What is Secure Score?

Office Secure Score is a new tool that allow us to measure all the Office 365 security configuration and the security features available. Furthermore Secure Score analyzes if best practices have been applied to the tenant.

From the url https://securescore.office.com it is possible to access to the Secure Score Portal. Each one of the rules has some points in function of severity. Once the report has been applied, the rules are categorized into the following:

  • Category: if its necessary to apply an action to a user, service or globally to the tenant
  • Effort to implement
  • Impact to the users
  • Points assigned to the action

In the following video it is possible to see more features about this new portal:

Till next time!

Skype photo not showing up in the client

This issue have been bothering me a while, but not enought to take it seriously, the problem was that everyone was able to see my picture, but not me, so, it was a weird behaviour. Sometimes when I clean the Skype Adress Book, the picture appeared for a few days, but then disappear magically.

So, after spending few hours trying to solve this problem, I found this magical post from Koen Zomers

The steps are quite simple:

  1. Sign Out from Lync/Skype
  2. Open the regedit
  3. Go to: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync or HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync
  4. Make a backup of the Lync Folder
  5. Delete the Lync Folder
  6. Sign in again in Lync/Skype

You will see that the deleted Lync folder have been created again, and finally your photo shows again. I hope that this problem won’t be reproduced again 🙂


Uninstalling Access from Click to Run deployments

Hi all!

This question was fired by a client, they had installed the office C2R Office version from the O365 portal, but some of the included applications such as Access, need additional approval from the IT side. So, they need to uninstall some of the components.

At the beginning, the were claiming that was not possible to uninstall a single product, because, each time they tried, they were uninstalling all the suite of Office.

After further investigation for me side, I discovered that it is not possible to uninstall some products from the C2R version, except Visio or Project that are licensed in another way, so if we want to uninstall Access it is not possible.

At first glance, I was thinking in Office Deployment tool to control how the software is implemented in the company, by configuring a XML, it is possible to exclude some of the Apps and avoid this kind of problem.

Normally, this kind of deployments are centralised by IT, but a nominal user can install ODT in his computer and run the program to only install the programs that they need. Ok, we solved half of the problem, we know that we cannot uninstall Access and we know how to implement from scratch Office. But I wanted to go a step further and try to uninstall Access from the computer, so I found the following program in GitHub: https://officedev.github.io/Office-IT-Pro-Deployment-Scripts/XmlEditor.html

From here, it is possible to configure the XML to help the admins to deploy ODT installations, so I was trying to play with the program. In my case I went to the last option “Install Toolkit”


I downloaded the program, and in the first screen I selected the option “Manage your local Office 365 ProPlus installation” which loads your current configuration in your computer, and allows to modify it, yes! This app rocks!!


So, I went to Products, and you’ll able to see an option called, excluded, where you can exclude certain programs from being installed or also Uninstalled 😊


You can review the rest of options inside the app and configure them as you need it. Finally, you can go to Local option and then select “Modify the existing installation”, this will fire the setup program and will begin the Office Wizard, remember to close all your Office applications before clicking “Rerun setup” option


Once the wizard has finished, you can check if Access or the application you have selected, remains in your computer (in my case have been uninstalled successfully).

Hope it helps!

Disable MySite “Let’s get social” dialog

By default, when you open the MySite SC for the first time, you will receive this dialog:


So, probably under your unknow of SharePoint, you will press “Okay”, but what you don’t know is that pressing that “Okay”, changes the privacy of all your social activities to “everyone”, and also send you an email. So probably, most of users don’t want to share their activities, but what we can do to solve this? PowerShell of course:

$web = get-SPWeb http://urlmysitehost

Hope that helps!

Azure AD Premium vs. Azure AD

Many of my customers ask me that, and most of the cases I answer with the following: “If you have an Office 365 subscription, then you already have Azure Active Directory”

In addition to that, if they have Azure AD Connect enabled, will mean that their OnPremises users, passwords and groups are being synchronized to Azure Active Directory.

This is the standard case, but then many of my customers want to enable more features, but many of them are only available on Premium version, and yes it incurs an extra cost

Moreover, nowdays we have different types of Azure Active Directory licensing like:

  • Azure Active Directory Basic
  • Azure Active Directory Premium P1
  • Azure Active Directory Premium P2

But, which features has each one of the licenses?

With Azure Active Directory Basic

  • Manage users & group memberships in the cloud, and assign licensing
  • Sync your on-premises directory using Azure AD Connect
  • Cloud Users can reset their own passwords online
  • Company branding for the SSO access panel, etc.
  • 99.9% uptime SLA

Azure Active Directory Premium P1

  • MFA for cloud and OnPremises
  • Monitor AD synchronization health in the cloud
  • Cloud and OnPremise Users can change their own passwords online
  • Advanced security & usage reports
  • Self-service group & app management (dynamic groups)
  • Run Cloud App Discovery to uncover unmanaged cloud applications running in your environment

Azure Active Directory Premium P2

  • Azure Identity Protection
  • Privileged Identity Management

So, if you want to more about the Azure Active Directory, you can visit the following link, where you can find more info about it.

Till next time!

S4B not able to connect on Mac devices

Hi all!

This is an incedent that a customer reported me, the problem was that he has a number of Mac devices that were not able to connect to the S4B OnPremise installation, each time they tried to connect to the client, the received an error.

So, we started to troubleshoot the problem, we revised the logs and then we realized that in one of the trace logs, there was a message related with the certificate, so probably the error was in that direction.

How it was a Mac device, it was not possible to add the device to the domain, so the domain certificates were not included in the chain certificate root, and for that reason the devices does not trust the discovery url from the S4B. So, we donwloaded the certificate from the discovery url, and we installed the certificate in the chain root of each one of the Mac devices that the customer has.

Once it has been done, we were able to connect to S4B trhough the different devices. Could be a silly thing, but we get stuck into that problem for several days.

Hope that helps!


Skype Meeting Broadcast

One of the best kept secret of Skype is Skype Meeting Broadcast, which is a large scale meeting service that can host up to 10,000 attendees on any device, Mac, PC, Windows, Mobile, and even Linux devices through a web browser broadcast. Behind the scenes, this kind of service is based on Azure media services, and for example users located in the same geographical area will be connected to the same CDN.

In which plan is included the Skype Meeting Broadcast? In the followings

  • Enterprise E1, E3, and E5
  • Skype for Business Online Standalone Plan 2 (or 3)

And who can attend to the meeting? You can select through the following options:

  1. Anonymous: Anybody with the broadcast URL can attend
  2. Secure: Only specific people can attend based off their email address
  3. All Company: Only people within your company can attend, they will need a username and password.

So, your last question will be, how I can start planning a Skype Broadcast? You will need to access to the following link: http://portal.broadcast.skype.com and then select the day you will host the meeting, and then customize the meeting to fit your preferences.

I think that will be a great tool to my customers to host their online meetings or product presentations 🙂

References: https://support.office.com/en-us/article/What-is-a-Skype-Meeting-Broadcast-c472c76b-21f1-4e4b-ab58-329a6c33757d?ui=en-US&rs=en-US&ad=US