CloudPortal Service Manager Office 365 Service Deployment Guide

Contents Office365servicetopology.............................................................................................................2

Typicalmessageflowexample........................................................................................................3

AddyourdomaininOffice365........................................................................................................3

ActiveDirectorySynchronization....................................................................................................8

Systemrequirement....................................................................................................................9

InstallandconfigureActiveDirectorysynchronization...............................................................9

InstallandconfigureOffice365Webservice...............................................................................12

StepstoinstalltheWebservice...............................................................................................12

ImportandconfigureOffice365Service......................................................................................16

ToimportandconfiguretheOffice365Service.......................................................................16

ProvisionOffice365servicetocustomerandusers.....................................................................17

ToprovisionOffice365servicetoresellers..............................................................................17

ToprovisionOffice365servicetocustomer............................................................................18

ToprovisionOffice365servicetouser....................................................................................18

Toforcethesynchronizationmanuallyandreviewthestatus.................................................19

Office365propertiesthatcanbeconfiguredfromCloudPortalServiceManager..................19

Office365Reporting.....................................................................................................................20

Prerequisites.............................................................................................................................20

Office365Reseller....................................................................................................................21

Office365Customer.................................................................................................................22

Office365Plan..........................................................................................................................23

Howtocollecttracefordebug.....................................................................................................24

TraceforCPSMwebserver.......................................................................................................25

TraceforProvisioningEngine...................................................................................................25

TraceforOffice365WebService.............................................................................................25

KnowIssues/limitation.................................................................................................................26

FAQ...............................................................................................................................................26

CloudServiceNanjingTeamLastupdate:March15,2016

Office 365 service topology Office365serviceisprovidedby2components:

1. Office365servicepackage2. Office365webservice

FollowingisthetopologyofOffice365service:

• “CPSM”meansCPSMwebserver,CPSMprovisionengine,CPSMdatabase• “Office365WS”isthemachinewhichhasOffice365webserviceinstalled• “DC”meansDomainController• “Office365”meanstheOffice365serviceprovidedbyMicrosoft

CPSMneverinteractswithOffice365directly.ItsendsrequeststoOffice365WebServiceandOffice365WebServiceisresponsibleforcommunicatingwithOffice365(providedbyMicrosoft).

BesidesactingasaproxybetweenCPSMandOffice365,Office365WebServicecantriggerADSyncfunctionalityaswell.TheADSyncfunctionalityisprovidedbyMicrosoftAzureADConnect.So,theMicrosoftAzureADConnecthastobeinstalledonthesamemachineasOffice365webservice.

Typical message flow example ThefollowingisanexampleofatypicalmessageflowwhenperformingOffice365serviceprovisiononCPSMassumingthedatabaseisinstalledontheCPSMwebserveraswell:

Likeotherservices,provisionenginewillsendamessagetoOffice365WebService.Office365WebServicewilltalktoOffice365andAzureADConnectdependsontherequesttype.

Add your domain in Office 365 TouseOffice365serviceforCloudPortalServiceManager,youmusthavepurchasedOffice365serviceaccountfromMicrosoft,variousbusinessplanareavailable,currentlyonlyOn-lineExchangeservicepropertiescanbeconfiguredbyCloudPortalServiceManager.It’srecommendedthatyousubscribetothebelowbusinessplanwithExchangeOnlineservicefromMicrosoft.

• Office365BusinessEssentials• Office365BusinessPremium• Office365EnterpriseE1• Office365EnterpriseE3

• Office365EnterpriseE5

Forthereseller,wesuggestyousubscribeOffice365Enterprisebusinessplanbecausetheusermaximumvalueis“Unlimited”.

AfteryougettheOffice365servicecredentials,thedomainmustbecreatedinOffice365sothatyoucanactivateActiveDirectorysynchronizationtoSyncusersfromlocalADtoAzureAD.

1. GototheManagedomainspage.(Ifyou'renotalreadysignedintoOffice365,you'llbepromptedtosignin.Ifthelinkdoesn'twork,herearestepstonavigatetotheManagedomainspage).

2. ChooseAdddomaintostartthesetupwizard,whichguidesyouthroughverifyingyourdomain

andothersetupsteps.

3. Typeyourdomainnameinthesetupwizard.

4. AddthecustomizedDNSrecordsoOffice365canconfirmyouownthedomain.Office365typicallydetectsyourdomain'sDNShostandprovidesstep-by-stepinstructionsforaddingtherecord.

TakeMicrosoftDNSserviceasanexample.Makesureyou’veregisteredthedomainnamefrom

theDNSprovider,thenameserverisconfiguredforthisdomain,andthatrecordscanbequeriedexternally.

a. OpenDNSManagerontheDNShostmachine,expandForwardLookupZones,click

onthedomain,rightclickmenu->OtherNewRecords,selectTXTrecordtype,theninputTXTnameandTXTvalue.

b. ClickOKtoexit.

OrifyourDNSishostedbyGoDaddy,youcanchoosetologinGoDaddy,recordscanbeaddedautomatically

5. Whenyou'veaddedtherecordatyourDNShost,finishthisstepbychoosingOkay,I'veaddedtherecord.

6. Followthestepstonext,atStepSetupdomain,youcanchoosetherecordsareaddedautomaticallyifyou’reusingGoDaddytohostyourDNS,oraddtheMXrecords,TXTrecords,SRVrecordsmanuallyifyouareusingotherDNShosts,clickaddtheserecordsyourself,you’llseetherecordsdetails,whatrecordsshouldbeaddeddependonyourchoice,ifyou’llenableExchangeOn-LineandneedtheautodiscovercapabilityforOutlookclient,enable

Outlook on the web for email, calendar, and contacts

Detailrecordsthatneedtobeaddedwillshowuponthenextpage.

UseMicrosoftDNSserviceasanexampletoaddtheserecords:

a. OpenDNSManagerontheDNShostmachine,expandForwardLookupZones,clickonthedomain,rightclickmenu,andclickNewMailExchange(MX)

b. ClickNewAlias(CNAME)c. ClickOtherNewRecordsandselectTXTrecordtypetoaddTXTrecords

Or,youcanrefertoCreateDNSrecordsatanyDNShostingproviderforOffice365fordetailsifyou’reusinganotherDNShostingprovider.

7. Afteryouhaveaddedtheserecords,clickOkay,I’veaddedtherecordstofinishtheprocedure.

Active Directory Synchronization ForCloudPortalServiceManager,useraccountswillbecreatedonlocalActiveDirectorybyutilizingthesynchronizationcapabilityofAzureADConnect.LocalaccountscanbesyncedtoOffice365AzureADandOffice365licensecanbeassignedtotheuser.Aftergrantingthelicense,enduserscanaccessservicesprovidedbyOffice365withalocalUPNandpassword.

AzureADConnectshouldbeinstalledandconfiguredonthedomain-joinedmachinetogetherwithOffice365WebServiceinthedomainthatyouwantuserstosynctoOffice365.

Forlarge-scalecustomers,morethanoneAzureADConnectwithOffice365WebServicemachinecanbeinstalledandconfigured.AfterconfiguringtheServerConnection,specifytheWebserviceserverfromtheServicesettingsforOffice365onthecustomerlevel.WetestedAzureADConnectversion1.1.119.0.

System requirement WhenpreparingaservertohosttheAzureADConnectandOffice365Webservice,ensureThefollowingrequirementaremet:HardwareConfiguration • Twoormoreserver-classprocessors,2.0GHZorhigher

• Minimum4GBRAMrecommended• Minimum50GBfreediskspaceavailable

OperatingSystem WindowsServer2012R2.NETVersion .NETFramework4.0installedWindowsserverroles • ManagementTools->IISManagementconsole

• ManagementTools->IISManagementScriptsandTools

Install and configure Active Directory synchronization 1. AfteraddingyourlocaldomaininOffice365domains,DownloadtheAzureADConnect

toyourdomain-joinedmachine,andinstallit.2. Afterinstallation,launchtheMicrosoftAzureActiveDirectoryConnectwizardand

chooseUserexpresssettingsintheExpressSettingspage.3. EnteryourAzureADadministratorcredentialsandclickNext.4. Inthisstep,enteryourActiveDirectoryDomainServicesenterpriseadministrator

credentialsandclickNext.5. LeavetheExchangehybriddeploymentandStartthesynchronizationprocessassoon

astheconfigurationcompletesuncheckedandclickInstall.Theinstallationprocessmaytakeawhile.

6. Goto{AzureADConnectinstalllocation}\MicrosoftAzureActiveDirectory\Connect\SetupFiles\AADPowerShell,andclickAdministrationConfig-en,clickNextandclickInstalltoinstallAADPowershell.

ForthelatestversionofAzureADConnect,thesynchronizationwillautomaticallybeactivatedonceMicrosoftAzureActiveDirectoryConnectwizardissuccessfullyinstalled.

ForthelatestversionofAzureADConnect,theAADPowershellshouldbeinstalledseparately.

Foraneasymanagement,youcanusethetoolSynchronizationServiceManagerinstalledwithAzureADConnect,whichislocatedunder{AzureADConnectinstalllocation}\MicrosoftAzureADSync\UIShell\miisclient.exe

ImportantNotes:

• Forthemulti-domain(includingsub-domain)environment,anadditionalconfigurationstepisneededtoselecttherightdomainwhereAzureADConnectandOffice365webserviceserverexists.Otherwise,AzureADConnectwillselectallthedomainsandOUstosyncbydefault.Wedon'tsupportmulti-partitionscenario;onlyonedomaincanbeselected,oritwillfailintheprocessofOffice365webserviceconfiguration.

Ifyourenvironmentisamulti-domain(includingsub-domain)deployment,followthestepsbelow.

1. LaunchtheAzureADConnectWizard2. ChooseCustomizesynchronizationoptions,andclickNext3. EnteryourAzureADadministratorcredentialsandclickNext4. EnteryourActiveDirectoryDomainServicesenterpriseadministratorcredentialsand

clickNext5. SelecttherightdomaintobesyncedintheDomainandOUfilteringpageandclickNext

6. UncheckalltheselectionsandclickNext7. ClickInstalltore-configureAzureADConnect

Install and configure Office 365 Web Service Office365WebServiceshouldbeinstalledtogetherwithAzureADConnect.ItwillbeinvokedremotelybyProvisionenginetosyncusersandgroupsforCloudPortalServiceManagercustomerstoOffice365.

Steps to install the web service 1. LaunchtheSetup.exefromtheOffice365webserviceinstallationfolders2. EnableOffice365WebServicecheckbox,clickNextandfollowthestepstofinishthe

installation

3. ClicktheConfigurebuttontoconfiguretheservice4. IftheEncryptionserviceURLisnotaccessible,itwillshowthiswindow.Enteryour

ServiceURLandclickNext

5. Install/importadomaincertificateonOffice365WebServiceserver,toenableProvisionEngineservertotrustthecertificateinstalledontheOffice365webserviceserver,therootCertificateAuthority(CA)forthecertificateontheOffice365WebServiceservermustresidewithintheTrustedRootCertificateAuthoritiesnodeonProvisionEngineServer,ThefollowingillustrationshowstheCAforthecertificateontheOffice365WebServiceserver,called“ca”,whichislocatedintheTrustedRootCertificateAuthoritiespath.

SpecifytheSSLCertificateinstalled.PleasenotethatwhetheryoucheckUseSSLornot,itwillalwaysuseSSL.

6. ClickNexttofinishtheinstallation7. Totestifthewebserviceisworkingornot,enterhttps://yourhost/Office365WS/

Office365WCFService.svcintoyourbrowser.Itshouldshowthecontentbelow:

ImportantNotes:

• DuringtheOffice365WebServiceconfigurationprocess,youshoulddisableADScheduleSync.Instead,enableADScheduleSyncmanuallybyTaskScheduler.a. GotothepathofC:\ProgramFile(x86)\Citrix\Cortex\Provisioning

Engine\UsageDataofprovisioningengineserver.b. Threebatchfilesexists.Theyare“DailyAMUsageData.bat”,

“DailyPMUsageData.bat”,“HourlyUsageData.bat”.YoucanopenTaskScheduler,expandTaskScheduler(Local)->TaskSchedulerLibrary->Citrix->CloudPortalServiceManagertoseethedetailsofeachscheduletask.

c. Add"RequestGenerator.exe"-q"Bulk"-n"Office365-ScheduleSync"-t"BulkRequests"-m"Office365ScheduleSync"-p"BulkRequestType""office365schedulesync"-p"ServiceName""OFFICE365"tooneofthetreefiles.Werecommendaddingthescriptto“DailyPMUsageData.bat”.

Import and configure Office 365 Service To import and configure the Office 365 Service

1. Loginasaserviceprovideradministrator.FromConfiguration->SystemManager->ServiceSchema,clickImportaService,locatethe.packagefileandfollowthestepstoimporttheservice.

2. Afterimportiscomplete,eitherrestarttheCortexQueueMonitorserviceorrestartthemachineontheServicesManagerprovisioningserver.

3. Inthecontrolpanel,enabletheserviceatthetoplevel:a. UnderServiceFilter,selectTopEnvironmentServices

b. FromtheServicesManagermenubarinthecontrolpanel,chooseConfiguration>SystemManager>ServiceDeploymentandthenexpandOffice365ClickSave

4. Enabletheserviceatthelocationlevel:a. UnderServiceFilter,selectActiveDirectoryLocationServicesandchoose

aLocationFilter,ifapplicableb. FromtheServicesManagermenubarinthecontrolpanel,chooseConfiguration>

SystemManager>ServiceDeploymentandthenexpandOffice365ClickSave5. Verifycredentials:

a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>Credentials

b. CreatetheadministrativeimpersonationaccountfortheOffice365servicebyclickingAdd,andthenenteringausername,password,anddomain(preferablyinFullyQualifiedDomainNameform).

6. Enabletheserver:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>

Servers.b. Iftheserveronwhichyouinstalledtheserviceisnotlisted,clickRefreshServerListc. ExpandtheentryfortheserverandverifythatServerEnabledisselected

ImportantNotes:

• FortheOffice365webserviceserver(theserverthatAzureADConnectandOffice365webserviceareinstalled),theserverAliasshouldbespecifiedasserverFQDN

7. Assigntheserverroles:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>

ServerRoles,andthenexpandtheentryfortheserverb. UnderServerConnectionComponents,selectOffice365,andthenclickSave

8. Addaserverconnection:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>

ServerConnections.SelectaLocationFilterifapplicable,clickNewConnection,andthenselectortypethefollowinginformationforthewebservice.ServerRole:Office365Server:WebServiceserverFQDNCredentials:URLBase:/Office365WS/Office365WCFService.svcProtocol:httpsPort:443Timeout:200000

b. OntheServerConnectionspage,clicktheiconintheTestcolumnfortheserver.Theiconturnsgreenforasuccessfulconnection.Arediconindicatesanunsuccessfulconnection.Hoverovertheicontogetmoreinformationaboutthefailedconnection.

Provision Office 365 service to customer and users TheOffice365servicecanbeprovisionedtoresellers,customers,andendusers,aftertheprovisioning,theendusercanlogintheOffice365servicefromMicrosoftbythelocalActiveDirectorycredentials.AnExchangemailboxwillbecreatedforthisenduseraswell,afterproperlicenseisassigned.

To provision Office 365 service to resellers

1. FromtheServicesManagermenubar,clickCustomersandselecttheresellerforwhomyouwanttoprovisionservices

2. SelectServices.TheCustomerServicespageappears

3. Fromtheserviceslist,clickReseller

4. SelecttheOffice365servicecheckboxandthenclicktheOffice365servicename

5. UnderResellerServiceSetup,selecttheuserplanandcustomerplantobeoffered,ifanychanges,clickSave

6. ClickAdvancedSettingsto:

§ Specifythemaximumnumberofusersthatthecustomercanprovisionwiththisservice.

§ Enableordisablebilling.

7. ClickProvision

To provision Office 365 service to customer

1. FromtheServicesManagermenubar,clickCustomersandselectthecustomerforwhomyouwanttoprovisionservices.

2. SelectServices.TheCustomerServicespageappears.

3. ClickOffice365.TheServicePlanConfigurationpageappears.

4. Selecttheappropriatecustomerplan.

5. EnterthecorrectOffice365administratorusernameandpassword6. ClickAdvancedSettingsto:

§ Selectauserplan.

§ Specifythemaximumnumberofusersthatthecustomercanprovisionwiththisservice.

§ Enableordisablebilling.

7. ClickAdvancedSettings->ServiceSettings,enable“ServerwhichhasOffice365webserviceinstalled”,choosetheproperserverfromthedropdownlist,clickApplychanges

8. ClickProvision,ThiswillprovisionOffice365servicetothiscustomerandtriggersynchronizationrequesttoAzureADConnectautomatically,whichwillsyncalllocalusersandgroupsbelongtothiscustomertoOffice365cloud.Youcanalsoforcesyncthelocalusers,groupsandpasswordfromtheServicesManagermenubarinthecontrolpanel.SelectServices->Office365->AzureADConnect,enableSyncADobjectsandpropertiesandForcesyncADPasswordscheckbox.Then,clickSyncbuttontosynclocalusers,groupsandpasswordtoOffice365

ImportantNotes:

• UserofthecustomershouldnothavethesameUPNwithOffice365admin,otherwiseitwillfailintheprocessofsynchronization.IfthesyncedusershavethesameUPNwithAzureADusers,wewilltrytodeleteusersinAzureADfirstandthensynceduserstoAzureAD

• Customer’sPrimaryDomainnameshouldmatchthedomainconfiguredonOffice365portal,otherwisetheActiveDirectoryaccountwillbesyncedtodefaultdomainconfiguredonOffice365portal

• Ifit’sanewcustomerwithoutanyuserprovisionedbefore,it’ssuggestedtohavealluserscreatedbeforegoingtoServices->Office365->AzureADConnecttotriggerthesynchronization

• Ifyoure-installtheAzureADconnecttoolontheserverwithOffice365webserviceinstalledforthecustomer,Office365serviceshouldbere-provisionedforthiscustomer,otherwiseaccountssynchronizationmayfailforthiscustomer

To provision Office 365 service to user

1. FromtheServicesManagermenubar,clickUsersandselecttheuserforwhomyouwanttoprovisionservices.

2. SelectServices.TheUserServicespageappears.

3. ClickOffice365.TheUserServiceSetuppageappears.

4. Choosetheappropriateuserplan.

5. SelectthelicensefromLicenseAssignmentyouwanttoassign.

6. ClickServiceSettingstospecifyservicemessageinformation.Ifyouchangesettings,clickApplychanges.

9. ClickProvision.Iftheuserdoesn’texistonOffice365,therewillbea‘NotSynced’errorlinkbesideAzureADStatus.ClickNotSyncedlinkandredirecttothesyncpagetotriggerasynch.Aftertheprovisionisdone,theuserwillhavelicenseusageauthorizationandsomesettingsoftheuserwillsetinOffice365portal.

To force the synchronization manually and review the status 1. Loginasacustomerserviceadmin.FromtheServiceManagermenubar,clickServices-

>Office365->AzureADConnect,enableSyncADObjectsandpropertiesorForcesyncADpasswords,thenclickSyncbuttontosynccurrentcustomer’sobjects,propertiesorpasswordtoAzureAD.

2. Loginasacustomerserviceadmin.FromtheServiceManagermenubar,clickServices->Office365->AccountSummary.ThecurrentOffice365account’sSKUandcompanyinformationwillberetrieved.

3. LoginasServiceProviderAdministrator.FromtheServiceManagermenubar,clickServices->Office365->ServerAssignmentand,reviewtheusageofOffice365webserviceconnection.

Office 365 properties that can be configured from CloudPortal Service Manager HideFromAddressList

• OnCPSM,fromOffice365->ServiceSettings->ExchangeOnlineCommon,youcanenable/disableHideFromAddressListproperty

• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->ExchangeAdminCenter->recipients->mailbox,thendoubleclickthemailboxongeneralpage

UserMailAlias

• OnCPSM,fromOffice365->ServiceSettings->ExchangeOnlineCommon,youcansetthemailboxaliaspattern

• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->ExchangeAdminCenter->recipients->mailbox,thendoubleclickthemailboxongeneralpage

OutlookonWeb

• OnCPSM,fromOffice365serviceuserplan,youcanenable/disableOutlookOnWeb• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:

Admin->ExchangeAdminCenter->recipients->mailbox,thenselectthemailboxattherightcorner

UserRole

• OnCPSM,fromOffice365serviceuserplan,youcansettheuserroleasUser,GlobaladministratororLimitedAdminRole

• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->Users->ActiveUsers,selecttheuser,thenclickEDITUSERROLES

UserLocation

• OnCPSM,fromOffice365serviceuserplan,youcanchoosetheuserlocationfromthedropdownlist

• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->Users->ActiveUsers,selecttheuser,thenclickEditbuttonunderAssignedlicense

Office 365 Reporting ForOffice365reports,we’llkeepexistingresellerreports,planreportsandcustomerreports.CPSMwillalsoproduceOffice365usagereports.CSP/Reseller/CustomercanviewtheusageofOffice365fromdifferentlevels.Forexample,thereportsincludehowmanylicensesareavailable,theOffice365licenseusageofeachuser,andthesyncserverusageofeachcustomer

TheOffice365reportingusesTaskSchedulertocollectOffice365usagedataonceaday,sothereportsarenotinrealtime.Theactiontakensoncustomersoruserstodaymayshowintomorrow’sreports

ToproperlyshowtheOffice365reports,someprerequisitesareneeded.

Prerequisites • CloudPortalServicesManagerReportingRoleshouldbeinstalledcorrectly• ReportsofOffice365schemeshouldbeenabledwhenimportingtheOffice365package• Addtheactioninfowithinthebatchfilefromtheprovisioningengine,whichwillallow

Office365usagedatatobecollectedandsenttoprovisioningenginebytaskschedulera. GotothepathC:\ProgramFile(x86)\Citrix\Cortex\ProvisioningEngine\UsageData

ofprovisioningengineserverb. Addscriptbelowtofile“DailyPMUsageData.bat”

"RequestGenerator.exe"-q"Bulk"-n"Office365-UsageDataRequest"-t"BulkRequests"-m"GetUsageData"-p"BulkRequestType""office365usagedatarequest"-p"ServiceName""OFFICE365"

c. OpenTaskScheduler,expandTaskScheduler(Local)->TaskSchedulerLibrary->Citrix->CloudPortalServiceManagertoseethedetailsofthescheduletask

• IfyouhaveOffice365webserviceinstalled,youshouldfirstuninstallit,thenreinstallOffice365webservicewiththereportingfeaturea. Gotosyncserver,openControlPanelb. ClickUninstallaprogrambelowProgramsc. Right-clickCitrixCloudPortalServicesManagerOffice365WebService,click

Uninstalld. FollowstepsforInstallandconfigureOffice365WebServicetoinstallthenewest

versionofOffice365webservice

Office 365 Reseller Thisportalprovidesalinktoaccessthereseller’sreportingpage.Theresellerreportingpageincludes365servicestatisticsforthereseller.AnadditionaltableisaddedtoshowlicenseusageforallthesyncedandOffice365provisionedusersofthereseller.Tenitemsareincludedwithinthenewaddedtable.

Customer

ThenameofthecustomerwhohasOffice365serviceprovisionedandiscreatedbythereseller.

Location

Thenameofthelocationinwhichtheuserbelongsto

SyncServer

ThesyncserverthatthecustomerisusingforOffice365

UserName

ThenameoftheuserwhohasOffice365serviceprovisionedandiscreatedbythecustomer.

LoginName

TheloginnameoftheuserwhohasOffice365serviceprovisioned

NumberOfLicense

ThenumberofOffice365licensestheuserhasprovisioned

UserLicense

Thenameofthelicensestheuserhasprovisioned

LastSyncTime

Thelastsynchronizationtimeoftheuser

RefreshTime

ThetimewhenthereportiscollectedfromOffice365webservicefortheuser.ItissetintheTaskScheduler,theroutinetimetocollectOffice365usagedatais11:00:00PM

Reseller

Thenameoftheresellerofthecustomer

Office 365 Customer Thisportalprovidesalinktoaccesscustomer’sreportingpage.ThecustomerreportingpageincludesdetailsoftheOffice365servicestatisticsofthecustomer.Besidesthegeneralreports,thispageprovidesreportstoshowhowmanylicensesareavailableforcustomertouse,licenseusageofallthesyncedandOffice365provisionedusersofthecustomer.

InCustomerDetailstable,threeadditionalitemsareaddedtothetable,theyareLocation,SyncServerandRefreshTime.

Location

Thenameofthelocationthatthecustomerbelongsto

SyncServer

TheADConnectSyncserverthecustomerisusingforOffice365

RefreshTime

ThetimewhenOffice365usagedataiscollectedfromwebserviceserver

Atabletoshowtheavailablelicensequantityforthecustomer,inthistable,sixitemsareincluded,theyareLicense,ActiveUnits,ConsumedUnits,LockedOutUnits,SuspendedUnits,TargetClass.

License

ThenameisfromMicrosoft,normallyitequatestothelicense.ItmeanstheuniquestringIDoftheaccount/SKUcombination

ActiveUnits

Thenumberofactivelicenses

ConsumedUnits

Thenumberoflicensesthathavebeenused

LockedOutUnits

Thenumberoflicensesthathavebeenlockedout

SuspendedUnits

Thenumberofsuspendedlicensesthatarenotavailableforassignment

TargetClass

ThetargetclassofthisSKU.OnlySKUswithtargetclassequaluserareassignable

AtabletoshowlicenseusageofallthesyncedandOffice365provisionedusersofthecustomerisadded,thetableincludessixitems,theyareUserName,LoginName,UserPlan,NumberOfLicense,License,LastSyncTime.

UserName

ThenameoftheuserwhohasprovisionedtheOffice365serviceandiscreatedbythecustomer

LoginName

TheOffice365loginnameoftheuser

UserPlan

Theuserplanthattheuserhasbeenprovisioned

NumberOfLicense

Thenumberofthelicensesthathavebeenassignedtotheuser

License

Licenses,whichhavebeenassignedtotheuser

LastSyncTime

Thetimeoflastsynchronizationfortheuser

Office 365 Plan Thisportalprovidesalinktoaccessplanbasedreportingpage.InOffice365reportingfeature,thereisnochangeforthispart,allcodesaregeneratedbyplatform,i.e.thecontentsoftheplanbasedreportingpageisexactlythesameasotherfeatures,itonlylistshowmanycustomers/usersareusingthecustomerplan/userplan.

ImportantNotes:

• Foruserusagedatainresellerreportsandcustomerreports,onlysyncedusersprovisionedwithOffice365arelisted.TheusersfromAzureADwithstatus“Incloud”willnotbelistedinthereports.

• Whenacustomeroruserprovisioningfails,theinformationontheuserorcustomerwillstillshowinthereport.

How to collect trace for debug Besidestheexistingtracefunctionality,log4netisintegratedintoCPSMwebserver,provisioningengineandOffice365webservicetoprovideadditionaltracetohelpdebug.

Tracelevelandsavedtracelocationcanbeconfiguredbymodifyingthetraceconfigurationfile.

Thereare7levelsoftrace:

1. OFF–shutdownthetracefunctionality2. FATAL–traceun-recoverableerror3. ERROR–traceerrorsthatwillnotbreaktheservice4. WARN–tracewarnings5. INFO–traceinformationsuchaswhattheapplicationisdoing6. DEBUG–tracethefunctionstackswhichisusedfordebugpurpose7. ALL–openalltraceoption(FATAL,ERROR,WARN,INFO,DEBUG)

Thefollowingisanexampleofhowtomodifythetracelevel.Withinthetraceconfigurationfile,you’llfindinformationsuchas:

<root><levelvalue="ALL"/><appender-refref="RollingLogFileAppender"/><!--<appender-refref="ConsoleAppender"/>--><!--<appender-refref="A"/>--></root>

Currentdefaultlevelis“ALL”,usercancustomizethetracelevel.Note,pleasedon’tchangetheappenderinfounlessyouareveryfamiliarwithlog4netconfiguration

Tochangethetracelocation,modifytheinformationbelow:

<appendername="RollingLogFileAppender"type="log4net.Appender.RollingFileAppender">

<filevalue="c:\Office365Web_log\log_"/>

<appendToFilevalue="true"/>

<maxSizeRollBackupsvalue="5"/>

<maximumFileSizevalue="5000KB"/>

<DatePatternvalue="yyyy-MM-dd'.txt'"/>

<rollingStylevalue="Composite"/>

<staticLogFileNamevalue="false"/>

<layouttype="log4net.Layout.PatternLayout">

<headervalue="[Header]"/>

<footervalue="[Footer]"/>

<conversionPatternvalue="%date[%thread]%-5level[%L]--%message%newline"/>

</layout>

</appender>

Note,pleasedonotmodifyotherparts,unlessyouareveryfamiliarwithlog4netconfiguration

Trace for CPSM web server ForCPSMwebserver,thelogconfigurationfileis:

C:\inetpub\CortexManagement\CortexDotNet\Services\Office365\WebLog.config

ThedefaulttracelogisstoredwithinpathofthemachinewhichhasCPSMwebserverdeployed:

C:\ProgramFiles(x86)\Citrix\Cortex\CortexWeb\CortexDotNet\Services\log\

Andthedefaulttracelevelis“ALL”

Trace for Provisioning Engine Forprovisioningengine,thelogconfigurationfilecanbefoundfromthepathofthemachinethathastheprovisioningenginedeployed:

C:\ProgramFiles(x86)\Citrix\Cortex\ProvisioningEngine\Citrix.Csm.Provisioning.Actions.Office365.dll.config

Thedefaulttracelogisstoredwithin:

C:\ProgramFiles(x86)\Citrix\Cortex\ProvisioningEngine\log\

Andthedefaulttracelevelis“ALL”

Trace for Office 365 Web Service ForOffice365WebService,thelogconfigurationfilecanbefoundfromthepathofthemachinethathasOffice365deployed:

C:\inetpub\CortexServices\Office365WS\bin\WebServiceLog.config

Thedefaulttracelogisstoredwithin:

C:\ProgramFiles(x86)\Citrix\Cortex\Services\log\

Thedefaulttracelevelis“ALL”

TraceforOffice365WindowsService

ForOffice365WindowsService,thelogconfigurationfilecanbefoundfromthepathofthemachinethathasOffice365deployed:

C:\ProgramFiles(x86)\Citrix\Cortex\Services\Office365WS\ADConnectorSvc\WindowsServiceLog.config

Thedefaulttracelogisstoredwithin:

C:\ProgramFiles(x86)\Citrix\Cortex\Services\log\

Andthedefaulttracelevelis“ALL”

Know Issues/limitation 1. Ifyou’reusingIE11.x,andsetthe“IEEnhancedSecurityConfiguration”toOff,make

sureIE->Tools->CompatibilityViewSettings,DisplayintranetsitesinCompatibilityViewandUseMicrosoftcompatibilitylistsareunchecked,oryoumayencounterdisplayerror.

2. IfyouwanttoprovisionmultipleCPSMcustomerstoasingleOffice365serviceaccountafterconfiguringmultipledomains,it’ssuggestedtohaveonlyonedomainconfiguredforoneOffice365serviceaccountandprovisiononeCSPMcustomertoitbecauseoflimitationsofAzureADConnecttool.Previouslysyncedaccountswillbedeletedafterswitchingtosyncanothercustomer’saccountbyOffice365WebService.

3. Disabled/Expiredlicenseinformationwillshowonuserserviceprovisionpage.Anyprovisionrequestwhichisassignedtotheselicenseswillcauseprovisionfailure.

4. LocaldomainmustbeconfiguredonOffice365beforetheprovisionoritwillcauseprovisionfailure.

5. OntheAzureADConnectpage,it’sone-waycheckforaccountmatchingbetweenlocalandcloud.

6. Frequentdeleteuser,createuserandsynctoOffice365maycausetheAzureADConnecttothrowa“Attributevaluemustbeunique”error.

7. TheuserstobesyncedshouldnothavethesameUPNwithusersalreadyinAzureAD,especiallyuserswithGlobaladministratorroleinAzureAD.ItwillcauseanerrorinthesyncingprocessofCPSM.

8. IfAzureADschedulesyncisdisabledbyOffice365webservice,youneedtotriggertheADschedulesyncbyTaskSchedulerinprovisioningengine,manually.

9. CPSMcanonlyworkwithAzureADConnectversionabove1.1.105.0,anyversionpriorto1.1.105.0willnotbesupported.

10. WhenprovisioningOffice365toauser,theremaybeanerrorlike“setOWAtimeout”.ThisisbecauseExchangeOnlineneedstosetOWAtoprepareprimaryaddressforauser.Thismaytakealongtime.Theprovisionactionwilltakefiveminutestowaitforthepreparation.Ifthedurationexceedsfiveminutes,anerrormayoccur.ContacttheserviceadministratororMicrosoftforsupport.

FAQ Q:WhatcanIdoifIwanttoenableSkypeforBusinessformycustomers?

A:Firstly,youshouldenable“SkypeforBusinessforinstantmessagingandonlinemeetings”atthedomainsetupontheOffice365portal,addcorrespondingDNSrecordstoyourDNSserver

Aftertheuserisprovisioned,then,logintotheOffice365portalastheglobaladministrator,USERS->ActiveUsers,selecttheuser,atthelicenseassignmentpage,expandthebusinessplan.MakesureSkypeforBusinessOnlineisselectedandclickSAVE.

Q:HowistheOffice365accountstoredinCloudPortalServiceManager?Isitpossibletoleakthisinformation?

A:Thesecredentialareencryptedandstoredinthedatabaseandtransferredbyhttps.Itisnotreadablebyanythird-partytool.