Group Policy won’t let us redirect known folders directly to a different location under %userprofile%, so we need to create a new environment variable that contains the location of the folder under %userprofile%.

We’ll use item-level targeting in this environment variable to prevent folders from being redirected until the folder has been created by the sync client.

Under “User Configuration\Preferences\Windows Settings” create a new Environment variable called “OneDriveSync” and set the value to “%userprofile%\”.

e.g. %userprofile%\OneDrive – ranari

In the common tab check the box “Item-level targeting” and define a new item that matches the folder you have defined before “%userprofile%\”.

3        Configure redirection of Documents, Desktop & Favorites folders to OneDrive

Under “User Configuration\Policies\Windows Settings\Folder Redirection”, go to Properties and enable the setting “Basic – Redirect everyone’s folder to the same location” and set the Target folder location to “Redirect to the following location”. For the Root Path type in “%OneDriveSync%\Documents”.

On the Settings tab, clear the “Move the contents of Documents to the new location” check box.


Leaving this setting enabled could result in data loss when the contents of the Documents folder is merged with the OneDrive folder, if there are files with the same name in both locations.

Configure group policies similarly to redirect the Desktop or Favorites area.

Important Considerations

Note that it is not supported to have existing content automatically migrated by Group Policy to the OneDrive folder. With automatic file migration, there is a potential for data loss in cases where there are files in both locations that have matching file names.

Once the redirect to OneDrive is in place, we’ll need to migrate the user’s data from the original location on their local disk to the OneDrive folder.

Keep in mind that as new users and computers come online over time, users may still save files to their Documents folder before they configure the OneDrive sync client, and these files would then need to be moved to the OneDrive folder after the redirect takes place.

User Experience

After everything is set up, here is how the user experience will look like:

  1. The user logs in to Windows and gets the OneDrive set up page. odb10
  2. He types in his e-mail address and clicks Sign in.
  1. If a new login window appears, types in the credentials again and clicks ok. (after adding the sites through GPO in the IE zones this step might not be necessary)
  1. Go through the Wizard without changing any settings, click Next every time.
  2. The Folder Redirection will be configured automatically on the next reboot.
  3. All the existing files need to be manually copied to the new locations. Or they can be copied via script, which I will cover in a separate article.odb12

Getting Facebook adds from a site you just visited? Facebook Pixel

I keep seeing adds on Facebook from an online shopping site that I just visited. Does this sound familiar? It happens to me all the time.
The feature that makes this possible is called Facebook Pixel. By placing Facebook Pixel Code on the header of your website, when someone visits your site and takes an action like completing a purcase, the Facebook Pixel is triggered and reports the action. You will then be able to reach to the customer again through future Facebook ads.

Curios to see if a site uses Facebook Pixel?

1. Open in Internet Explorer any add suggested by Facebook.
2. Press F12 to switch to the Developper Tools.
3. Press Ctrl+F to open the search query and search for „fbevents.js”.
4. Finding a match like this one will confirm that the site is using Facebook Pixel Events.

To set up Facebook Pixel on your own site follow these steps

1. Create a Facebook pixel from the Pixels tab in Facebook Add Manager available at

2. Update the website’s header section with the code provided by Facebook Pixel. The code looks like this:

3. Track specific actions people take on your website by setting up the Facebook Pixel in the Ads Manager
You can choose between following events to track on Page Load or Inline Action: Purchase, Generate Lead, Complete Registration, Add Payment Info, Add to Cart, Add to Wishlist, Initiate Checkout, Search, View Content.

You can also create your own custom events.

Sources and more information
Facebook Pixel

Pixel Events – Facebook Tag API

Office 365 admin roles


I see confusion when it comes to Office 365 administrator roles. Let’s make things clear!

There are following types of admin roles for Office 365:

Administrator type Functions
global can do and has access to everything
billing makes purchases, manages subscriptions, manages support tickets, and monitors service health
password can only reset user passwords
user management resets passwords, monitors service health, adds and deletes user accounts, manages service requests
service used to open support tickets with Microsoft; has view only permissions
Exchange/Skype for Business/SharePoint/Power BI service manages the respective service

Admin roles can be assigned to users from the Office 365 portal or via PowerShell.

In the Office 365 portal

  1. Switch to the admin center.
  2. Select users > Active users.
  3. Click Add a user (for new users) or Edit a user (for existing users) > Roles.
  4. Select the desired admin roles.

This is a screenshot when adding a new user:


Using PowerShell

Add-MsolRoleMember -RoleMemberEmailAddress  <String> -RoleName <String>


Add-MsolRoleMember -RoleMemberEmailAddress  “” -RoleName “SharePoint Service Administrator”


To get the list of all values for the RoleName parameter, use the Get-MsolRole cmdlet.

Add a filter on the results to retrieve only the administrator roles:

Get-MsolRole | Where-Object {$_.Name -like ‘*administrator*’}

Share a new WordPress blog post to Facebook newsfeed automatically with Microsoft Flow


Whenever you publish a new blog post on WordPress, the good news can be automatically shared on your Facebook timeline. With Microsoft Flow, part of the Office 365 suite. Here is how:

1. Your Microsoft Flow needs to authenticate to WordPress and Facebook. Create connections for each account.

a. Login on the Office 365 portal.

b. Select the Flow tile from the App Launcher.


c. In the settings menu at the top-right of the screen select Connections.


d. On the My connections page click Create Connection. 


e. In the list of Available connections, select the connection that you want to set up, such as Facebook or WordPress. Then, enter your credentials to set up the connection. Click Approve to allow Flow to login on your behalf.


2. Create a new blank flow.

Go to a modern SharePoint list and select Create a flow.


Alternatively on the Office 365 portal select My flow and Create from blank.


3. Add the needed actions and conditions.

a. Look for the action WordPress – When a post is created.


b. Click New step and Add an action.


c. Select Facebook – Post to my timeline and add your customized status message.


4. Save the flow and it will get automatically enabled.


Actions displayed when adding new steps are filtered on the ones compatible with the flow logic. You can still manually search for and add other actions, but these will eventually not work.

e.g. at the time of this writing, posting to a SharePoint page fails with the message 200 Insufficient permission to post to target on behalf of the viewer