CloudPortal Service Manager Office 365 Service Deployment Guide
Contents Office 365 service topology ............................................................................................................. 2 Typical message flow example ........................................................................................................ 3 Add your domain in Office 365 ........................................................................................................ 3 Active Directory Synchronization .................................................................................................... 8 System requirement .................................................................................................................... 9 Install and configure Active Directory synchronization ............................................................... 9 Install and configure Office 365 Web service ............................................................................... 12 Steps to install the Web service ............................................................................................... 12 Import and configure Office 365 Service ...................................................................................... 16 To import and configure the Office 365 Service ....................................................................... 16 Provision Office 365 service to customer and users ..................................................................... 17 To provision Office 365 service to resellers .............................................................................. 17 To provision Office 365 service to customer ............................................................................ 18 To provision Office 365 service to user .................................................................................... 18 To force the synchronization manually and review the status ................................................. 19 Office 365 properties that can be configured from CloudPortal Service Manager .................. 19 Office 365 Reporting ..................................................................................................................... 20 Prerequisites ............................................................................................................................. 20 Office 365 Reseller .................................................................................................................... 21 Office 365 Customer ................................................................................................................. 22 Office 365 Plan .......................................................................................................................... 23 How to collect trace for debug ..................................................................................................... 24 Trace for CPSM web server ....................................................................................................... 25 Trace for Provisioning Engine ................................................................................................... 25 Trace for Office 365 Web Service ............................................................................................. 25 Know Issues/limitation ................................................................................................................. 26 FAQ ............................................................................................................................................... 26
Cloud Service Nanjing Team Last update: March 15, 2016
Office 365 service topology Office 365 service is provided by 2 components: 1. Office 365 service package 2. Office 365 web service Following is the topology of Office 365 service:
• • • •
“CPSM” means CPSM web server, CPSM provision engine, CPSM database “Office365 WS” is the machine which has Office365 web service installed “DC” means Domain Controller “Office365” means the Office365 service provided by Microsoft
CPSM never interacts with Office365 directly. It sends requests to Office 365 Web Service and Office 365 Web Service is responsible for communicating with Office365 (provided by Microsoft). Besides acting as a proxy between CPSM and Office 365, Office 365 Web Service can trigger AD Sync functionality as well. The AD Sync functionality is provided by Microsoft Azure AD Connect. So, the Microsoft Azure AD Connect has to be installed on the same machine as Office365 web service.
Typical message flow example The following is an example of a typical message flow when performing Office365 service provision on CPSM assuming the database is installed on the CPSM web server as well:
Like other services, provision engine will send a message to Office 365 Web Service. Office 365 Web Service will talk to Office365 and Azure AD Connect depends on the request type.
Add your domain in Office 365 To use Office 365 service for CloudPortal Service Manager, you must have purchased Office 365 service account from Microsoft, various business plan are available, currently only On-line Exchange service properties can be configured by CloudPortal Service Manager. It’s recommended that you subscribe to the below business plan with Exchange Online service from Microsoft. • • • •
Office 365 Business Essentials Office 365 Business Premium Office 365 Enterprise E1 Office 365 Enterprise E3
•
Office 365 Enterprise E5
For the reseller, we suggest you subscribe Office 365 Enterprise business plan because the user maximum value is “Unlimited”. After you get the Office 365 service credentials, the domain must be created in Office 365 so that you can activate Active Directory synchronization to Sync users from local AD to Azure AD. 1. Go to the Manage domains page. (If you're not already signed in to Office 365, you'll be prompted to sign in. If the link doesn't work, here are steps to navigate to the Manage domains page).
2. Choose Add domain to start the setup wizard, which guides you through verifying your domain and other setup steps.
3. Type your domain name in the setup wizard.
4. Add the customized DNS record so Office 365 can confirm you own the domain. Office 365 typically detects your domain's DNS host and provides step-by-step instructions for adding the record.
Take Microsoft DNS service as an example. Make sure you’ve registered the domain name from the DNS provider, the name server is configured for this domain, and that records can be queried externally. a. Open DNS Manager on the DNS host machine, expand Forward Lookup Zones, click on the domain, right click menu->Other New Records, select TXT record type, then input TXT name and TXT value.
b. Click OK to exit. Or if your DNS is hosted by GoDaddy, you can choose to login GoDaddy, records can be added automatically 5. When you've added the record at your DNS host, finish this step by choosing Okay, I've added the record. 6. Follow the steps to next, at Step Set up domain, you can choose the records are added automatically if you’re using GoDaddy to host your DNS, or add the MX records, TXT records, SRV records manually if you are using other DNS hosts, click add these records yourself, you’ll see the records details, what records should be added depend on your choice, if you’ll enable Exchange On-Line and need the autodiscover capability for Outlook client, enable
Outlook on the web for email, calendar, and contacts Detail records that need to be added will show up on the next page.
Use Microsoft DNS service as an example to add these records: a. Open DNS Manager on the DNS host machine, expand Forward Lookup Zones, click on the domain, right click menu, and click New Mail Exchange(MX)
b. Click New Alias(CNAME) c. Click Other New Records and select TXT record type to add TXT records
Or, you can refer to Create DNS records at any DNS hosting provider for Office 365 for details if you’re using another DNS hosting provider. 7. After you have added these records, click Okay, I’ve added the records to finish the procedure.
Active Directory Synchronization For CloudPortal Service Manager, user accounts will be created on local Active Directory by utilizing the synchronization capability of Azure AD Connect. Local accounts can be synced to Office 365 Azure AD and Office 365 license can be assigned to the user. After granting the license, end users can access services provided by Office 365 with a local UPN and password. Azure AD Connect should be installed and configured on the domain-joined machine together with Office 365 Web Service in the domain that you want users to sync to Office 365.
For large-scale customers, more than one Azure AD Connect with Office 365 Web Service machine can be installed and configured. After configuring the Server Connection, specify the Web service server from the Service settings for Office 365 on the customer level. We tested Azure AD Connect version 1.1.119.0.
System requirement When preparing a server to host the Azure AD Connect and Office 365 Web service, ensure The following requirement are met: Hardware Configuration • Two or more server-class processors, 2.0GHZ or higher • Minimum 4 GB RAM recommended • Minimum 50 GB free disk space available Operating System Windows Server 2012 R2 .NET Version .NET Framework 4.0 installed Windows server roles • Management Tools->IIS Management console • Management Tools->IIS Management Scripts and Tools
Install and configure Active Directory synchronization 1. After adding your local domain in Office 365 domains, Download the Azure AD Connect to your domain-joined machine, and install it. 2. After installation, launch the Microsoft Azure Active Directory Connect wizard and choose User express settings in the Express Settings page. 3. Enter your Azure AD administrator credentials and click Next. 4. In this step, enter your Active Directory Domain Services enterprise administrator credentials and click Next. 5. Leave the Exchange hybrid deployment and Start the synchronization process as soon as the configuration completes unchecked and click Install. The installation process may take a while. 6. Go to {Azure AD Connect install location} \Microsoft Azure Active Directory\Connect\SetupFiles\AADPowerShell, and click AdministrationConfig-en, click Next and click Install to install AADPowershell.
For the latest version of Azure AD Connect, the synchronization will automatically be activated once Microsoft Azure Active Directory Connect wizard is successfully installed. For the latest version of Azure AD Connect, the AADPowershell should be installed separately. For an easy management, you can use the tool Synchronization Service Manager installed with Azure AD Connect, which is located under {Azure AD Connect install location} \Microsoft Azure AD Sync\UIShell \miisclient.exe Important Notes: •
For the multi-domain (including sub-domain) environment, an additional configuration step is needed to select the right domain where Azure AD Connect and Office 365 web service server exists. Otherwise, Azure AD Connect will select all the domains and OUs to sync by default. We don't support multi-partition scenario; only one domain can be selected, or it will fail in the process of Office 365 web service configuration.
If your environment is a multi-domain (including sub-domain) deployment, follow the steps below. 1. 2. 3. 4.
Launch the Azure AD Connect Wizard Choose Customize synchronization options, and click Next Enter your Azure AD administrator credentials and click Next Enter your Active Directory Domain Services enterprise administrator credentials and click Next 5. Select the right domain to be synced in the Domain and OU filtering page and click Next
6. Uncheck all the selections and click Next 7. Click Install to re-configure Azure AD Connect
Install and configure Office 365 Web Service Office 365 Web Service should be installed together with Azure AD Connect. It will be invoked remotely by Provision engine to sync users and groups for CloudPortal Service Manager customers to Office 365.
Steps to install the web service 1. Launch the Setup.exe from the Office 365 web service installation folders 2. Enable Office365 Web Service checkbox, click Next and follow the steps to finish the installation
3. Click the Configure button to configure the service 4. If the Encryption service URL is not accessible, it will show this window. Enter your Service URL and click Next
5. Install/import a domain certificate on Office 365 Web Service server, to enable Provision Engine server to trust the certificate installed on the Office 365 web service server, the root Certificate Authority (CA) for the certificate on the Office 365 Web Service server must reside within the Trusted Root Certificate Authorities node on Provision Engine Server, The following illustration shows the CA for the certificate on the Office 365 Web Service server, called “ca”, which is located in the Trusted Root Certificate Authorities path.
Specify the SSL Certificate installed. Please note that whether you check Use SSL or not, it will always use SSL.
6. Click Next to finish the installation 7. To test if the web service is working or not, enter https://yourhost/Office365WS/ Office365WCFService.svc into your browser. It should show the content below:
Important Notes:
•
During the Office 365 Web Service configuration process, you should disable AD Schedule Sync. Instead, enable AD Schedule Sync manually by Task Scheduler. a. Go to the path of C:\Program File(x86)\Citrix\Cortex\Provisioning Engine\UsageData of provisioning engine server. b. Three batch files exists. They are “DailyAMUsageData.bat”, “DailyPMUsageData.bat”, “HourlyUsageData.bat”. You can open Task Scheduler, expand Task Scheduler(Local)->Task Scheduler Library->Citrix>CloudPortal Service Manager to see the details of each schedule task. c. Add "RequestGenerator.exe" -q "Bulk" -n "Office365 - Schedule Sync" -t "Bulk Requests" -m "Office 365 Schedule Sync" -p "BulkRequestType" "office365 schedule sync" -p "ServiceName" "OFFICE365" to one of the tree files. We recommend adding the script to “DailyPMUsageData.bat”.
Import and configure Office 365 Service To import and configure the Office 365 Service 1. Log in as a service provider administrator. From Configuration->System Manager>Service Schema, click Import a Service, locate the .package file and follow the steps to import the service. 2. After import is complete, either restart the CortexQueueMonitor service or restart the machine on the Services Manager provisioning server. 3. In the control panel, enable the service at the top level: a. Under Service Filter, select Top Environment Services b. From the Services Manager menu bar in the control panel, choose Configuration > System Manager > Service Deployment and then expand Office 365 Click Save 4. Enable the service at the location level: a. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable b. From the Services Manager menu bar in the control panel, choose Configuration > System Manager > Service Deployment and then expand Office 365 Click Save 5. Verify credentials: a. From the Services Manager menu bar, choose Configuration > System Manager > Credentials b. Create the administrative impersonation account for the Office 365 service by clicking Add, and then entering a username, password, and domain (preferably in Fully Qualified Domain Name form). 6. Enable the server: a. From the Services Manager menu bar, choose Configuration > System Manager > Servers. b. If the server on which you installed the service is not listed, click Refresh Server List c. Expand the entry for the server and verify that Server Enabled is selected
Important Notes:
For the Office 365 web service server (the server that Azure AD Connect and Office 365 web service are installed), the server Alias should be specified as server FQDN 7. Assign the server roles: a. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles, and then expand the entry for the server b. Under Server Connection Components, select Office 365, and then click Save 8. Add a server connection: a. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections. Select a Location Filter if applicable, click New Connection, and then select or type the following information for the web service. Server Role: Office 365 Server: Web Service server FQDN Credentials: URL Base: /Office365WS/Office365WCFService.svc Protocol: https Port: 443 Timeout: 200000 •
b. On the Server Connections page, click the icon in the Test column for the server. The icon turns green for a successful connection. A red icon indicates an unsuccessful connection. Hover over the icon to get more information about the failed connection.
Provision Office 365 service to customer and users The Office 365 service can be provisioned to resellers, customers, and end users, after the provisioning, the end user can log in the Office 365 service from Microsoft by the local Active Directory credentials. An Exchange mailbox will be created for this end user as well, after proper license is assigned.
To provision Office 365 service to resellers 1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services 2. Select Services. The Customer Services page appears 3. From the services list, click Reseller 4. Select the Office 365 service check box and then click the Office 365 service name 5. Under Reseller Service Setup, select the user plan and customer plan to be offered, if any changes, click Save 6. Click Advanced Settings to: §
Specify the maximum number of users that the customer can provision with this service.
§
Enable or disable billing.
7. Click Provision
To provision Office 365 service to customer 1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services. 2. Select Services. The Customer Services page appears. 3. Click Office 365. The Service Plan Configuration page appears. 4. Select the appropriate customer plan. 5. Enter the correct Office 365 administrator user name and password 6. Click Advanced Settings to: §
Select a user plan.
§
Specify the maximum number of users that the customer can provision with this service.
§
Enable or disable billing.
7. Click Advanced Settings->Service Settings, enable “Server which has Office 365 web service installed”, choose the proper server from the dropdown list, click Apply changes 8. Click Provision, This will provision Office 365 service to this customer and trigger synchronization request to Azure AD Connect automatically, which will sync all local users and groups belong to this customer to Office 365 cloud. You can also force sync the local users, groups and password from the Services Manager menu bar in the control panel. Select Services->Office 365->Azure AD Connect, enable Sync AD objects and properties and Force sync AD Passwords checkbox. Then, click Sync button to sync local users, groups and password to Office 365 Important Notes: •
•
•
•
User of the customer should not have the same UPN with Office 365 admin, otherwise it will fail in the process of synchronization. If the synced users have the same UPN with Azure AD users, we will try to delete users in Azure AD first and then synced users to Azure AD Customer’s Primary Domain name should match the domain configured on Office 365 portal, otherwise the Active Directory account will be synced to default domain configured on Office 365 portal If it’s a new customer without any user provisioned before, it’s suggested to have all users created before going to Services->Office365->Azure AD Connect to trigger the synchronization If you re-install the Azure AD connect tool on the server with Office 365 web service installed for the customer, Office 365 service should be re-provisioned for this customer, otherwise accounts synchronization may fail for this customer
To provision Office 365 service to user 1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services. 2. Select Services. The User Services page appears. 3. Click Office 365. The User Service Setup page appears.
4. Choose the appropriate user plan. 5. Select the license from License Assignment you want to assign. 6. Click Service Settings to specify service message information. If you change settings, click Apply changes. 9. Click Provision. If the user doesn’t exist on Office 365, there will be a ‘Not Synced’ error link beside Azure AD Status. Click Not Synced link and redirect to the sync page to trigger a synch. After the provision is done, the user will have license usage authorization and some settings of the user will set in Office 365 portal.
To force the synchronization manually and review the status 1. Log in as a customer service admin. From the Service Manager menu bar, click Services>Office 365->Azure AD Connect, enable Sync AD Objects and properties or Force sync AD passwords, then click Sync button to sync current customer’s objects, properties or password to Azure AD. 2. Log in as a customer service admin. From the Service Manager menu bar, click Services>Office 365->Account Summary. The current Office 365 account’s SKU and company information will be retrieved. 3. Log in as Service Provider Administrator. From the Service Manager menu bar, click Services->Office 365->Server Assignment and, review the usage of Office 365 web service connection.
Office 365 properties that can be configured from CloudPortal Service Manager Hide From Address List On CPSM, from Office 365->Service Settings-> Exchange Online Common, you can enable/disable Hide From Address List property • After provisioning the service to the user, you can check it by logging in to Office 365: Admin->Exchange Admin Center->recipients->mailbox, then double click the mailbox on general page User Mail Alias •
On CPSM, from Office 365->Service Settings-> Exchange Online Common, you can set the mailbox alias pattern • After provisioning the service to the user, you can check it by logging in to Office 365: Admin->Exchange Admin Center->recipients->mailbox, then double click the mailbox on general page Outlook on Web •
On CPSM, from Office 365 service user plan, you can enable/disable Outlook On Web After provisioning the service to the user, you can check it by logging in to Office 365: Admin->Exchange Admin Center->recipients->mailbox, then select the mailbox at the right corner User Role • •
•
On CPSM, from Office 365 service user plan, you can set the user role as User, Global administrator or Limited Admin Role
After provisioning the service to the user, you can check it by logging in to Office 365: Admin->Users->Active Users, select the user, then click EDIT USER ROLES User Location •
• •
On CPSM, from Office 365 service user plan, you can choose the user location from the dropdown list After provisioning the service to the user, you can check it by logging in to Office 365: Admin->Users->Active Users, select the user, then click Edit button under Assigned license
Office 365 Reporting For Office 365 reports, we’ll keep existing reseller reports, plan reports and customer reports. CPSM will also produce Office 365 usage reports. CSP/Reseller/Customer can view the usage of Office 365 from different levels. For example, the reports include how many licenses are available, the Office 365 license usage of each user, and the sync server usage of each customer The Office 365 reporting uses Task Scheduler to collect Office 365 usage data once a day, so the reports are not in real time. The action takens on customers or users today may show in tomorrow’s reports To properly show the Office 365 reports, some prerequisites are needed.
Prerequisites • • •
•
CloudPortal Services Manager Reporting Role should be installed correctly Reports of Office 365 scheme should be enabled when importing the Office 365 package Add the action info within the batch file from the provisioning engine, which will allow Office 365 usage data to be collected and sent to provisioning engine by task scheduler a. Go to the path C:\Program File(x86)\Citrix\Cortex\Provisioning Engine\UsageData of provisioning engine server b. Add script below to file “DailyPMUsageData.bat” "RequestGenerator.exe" -q "Bulk" -n "Office365 - Usage Data Request" -t "Bulk Requests" -m "Get Usage Data" -p "BulkRequestType" "office365 usage data request" -p "ServiceName" "OFFICE365" c. Open Task Scheduler, expand Task Scheduler(Local)->Task Scheduler Library>Citrix->CloudPortal Service Manager to see the details of the schedule task If you have Office 365 web service installed, you should first uninstall it, then reinstall Office 365 web service with the reporting feature a. Go to sync server, open Control Panel b. Click Uninstall a program below Programs c. Right-click Citrix CloudPortal Services Manager Office365 Web Service, click Uninstall d. Follow steps for Install and configure Office 365 Web Service to install the newest version of Office 365 web service
Office 365 Reseller This portal provides a link to access the reseller’s reporting page. The reseller reporting page includes 365 service statistics for the reseller. An additional table is added to show license usage for all the synced and Office 365 provisioned users of the reseller. Ten items are included within the new added table.
Customer The name of the customer who has Office 365 service provisioned and is created by the reseller. Location The name of the location in which the user belongs to Sync Server The sync server that the customer is using for Office 365 User Name The name of the user who has Office 365 service provisioned and is created by the customer. Login Name The login name of the user who has Office 365 service provisioned Number Of License The number of Office 365 licenses the user has provisioned User License The name of the licenses the user has provisioned Last Sync Time The last synchronization time of the user Refresh Time The time when the report is collected from Office 365 web service for the user. It is set in the Task Scheduler, the routine time to collect Office 365 usage data is 11:00:00 PM Reseller The name of the reseller of the customer
Office 365 Customer This portal provides a link to access customer’s reporting page. The customer reporting page includes details of the Office 365 service statistics of the customer. Besides the general reports, this page provides reports to show how many licenses are available for customer to use, license usage of all the synced and Office 365 provisioned users of the customer. In Customer Details table, three additional items are added to the table, they are Location, Sync Server and Refresh Time.
Location The name of the location that the customer belongs to Sync Server The AD Connect Sync server the customer is using for Office 365 Refresh Time The time when Office 365 usage data is collected from web service server A table to show the available license quantity for the customer, in this table, six items are included, they are License, Active Units, Consumed Units, LockedOut Units, Suspended Units, Target Class.
License The name is from Microsoft, normally it equates to the license. It means the unique string ID of the account/SKU combination Active Units The number of active licenses Consumed Units The number of licenses that have been used LockedOut Units
The number of licenses that have been locked out Suspended Units The number of suspended licenses that are not available for assignment Target Class The target class of this SKU. Only SKUs with target class equal user are assignable A table to show license usage of all the synced and Office 365 provisioned users of the customer is added, the table includes six items, they are User Name, Login Name, User Plan, Number Of License, License, Last Sync Time.
User Name The name of the user who has provisioned the Office 365 service and is created by the customer Login Name The Office 365 login name of the user User Plan The user plan that the user has been provisioned Number Of License The number of the licenses that have been assigned to the user License Licenses, which have been assigned to the user Last Sync Time The time of last synchronization for the user
Office 365 Plan This portal provides a link to access plan based reporting page. In Office 365 reporting feature, there is no change for this part, all codes are generated by platform, i.e. the contents of the plan based reporting page is exactly the same as other features, it only lists how many customers/users are using the customer plan/user plan. Important Notes: •
For user usage data in reseller reports and customer reports, only synced users provisioned with Office 365 are listed. The users from Azure AD with status “In cloud” will not be listed in the reports.
•
When a customer or user provisioning fails, the information on the user or customer will still show in the report.
How to collect trace for debug Besides the existing trace functionality, log4net is integrated into CPSM web server, provisioning engine and Office 365 web service to provide additional trace to help debug. Trace level and saved trace location can be configured by modifying the trace configuration file. There are 7 levels of trace: 1. 2. 3. 4. 5. 6. 7.
OFF – shutdown the trace functionality FATAL – trace un-recoverable error ERROR – trace errors that will not break the service WARN – trace warnings INFO – trace information such as what the application is doing DEBUG – trace the function stacks which is used for debug purpose ALL – open all trace option (FATAL, ERROR, WARN, INFO, DEBUG)
The following is an example of how to modify the trace level. Within the trace configuration file, you’ll find information such as: Current default level is “ALL”, user can customize the trace level. Note, please don’t change the appender info unless you are very familiar with log4net configuration To change the trace location, modify the information below:
Note, please do not modify other parts, unless you are very familiar with log4net configuration
Trace for CPSM web server For CPSM web server, the log configuration file is: C:\inetpub\Cortex Management\CortexDotNet\Services\Office365\WebLog.config The default trace log is stored within path of the machine which has CPSM web server deployed: C:\Program Files (x86)\Citrix\Cortex\CortexWeb\CortexDotNet\Services\log\
And the default trace level is “ALL”
Trace for Provisioning Engine For provisioning engine, the log configuration file can be found from the path of the machine that has the provisioning engine deployed: C:\Program Files (x86)\Citrix\Cortex\Provisioning Engine\Citrix.Csm.Provisioning.Actions.Office365.dll.config The default trace log is stored within: C:\Program Files (x86)\Citrix\Cortex\Provisioning Engine\log\
And the default trace level is “ALL”
Trace for Office 365 Web Service For Office 365 Web Service, the log configuration file can be found from the path of the machine that has Office 365 deployed: C:\inetpub\CortexServices\Office365WS\bin\WebServiceLog.config The default trace log is stored within: C:\Program Files (x86)\Citrix\Cortex\Services\log\
The default trace level is “ALL” Trace for Office 365 Windows Service For Office 365 Windows Service, the log configuration file can be found from the path of the machine that has Office 365 deployed:
C:\Program Files (x86)\Citrix\Cortex\Services\Office365WS\ADConnectorSvc\WindowsServiceLog.config The default trace log is stored within: C:\Program Files (x86)\Citrix\Cortex\Services\log\
And the default trace level is “ALL”
Know Issues/limitation 1. If you’re using IE 11.x, and set the “IE Enhanced Security Configuration” to Off, make sure IE->Tools->Compatibility View Settings, Display intranet sites in Compatibility View and Use Microsoft compatibility lists are unchecked, or you may encounter display error. 2. If you want to provision multiple CPSM customers to a single Office 365 service account after configuring multiple domains, it’s suggested to have only one domain configured for one Office 365 service account and provision one CSPM customer to it because of limitations of Azure AD Connect tool. Previously synced accounts will be deleted after switching to sync another customer’s account by Office 365 Web Service. 3. Disabled/Expired license information will show on user service provision page. Any provision request which is assigned to these licenses will cause provision failure. 4. Local domain must be configured on Office 365 before the provision or it will cause provision failure. 5. On the Azure AD Connect page, it’s one-way check for account matching between local and cloud. 6. Frequent delete user, create user and sync to Office 365 may cause the Azure AD Connect to throw a “Attribute value must be unique” error. 7. The users to be synced should not have the same UPN with users already in Azure AD, especially users with Global administrator role in Azure AD. It will cause an error in the syncing process of CPSM. 8. If Azure AD schedule sync is disabled by Office 365 web service, you need to trigger the AD schedule sync by Task Scheduler in provisioning engine, manually. 9. CPSM can only work with Azure AD Connect version above 1.1.105.0, any version prior to 1.1.105.0 will not be supported. 10. When provisioning Office 365 to a user, there may be an error like “set OWA timeout”. This is because Exchange Online needs to set OWA to prepare primary address for a user. This may take a long time. The provision action will take five minutes to wait for the preparation. If the duration exceeds five minutes, an error may occur. Contact the service administrator or Microsoft for support.
FAQ Q: What can I do if I want to enable Skype for Business for my customers? A: Firstly, you should enable “Skype for Business for instant messaging and online meetings” at the domain setup on the Office 365 portal, add corresponding DNS records to your DNS server
After the user is provisioned, then, log in to the Office 365 portal as the global administrator, USERS->Active Users, select the user, at the license assignment page, expand the business plan. Make sure Skype for Business Online is selected and click SAVE. Q: How is the Office 365 account stored in CloudPortal Service Manager? Is it possible to leak this information? A: These credential are encrypted and stored in the database and transferred by https. It is not readable by any third-party tool.
