Using O365 without On-Premise Exchange with System Center 2012 Orchestrator

I was checking over some Runbooks today in my lab and one failed when it hit the send e-mail activity.  Odd I thought and then it dawned on me that when I re-installed the lab a month or so back I didn't re-implement exchange as I went for a full Office 365 play.

Great, here comes the task of setting up SMTP e-mail relays, unless... will Orchestrator work directly with O365 using just the Send Email Activity?

It turns out it does and really simply too.

On the Send Email activity properties, fill out the information on the Details tab.

N.B. Make sure you untick the Task fails if an attachment is missing option if you're not putting an attachment on the mail.

On the Advanced tab enter the email username and password for the account you created in Office 365 that will be used for sending e-mail from Orchestrator.

You can leave the Domain field blank

Logon to Office 365/OWA as the Orchestrator e-mail account, click on the Options button and then About.

Make a note of the Server name and Port as highlighted in the screen shot below (pod51016.outlook.com in this example)

Enter this information into the Connect tab, along with the e-mail account you've setup for Orchestrator to send from

Make sure the Enable SSL option is ticked, otherwise you will get an error in Orchestrator informing you that the SMTP server requires a secure connection.

Check your Runbook in and give it a test run.
If it's setup correctly then this time you should see it succeed.

And voilà, you should end up with e-mails being sent to/from Office 365 without the need for any on-premise Exchange or SMTP relay.

Another, simpler method, is to use the Exchange User Integration Pack.

With this IP installed, you can configure the server to use (again the details from OWA) along with the e-mail and password by going to the Options menu and choosing Exchange User.

Then drag a Create and Send E-Mail activity to your runbook and provide at least the e-mail address to send a mail to, the subject and the body.  Other options are available such as priority and attachments via the Optional Properties... button.

 

Again, another successful e-mail can now be sent.

 

 

Intune common logon without ADFS (Aka Password "sync")

Recently Microsoft released a new version of it's DirSync tool that enables organisations to synchronise it's Active Directory (AD) User accounts across into the Azure Directory Services used by Intune, Office 365, CRM etc.

This has previously only enabled organisations to reduce the administrative burden of having to recreate all of their accounts for those users they wanted to access online services, but they then had to either issue separate passwords or implement Active Directory Federation Services (ADFS) to offer a truly seamless single sign-on experience for the users.

With this latest release from Microsoft, they have now introduced the ability to also push passwords up into the Azure DS.  Notice the push aspect, not synchronised as the password cannot be changed in the cloud and replicate back into your AD.

While I wouldn't class this as true Single Sign-on (SSO) as your still effectively authenticating against a different directory service, it's still a great option for Microsoft to have added, giving great flexibility for those organisations that want to take the first steps or who can't/don't know how to deploy ADFS.

Nothing has majorly changed during the install (New Azure logo and Install Directory), so rather than re-inventing the wheel, check out the post link below that I did for installing DirSync. I've then run through the differences in the new version below the other post link.

http://systemscentre.blogspot.co.uk/2013/01/system-center-2012-configuration_12.html

The first thing to note is that you cannot "upgrade" the client as you will be presented with a dialog blocking you from continuing if an older version is installed, so remove the old version first.

The main installation/configuration screen change is this one, which provides the option to push your passwords up along with your users.

Tick the option box to Enable Password Sync and that's it done!

The user account sync element still runs on a 3 hour schedule, but passwords are set to sync within minutes of a change in your local AD.

Intune users can find the new version of DirSync at this link (Requires sign on with an Intune Admin Account):
https://account.manage.microsoft.com/DirSync/DirectorySynchronization.aspx

The TechNet Library article on Implementing Password Sync can be found here:
http://technet.microsoft.com/en-us/library/dn246918.aspx