|Technical Rating: |
|Published Date : 04 Mar 2014
Last Updated : 19 Feb 2020
Content Ref: NWS3442877
RM Cloud Service Delivery can assist you with your Office 365™ federation. For further information, please speak to your Sales representative on 0800 046 9798 or email email@example.com, quoting this article.
This document gives answers to some of the common questions asked regarding the process of federating your Microsoft® Office 365™ domain to RM Unify and also the provisioning of your Office 365 accounts.
Note: If you have purchased RM Unify with the Office 365 connector, RM can only provide support for the process of federating your Office 365 domain and also support for the initial provisioning of your user accounts from RM Unify into Office 365. Additional support for the administration and management of Office 365 (Exchange Online, SharePoint® Online, Lync® Online, OneDrive®, Newsfeed, licensing, domain management etc.) can be purchased separately. For more information on Office 365 support services, please visit this link.
|What does federating mean?|
|Federating means to create an alliance by uniting two or more entities. When we talk about federating Office 365 to RM Unify, we are talking about allowing RM Unify the permission to provision and manage user accounts in Office 365. From your local Active Directory (AD), user accounts will be provisioned into RM Unify via AD Sync and then on to Office 365. Changes made to the AD account will be synchronised to RM Unify and then passed onwards to Office 365 because of the federation. |
|In the context of Office 365, a tenancy is the name given to the Office 365 site (sometimes called the 'service domain') which may contain a single domain, or multiple domains (federated and unfederated). For example, you could create the tenancy buttercup.onmicrosoft.com which contains the domains buttercupinfants.sch.uk and buttercupjunior.sch.uk. |
|What are the Microsoft system requirements for Office 365?|
The statement from Microsoft is:
"For the best experience using Office 365, we recommend that you always use the latest browsers, Office clients and apps. We also recommend that you install software updates when they become available."
More information can be found here.
|Will allocating the Office 365 Mail tile restrict my users to email only?|
|No. The RM Unify tiles for Office 365 allow the administrator to provide direct links to the main elements of Office 365: Mail, Calendar, People, OneDrive, Office Download, and School Site. Accessing Office 365 via any one of these tiles will not prevent the user from traversing the Office 365 site in its entirety. |
|Which attributes are passed to the Office 365 account?|
The following RM Unify attributes are passed to a user's Office 365 account:
|RM Unify attribute
||Destination Office 365 attribute|
||First name |
||User name (User Principal Name)|
|RM Unify scope name and DfE code
||Department eg. UnifySchool (0000000)|
|School DfE code
||Street address eg. 0000000|
||Title eg. Student|
|Do passwords synchronise between RM Unify and Office 365?|
No. Although AD Sync synchronises passwords from your local network to RM Unify, there is no passing, or synchronising, of passwords on to Office 365.
When Office 365 is federated to RM Unify, it is RM Unify which authenticates your login and passes an authentication token to Office 365 in order to allow access to your account (this is single sign-on, or SSO). Office 365 itself does not know, and does not need to know, your password.
When configuring a mail client with your Office 365 credentials, you enter your Office 365 email address and your RM Unify password. Again, it is RM Unify which authenticates your login and passes a token to Office 365 in order to allow your mail client access to your Office 365 mailbox.
Although an administrator may be able to reset the password of a federated user using the Office 365 Admin Centre, the user's password held by RM Unify takes precedence. The user will not be able to authenticate to Office 365 services unless they use their RM Unify password.
Additionally, a federated user will not be able to change their own password from within Office 365 and instead they will see the following message: "Your organisation doesn't allow you to change your password on this site. Please change your password according to the method recommended by your organisation".
|How do I change an RM Unify/Office 365 username?|
|For a school using RM Unify AD Sync, the user's username in RM Unify is synchronised from the local AD. So, when the username is changed in the local AD, this will flow through RM Unify and update the username there. At this point, it will generate the new email address based on the new username. This new email address is then applied to Office 365 so that it takes effect straight away.|
Note: However, Office 365 retains the old email address as an alias so that the user will continue to receive email sent to the old address as well.
|What happens when the RM Unify user is deleted?|
Users store important resources in shared spaces in Office 365 and an administrator may wish to re-distribute or move these resources instead of losing them. With this in mind, when an RM Unify account is deleted the Office 365 will initially be unlicensed, not actually deleted. Whilst in this state the account is inaccessible, with the mailbox/OneDrive content being deleted by standard Office 365 processes after 30 days (any content added by the user to the domain's SharePoint site will remain). The account can be manually deleted from the Office 365 Admin Centre after the 30-day expiry if desired.
Office 365 accounts provisioned by RM Unify, where the RM Unify account has been deleted for more than nine months, will be permanently deleted by an automated RM Unify housekeeping process once that nine-months period is reached. More information on this GDPR led process here.
|What happens when the RM Unify account is disabled?|
|When an RM Unify account is disabled (for example, it is disabled on the network, or is removed from the AD group used by RM Unify AD Sync), then the Office 365 account can no longer be accessed via a browser login to RM Unify. However, access to an Office 365 account via desktop Outlook, or via a mobile device or app, which has previously been granted via the issuing of security (refresh and access) tokens, could continue for a period after the disabling of the RM Unify account depending on how your Office 365 tenancy is configured. Microsoft provide advice on how to configure the access token lifetime, the maximum period of refresh token inactivity before revocation and how to actively revoke tokens, in this Azure AD tech article - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes. As an Office 365 administrator, removing all licences from the Office 365 account will prevent access to the account and will delete all data (mailbox, OneDrive etc.) in 30 days. |
|How do I license and unlicense users in Office 365?|
|Where your Office 365 domain has been federated to RM Unify, licensing and unlicensing of users will happen automatically as users are created and deleted (this is not the case with vanilla Office 365 using Microsoft's Azure AD Connect to provision users). Further information on Office 365 licensing can be found in this Microsoft article, along with a useful Microsoft tool here. |
|How do I identify unlicensed users in Office 365?|
|By logging on to the Office 365 admin centre as a global administrator (this may not necessarily be your RM Unify Admin account, unless you have delegated the rights in Office 365 manually) you can filter your users using the 'Unlicensed users' option from the drop-down menu (see Image below). These unlicensed users may be deleted by ticking the box next to their account names and then choosing the delete option from the right-hand pane. |
|Can I manually license users, directly in Office 365?|
An Office 365 administrator with the appropriate rights can manually assign and remove licences to RM Unify provisioned accounts, by using the Office 365 admin center. RM Unify will continue to ensure that live/active RM Unify users have licensed Office 365 accounts, but will not change any existing licence assignments; RM Unify simply checks for the presence of 'any' valid Student or Faculty licence.
Please note, however, that according to the Microsoft Qualified Educational User Definition (EMEA), only matriculated (i.e. enrolled) students and employed staff are eligible for the free (Unlimited) educational licences:
"The following are eligible to acquire Microsoft Academic Edition (AE) products in the programs indicated and are defined as qualified educational users. Microsoft reserves the right to review the status of any customer or proposed customer as a qualified educational user." "Students Full and Part Time Matriculated Students of an Educational Institution as defined in section A(i) and Full Time Matriculated Students of an Education Institution as defined in section A(ii)." "Faculty and Staff Full and Part Time Faculty and Staff of an Educational Institution as defined in Section A(i) above."
In short, only staff and students actually working at or attending the school are entitled to a free Office 365 educational licence.
|How do I configure my mobile device to access Office 365?|
|Microsoft have provided instructions for configuring; Android, BlackBerry©, iPhone\iPad, Nokia (Symbian OS) and Windows devices in this article. |
|How do I change the time zone in the Outlook Web App?|
- Log on to RM Unify and click the Mail tile on your Launch Pad.
- Once the Outlook Web App has opened, click on your name (top right) and select My Account.
- Select the Setting option on the left, followed by 'Language and time zone'.
- Change the 'Current time zone' to the correct value.
- Click Save.
Alternatively, you can connect to Office 365 Exchange Online via PowerShell to set the time zone in bulk using this article.
|How do I configure Outlook to connect to my Office 365 email?|
Page 19 of the 'Administrator's Guide - Microsoft Office 365 Outlook web app' contains the required instructions. For more information, refer to DWN3442166 in the Other Useful Articles section below.
If you are configuring Outlook clients to use Office 365 accounts following the decommissioning of your local (on-premises) Exchange Server, please refer to TEC4201760 in the Other Useful Articles section below.
|How do I troubleshoot connectivity or performance issues with my Outlook client and Office 365?|
To assist you with troubleshooting any Outlook client connection, performance and log in issues with Office 365, Microsoft have the following Wiki article.
Also of use is the 'Microsoft Support and Recovery Assistant for Office 365' tool, which can be downloaded here.
|Are there limitations on email size, number of recipients etc. in Office 365?|
Full details of the Exchange Online Limits of Office 365 can be found in this article. Please also bear in mind:
- The limits applied to a Microsoft Office 365 organisation may differ depending on how long the organisation has been enrolled in the service. When a limit is changed in the Microsoft datacenters, it can take some time to apply the change to all existing customers.
- You can't modify most of these limits, but you and your users should be aware of them.
- These limits apply to both internal and external recipients.
|Can I retain my onsite Exchange server after federating Office 365 to RM Unify?|
|This type of configuration is known as mixed hybrid mode and is currently not supported by RM. |
|Can I configure Office 365 to send emails from other software\hardware?|
|Can I use G Suite and Office 365 at the same time with RM Unify?|
G Suite and Office 365 can be used together with (federated to) RM Unify. It is possible to federate G Suite and Office 365 to two separate domains in RM Unify, or federate both using the same domain. If using the same domain, email should only be configured for use with one cloud service (Office 365\G Suite) or the other, dependent on your MX record configuration.
For more information, please refer to the following articles in the Other Useful Articles section below:
- TEC4945314: Supported configurations when federating your RM Unify establishment to G Suite and Microsoft Office 365.
- TEC4904117: Unable to match existing G Suite accounts to RM Unify when Microsoft Office 365 is already installed.
|Can I access Microsoft Teams via RM Unify?|
|The provisioning of Teams and access via RM Unify SSO is on the roadmap for future development, which can be tracked here. It is possible to use the O365 Groups created from your MIS using RM Unify Group Sync as the quick and easy basis for any manually created Teams that you may desire in the meantime.|
|What is Windows® PowerShell® for and how do I use it?|
An Office 365 administrator can complete most configuration and maintenance tasks from the 'Office 365 admin center', available when they log on to Office 365. More advanced tasks require the use of Windows Azure™ Active Directory module for Windows PowerShell.
This command line tool is installed to your local computer and allows you to make a secure, remote connection to your Office 365 tenancy. The Microsoft Office 365 community is a valuable source of information on how to use this tool. Please visit this link.
|One or more users cannot access Office 365 - what basic diagnostics can I do?|
- Ensure that the user can log on to RM Unify. This will prove their account has been fully created.
- Does the Office 365 account have the appropriate licences?
- Please search our Knowledge Library using your specific symptoms for more detailed diagnostic help.
|Why are users in RM Unify but not in Office 365?|
- From the RM Unify App Library, check you have installed an Office 365 app and that it has been allocated to the Launch Pads required, i.e. the Student role, Teacher, Non-Teacher etc.
- If you have users missing from Office 365, but present in RM Unify, you can use the Resync Users function from within any Office 365 app.
- Log on as an RM Unify administrator, go to the App Library, click any Office 365 app which has the Manage label. Under the Support Info section, click the link and then the Resync Users button.
If this article has not helped provide a solution then it is also possible to
log a call...
Document Keywords: faq, faqs, o365, federate, 365, unify, FAQ for Microsoft Office 365 when federated to RM Unify, deleted, hard delete, hard-delete, hard-deletes, hard deletes