Getting Started with Office 365

The last couple of months I’ve been working a lot with Office 365, ADFS Federation and the correct integration of Office 365 together with both Citrix XenApp and XenDesktop.

There’re many post on the topic, but it’s the small details that matters. In this post I’m going to share my experience which will hopefully help you a lot. Let’s get started!

Getting Started with Office 365 04

Active Directory Domain Name

If you’re starting from scratch PLEASE buy an external domain name and use it internally as well. The old rule of .local domains don’t apply anymore and by using an external one you’ll save TONS OF TIME.

That being said, there’s still millions of customers running with an internal domain like me (ctxlab.local) and since renaming is NOT recommended there’s just some more stuff to learn.

Active Directory Federation Services (ADFS)

Why ADFS? Well you want to provide your users with the best User Experience (UX) and therefore Single Sign On is highly recommended.

I’m not going to cover ADFS setup, there’s already some great posts from Microsoft on the topic – How To Install ADFS 2012 R2 For Office 365 and Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365. Just be aware that if you install ADFS on your Domain Controller e.g. DC-01 DON’T use the same FQDN for your ADFS certificate. Get yourself a wildcard certificate from DigiCert and you’re all good, for everything that requires a SHA256 certificate.

Now, because I have an internal domain I need to configure a Forward Lookup Zone with the address of ADFS, NetScaler Gateway and AutoDiscover. Without AutoDiscover you’ll not be able to connect to your Office 365 mailbox. Again, if you use an external domain name you’ll not get this problem.

Getting Started with Office 365 02

For ADFS to work you also NEED to setup a WAP Proxy Server in DMZ for ADFS. I would highly recommend using NetScaler for this task, see the post Setup NetScaler as ADFS Proxy and Getting Started With Microsoft Action Pack if you want Office 365 E3 and lots of licenses at a fraction of the normal cost.

Install Office 365 on Citrix XenApp / XenDesktop

The installation is quite straight forward, but if you want all the dirty details please check the post Office 365 on Terminal Server Done Right from my friend Marius Sandbu.

Now to save you some additional time and headache, I’m running Office 365 version 2013 (15.x). Why? Simply because Citrix doesn’t support Skype for Business 2016 (16.x) at the moment.

Office 365 Installation

Office 365 XML Example for RDSH

HDX RealTime Connector for Skype for Business

Customize Office 365 for Citrix XenApp / XenDesktop

To provide the best possible User Experience we’ll need to download and configure Office 2013 Administrative Template files (ADMX/ADML).

Office 365

Unfortunately there’s lots of popups that are not covered by Group Policy so some additional customization is required. This is how it looks Out of the Box!

Getting Started with Office 365 01

Here’s my Group Policy Preference tweaking.

Getting Started with Office 365 06

The only thing the users sees at first time run (new profile) is Skype for Business asking for the email address.

Getting Started with Office 365 07

The sign in process itself is handled by ADFS Single Sign On. For some reason that’s not the case for Outlook. My best advice is to education the users to check “Remember my credentials“.

Getting Started with Office 365 08

Office 365 Conclusion

I would HIGHLY RECOMMEND you thinking twice about implementing both Office 365 AND ADFS for Single Sign On.

Why? Simply because if your internet connection goes down your users won’t get access to their email. Heck, they won’t even be able to launch Word or Excel because Office 365 validates the license each time. So is the low cost of Office 365 so lucrative that it’s worth it? Please share your thoughts in the comment below.

Brad Anderson

Now that being said, my company xenapptraining.com is running completely on Office 365 and it’s the future. So you should start learning it today. Training videos on Office 365 will be added to my course very soon.

macbook air updated 24042016

6 Responses to Getting Started with Office 365

  1. Hi,

    Great post… as allways.
    But I got a Little confused about one thing.

    First you write:
    “Why ADFS? Well you want to provide your users with the best User Experience (UX) and therefore Single Sign On is highly recommended.”

    And then:
    “I would HIGHLY RECOMMEND you thinking twice about implementing both Office 365 AND ADFS for Single Sign On.”

    Is your conclusion NOT to use ADFS?
    In what situations would you use ADFS then?

  2. Hello Eric,

    How are you?

    Just want to check when we can expect videos regarding Office 365 on your training website?

    Thanks,
    Pavan

  3. Wanted to take a few minutes to clarify things here.

    First the concept of fault domains, basically don’t put all your eggs in one basket.

    Second ADFS fully supports a farm concept, you have multiple ADFS servers running, just like domain controllers.

    You basically had 1 domain controller running, and the host it was on died.

    Last I would suggest you have more than one DIRSYNC (OLD NAME), running as well, and if the primary dies, you flip it over, so password sync, and AD object sync keeps happening to O365.

    Last a link to that discuss H/A ADFS Design

    https://blogs.technet.microsoft.com/ucando365talks/2014/04/14/adfs-high-availability-quick-reference-guide-for-administrators-implement-single-sign-on-for-office-365/

Leave a reply