Azure Automation delivers a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments. It consists of process automation, update management, and configuration features. Azure Automation provides complete control during deployment, operations, and decommissioning of workloads and resources. It can automate frequent, time-consuming, and error-prone cloud management tasks. This automation helps you focus on work that adds business value.
Azure Automation manages across the lifecycle of your infrastructure and applications. Transfer knowledge into the system on how the organization delivers and maintains workloads. Author in common languages like PowerShell, desired state configuration, Python, and graphical runbooks. Common scenarios for Automation:
Build / Deploy resources: Deploy VMs across a hybrid environment using Runbooks and Azure Resource Manager templates. Integrate into development tools like Jenkins and Azure DevOps.
Configure VMs: Assess and configure Windows and Linux machines with the desired configuration for the infrastructure and application.
Monitor: Identify changes on machines that are causing issues and remediate or escalate to management systems.
Protect: Quarantine VM if security alert is raised. Set in-guest requirements.
Govern: Set up role-based access control for teams. Recover unused resources.
Next, click on “Modern authentication” and you can see the configuration options like this:
More information on Basic Authentication, how to use Graph API or OAuth2 for POP and IMAP protocols, also how to use the Exchange Online v2 PowerShell module with Modern Authentication can be found here.
This blog post covers a summary of the session from Paul Collinge and Jeff Mealiffe about a recommended network architecture to get the most out of Office 365.
The enterprise connectivity challenge is that most customers are using a lot of expensive network equipment for the outgoing and incoming network traffic to and from the Internet. For example, proxy servers, WAN accelerator, secure web gateway, intrusion prevention system, etc. All of this network and connectivity equipment is expected because all things outside is unknown and untrusted.
But this model doesn’t fit with the cloud world of Office 365 and causes various connectivity problems.
Outbound messages to the Internet are routed from the Exchange Online organization through your on-premises organization. With the exception being messages sent to other recipients in the same Exchange Online organization, all messages sent from recipients in the Exchange Online organization are sent through the on-premises organization. This enables you to apply compliance rules to these messages and any other processes or requirements, like digital sign emails at your smtp gateway, or that must be applied to all of your recipients, regardless of whether they’re located in the Exchange Online organization or the on-premises organization.
Office 365 comes with a set of admin roles that can be assigned to users within your organization. Each admin role maps to common business functions and gives your users permissions to do specific tasks in the Office 365 admin center and Windows PowerShell.
This is especially true for large organizations or universities with multiple brands or decentralized administration within a single Office 365 tenant, the default admin roles can cause headaches. While the delegation of permissions in Exchange Online works very well with Role Based Access Control (RBAC), other applications and services are hard to manage at a granular level. For example, license management or helpdesk for different countries, brands, and organizations. In these organizations, only a subset of administrative users are allowed to edit properties based on their region or brand.
I would like to share some Exchange 2010 hybrid migration facts with you that we figured out.
First, again many thanks to Michael Van Horenbeeck! He helped me discuss this with a customer. I’m always very happy to work with him. And many thanks to Ben Winzenz and Jeff Kizner as well, I’m very grateful for your help.
In short: a customer is trying to keep about 65k mailboxes in sync to ensure a short cutover time. We are using a maximum of 1,500 mailboxes per batch, 5 batches per week, and switching 7,500 mailboxes with an overall data of about 5TB per week. For some technical details, we are using Azure ER (800 Mbit) for migration with 4 TMG as a proxy and some kind of F5 load balancing in between, PAW is activated, and two migration endpoints with each 100 sync/complete in parallel. We did some networking measuring and move request statistics and we had an average migration velocity of 18.6GB/h for batches starting the first incremental sync (0% to 95%) which is great. Of course, the migration velocity depends on the number of batches, mailboxes, mailbox items, network workload, etc.
My colleagues and I are working on a (pilot) multi-forest Exchange hybrid environment with a single Office 365 tenant. In this early stage of the project we will have two companies, each with their own on-premises environment. One of the requirement is a delegated administrative concept for Exchange Online, which means administrators and helpdesk workers should only manage and configure settings for their specific domains. This blog post will show you how to handle this with Role Based Access Control (RBAC).
Enabling single sign-on for your users must not be a big deal. There are multiple hybrid identity authentication scenarios available to obtain single sign-on capabilities to your users:
Active Directory Federation Services (AD FS): single sign-on, based on one identity in your on-premises Active Directory and publishes on-premises and cloud web applications. This is the most complex scenario and often used by organizations with 250+ seats. They are not only using Office 365 applications for single sign-on, but also for other Intranet and Internet applications to achieve SSO user experience.
Password Hash Sync (PHS): same sign-on, which means you must authenticate again with your on-premises credentials accessing Office 365 services.
Pass-through authentication (PTA): single sign-on, allows your users to sign in to Azure Active Directory directly validating the users’ passwords against your on-premises Active Directory.
Seamless single sign-on: single sign-on, automatically signs your users in when they are on their corporate devices connected to your corporate network. Can be combined with either PHS or PTA.
When should I use AD FS instead of other hybrid authentication methods?