Tuesday, May 14, 2019

Installing Multi-Factor Authentication for your Office 365 Users

Understanding MFA

In today's world passwords and pin numbers are simply not enough and muti-factor authentication (MFA) is increasingly required to combat fraud. MFA means that you need to use a secondary form of authentication, such as an app on your phone, in addition to a password when signing into systems. 

These instructions walk you through the process of setting up MFA for a user. You may need them if your user switches phones or has to have MFA disabled and re-enabled.

In the Admin Portal

While technically you could skip this step and go directly to the console via its url, it's probably easier for most people to find their way from the Admin portal, so that's where I'll start.
  1. Open the Office 365 Admin Portal. (https://admin.microsoft.com/)
  2. Click on Users, then on Active Users
  3. Click on the dots at the end of the menu and choose Setup Multifactor Authentication.
  4. This will take you to the MFA console. 

In the MFA console

  1. Click on the Magnifying Glass icon to search for the user you want to modify.
  2. Type their name in and press enter
  3. Click on their name to open a panel to the right.
  4. In the panel, click on the link marked Enable
  5. Click on the button marked Enable Muti-factor auth.
  6. If you're new to multi-factor authentication, Microsoft encourages you to read this guide
  7. It will take a few seconds then dialog box can be closed.

Note: there's a handy link marked manage user settings that will appear once MFA is enabled. It lets you push the following settings to users;
    • Require selected users to provide contact methods again
    • Delete all existing app passwords generated by the selected users
    • Restore multi-factor authentication on all remembered devices 

Adding the App

Your users should now install the Microsoft Authenticator App on their phones. It can be accessed via the Apple App store or the Google Play store.
Sometimes, the easiest way to help your users get the app is to send them to this page.
Once the Microsoft Authenticator app has been downloaded and installed;
Open it
  • Choose Add Account (you might have to push the three dot menu in the top right corner to get this option).
  • Choose Work or School Account
  • You'll be prompted to scan a QR Code. 

The QR Code

You should send your users this link: https://aka.ms/MFASetup via Email.
  • They'll be prompted to add secondary information, such as a backup email address and mobile number. 
  • They'll also have a QR Code displayed on their computer screen. 
  • If they point their phone with the Microsoft Authenticator message on it, at the computer screen, it will scan it in and connect. 


The QR Code will activate the app on your phone, this takes a few moments (under a minute) and then it will do a test. You'll need to watch your phone and push Approve when the message appears.
From here on, the user will be prompted to approve the sign-in on their phone when they login to Office 365. Since the authenticator app isn't tied to a phone number, it will work on Wi-Fi overseas. 

Helping with Setup

If your user experience issues with the setup process and you have their device, you can do this via the Azure Portal.
  1. Go to the Azure Portal 
  2. Search and Locate your User under Users, All Users, Profile
  3. Under Authentication Contact Info, click the link marked Manage your other authentication contact information in your Access Panel Profile
  4. In the Access Panel Profile screen, click edit Security Info
  5. If you see any authenticator settings already on this screen, you may want to delete them (there's a warning but it's okay) -- this will clear any old authenticator information. 
  6. Click Add Security Info
  7. Choose Authenticator App
  8. The QR Code will be displayed and you'll be able to use the authenticator app on the user's device to scan it. 

Thursday, January 24, 2019

How to Do Email Mail Merges using Excel and Outlook

This is probably a bit of an "oldie" but I have been asked about it a lot recently, so I figured it was worth documenting. 

Why would you use this?

There's a few reasons why you might need to do an email mail merge.

  1. You've got an email that you've got to send to a few people, perhaps it's an invoice or just a seasonal greeting. Whatever it is, you don't have a group to send it to and you don't feel like just pasting everyone's email address into the BCC field.
  2. You need to reference specific pieces of data in your email -- data attached to an individual. For example, on an invoice reminder run, you might have a due date, an invoice number, an amount and a project code. 

The Procedure

1. Create an Excel Spreadsheet with your people's details in it. 
You should use the first line to have column headings like Name, Email and FirstName. 

You only really need name and email but if you want to refer to other things (eg: like the project number/job number, invoice number etc) in your email merge, then you just invent a column header and add it. 

Save it somewhere where you'll be able to find it; 
eg: C:\temp\MergeData.xlsx

(Obviously, you'll also want to save a copy of that list somewhere else because it will probably be a matter of corporate record). 

2. Open Microsoft Word and write your email leaving spaces where you want things filled in. 
Don't forget your signature because it probably won't get attached otherwise.

If you're sending a greetings card or some other kind of email marketing hook, you might want to set up an image and links. To do this, just use the normal word image import and hyperlink functions. 

3. On the ruler at the top of Word, click Mailings then Start Mail Merge. 
Choose "Email Messages" from the drop down menu.

4. Click on Select Recipients and choose "Use an Existing List".
A file open dialog box will appear.  
Browse to where you saved your excel file. Click on it and click Open

5. A dialog box will appear. 
If your sheet doesn't contain other data, the values here will be right. 
Make sure that the [x] First row of data contains headers is ticked. 
Then click Ok

6. If you're going to insert any fields, like the first name;
a. Position the cursor where you want it to go (ie: after dear but before the comma) then 
b. Click Insert Merge Field and 
c. Choose the field. In this case FirstName.  

In the case of an invoice reminder, you might insert the project number, due date, dollar amount etc.

If you're not using any merge fields, just skip this step.

7. Click on Preview Results
You can walk through the results by clicking the forward and backward arrows

Check carefully because if you've used an old spreadsheet you might have left data near the end (ie: if you have more than 2 results and you only have two names ... you'll need to check your spreadsheet). 

If you're using a few merge fields, you'll want to check things over pretty carefully -- at least until you have the procedure working perfectly. 

8. If it all looks okay, you're ready to send. 
Note that if you're doing something complicated, like Images and links, you should do a test run and send to internal recipients as well as gmail and hotmail accounts. That way you can see how the message looks on different platforms and you can test the links.

Before proceeding, make sure that Outlook is already open.... that way you can be sure that there will be no crashes or plugin problems on startup.

Then, in word, click on Finish and Merge, and pick Send Email Messages from the list.

9. You'll see a dialog box, 
You can leave most things as they are but you'll want to put a subject on your email.
Then click Ok.

10. It might seem like nothing has happened but it has. 
Click over to Outlook and check your SENT folder.

Tuesday, January 15, 2019

Getting Teams and SharePoint Sites to Appear in the Outlook Lookup

Office 365 Groups are No Longer Automatic Mail Groups

Until recently, if you created an office 365 group (usually by creating a Teams or a SharePoint site), you would also be able to send that group mail directly via outlook. Unfortunately, with everyone having the ability to create teams and sites on demand -- and very few people following good naming standards, it's very easy to get your corporate address books cluttered.

Microsoft received a lot of feedback about this clutter and as a result, they disabled the functionality. Existing Office 365 groups are unaffected but if you create a new one, you'll find that you can't locate them in the typeahead when you want to send mail.

You can however, still have your cake and eat it too. You just have to use PowerShell.


Since this is an admin feature and I'm presuming that all admins should be on Multi-Factor authentication now, the instructions are for MFA.  If you're not using MFA, you might want to use different connection commands.

Note that you'll need to replace the pink bits with your own details;

  1. Launch Microsoft Exchange Online PowerShell Module as admin
  2. Connect-EXOPSSession -UserPrincipalName youremail@yourdomain.com
  3. If your PC is already connected under MFA and you've elected to not be prompted for 15 days, PowerShell now seems to take note of this YAY....
  4. Set-UnifiedGroup -Identity "Office 365 Group Name" -HiddenFromExchangeClientsEnabled:$False

That's it.

You'll probably want to refresh your mail screens but they should start working immediately.