Upgrading OE on Unity that is configured for file services only

it depends what you understand as “disrupt connectivity”

a reboot – no matter how fast – will always be kind of disruptive on the lower levels

and a client will have to at least re-establish the TCP connection

The question is more how much of that is visible to the client OS and application

NFS clients using default hard mounts will just see a pause in I/O but no error to applications

The OS and protocol stack will of course re-establish the connection, recover locks, ….

for CIFS clients it depends on the application and OS

Windows itself will automatically reconnect

cluster aware application that retry internally should be ok

simple applications like copying files via explorer.exe can stop and show a “Try again” dialog

For those application that really require transparent failover – like SharePoint or Hyper-V over SMB shares you can enable SMB CA (Continuous Availability) per share

then they will also just pause and resume I/O similar to NFS

See the NAS white paper and Microsoft details about CA in SMB3

Why dont you just try it ??

all an upgrade is doing is a SP reboot – which you can easily do even from the GUI

If you dont want to use your hardware Unity as VSA will show the same behaviour


  • No Related Posts

Office 365 Security and Compliance Tools for Collaboration Apps – Are You Covered?

EMC logo

Microsoft has an ever-growing list of Security & Compliance tools for Office 365. With the multitude of tools and rapid pace of new releases, it can be challenging to keep track of everything. Ensuring security and compliance in the cloud is top of mind, especially with so many organizations moving to Office 365.  After all, it’s the cloud productivity platform of choice. Therefore, you’ll want to ensure your organization is protected by understanding the most relevant security and compliance features for Office 365 collaboration services.


Security & Compliance Center

In the on-premises version (and earlier days of Office 365), SharePoint had its own features for security & compliance, including document deletion policies, in place record management, site closure / deletion, information management policies, and the eDiscovery Center. These features would allow you to manage the retention or modification of files; however, they only applied to content within SharePoint. In Office 365, content and data may be stored in multiple applications including Exchange, Teams, Skype, OneDrive, and of course SharePoint. As a result of this connected ecosystem of collaboration tools, Microsoft has built features that allow you manage retention and modification of files across all these services from a single place – the Security & Compliance Center. Instead of using the SharePoint-specific features, you should plan and implement retention policies and/or labels for more inclusive protection. Retention policies apply to ALL content within a selected service/area. Labels can be manually applied to individual items (or libraries) – or automatically applied (based on conditions) if you have an Office 365 E5 license. The auto-apply feature is particularly valuable when your business doesn’t want to leave this decision up to the content owners.

Another note on labels – the future of labels (starting to roll out now) also includes Azure Information Protection (AIP). Previously, this was a separate feature that also included “labels” to classify, protect, and/or encrypt content regardless of where it was stored (even outside of Office 365). As announced at Microsoft Ignite 2018, the AIP “labels” are soon going to integrate with Office 365 labels so that you can manage retention, records, and encryption/protection all through the same feature (labels) in the Security & Compliance Center.

Below are some of the other Security & Compliance Center features and how they relate to collaboration:

Using DLP, you can setup policies to search through content (no matter where it lives in Office 365) for sensitive information like credit cards, SSNs, drivers, licenses, etc. You can then complete some sort of action such as display a tool tip, send an incident report, block sharing, etc. when sensitive information is discovered.

eDiscovery allows you to complete searches across all Office 365 services to find content that may be related to a litigation or specific worker. Once discovered, you can then place that content on hold (and export) in the event it needs to be preserved for legal reasons or potentially as part of a worker termination.

Alerts utilize the Office 365 audit log to trigger messages when certain events occur in the environment. These can be used to notify administrators or compliance officers when workers complete an action (i.e. create/delete eDiscovery hold) so that they can follow-up.

Identity Protection with Azure Active Directory (AAD)

AAD has a plethora of features and tools that can be used to help secure your Office 365 environment.  Some that you should consider as part of your collaboration services design are:

  • Conditional Access Policies – using conditional access policies, you can alter the experience for workers based on certain conditions, including which device the worker is connecting with (Windows, Mac, iOS, etc.), the location (corporate network, public network), the app being used (browser, Office app), or even the device state (compliant, non-compliant). This can be paired with Multi-Factor Authentication (MFA) and even Azure Identity Protection to force workers to use a 2nd form of authentication when accessing from certain scenarios, including outside a trusted network, on a non-trusted device, or even from situations considered “risky” (i.e. anomalous).
  • Privileged Identity Management (PIM) – PIM is an administrative feature that allows you to create a request/approval workflow process for obtaining administrator access in Office 365. This means that your administrators could be standard workers most of the time and elevate their permissions only when needed – to complete a help desk ticket, for example.
  • Office 365 Group Policies – Office 365 Groups are becoming the backbone of the modern collaboration experience. They are created with any new SharePoint team sites, Yammer groups, Outlook Groups, Planners, or Microsoft Teams. To prevent these features from becoming unmanageable, consider using governance controls including naming policies, expiration policies, classifications, usage guidelines, and provisioning.
  • Idle Session Timeouts – these timeouts can be configured to warn and then eventually sign workers out of SharePoint and/or OneDrive if there has been no browser activity in a pre-defined period.

Many of the AAD features above require you to have either Office 365 E5 or EM&S E3/E5 licenses.

Tools with Linkages to Collaboration Apps

Below are a few other security and compliance tools with specific tie-ins to the Office 365 collaboration apps are particularly noteworthy.

  • Office 365 Secure Score – this tool provides a calculated score for your Office 365 tenant based on services in use and features available for securing the environment. Note that not all the security recommendations within this tool are applicable to every organization due to differing requirements and licensing. However, this it can be used to find some collaboration related recommendations and assistance on how to configure them.
  • Office 365 Cloud App Security (CAS) – CAS is a tool that can be used to monitor and take action on all of the cloud apps used across the organization. It has features that can alert an administrator of anomalous and potentially risky behavior, block usage of certain cloud apps (to fight “shadow IT”), or even apply conditional access policies or AIP labels to content that lives in other collaboration apps such as Box, Dropbox, and G-Suite.
  • Office 365 Advanced Threat Protection (ATP) – ATP is primarily focused on protecting workers from cyber-threats in email; however, the Safe Links and Safe Attachments features can also work with content stored in SharePoint and/or OneDrive. These features will scan the link (within a file) or the file itself in a “detonation chamber” to ensure it is not malicious before allowing the worker to open it on their device.
  • Compliance Manager – this tool helps you create and manage your compliance against certifications including GDPR, NIST 800-53, ISO 27001, etc. You can create assessments to document and test your implementation plans against all the controls in each of your compliance policies.

Note that Office 365 CAS and ATP require either Office 365 E5 or add-on licenses.

Adopt Cloud Collaboration Services with Confidence

As with any release that impacts the features and functionality for your workers, ensure you have a communication and education plan in place – or adoption will suffer. Most of these features will impact your workers. They need to understand what’s coming, why it is important, and where they can go for education and help. Dell EMC offers services for every step of your Office 365 journey, so if you need assistance planning or deploying Office 365 security, reach out to your Dell EMC representative to learn how we can help.  Or if you prefer, leave a comment here and I’ll be happy to respond.

The post Office 365 Security and Compliance Tools for Collaboration Apps – Are You Covered? appeared first on InFocus Blog | Dell EMC Services.

Update your feed preferences





submit to reddit


  • No Related Posts

Data Protection Advisor (DPA) authentication for the web published scheduled reports is disabled[1]

Article Number: 502581 Article Version: 4 Article Type: Break Fix

Data Protection Advisor,Data Protection Advisor Family

Data Protection Advisor (DPA) authentication for the web published scheduled reports has been disabled.

Some customers have a need to access DPA reports via a Web style interface. In DPA 5 a Web Server, acting as Report Portal was available,and could be accessed without a password.

This functionally has been removed from DPA 6. The Web Server component is a security vulnerability that requires near constant patching, fixing newly developed exploitation approaches. In addition, the strategic role of DPA is not to be the Report Portal, rather to publish reports to destinations, such as other portals, as required. For these reasons the portal was removed from the DPA.

Reports produced by DPA can continue to be accessed via a web server, if a web server is configured correctly. This would be the customer’s responsibility.

In DPA 6 functionality was added to publish to Microsoft Sharepoint 2013. This purpose of this was to eliminate the need for a web server. This would be a better option to consider. Details on publishing to MS Sharepoint can be found in the DPA internal help and DPA Installation and Administration Guide. Please contact EMC Technical Support for further details or information.

Please contact Dell EMC Technical Support for further details or information.


ShareFile Connector SSO to Network Shares and SharePoint using Kerberos (KCD)

Summary of items

  1. Configure SharePoint for KCD
  2. Create an additional “Internal Content Switch” on the NetScaler
  3. Configure SplitDNS to resolve to the new Internal Content Switch
  4. StorageZone Controller IIS changes
  5. AD Delegation
  6. Web Browsers configs

1. Configure SharePoint for KCD

SharePoint config steps:

  1. On the Central Administration page, on the Quick Launch click Security, and in the General Security section click Specify authentication providers.
  2. On the Authentication Providers page, select the zone for which you want to change authentication settings.
  3. On the Edit Authentication page, and in the Authentication Type section ensure this is set to Windows (selected by default).
  4. In the IIS Authentication Settings section, select Negotiate (Kerberos).

    NOTE: If you selectNegotiate (Kerberos)you must perform additional steps to configure authentication (below).
  5. Click Save.

Set the SPN to the service account for SharePoint config steps:

NOTE:this is a standard SharePoint requirement which references the service account used during the installation of SharePoint itself). The service account used below is usually the one that SharePoint has been initially installed with.

  1. From any server, open CMD (elevate with account with the appropriate SharePoint rights)
  2. Type the following:

    SetSPN -S HTTP/SharePoint domainserviceaccountname

    SetSPN -S HTTP/SharePoint.citrix.lab domainserviceaccountname

2. Create an additional “Internal Content Switch” on the NetScaler

Before creating this, you should have run the wizard to create an External Content Switch as you would need to split the traffic, to split External and Internal traffic. The main reason being is to have AAA configured for Connectors externally, but for Internal use, not to have AAA enabled on the Connectors, especially if you would like to enable Web Access to Connectors and have a seamless SSO in all web browsers.

NOTE: AAA requires a NetScaler Enterprise license to use.

External Content Switch (usually created by the inbuilt ShareFile wizard on the NS).

NOTE: If Web Access to Connectors are required then additional configuration is needed in addition to the wizard. Please see this
article in section “Configure NetScaler for restricted zones or web access to Connectors”.

The External config would typically have:

  • 1 x Content Switch, with Policies, Responders, Callouts.
  • 3 x LBVIP’s
    • ShareFile Data LBVIP.
    • Connectors LBVIP with AAA enabled.

Internal Content Switch (in this scenario, created manually)

The internal config would typically have:

  • 1 x Content Switch, with Policies, Responders, Callouts.
  • 2 x LBVIP’s
    • ShareFile Data LBVIP.
    • Connectors LBVIP (No AAA enabled).
    • No OPTIONS LBVIP required (even if SSO to “Web Access to Connectors” is needed).

Create the Internal Content Switch config steps:

Create the Virtual Servers (one for ShareFile Data and another for Connectors)

  1. Log onto the NetScaler and browse to:

    +Traffic Management

    +Load Balancing

    Virtual Servers
  2. Click Add to create the ShareFile Data LBVIP:

    Name: _SF_SZ_LB_INT

    Protocol: SSL or HTTP

    IP Address Type: Non Addressable
  3. Click OK.
  4. Click on the “No Load Balancing Virtual Server Binding”
  5. On the Select Server option click the arrow next to Click to select field
  6. Select the appropriate StorageZone Controller node(s) and click Bind
  7. Select the Certificate and click Bind, click Continue
  8. Click on the +Method option, change the Load Balancing Method to Token
  9. Add the expression REQ.URL.QUERY.VALUE(“uploadid”), click OK
  10. Click on the +Persistence option, and change the Persistence field to SSLSESSION
  11. Click OK
  12. Click Add to create the ShareFile Connector LBVIP:

    Name: _SF_CIF_SP_LB_INT

    Protocol: SSL or HTTP

    IP Address Type: Non Addressable
  13. Click OK
  14. Click on the “No Load Balancing Virtual Server Binding”
  15. On the Select Server option click the arrow next to Click to select field
  16. Select the appropriate StorageZone Controller node(s) and click Bind
  17. Select the Certificate and click Bind, click Continue
  18. Click on the +Method option, change the Load Balancing Method to LEASTCONNECTION
  19. Click on the +Persistence option, and change the Persistence field to COOKIEINSERT
  20. Click OK

Create the HTTP Callouts

  1. Browse to :


    HTTP Callouts
  2. Click Add to create the first callout:


    Server to receive callout request:

    Virtual Server and choose _SF_SZ_LB_INT

    Request to send to the server:

    Request Type:Attribute-Based

    Method: GET

    HostExpression: FQDN of the SSL cert internally Place quotes around ie: “sz.company.com”

    URLStemExpression: “/validate.ashx?RequestURI=” + HTTP.REQ.URL.BEFORE_STR(“&h”).HTTP_URL_SAFE.B64ENCODE + “&h=”+ HTTP.REQ.URL.QUERY.VALUE(“h”)


    Scheme: HTTP


    ReturnType: BOOL

    Expression to extract data from the response: HTTP.RES.STATUS.EQ(200).NOT
  3. Click Create:


    Server to receive callout request:

    Virtual Server and choose _SF_SZ_LB_INT

    Request to send to the server:

    Request Type:Attribute-Based

    Method: GET

    HostExpression: FQDN of the SSL cert internally Place quotes around ie: “sz.company.com”

    URLStemExpression: “/validate.ashx?RequestURI=” + HTTP.REQ.URL.HTTP_URL_SAFE.B64ENCODE + “&h=”


    Scheme: HTTP


    ReturnType: BOOL

    Expression to extract data from the response: HTTP.RES.STATUS.EQ(200).NOT
  4. Click Create.
  5. Click Add to create the second callout (note: this is the same as the other except for the Name and URL Stem Expression)
  6. Click Add to create the first callout:


    Server to receive callout request:

    Virtual Server and choose _SF_SZ_LB_INT

    Request to send to the server:

    Request Type: Attribute-Based

    Method: GET

    Host Expression: FQDN of the SSL cert internally Place quotes around ie: “sz.company.com”

    URL Stem Expression: “/validate.ashx?RequestURI=” + HTTP.REQ.URL.HTTP_URL_SAFE.B64ENCODE + “&h=”


    Scheme: HTTP

    Server Response

    Return Type: BOOL

    Expression to extract data from the response: HTTP.RES.STATUS.EQ(200).NOT
  7. Click Create.

Create the Responder policy

  1. Browse to :



  2. Click Add to create the responder:


    Action: DROP

    Expression: HTTP.REQ.URL.CONTAINS(“&h=”) && HTTP.REQ.URL.CONTAINS(“/crossdomain.xml”).NOT&& HTTP.REQ.URL.CONTAINS(“/validate.ashx?requri”).NOT&& SYS.HTTP_CALLOUT(_SF_CALLOUT_INT) || HTTP.REQ.URL.CONTAINS(“&h=”).NOT && HTTP.REQ.URL.CONTAINS(“/crossdomain.xml”).NOT&& HTTP.REQ.URL.CONTAINS(“/validate.ashx?requri”).NOT&& SYS.HTTP_CALLOUT(_SF_CALLOUT_INT_Y)
  3. Click Create:

    Bind the Responder policy

    +Traffic Management

    +Load Balancing

    Virtual Servers
  4. Open _SF_SZ_LB_INT
  5. Click on the +Policies option
  6. Click Add Binding, Select the policy _SF_RESPONDERPOL_INT
  7. Click Bind, then Close.
  8. Click Done to complete.

Create the Content Switch policies

+Traffic Management

+Content Switching


  1. Click Add.

    Name: _SF_SZ_CSPOL_INT

    Expression: HTTP.REQ.HOSTNAME.CONTAINS(“sz.company.com”) && HTTP.REQ.URL.CONTAINS(“/cifs/”).NOT && HTTP.REQ.URL.CONTAINS(“/sp/”).NOT

  2. Click Create and then Add.


    Expression: HTTP.REQ.HOSTNAME.CONTAINS(“sz.company.com”) && (HTTP.REQ.URL.CONTAINS(“/cifs/”) || HTTP.REQ.URL.CONTAINS(“/sp/”))

    NOTE: Don’t forget to change to the correct external FQDN.
  3. Click Create.

Create the Content Switch vServer

+Traffic Management

+Content Switching

Virtual Server

  1. Click Add to create the Content Switch vServer:

    Name: _SF_CS_ShareFile_INT

    Protocol: SSL

    IP Address: Internal IP of DNS name

  2. Click OK
  3. Under Content Switching Policy Binding click on the No Content Switching Bound option:

    Select Policy:_SF_SZ_CSPOL_INT

    Target Load Balancing Virtual Server: _SF_SZ_LB_INT

    Click Bind

    Select Policy:_SF_CIF_SP_CSPOL_INT

    Target Load Balancing Virtual Server: _SF_CIF_SP_LB_INT

    Click Bind
  4. Click OK
  5. Click on the +Certificates option, add a certificate by clicking the No Server Certificate option
  6. Select the Certificate and click Bind, click Continue.

3. Configure SplitDNS to resolve to the new Internal Content Switch

This is important as you need to direct traffic internally to the NetScaler for internal clients. Create a Host A entry for the StorageZone FQDN to point to the IP of the Internal Content Switch created in section 2.

  1. Log into the Domain Controller and open dsa.msc.
  2. Browse to Forward Lookup Zones to find the one which correlates to the StorageZone FQDN (sz.company.com)
  3. Add a New Host (A or AAAA)… and enter the FQDN for the StorageZone.
  4. Enter the IP, this should be the one of the Internal Content Switch created in section 2.
  5. To test, open CMD from another desktop/server, run ipconfig/flushdns and ping the StorageZone FQDN. Does it resolve to the correct IP?

4. StorageZone Controller IIS changes

Config steps:

  1. Log onto the StorageZone Controller(s) and open IIS.
  2. Click on the Default web site then to the SP virtual directory.
  3. Click on Authentication, then ensure Anonymous and Windows Authentication are Enabled.
  4. Right-click on the WindowsAuthentication option and select Providers
  5. Highlight Negotiate and Move Up to the top of the list. Click
  6. Ensure Basic Authentication is set to Disabled.
  7. Click on the CIFS virtual directory, then on Authentication.
  8. Ensure Anonymous and Windows Authentication are Enabled.
  9. Right-click on the WindowsAuthentication option and select Providers.
  10. Highlight Negotiate and Move Up to the top of the list. Click
  11. Ensure Basic Authentication is Disabled.

    NOTE: If Using port 80 on your StorageZone Controller for Load Balancing communication, see section 5 of this article.
  12. Then right-click the Default Web Site and select Edit Bindings.
  13. Add a new binding on port 80, assign the IP address and insert a host header (which is the fqdn of storagezone).

    NOTE: Editing the existing binding on port 80 will upset the NTLM Path configured within the NetScaler IdP
    article on page 14 .
  14. On the StorageZone Controller, run CMD, then type:

    setspn –a http/sz.company.com SZCServer1

    setspn –a http/”fqdn of storagezone”hostname of storagezone controller”

    where “fqdn of storagezone” = sz.company.com

    and “hostname of storagezone controller” = SZCServer1)


Changes need to be actioned on the SZC AD object(s), and all the servers used for Network Shares and SharePoint need to be added. Config steps shown in this procedure.


  • Ensure that any File servers hosting any Network Shares, are added to the delegation as CIFS.
  • Ensure any SharePoint servers that need to be accessed, are also entered as HTTP.

6. Browsers

Config steps:

Internet Explorer

  1. Open Internet Options, Security, Local Intranet, Sites, Advanced then enter the following:

    ShareFile site – subdomain.sharefile.com

    FQDN StorageZone – sz.company.com

    FQDN of AAAVIP – aaavip.company.com

    Note: If this is locked down, configure via GPO which will be actioned on the User Configuration.
  2. Open GPMC and select the GPO controlling the behavior of IE.
  3. Browse to Computer Configuration/Administrative Templates/System/Group Policy and Enabled the policy Configure user group policy loopback processing mode and select Replace.
  4. Then browse to User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page and edit the Site to Zone Assignment List as follows:

    User-added image

    NOTE: The number in the Value field denotes the number of the zone. MS breaks them down as follows:

    1 – Intranet zone – sites on your local network.

    2 – Trusted Sites zone – sites that have been added to your trusted sites.

    3 – Internet zone – sites that are on the Internet.

    4 – Restricted Sites zone – sites that have been specifically added to your restricted sites.

  5. For external IE browsers, extra configuration is required as follows:

    Click on the Internet/Custom Level and ensure that:

    Miscellaneous/Access data sources across domains is Enabled.

    User Authentication/Log on/Prompt for Username and Password is selected.
  6. Click OK twice.


  1. Launch Firefox. In the Address Bar, instead of typing a URL, enter:

  2. This will open the configuration interface. You may need to agree to a security warning in order to proceed.
  3. Double-click the line labeled automatic-ntlm-auth.trusted-uris and enter the following:

    ShareFile site – subdomain.sharefile.com

    FQDN StorageZone – sz.company.com

    FQDN of AAAVIP – aaavip.company.com

    NOTE: Separate individual URLs with commas, but do not put spaces between them, for example:

    subdomain.sharefile.com, sz.company.com
  4. Click OK when you’re finished.
  5. Double-click the line labeled negotiate-auth.trusted-uris. Enter the same information you entered in the previous step, with the URLs separated by commas and with no spaces. Click OK.


This should work. CORS should be enabled by default on Chrome but you can add the plugin into Chrome here.


This should work.


SourceOne: Random warnings from EMC SourceOne for Storage Management / RBS informing that the required permissions are not required

Article Number: 487941 Article Version: 3 Article Type: Break Fix

SourceOne for Microsoft SharePoint Storage Management 7.2 SP3,SourceOne for Microsoft SharePoint Storage Management 7.2,SourceOne for Microsoft SharePoint Storage Management 7.1 SP3,SourceOne for Microsoft SharePoint Storage Management 7.1 SP2

The following warning may be generated in the Web Frontend servers Application log:

The RBS configured credential is NOT used, please make sure the account: ‘<Account>’ has required permissions to access the RBS storage path: ‘<RBS Storage Location>’

Other than the warning, all other RBS functionality is operational.

This is a warning generated by the EMC SourceOne RBS code, due to a Microsoft bug. Periodically when Microsoft RBS tries to store the blob into file share, SharePoint does not use the credential passed in the Store configuration, instead it uses the service account, which is the account runs the IIS web site.

Verify the account running the web application has the proper credentials (Full Access) to the file share.

No other action is required.


How to Unleash the Power of Microsoft Teams

EMC logo

A little over a year ago, Microsoft introduced the world to a new product called Teams. Teams is designed to revitalize and revamp the way we communicate with each other in a more dynamic way. Teams not only allows us to communicate using previous methods of Email and Chat, it gives us a way to organize those communications with groups of people and topic streams, so that what we create together is more concise and focused.

Microsoft has recently added voice and video communications to Team’s list of rich features, along with the ability to share files and create team websites. All of this is only made possible provided we ensure the supporting infrastructure pillars Exchange Online, OneDrive, and SharePoint Online are in place within the Office 365 Tenants. If any of these supporting pillars are missing, the user experience will be degraded, hampering Teams from being the powerful tool it’s meant to be.

Microsoft Teams

The Pillars for Teams Functionality

Let’s briefly explore the three pillars Teams leverages before going to the main discussion of Teams and its abilities. I cannot stress this enough, ALL three pillars – Exchange Online, OneDrive, and SharePoint Online must be setup and configured within the Office 365 Tenant in order for Teams to access them and deliver new levels of communications and collaboration like never before.

  • Exchange Online provides email and contact information allowing users to communicate with both internal and external people. It can also provide a unified messaging component in the form of Voice Mail and Auto Attendants as well as very complex call routing and messaging capabilities. These features are typically grouped with Skype for Business Online to provide VoIP communications replacing aging PBX systems.
  • OneDrive is a fairly new product from Microsoft. It has only started to see usage within the Office 365 environment as security concerns for storing files on the internet have been a major concern. However, Microsoft has made substantial modifications to ensure the security of their customers’ data, making it very attractive for organizations to adopt it. The combination of increasingly mobile users and companies moving to Office 365, has raised interest in OneDrive. Storage of users’ files online is integrated and supported in all of the Microsoft Office Applications, making access to these files more readily available than ever before.
  • Microsoft TeamsSharePoint Online provides the ability to quickly setup websites for collaboration, including file shares and Wiki lookups. It helps provide structure for users to collaborate on topics and projects, as well as allows for internal and external users to access information in a very structured method. Security can be placed on any or all of the various parts to restrict or grant access, providing a platform of collaboration that can be archived and accessed as needed. SharePoint Online is also the engine for collaborating on Word, Excel, and PowerPoint documents, as it allows users to edit the same document simultaneously.

Microsoft has provided these three very powerful tools within the Office 365 ecosystem to enable all forms of communications and collaboration from anywhere, at any time. Up until the introduction of Teams, there wasn’t a single app that could tie these three powerful tools together, enabling information to be shared and tracked as needed within various groups or teams. Teams brings one-to-one and one-to-many communication and collaboration to a whole new level.

The Power of Teams Unleashed

Teams leverages the functionality of the three pillars within Office 365 and adds a single interface in the form of the Teams App. It takes the contacts and email communications from Exchange Online to provide a connection or Groups. It uses the file storage of OneDrive along with the structure and security of SharePoint Online to add in file storage organization and Wiki/Web site access. Teams brings instant messaging with persistent chat for conversation history and presence, as well as voice and video support to take conversations to new heights.

In the coming months, Microsoft plans to add Dial-in Conferencing, Phone System (previously Cloud PBX) with Direct Inward Dialing (DID) and voicemail, completing the planned roll up of the Skype for Business Online features into Teams.


In Teams, conversations are created and tracked by the groups of people that are talking about a particular subject. In order to create these groups or teams of people, Teams needs Exchange Online to provide the contact list, which is also used to send notifications for joining the conversation. Exchange Online is where the calendar of scheduled meetings will continue to reside. Without Exchange Online all of these features would be missing.

Instant Messaging (IM), Chat and Presence

Instant Messaging (IM), chat conversations, and presence are basic features that are provided by the Teams application, all migrated from Skype for Business Online. Your group conversations in IM and chat will be recorded and stored to allow review of past conversations as well as allowing others in the group to see what’s been discussed. Presence tells you when a user is online and available. All these functions are inherent to Teams.

Adding Tabs or Apps

Tabs in the conversations and Apps (a full list of the currently available Web Apps that can be added in the Teams Conversations can be found here) is provided by the SharePoint Online capability in the background of Teams. With this feature you can add Microsoft Office Documents, websites, and links to other locations that are of interest to group the conversation or you can use tabs to help manage the work that is being done. All of these discussion points show up in the main conversation tab, but they’re also sorted or filtered in the other tabs of the conversation within the Teams tab.

Microsoft Teams Tabs

File Sharing

File sharing is controlled and aided by SharePoint Online and OneDrive. OneDrive allows users to select their stored files and add them to conversations. SharePoint Online provides the structured file storage and security for the files once they have been added to the conversations.

Voice and Video

The ability to start voice and video conversations between team members is a powerful feature now available in Teams inherent to the application. It allows you to engage in voice, video and one to one or group meetings with people in your contact list. Microsoft is planning to add the ability to record these meetings in the next update release due out in the 4th quarter of 2018. These recordings will be stored in the conversation tabs in the cloud, unlike in Skype for Business Online where the recordings are stored on the local hard drive of the recording initiator. This makes for easy access by everyone engaged in the conversation. Translation of Voice to Text for these meetings is also in the planned release.

Inbound and outbound Public Switched Telephone Network (PSTN) calling has been included with the added Phone System service in Office 365 . This allows you to have a fully functioning phone system within Teams, just like what’s currently available with Skype for Business Online, including voicemail. Connection to on-premises PBX systems is targeted to be released by Microsoft some time later, as 3rd party vendors are working to get this capability verified and tested with their hardware. These functions are inherent to Teams.

Scheduling and hosting meetings allows for people to work together on issues or documents without having to physically go to a meeting room or come together at a single location. Work can now be done simultaneously on documents as part of the meetings between some or all of the people participating. You no longer have to share an application screen and have just one person do the editing.

Harness the Power of Teams

As you can see, Teams has the ability to provide users with a whole new way to manage communications and dynamically collaborate, including how we track the way we work and communicate in groups. However as the name implies, Teams requires the three supporting pillars – Exchange Online, OneDrive, and SharePoint Online – to be setup and running together to enable these powerful communications and collaboration features.

Microsoft Teams Features

Remove or fail to enable any one of the three pillars and you might just end up providing a tool that causes more work to use, versus the tangible benefits that can be realized with Teams.

This is what makes our jobs as experts so important, because we must fully educate our customers on the capabilities that are available with Teams, providing the right time and effort is put in place to leverage the powerful features it offers.

Are You Planning to Adopt Teams for Your Workforce?

Dell EMC can help. We’re a gold-certified Microsoft partner and our consulting services team is responsible for all things Office 365. If you have any questions or happen to need assistance with any of these services, contact your Dell EMC representative or comment below and I’d be happy to respond.

The post How to Unleash the Power of Microsoft Teams appeared first on InFocus Blog | Dell EMC Services.

Update your feed preferences





submit to reddit


Re: Backup Sharepoint 2016 with NMM

Hello experts,

we have a question about configuration of a SharePoint backup with NMM.

We tried to configure the backup with the wizard. Picture 1 is our farm. We have 2 WFEs.

We can choose one of the two WFEs for example xxxx076.

The backup works fine. But if we start NMM for recover, we only see the client xxx76 and xxx75 (Picture 2), not the xxxxx77.

The same if we choose the xxx77.

Does someone have the same configuration as us? And how do you configure the backup?


VAn Le



Re: Publish Dashboard

Once you have made your Dashboard template, you can publish it to the web. To do so, you have two options:

1) you can publish to SharePoint, if you go the Admin pane and setup a connector/login to a SharePoint server in your environment

2) you can publish the dashboard as an .html file

The first one is pretty easy, as Microsoft provides all the components and you don’t have to much after it’s all set up. However, this only works in SharePoint, and even then, only certain WebParts can interact with it, so you’ll need to have a competent SharePoint admin to help build anything complex on your pages.

The second one takes a bit more work. When you publish .html to a file, DPA can only write the file to a local filesystem. In most cases, you’ll need to move this file to another server – your webserver – for your users to see/interact with. In our case, we installed a simple FTP client to push the .html file from the DPA to a specific folder on the web server.

Let us know if that helps!



What Does a Successful OneDrive for Business Project Look Like?

EMC logo

Microsoft has made the process of enabling OneDrive for Business very easy. The problem then becomes that many customers simply turn it on and expect the best (which would look something like the simplified model below).

However, if you’ve clicked on this link, you’ve likely experienced the horrors of attempting to clean-up a previously ungoverned or uncontrolled content sharing environment. I’ve worked with many organizations across multiple industries to implement OneDrive for Business and the intent of this blog is to talk through some of the areas that should be planned early on to avoid common, long-term pitfalls.

The Well-Thought-Out OneDrive for Business Implementation

A well thought out OneDrive for Business implementation includes each of the items, and potentially more, in the image below.

Let’s take a look at them one at a time.


By default, a user’s OneDrive for Business site is created the first time they attempt to access the site. This may be fine for on-boarding new users or a greenfield environment, but typically existing content will need to be migrated or local hard drive folders re-directed to provide a seamless experience for users. To migrate content, there needs to be a OneDrive for Business site available, so you should plan to utilize a PowerShell script or migration tool to pre-provision OneDrive for Business sites, which are best done in waves/batches.


One of the most powerful features of OneDrive for Business is the ability to synchronize your files across your devices and have them available for offline use. This requires using the OneDrive for Business sync client, which has several things that should be planned, including:

  • Version – there are currently two flavors of the OneDrive for Business sync client, the standard version (OneDrive.exe) and Files On-Demand, which is only available for computers utilizing Fall Creators Update (Windows 10 v1709 or later). For machines upgraded to the proper version, you should consider enabling Files On-Demand, as it provides more options for accessing OneDrive for Business and SharePoint files without the need to synchronize them all to the user’s machine. Lastly, make sure your users do not end up with the legacy sync client (Groove.exe) as it had many issues that have since been resolved.
  • Deployment – the sync client is pre-installed with Windows 10, but will need to be setup through either user download/install or managed deployment for other machines. To streamline the experience for end users and to enable selected controls, we recommend that you utilize a tool like System Center Configuration Manager (SCCM) to deploy the sync client to user machines.
  • First-time sync – the synchronization process needs to be enabled by clicking the “Sync” button either on the browser or through the sync client. Currently, this is a user action (and instructions should be communicated), but the “silent sync” (in preview) feature should eventually be used to remove this step.


A huge benefit of OneDrive for Business over classic file storage devices is the ability to easily share files with internal or external users (guests). But, do you want users to utilize their OneDrive for Business as a dumping ground for files that should be stored in a more acceptable location – like a SharePoint intranet or team site? Not doing so can become a problem when a user leaves the company and important files are deleted. With this in mind, we typically recommend that OneDrive for Business be used for “personal” files and ones that require collaboration with a small group of users. When finalized, the built-in “move to” or “copy to” functions provide an easy way for users to move files to the appropriate location for sharing with a larger audience. To enforce this policy, you may want to setup controls on the OneDrive for Business accounts to block users from sharing with “anyone” or with external guests.

Admin Controls / Governance

By default, OneDrive for Business allows users to share with anyone and access their files from any device and any location.  Organizations need to find the right balance between freedom and control to safeguard company data, while also preventing users from choosing to store/share their files somewhere outside of the organization (“shadow IT”). Below are a few of the controls that should be considered when utilizing OneDrive for Business:

  • Conditional access/sync – should users be able to download, print, and synchronize company files on any device and from any location – including computers at the local library or while sitting in a competitor’s office? Setting up conditional access allows you to prevent certain actions when using a non-corporate owned device or while not connected to the corporate network.
  • Sync with consumer OneDrive for Business – do you want files stored in consumer OneDrive accounts to be synchronized and stored on corporate owned devices? Who knows what people store in their consumer OneDrive accounts – and even if it is harmless, you probably don’t want it taking up storage space on your corporate devices.To prevent this default behavior, you will need to update registry settings on user machines.
  • OneDrive for Business mobile app – should users be able to utilize their personal mobile devices to download, store, and share files from OneDrive for Business? Normally, we recommend using a Mobile Device Management solution like InTune or AirWatch to control mobile usage to only devices enrolled and following corporate guidelines (pin enforcement, remote wipe, etc.).


Unless your organization is brand new, your users likely have personal files stored in file shares, services such as Dropbox, Box, Google Drive, or even their hard drives. If any of these files should be stored in OneDrive for Business, they’ll need to be migrated. In order to ensure your migration is successful, consider the following as part of your planning process:

  • IT or user-driven migration? We have seen both strategies used, but strongly recommend an IT-driven migration to provide the best experience for end users. If end users are responsible for migrating their own content, many of them will either 1) not do it, 2) migrate some content and end up with content in two places (resulting in confusion), or 3) have a poor experience and dislike OneDrive for Business.
  • What content should be migrated? Migration is often a time to clean-up your existing content before migration, so you should determine if there are certain file types, age limits (last modified/accessed date), or other criteria for files that should be dispositioned.
  • Which migration tool should be used? Microsoft provides a free tool that can be used for basic file migrations and there are many 3rd party migration tools that provide more flexibility and control.
  • Migration Services? If you want help with the migration, have simple requirements, and enough licenses, you could utilize Microsoft FastTrack services to migrate your existing content. If your requirements, source, or schedule are more complex, you may want to consider Consulting Services to assist with the migration.

Organizational Change Management

Last but not least, you need to develop a plan for implementing the change within your organization. I have seen many customers just turn on OneDrive for Business and expect people to use it. OneDrive for Business is designed to be simple for users; however, they won’t even know it’s there (or what features it has) without processes in place to help the organization transition from the “old way” to the “new way” of doing business. It’s critical to the success of your OneDrive for Business project to develop a comprehensive organizational change management plan for engaging, communicating, training and gathering feedback from your end users. And it doesn’t stop with the initial implementation and roll-out of OneDrive for Business either. You’ll need to define and measure what success looks like and be prepared to continue the cycle of communication, training and feedback as an on-going way of doing business. Microsoft provides a lot of templates that can be used for sending communications or developing training materials.   Keep in mind, this isn’t only a change for your end users, it’s also a cultural change for how your IT team engages, communicates and delivers services.

What’s Next?

The list of features and controls is constantly changing in OneDrive for Business, so it is important to keep up with announcements to understand the impacts on your users, as well as better ways to protect your organizations’ content (this is where organizational change management plays a key role). Some good ways to stay informed are to review the Office 365 Roadmap, participate in the Microsoft Tech Community, review User Voice, and keep an eye on your Office 365 Tenant message center.

If you’re like most IT organizations, you’re juggling too much already. Dell EMC, a Microsoft Gold Certified Partner, can help you plan, implement and take on day-to-day management as an extension of your IT team to successfully guide adoption of OneDrive for Business. We offer extensive consulting services for all things Office 365. Reach out to your Dell EMC representative to learn how we can help you or leave me a comment below and I’ll be happy to respond back to you.

The post What Does a Successful OneDrive for Business Project Look Like? appeared first on InFocus Blog | Dell EMC Services.

Update your feed preferences





submit to reddit