, , , , , , , , , , , , , ,

Office 365 App Password with MFA | HowTo | 1 of 2

Part One | Part Two

If you’re using Multi-Factor Authentication for your organisation, and want to use applications which connect to your Office 365 account, you will need to create an Office 365 App Password. This is to enable the App to connect to Office 365. For example, if you’re using Outlook 2016 or earlier, Apple Mail App, Skype for Business or any other third party client with Office 365, you’ll need to create an App Password.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

 

Thankfully, creating an Office 365 App Password is really easy to do, if a little hard to find.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Office 365 App Password Portal Login Step One

    Office 365 Portal Login Step One

  2. Click on View account:

    Office 365 View Account App Password Step Two

    Office 365 View Account Step Two

  3. Click on Manage Security & Privacy:

    Manage Office 365 App Password Security Privacy Step Three

    Manage Security & Privacy Step Three

  4. Click on Additional security verification:

    Office 365 App Password Security Privacy Step Four

    Additional Security Verification Step Four

  5. Click on Update your phone numbers used for account security:

    Office 365 Update Numbers App Password Step Five

    Update Numbers Step Five

  6. Click on app passwords:

    Office 365 Select App Passwords Step Six

    Select App Passwords Step Six

  7. Click on create:

    Create Office 365 App Password Step Seven

    Create Office 365 App Password Step Seven

  8. Enter a Name in the box, something unique is recommended. I usually name the client application the App Password is associated with. In the example below I have used Apple Mail App. Click next:

    Name Office 365 App Password Step Eight

    Name Office 365 App Password Step Eight

  9. Now either copy by selecting the line, taking care not to pick up any spaces or other characters, or click on copy password to clipboard. You can now use this App Password in your client application, such as Apple Mail App, Thunderbird, iPhone, iPad. Take care as this is the only time you will see Your app password. They cannot be viewed or changed once you click close:

    Copy Office 365 App Password Step Nine

    Copy Office 365 App Password Step Nine

  10. When you Enrolled in Multi-Factor Authentication you were given an initial App Password. I recommend deleting the initial app password, in favour of creating individually named App Passwords. This allows you to ensure each device or client is separate, which is more secure and easier to manage when you want to remove authentication. Click Delete:

    Delete Office 365 App Password Step Ten

    Delete Office 365 App Password Step Ten

  11. Confirm you want to delete the App Password and click Yes:

    Confirm Delete Office 365 App Password Step Eleven

    Confirm Office 365 App Password Step Eleven

  12. The App Password has been successfully deleted. Click close:

    Change Office 365 App Password Step Twelve

    Change Office 365 App Password Step Twelve

  13. That’s it. You now have an App Password for your Apple Mail App. Repeat steps 7, 8 and 9 to create additional App Passwords.

    Review Office 365 App Password Step Thirteen

    Review App Password Step Thirteen

In Part Two, coming soon, I will demonstrate how you can add your App Password to a variety of clients and devices, including Apple Mail App, iPhone, iPad and Outlook 2016.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , ,

Office 365 Email Signature Management with Mail Flow Rules [Part 2: Apply the Rule]

We covered the reasons why you should include an email signature, and what information you should include in the previous post. However, Office 365 Email signature management is made possible with the application of mail flow rules. This enables the functionality to append email signatures at the server side, meaning that you get consistently applied signatures no matter what device you’re sending from. This enables company-wide standardisation and brand consistency.

You will need:

  1. Office 365 Email Signature
  2. Admin access to exchange mail flow rules
  3. A signature/disclaimer encoded in html/css, with no more than 5000 characters (If you would like to know how to create one, read this post and follow the instructions.)

Step 1: Accessing Mail Flow Rules

  1. In the top left corner, open apps, and hit Admin.

How to access email signature mail flow rules in Office 365.

2. Then navigate to the Exchange admin centre.

How to access mail flow rules in Office 365.

3. Navigate to rules within the mail flow section.

How to access mail flow rules in Office 365.

Hit the plus icon and then create a new rule in the dropdown menu.

Office 365 Email Signature.

Office 365 Email Signature.

A new window will open with several options.

Step 2: Creating a Mail Flow rule for the Office 365 Email Signature

The new window that just opened should look like the following:

Office 365 Email Signature

Office 365 Email Signature

Let’s go through the options in order.

    1. Firstly you will be asked to name this rule. It’s good practice to keep things organised. I suggest calling it something like “disclaimer” or “signature”.
    2. The next section is the “apply this rule if…” which is the section that controls what conditions need to exist for a signature to be appended. Select your preferred combination or, to cover all emails sent from within your organisation, select “The sender… is internal”.
    3. The next section, “do the following” asks you to select an action. You should select append a disclaimer, whereupon you should click on enter text, then paste in your html code.

The key part of this is the coded signature itself. An Office 365 email signature needs to be simple and lightweight as email clients are notorious for resizing and squashing email signatures. For more information on how to create a signature click here.

  1. Next is a checkbox that asks “Audit this rule with severity level”. It’s up to you if you check this or not. The implication is that if checked, the rule will appear in reports and message traces. For more information click here.
  2. Next it asks you to choose a mode for this rule. Select the radio button marked enforce. This option controls whether the rule will appear in message traces, which helps if you’re troubleshooting.
  3. Click save.

Your new rule should appear within the list. You may need to promote or demote the priority of the rule using the arrow buttons, in case your signature rule conflicts with another rule.

Rules sometimes take a few minutes to propagate but eventually you will start to see a signature or disclaimer applied to your emails.

Step 3: Add Exceptions to the rule

You may want your signature to apply only in certain situations or for certain users. Mail flow rules are flexible. There are a range of conditions and exceptions you can use to tailor the rule so that it applies only when you want it to.

To prevent a stack of identical signatures at the bottom of your emails, you can insert an exception. Choose a unique word or phrase within your email signature. For example, your company registration number or part of the address. Edit your rule to include an exception, select “the subject or body matches…” and then enter a unique phrase included within your signature.

By doing this, the rule knows that a signature has already been applied before, so it doesn’t apply it every time a new email is sent.

If some staff need to be excepted from having a signature on their emails. Add an exception for the sender and add the individuals or groups you want excluded from the rule.

, , , ,

Office 365 Signature Management with Mail Flow Rules [Part 1: Creation]

Office 365 email signature management for company-wide consistency is made possible with mail flow rules. There are a number of reasons why you might want to append an email signature to your emails. The foremost reason is making it easier for customers to contact you. An Office 365 signature looks professional and consistent, distinguishes your organisation, and helps users find the contact details they require. Alternatively, you may have legal, regulatory, or marketing requirements.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

However, if you are unable to consistently append a signature to your emails on different devices, or if your signature looks garbled and distorted, this leads to problems. At best it appears unprofessional, at worst it can lead to your emails being sent to a spam folder, or customers receiving incorrect contact information.

For Office 365 and Exchange Online users there is a solution that appends email signatures or disclaimers organisation wide, at the server-side. This means that when you send an email your device sends it to your email server first, which applies the signature, then sends it on to the recipient. Therefore, no matter which device you send an email from, the Office 365 signature/disclaimer will look identical. This is an ideal way to achieve company-wide email signature standardisation.

Step 1: Office 365 Signature Planning

First things first, you’ll have to decide which details you intend to include with your signature.

Most signatures will have at least one of the following:

  • Contact details (job title, phone number, extension, office address)
  • A call to action
  • Links to social media
  • Your latest latest product, events or promotion

However, there are also some limitations to consider. You should aim to keep your email signature as lightweight as possible. This means using text instead of images where possible, removing or scaling down large images, and including only the contact details which are most relevant to you, and to your organisation.

Step 2: Office 365 Signature Coding

Here’s a simple code snippet to get started. Just replace the placeholder in the 14th line to the name of your organisation. If you have already added your details into Office 365 or Exchange Online, the attributes between the percentage symbols should update automatically.


<style type="text/css">
a:hover, a:focus, a:active {color: black;}
</style>
<br>
<br>
<h1 style="font-family: Arial, Helvetica Neue, Helvetica, sans-serif; font-size:14px; text-transform:uppercase; margin-bottom:8px;">
<span style="color:#000">%%DisplayName%% </span><span style="font-size:12px; font-style:italic; font-weight:normal; text-transform:none;">%%Title%%</span></h1>
<table id="sig" width='320' cellspacing='0' cellpadding='0' border-spacing='0' style="width:320px; margin:0; padding:0;">
<tr>
<td style="margin:0; padding:0;">
<table id="sig2" cellspacing='0' cellpadding='0' border-spacing='0' style="padding:0; margin:0; font-family:'Arial',sans-serif; font-size:12px; line-height:16px; color:#000; border-collapse:collapse; -webkit-text-size-adjust:none;">
<tr style="margin:0; padding:0;">
<td style="margin:0; padding:0; font-family:'Arial',sans-serif; white-space:nowrap;">
<strong><span style="color:#000">YOUR COMPANY NAME</span></a></strong>
<br>
<span style="color:#000">%%Street%%, %%City%%, %%Zipcode%%</span>
<br>
<span style="color:#000">Direct: %%PhoneNumber%% | Mobile: %%MobileNumber%%</span>
</td>
</tr>
</table>
</td> 
</tr>
</table>
<p style="line-height:10px;"><span style="font-family:'Arial',sans-serif; font-size:10px; color:#aaa; line-height:10px;">This electronic mail transmission and any accompanying attachments contain confidential information intended only for the use of the individual or entity named above. Any dissemination, distribution, copying or action taken in reliance on the contents of this communication by anyone other than the intended recipient is strictly prohibited. If you have received this communication in error please immediately delete the E-mail and notify the sender.</span></p>
<br>

The above code creates a email signature that looks like this:

Office 365 Signature Management with Mail Flow rules

One important point to reiterate is that it’s best to keep your signature lightweight. This is for two main reasons. Firstly, Office 365 allows a maximum disclaimer length of around 5000 characters. Secondly, an overcomplicated signature can have more things that can go wrong in it. This becomes clear in the next section.

Step 3: Office 365 Signature Testing

As there is little standardisation between email clients, your email signature might look different to users using a different client on a variety of different devices. Generally, the more complicated the signature, the more difficulty you will have in getting it to display correctly in every email client.

To make sure that your email signature displays correctly, there are a number of services that allow you to see what it would look like rendered on different devices and different email clients.

The big two are Litmus and Email on Acid. Both have free trials. The Email on Acid free trial lasts for 7 days but is comprehensive in that it tests emails in a 30+  clients in a variety of operating systems and screen sizes. It also has a debugging feature in which it tells you which parts of your code are unsupported by each email client. Litmus email testing also has a free trial lasting x days and allows you to test for several email clients and browsers.

Adjust your expectations:

Bear in mind that you’ll probably never get something working perfectly in every email client that has ever existed. Some email clients block all images or links altogether so sometimes it’s better to focus on attaining compatibility with the email clients that your clients use or the most popular/most used email clients. You can find a list of the most popular ones here.

Maintain a positive outlook:

The problem child of email signature compatibility is Outlook 2007, 2010, and 2013. When Outlook 2007-13 sees HTML, it renders it as it would a Microsoft Word document. This means signatures often look garbled or distorted. Unfortunately, these email clients aren’t going away anytime soon, so it’s important to work out what they do and don’t like. Luckily Email on Acid produce a guide which includes instructions on tailor your code to achieve compatibility with most modern clients. You can find it here.

Step 4: Office 365 Signature Customisation

Most signature contain contact information that is unique and specific to each user. By using attributes, you can quickly add information such as address details, phone numbers, departments or job titles. Just make sure all your details are updated beforehand!

Here is a list of the most common attributes:

Display Name %%DisplayName%%
Phone Number %%PhoneNumber%%
Mobile Number %%MobileNumber%%
Job Title %%Title%%
Street %%Street%%
City %%City%%
Post Code %%ZipCode%%

You can find the full list and additional information here.

Step 5: Office 365 Signature Install

Once you’ve got a working html signature. Now it’s time to install it.Click here for a guide on how to apply your signature using Office 365 mail flow rules.

, , , , , , , , , ,

Office 365 Email Continuity & Disaster Recovery | HowTo

Email continuity is critical. Learn how to protect email with simple, and old hat, methods in tandem with Exchange Online for email continuity & email disaster recovery.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

Email continuity & Email Disaster Recovery: I’m not sure if it’s just me, but there does seem to be an incessant whine regarding the demise of email. Usually from some thought leader or other, who quite possibly only reads his emails in Outlook and has never had to configure a monitoring service, a notification tracker or a Line of Business Application for email continuity.

Of course in order for humans to communicate there are many other channels available, such as Slack, which I use for notifications that I’ve arrived at the office, but not left;). Skype for Business too, which is our go-to application for video conferences, chat with end users and to see if someone is both sentient and available. I even have a mobile phone and an IP Telephony desk phone, plus FaceTime, iMessage, Zoiper and many more. There are those other things, such as Social Media, where I occasionally play in the LinkedIn pool. Personally, I prefer an actual face to face conversation, sometimes involving a pen and paper and a cup of coffee.

Declaring the demise of email is a rather bold, personally I’d say a little ignorant. Not merely because of the pervasive implementation in things that don’t actually get read, but also because it is still a mechanism where you can write something, attach something and consider something prior to sending it. Radical Group reports that approximately 205 billion email messages are sent per day.  That is 2,372,685 emails per second. I had to turn my phone sideways to calculate that. One of our own customers sends and receives several million emails each month. On balance, email is not about to cease anytime soon.

Why implement Email Continuity & Email Disaster Recovery for Office 365 Exchange Online?

Okay, email can sometimes feel like an annoyance, however, imagine if email were suddenly cut off? Most organisations rely on email to not only conduct day-to-day business, but to also ensure the wheels in the background are turning. Loss of email access or usability can not only slow productivity, it can also cost money.

I recently read a post where it was suggested that an emergency inbox in the cloud was an ideal solution in order to achieve email continuity. It’s not. Look at the numbers above. It would be impractical to have a days worth of the several million emails per month for one business delivered in to one big bucket. How would you make sense of them? What would you do with them if you could? Where would they be stored? When would you be able to restore them to the primary mailboxes? Whilst I’m not laughing and pointing at the idea, much, there is a far better solution.

MX Fallback for Email Continuity & Email Disaster Recovery for Office 365 Exchange Online

Aside from having a reliable, enterprise designed provider, such as Microsoft Office 365, I have to confess to being a little distrusting of any particular service as the only resource. The very nature of technology means it will break or cease to operate correctly for some reason or other and email continuity is too important to ignore.

MX, and the possibility of MX Fallback, was implemented in January 1986 in RFC973 and RFC974 and is perfect for email continuity with Office 365 Exchange Online. In simple terms, Mail Xchange was given a list, mail-1.serviceteamit.co.uk, mail-2.serviceteamit.co.uk and so on. Each MX can be given what is often referred to as a priority, but is in actual fact just an ordered list. Ordinarily your first entry is O, 1 or 10.

Adding MX Records to DNS

With Office 365 and Exchange Online there is only a single entry. Since the last update to Exchange Online the MX entry is in the form:

domain-suffix.mail.protection.outlook.com.

Prior to the previous update to Exchange Online the MX entry was in the form:

domain-suffix.mail.eo.outlook.com.

Both style entries work correctly and there are no current notices that the previous syntax will be deprecated.

For the purpose of fallback we want to add another MX record immediately following the main entry. For example our first two MX records are:

MX 0 serviceteamit-co-uk.mail.protection.outlook.com

MX 1 serviceteamit-co-uk.mail.eo.outlook.com

Our MX Fallback server records for email continuity and email disaster recovery are:

MX 11 mx00.1and1.co.uk

MX 12 mx01.1and1.co.uk

The first two entries. MX 0 and MX 1, are to our primary mail provider, Office 365 Exchange Online. Both of these records land on the same email servers and are of course not the fallback. The third and fourth entries are the Fallback servers. MX 11 or MX 12 will be chosen for delivery of email should either of the first two hosts not respond. There are a number of reasons the primary servers may not respond including network issues, DNS issues, DDoS issues, simply being offline and many others.

Adding recipients to the Fallback host

The simplest way to implement recipients is to enable a catch all on the Fallback server. Practically any email server has the functionality to receive at catch all, or catchall, denoted as *@serviceteamit.co.uk. This way any recipient for email disaster recovery,  firstname.lastname@serviceteamit.co.uk or random@serviceteamit.co.uk, will be delivered, albeit to one big bucket. The catch all instructions for 1&1 can be found here. A catch all is obviously not recommended as it’s merely a big bucket of email, the reasons not to have are outlined above.

The most sensible approach would be to add all users as mail recipients. All mail user recipients can be exported from Exchange Online as a CSV. Almost any mail server will support importing these users via the same CSV. You may need to alter the CSV headers.

In order to export your users:

1. Log in to your Office 365 Portal via https://portal.office.com.

2. Navigate to Admin and Exchange on the bottom-right of the page:
Exchange Online Admin for MX Fallback

 

3. Click on Mailboxes:
Exchange Online Recipients MX Fallback

 

4. Click on the three dots and select Export Data to a CSV file:
Exchange Online Export to CSV MX Fallback

 

5. A new window will have opened. Select the columns you wish to export, I prefer to select all of them. Then click Export:
Exchange Online Export to CSV Columns MX Fallback

 

You can now use this CSV file to import your user accounts in to your Fallback server as recipients for total email continuity with Office 365.

If you do not wish to import all users you can choose to only enable your highest priority accounts, whether they be individuals, groups, distribution or service accounts for monitoring and notification.

Once the accounts are imported you can now monitor the mail on the Fallback server in Office 365 Exchange Online in order to synchronise emails back to the primary account in Office 365 Exchange Online. This will ensure you have all the user emails in one place once the Office 365 Exchange Online service is available again. If I get time, I’ll update this post with the methods.

One final note regarding the MX Fallback method is that it is still subject to the availability of DNS, the Name Server for the DNS and the integrity of the Zone File. Please feel free to leave any comments you may have regarding High Availability DNS, in order to mitigate DDoS and Black Swan events. There are methods to almost completely protect your DNS integrity. Perhaps that’s for a future post?

In order to offer our clients complete peace of mind regarding email, we’re a Silver Productivity Partner with Microsoft and use Office 365 Exchange Online as the primary provider and select partners for Fallback and High Availability. Through our partnerships, you can choose from multiple service tiers to target specific security and email integrity requirements.

If you have any questions, or would like to speak to someone regarding Email Continuity and Email Disaster Recovery, please get in touch.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!