A few weeks back Microsoft started upgrading Office 365 Tenants to the new Admin and exchange system. Whilst this comes with a few cosmetic tweaks they have once again failed to address key concerns that have been running around for the last 2 years like, Directory Sync issues and the complete lack of management if you are Federated without an on premise exchange server. So this is an open letter to Microsoft.
Dear Microsoft
2 years ago you kicked me out the building when I tried to address key issues with you regarding Directory Synchronization in a Federated setup and the excessive spam and viruses being allowed through what is supposed to be, a “filter” called Forefront. When I say kicked me out that may be a bit harsh, but being told by security to leave because nobody wanted to talk to me is about the same! In my defence I had written several letters and had an ongoing support case that was being completely ignored, what else was I supposed to do when a giant completely blanks you.
2 years later we are still in the same boat, Federated domains with no on premise exchange still need to use powershell and ADSI editing tools in order to make simple changes like… adding an email address. You would think being a mail system this would be a pretty important factor! I don’t want to go into the sequence of events should someone get married and change their name, but rest assured many technical support staff still cry themselves to sleep at night whilst rocking in the corner muttering no no no.
2 Years later and we have had to switch to Mimecast because the Forefront filtering is that bad. I understand this is not a problem for all tenants but we have a major client with a problem that you cannot solve. Smaller clients don’t seem to be fussed or just get less spam. We even have a can of Spam on our desk as a reminder of the complete farce that is called Forefront.
Now I know I sound like I am bashing Office 365 and whilst I suppose I am, I still think the service is the best around and it is just incredibly annoying when a company like Microsoft just don’t commit to solving real world issues when it comes to their core products. Would I switch to Google apps because of this… Absolutely not, but the additional costs involved in Admin time and additional spam filter products gets hard to explain to people.
Client: “So you think the Office 365 service is great”
Me: “Yes!”
Client: “But the Admin and Spam may be an issue?”
Me: “Uh Yes?”
You can see how this goes down like a lead balloon.
Before I digress too far please can you add the following to the list of things that are just not thought through and get onto fixing them ASAP. I will even come and discuss this, at my cost, anywhere in the world where someone cares should you wish to actually listen. Once again the invitation is open, I challenge you to take me up on it this time.
Changing a user Licence (Update 39/05/2013 – Microsoft have now resolved this)
Until the tenant upgrade we could log into the portal, select a user, click on the licensing and choose which licence they required. If their needs changed we could simply repeat this process and change the licence thus freeing up another. Post update we can still do this but there is an error and you cannot actually get anywhere or see the error, just an outline of the red box. This is apparent for all browsers, Chrome, Firefox, IE, Safari and several mobile devices we tried. Now instead of the horribly easy “tick, tick, boom – job done” method we need to :
- Open Powershell
- Connect to MSOL
- Perform a tiresome login
- Connect to a session
- Assuming you know the licence types, remove the old licence and then add a new one like this or a combination of it –Set-MsolUserLicense -UserPrincipalName user@contoso.com -AddLicenses “contoso:ENTERPRISEPACK” -RemoveLicenses “contoso:STANDARDWOFFPACK”
- Disconnect the session
- Wait an unknown time period for the changes to take place.
I can really tell that you guys thought this through before releasing it to the general public. Thank goodness you actually tested this excellent solution. We all love Powershell, it reminds us of our mis spent youth as Leonardo, Donatello, Michaelangelo and Raphael and brings a smile to our faces!
Litigation Hold (Update 39/05/2013 – Microsoft have now resolved this)
Once again, disabling litigation hold via a web interface is completely unrealistic and unreasonable, why would you want to do things the easy way?
So instead of “Click, Click, Boom” again we get to do the following:
- Open Powershell
- Connect to MSOL
- Perform a tiresome login
- Connect to a session
- Set-Mailbox <identity> -LitigationHoldEnabled $false
- Disconnect the session
- Have a celebratory drink on accomplishing this task
Instead of having helpdesk or 1st/ 2nd line support do these relatively simple tasks it now requires quite an advanced level of system access and knowledge to do. Once again, money well spent on admin tasks. Finally, why did you grey out the whole mobile section and move it elsewhere? We hate managing Mobiles from one place, it’s much easier to go into every separate user, thank you, was this an early Christmas present?
So as a final plea. PLEASE sort this out as soon as possible and if you wish, contact me to see exactly how these services are being used in the real world, not some idealistic world called Contoso.
Rant Over.
SIDE NOTE: Yes, service tickets were logged but thats a completely different rant.