Interlink Cloud Blog

facebooktwitterlinkedin

Matt Scherocman

Office 365 PowerPoint Designer and Morph

Office 365 PowerPoint Designer and Morph

Getting the design right on a presentation is important. Not only can a good design make you feel better about the presentation you’re giving, but it can also make those that are listening more interested and engaged. With PowerPoint’s new built-in designer, it’s easier than ever to create clean, beautiful, and professional presentations. With a click of the button, you can transform any image or text into beautiful designs and graphics – it’s that easy.

Powerpoint designer 1

The following two new features - which are exclusive to Office 365 subscribers - are an incredibly intuitive way to spice up any presentation. Let’s look at some examples of what is possible with PowerPoint Designer.

1) Background Photos

The first major functionality is how Designer will quickly show options on how you can use a large photo in various ways on that slide depending on what text is present. Not only does it see what other text is there, but it also looks at the image to see what colors would go well with it.

2) Dynamic Lists

Another amazing part of Designer is its ability to create dynamic designs based on the content on each slide. One example of where this shows its strength is in the creation of designs based around bulleted slides and how it can automatically interpret what you are trying to convey.

PowerPoint Designer dynamic lists

For example, in the slide above, Designer recognizes that I am trying to create a numerical list and creates designs focused on conveying the three-step process I wrote.

Making Animation in PowerPoint Simple

The other incredible feature added to PowerPoint is "Morph," which you will find in "transitions." This feature animates the slides for you by comparing two duplicate slides next to each other and recognizes what positions and sizes have changed, and then animates the changes between them.

Microsoft is constantly looking to bring powerful new features to all of their products, and with Designer and Morph, we think they have created something that is incredibly useful and will be begin to be used on a daily basis by PowerPoint users.

Ready to learn about some of the lesser used features of Office 365? Contact us today!

 

Mike Wilson

Active Directory Federation Services (ADFS) vs. Password Sync

Active Directory Federation Services (ADFS) vs. Password Sync

Figuring out the best way to implement Single Sign-On (SSO) in a Microsoft cloud environment can be challenging given how the options have evolved over time, but it’s a key component of any successful Office 365 or Azure deployment. There are four main options on how you can configure SSO: 

Each of these options are available with all flavors of Office 365 licensing, but they have advantages and disadvantages that we’ll want to understand before making our decision. Let’s review each of them in order. 

Cloud-only passwords 

The most basic option is to not implement single sign-on at all, which might make sense for smaller implementations. In this scenario, user accounts are provisioned on Office 365 and users logon independently of their local Active Directory. 

Pros: 

  • Quick implementation 
  • Self-service password reset is available for Office 365 accounts 
  • No need to dedicate servers or infrastructure for SSO 
  • Can be used if Active Directory is not deployed or most clients are not AD joined 

Cons: 

  • No SSO for end users 

Password Synchronization 

Once we’ve made the decision to implement SSO, password sync is our most basic option. Microsoft provides a tool called Azure AD Connect to synchronize user data from our on-premise Active Directory to Azure AD. This saves us from provisioning user accounts on Office 365 while also giving us the ability to synchronize a hash of the end user’s password. The end user’s full password is not synced and a password change on-premise will trigger a sync. In this scenario, users will logon to Office 365 with their email address/UserPrincipalName and then enter the same password they use in their on-premise Active Directory. 

Pros: 

  • Users have one password to remember for on-premise and Microsoft cloud services 
  • The same server that syncs my user data also syncs passwords which minimizes my on-premises infrastructure footprint 
  • My AD infrastructure or Internet can be down without restricting the ability to logon to Office 365 

Cons: 

  • Domain-joined clients will still be prompted for passwords although Outlook does can check a box to save their password 
  • Since logons terminate in Azure AD, we lose the ability to have more granular logon restrictions that come with full Active Directory such as restricting logon times which can be critical for some businesses due to changes in federal labor regulations regarding hourly employees. 
  • Self-service password reset for Office 365 accounts is unavailable without purchasing Azure AD Premium or Enterprise Mobility + Security Suite licenses. 

Pass-through Authentication 

With pass-through authentication, we’re finally getting to true SSO. Microsoft released this option in December, 2016 and it’s currently in public preview as of January 15. The latest version of the Azure AD Connect tool includes an agent that opens and maintains an outbound connection to Azure AD (no DMZ or firewall rules required). When this option is enabled, user logons to Office 365 are passed back through this open tunnel to your on-premise Active Directory where they are authenticated live. This means we have access to logon time restrictions. Of course, the downside of having machines authenticate against your local AD is that we need to provide high availability. The good news is that we can deploy additional agents which ideally would use separate internet connections. 

The best part is that pass-through authentication means that we can now have domain joined machines pass through their domain credentials seamlessly. This takes place automatically in most web browsers (IE, Chrome and Firefox). If we have Outlook 2013 or later deployed and modern authentication enabled, Outlook can take advantage of seamless single sign-on as well. 

Pros: 

  • True single sign-on for domain joined PCs in Outlook (2013 or later) and in the web browser – no password needed. 
  • Similar experiences to password sync for external or non-domain joined PCs. 
  • Built into Azure AD Connect which minimizes my infrastructure footprint. 
  • Can deploy additional agents for redundancy. 
  • Some organizations have security requirements that prohibit syncing a password hash 

Cons: 

  • Building sufficient redundancy can be a challenge for companies with a single datacenter and internet connection. 
  • Browser based single sign-on still requires an initial “challenge” to determine where to redirect authentication. If I logon to my SharePoint online site or the Office 365 portal, I get prompted for my username. When I enter that, I get redirected to the pass-through authentication mechanism which then passes my credentials through seamless. Our next option, federated identity, offers a solution to this challenge. 

Federated Identity 

Federated identity offers the best overall end user SSO experience in the Microsoft cloud and offers some unique security options not available in other scenarios, but it also has the most requirements in terms of server infrastructure to implement. To enable federated identity, we need to deploy Active Directory Federation Services (ADFS) in our on-premise network. A typical deployment would be a two-server farm at separate sites (Azure is an option to add a second site for single datecenter customers). Two additional servers are needed in a DMZ to securely publish ADFS to the internet. Once ADFS is in place, federated identity can be enabled with a few powershell commands. 

Similar to pass-through authentication, user logon attempts are passed back to the ADFS farm to validate against your local active directory. Outlook 2013 or later will leverage modern authentication to communicate with ADFS. Web browsers will get redirected to the ADFS server to complete their authentication. This lets us use what’s called SmartLinks technology to allow users to logon directly to SharePoint online without entering a username or password. 

We also have access to security features not available in other scenarios. We can enable client access filtering which lets us restrict access to Microsoft cloud services based on IP address (commonly used when we have hourly employees that shouldn’t be able to check email from home). We can also integrate with on-premise multifactor authentication servers (although you should be looking at Microsoft Azure options for MFA). 

Pros: 

  • Full SSO capabilities in the web browser and Outlook. 
  • Advanced security configurations available including the ability to filter connection on source IP address. 
  • No need to sync a password hash. 
  • ADFS farm can be reused with other cloud services that support SAML. 

Cons: 

  • Additional infrastructure requirements. 
  • Additional points of failure. 
  • Additional cost to setup. 
  • SSL certificate from a public CA is required which will require periodic updating. 

 

Learn more from the blog article: Understanding Office 365 identity and Azure Active Directory

 


Think you are interested in SSO but want to talk with an expert about which option is best for your company and environment? Contact us today! 

 
Recent comment in this post
Guest — Ron
Great concise and to the point article. Exactly what I was looking for: Pro/con's and differences in each technology. Thank you Ma... Read More
Tuesday, 02 June 2015 6:06 PM
Matt Scherocman

Introducing Microsoft StaffHub: A New App to Manage the Work Life of Deskless Workers

Introducing Microsoft StaffHub: A New App to Manage the Work Life of Deskless Workers

Deskless workers are truly the unsung heroes of the workforce, and for many industries such as retail, food service, and hospitality these hundreds of millions of workers are a company’s backbone, interacting with customers and making things happen. Although they are incredibly critical to the success of business, these deskless workers frequently don’t have the dedicated workspaces or proper applications they need to stay connected with management and each other.

This severely limits the transmission of information between these deskless teams. Even worse, it makes deskless workers and their supervisors rely on slow, limiting, inefficient paper processes to perform simple tasks like:

  • Creating and modifying schedules
  • Swapping shifts
  • Distributing new information to employees like policy updates, manuals, and guidelines
  • Setting up meetings between deskless workers

This is especially frustrating when these employees frequently have powerful smartphones in their pockets and purses. Microsoft has eliminated these issues and changed the way deskless workers communicate and manage their life at work with Microsoft StaffHub - an app currently available in public preview on the web, iOS, and Android.

Using an intuitive and straightforward interface of communication, collaboration, and scheduling tools, StaffHub gives deskless workers access to levels of productivity they never had before.

How Microsoft StaffHub Works

Managers use the StaffHub web app to create schedules, manage requests for shift swaps or time off, and share information with the team.

Example of a schedule page in StaffHub web app

Employees use the mobile app to view their shifts, submit shift and time-off requests, and communicate with the team.

Example of the day's work schedule in the StaffHub mobile app

With Microsoft StaffHub, the back-and-forth phone calls, text messages, and email change requests can be eliminated, and managers of deskless teams can interact in real time - making sure schedules, information, and meeting times are all up to date. Anything shared between deskless workers is readily available by the entire team, significantly reducing the time it takes to get everyone working with the same information.

Contact Interlink today to learn how your deskless workers can start becoming more productive with Microsoft StaffHub.

Sarah Bunt

On-Demand Webinar | How to Stay Secure & Productive with Microsoft’s Enterprise Mobility + Security Suite

On-Demand Webinar | How to Stay Secure & Productive with Microsoft’s Enterprise Mobility + Security Suite

On-Demand Webinar & Slides

view ems e5 webinar


Are you looking to add a tighter level of security to your environment? Do you want to stay secure and productive on your favorite apps and devices?

In this on-demand event, Microsoft and Interlink Cloud Advisors show you the powerful new capabilities of Microsoft Enterprise Mobility + Security and how it ensures your critical company data is protected.

During this online event, see what’s new through a live demo of EMS’s E5 functionality and how it allows you to:

  • Lockdown your valuable data: Automatically classify information to better protect intellectual property with Azure Information Protection. Lock it down so, your competitors can see it and your existing sales people can’t take it with them!
  • Secure the cloud: Drive security policies and reporting across Microsoft and non-Microsoft cloud services with Cloud App Security. Your data is being dispersed all over the global by using various SAAS services. Take back control and visibility – we’ll show you how!
  • Control Administrator Account Access: Ensure that powerful rights are utilized appropriately. Privileged Identity Management gives the ability to grant access to admins only when required and limited to the resources needed.
  • Use Identity Protection: Ensure that users are accessing your environment following the policies that are required for your business. Automatically identify risky scenarios, take appropriate actions, and provide reporting.

In addition, we provide an in-depth licensing overview and comparison of EMS E5 vs. EMS E3 features and functionality. You’ll also see how you can leverage Microsoft paid assessments and proof of concepts to see if EMS E5 is the right solution for your business!

video ems e5 webinar

Click to instantly watch this information-packed webinar and download the slide deck.


PRESENTERS

Eric Inch

Eric Inch

Eric Inch is a Technical Solutions Specialist - Mobility & Security for the Microsoft Corporation. He is responsible for helping clients deploy the EMS offering across their corporate account base.

Eric Brophy

Eric Brophy

Eric Brophy is a Senior Consultant for Interlink who has helped more than a hundred clients migrate their workloads to the cloud.  He is badged by Microsoft and certified in their cloud technologies.

 

 

Matt Scherocman

Comparing the Office 365 Enterprise Kiosk (K1) Plan vs. Enterprise (E1) Plan

Comparing the Office 365 Enterprise Kiosk (K1) Plan vs. Enterprise (E1) Plan

Many clients have been asking us about the differences between Microsoft’s Office 365 Enterprise Kiosk (K1) plan and Enterprise (E1) plans and have been confused about which plan is right for the users who do not need the higher end suites. This comparison is for clients who are considering either of these two plans and want figure out which one is a better fit for their business. 

What is an Enterprise Kiosk (K1) plan? 

Essentially, the Kiosk plan is for those that are looking for inexpensive licenses for deskless workers - users who are often working away from a desk or using a shared PC and don’t need desktop versions of Office. 

What are the differences between the K1 and E1 plan?

differences between the K1 and E1 plan

Looking at the chart above, you can see that the main two differences between the Enterprise E1 and K1 plan is that E1 provides OneDrive for Business and Skype for Business Online while the K1 plan does not.

More specifically Kiosk customers can use the OneDrive for Business folder sync client application to sync team site document libraries with shared computers and access documents on the PC locally and offline, but they do not include a OneDrive for Business personal site with the 1TB of online storage. Nor do they include the Office Application Suite that would be able to access the documents on the PC, the Kiosk plan only includes the web versions of the Microsoft applications which require the content to be web accessible.

Another difference is the lack of desktop Outlook Access between E plans and K plans. The E plans can connect to Outlook the desktop application, but the K plans cannot and are required to use Outlook Web Access or mobile access even if Office is licensed on that particular machine under another manner. One note, the E1 plan does not include a license for the desktop version of Outlook even though it is “allowed” to connect if owned. 

The Benefits of an Enterprise K1 vs. E1 Plan

With the Kiosk licenses clients are able to reduce cost and provide their staff with access to company email, information, and resources for their employees that are often using shared PCs and are constantly moving around. This environment is where the Kiosk plans thrive and add a lot of ROI to a company. For example, the K1 plan at $4 per user per month is half the price of the E1 plan at $8 per user per month.

When users need their own storage space, access to instant messaging platforms, want to run desktop Outlook, and need a larger mailbox – then the E1 plan is a great fit. 

Learn More

If you would like to learn more about your options as you consider your cloud purchase, we would be happy to help and show you how to get the most out of your Microsoft licensing! Give us a call at 800-900-1150 or contact us here.

 

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
5 post(s)
Tips and Tricks
Tips and Tricks
1 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
11 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
16 post(s)
SharePoint
SharePoint
9 post(s)
Microsoft
Microsoft
6 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
50 post(s)

Blog Archive