Microsoft recently released KB2506146 and KB2506143 as optional updates depending on your which server version you are running (2008 SP2 or 2008 R2 SP1)

The update includes Windows Management Framework 3.0 and more specifically PowerShell 3.0 which is not supported on either Exchange 2007 or Exchange 2010. There have been reports of it causing issues with the installation of rollups resulting in an error code of “1603” appearing in the event log.

It is recommended that Windows Management Framework 3.0 should not be installed on servers running either Exchange 2007 or Exchange 2010. Uninstalling Windows Management Framework 3.0 reportedly fixes the issues.

I previously blogged about controlling ActiveSync device access on Exchange 2010 and Exchange Online and thought I would follow-up with quick post on how to accomplish the same results on Exchange 2013. For this post, I will create the same policy as before..  a device policy to quarantine any iPad devices. The use case for this scenario is that an organisation may for example allow users to choose whatever mobile phone they would like to use but block the use of iPads because these are not devices issued by the company. By quarantining a device, we can easily see who is attempting to use such a device, how many are out there and even decide to create a new policy specific to these devices.

To create a device policy, we need to access the “Mobile Device Access” option under the “Mobile” menu item in EAC. It should look something like this:

Clicking the “Edit” button will allow you to edit various settings. As you can see, I have decided to be permissive and allow all devices unless they are managed by a rule. You can select a distribution group or administrative account that will receive quarantine notification emails. You also have the option to add any custom or organisation specific text that will be included in the email notification sent to users when their device is blocked or quarantined.

We then click “+” under “Device Access Rules” at the bottom of the page to define our new rule. Here we can browse a list of all the devices and device families that have recently connected to our Exchange environment. Device family is a grouping of similar devices, in our case for example if we choose a Device family of “iPad” we can then decide to only apply this rule to iPad2 models or “All models” by selecting the appropriate device type. Lastly, we select our ABQ action:

Once we have clicked “Save” we should see the new device access rule listed under “Device Access Rules”

Once we have created the access rule, if any users attempt to connect using an iPad, they will be listed under “Quarantines Devices”

Users will receive a notification email similar to the following if they try to connect using an iPad:

Microsoft recently released Lync Basic 2013, a slimmer version of the Lync client that provides all the basic functionality available in the full version of Lync 2013. Some of the notable missing features in the basic client are advanced call features such as team ring, call forwarding, simultaneous ring, voice mail, call park, call delegation, response groups, and remote call control.

As usual for all things Lync related, my friend Greig Sheridan has a full write-up on his blog.

I am often surprised by how few customers know about or use ActiveSync device access rules (or ABQ for short) in Exchange 2010 when everyone seems to have the requirement to some degree or another. I see a growing trend to use third party products to do what Exchange can and has been able to do natively for a while now so I thought I would put together this post to go through some of the functionality offered by ABQ.

Before I continue, I would like to highlight the following two things:

1. Device access rules (ABQ) should not be confused with or is not intended to replace ActiveSync policies which are used to enforce things like device passwords, device encryption, etc. (click here for more on ActiveSync policies)
2. Everything described in this post also applies to Exchange Online

Depending on your requirements, you may decide to take a restrictive approach where you only allow a small set of tested and supported devices or be more permissive and only block/quarantine problematic devices. For this post, I will create a device policy to quarantine any iPad devices. The use case for this scenario is that an organisation may for example allow users to choose whatever mobile phone they would like to use but block the use of iPads because these are not devices issued by the company. By quarantining a device, we can easily see who is attempting to use such a device, how many are out there and even decide to create a new policy specific to these devices.

During the connection process, Exchange will follow a logical set of rules to determine the access state of each device and will either allow, block or quarantine the device based on the outcome. The sequence of challenges includes the following steps:

1. Is the device authenticated? If not, challenge for the correct credentials. Otherwise, go on to the next step.
2. Is Exchange ActiveSync enabled for the current user? If not, return an "access restricted" error to the device. Otherwise, go on to the next step.
3. Are the policy enforcement criteria met by the current mobile device? If not, block access. Otherwise, go on to the next step.
4. Is this device blocked by a personal exemption for the user? If so, block access. Otherwise, go on to the next step.
5. Is this device allowed by a personal exemption for the user? If so, grant full access. Otherwise, go on to the next step.
6. Is this device blocked by a device access rule? If so, block access. Otherwise, go on to the next step.
7. Is this device quarantined by a device access rule? If so, quarantine the device. Otherwise, go on to the next step.
8. Is this device allowed by a device access rule? If so, grant full access. Otherwise, go on to the next step.
9. Apply the default access state per the Exchange ActiveSync organisational settings.

The device policy that I am going to create will be applied at Step 7. To create a device policy, we need to access the “ActiveSync Access” options under “Phone & Voice” settings in the ECP. It should look something like this:

Clicking the “Edit” button will allow you to edit various settings. As you can see, I have decided to be permissive and allow all devices unless they are managed by a rule. You can select a distribution group or administrative account that will receive quarantine notification emails. You also have the option to add any custom or organisation specific text that will be included in the email notification sent to users when their device is blocked or quarantined.

We then click “New” under “Device Access Rules” at the bottom of the page to define our new rule. Here we can browse a list of all the devices and device families that have recently connected to our Exchange environment. Device family is a grouping of similar devices, in our case for example if we choose a Device family of “iPad” we can then decide to only apply this rule to iPad2 models or “All models” by selecting the appropriate device type. Lastly, we select our ABQ action.

Once we have clicked “Save” we should see the new device access rule listed under “Device Access Rules”

Once we have created the access rule, if any users attempt to connect using an iPad, they will be listed under “Quarantines Devices”

Users will receive a notification email similar to the following if they try to connect using an iPad. Note the custom text entered previously (red box)

One last thing to mention is that you do have the ability to make a personal exception for a specific user if needed, so for example if you have an executive who is adamant about wanting to use his/her iPad of if you decide after some time to test iPads this can be done without affecting anyone else. As always, full documentation can be found on TechNet

Earlier today Exchange 2013 reached RTM status. This is a very exciting announcement and means that coding and testing is now complete. General availability is planned for the first quarter of 2013. In addition to Exchange, the new Office, SharePoint, and Lync have also reached RTM. For more information on the announcement, click here.

If you’ve decided to get you hands dirty with the Exchange 2013 Preview, the first thing you probably noticed when clicking on the start menu after installation is this:

 

Your eyes are not deceiving you, there is no shortcut to for the Exchange Management Console (EMC)… the reason for this is simple, it’s not there! Exchange 2013 bids farewell to the EMC that we have come to love since Exchange 2007 and introduces a new management interface called the Exchange Administration Center (EAC). EAC is the new web-based management console in Microsoft Exchange Server 2013 and it allows administrators to manage on-premises, online, or hybrid Exchange deployments. As one would expect, EAC makes use of roles based access control to ensure that specialist or support users are able to perform only the specific tasks which are assigned to them.

oh, before I forget, I should mention that all names in the screenshot are randomly generated fakes!

I can’t believe how quickly this year has gone, it is almost time for me to start packing my bags for another trip..  I'll be attending the Microsoft Exchange Conference 2012 (MEC) in Orlando, September 24th-26th. I am really looking forward to this great opportunity to learn about the product from the engineers who built it. There will be more than 100 sessions, some of the topics that will be covered in breakout sessions, keynotes and hands-on labs include:

• Exchange Server 2013 Architecture
• Security and Protection in the new Exchange
• Configuring built-in Anti-Malware/Anti-Spam protection
• Setting up Data Loss Prevention policies
• Compliance, eDiscovery and Archiving in the new Exchange
• Exchange Server 2013 Manage Availability and Monitoring
• Unified Messaging in Exchange Server 2013
• Exchange Server 2013 Deployment and Exchange Server 2010 Coexistence
• Moving to the cloud with Exchange Online and Office365

Let me know if you are also planning to attend, it would be great to catch up!

My friend and colleague Greig Sheridan recently released a couple of handy client side tools for Lync. I think they are both really great and thought I would plug them for him! The first of these is called “Profiles for Lync”. Profiles for Lync is a multi-user account management application for Lync which allows you to easily switch between Lync profiles, this is really handy if you often connect to multiple Lync environments.

 

His most recent tool is called “Elyza”. Elyza is a auto-responding & remote control bot for Lync and has become my new demo buddy.. you never have to give her any notice, she is always available to chat to you.

To check out these handy tools, follow the links below:

• Profiles for Lync
• Elyza

After more than 2 years of the same I have decided to give my blog a new look. It is very much a work in progress for now, but hopefully it does not look too bad! I have once again decided against implementing any form of CSS or styling in my RSS feed as I think keeping it simple is the best approach for RSS.

I am very excited to let you all know that Microsoft has made the preview release of Exchange 2013 available for download.

This release has been highly anticipated, for more information about the Exchange 2013 preview, click here. In addition, the Office 2013 preview was also announced. Exchange 2013 preview documentation has also been updated on TechNet.

Watch this space for news and information about what you can expect to see in Exchange 2013!