MTO and access to on premises file system
Let me preface this by saying I'm still fairly new to 365 Admin (it's been a steep learning curve) and haven't even got my feet wet with on premises stuff as yet. Also, I think some of the admin decisions made previously by others may have been based on just repeating what was found to work the first time rather than necessarily a deep understanding of the best solution. The situation when I arrived on the scene was this (actually it was a bit more complex and messy than this, but this simplified description covers the salient points at this stage) One tenant, with two domains, call them old-domain and new-domain. Two types of user, who I will refer to operations and corporate. An on premises Active Directory system running a file server. Well to be more precise on three premises with mirroring of data and a DFS, but from the user perspective when you're one of the office locations and connect to the network the same folders are available to you. Everyone was using Azure Joined Company Laptops to do this, so their laptop logins were also their network logins. Outside of the offices people connected to the DFS using a VPN (with three gateways in different countries). Operations Users had one account, @old-domain, this was licensed for 365 and had a mailbox associated with it. It was also synched to their on premises AD account Corporate Users had two accounts, one @old-domain with no license, synched to an on premises AD account. The second was new-domain with a 365 license and mailbox. If you're scratching your head wondering why two accounts rather than assigning the new-domain email address to the same account, I can't give you a definitive answer as I've never been given one, but for whatever reason when new domains were brought into play on corporate name changes the admins gave them new mailboxes rather than simply aliasing email addresses to the same mailbox (some people had three accounts as a result). What I did note was that when a new Corporate user was added the admins gave them both of the above accounts, I was told that the unlicensed old-domain one was required for the access to the DFS. Now for reasons not worth getting into here, a decision was made to move the Corporate users to a new tenant, along with new-domain and then to link the two tenants in a multi-tenant organization. It was also decided to leverage BYOD for Corporate users, so their devices will only be Azure registered. This has been done, there was some pain thanks to the reluctance of Microsoft applications to switch to the new account locations rather than redirecting back to the old tenant, but that's been sorted. So right now Corporate users still have two accounts, but on two tenants. On the Old Tenant they have their @old-domain account, no license, no mailbox, synched to the on premises AD (as before) On the New Tenant they have their new-domain account. This is where they actually do their work, and is the only account anyone should be communicating with internally or externally. Access to the DFS is being done using the VPN with the on premises credentials associated with the old-domain account. In terms of functionality, this works perfectly well, people across the two tenants appear in each other's address lists, they can chat and share information etc. Everybody also has access to the folders they should have access to on the DFS. However there are two issues. The first, and most detrimental in terms of just getting work done is that users in one of the overseas offices have found their access to the DFS has slowed considerably, despite being in physically the same location as the data. I believe the problem is that although the data is on-premises, the VPN gateway is not, therefore data does a round trip from the server, through that gateway IP address at the ISP and back to the user. Since they are in a remote location with poor internet this slows things considerably. So the first question is, how do we take that loop out of the equation so that when they are in the office they connect more directly to the servers on site? Ideally without having to revert to needing an Azure AD joined device. The second issue is that those remaining old-domain accounts (the ones for the Corporate users who are now working on the new tenant) on the old tenant are messy, in two ways 1) From an admin perspective, because every one of those corporate users still has two accounts, their local one that is synched to On Premises AD, and the the external account shared from the new tenant as part of the MTO 2) From a user's perspective. For reasons that I cannot fathom (but this is coming direct from Microsoft after many attempts on my part to find a way) it seems that while you can control which licensed accounts appear on Teams search by controlling whether they are in the GAL and setting the appropriate switch in Teams Admin, all the unlicensed users appear whether you like it or not. The net result is that when someone on the old tenant starts typing in a name of someone in Corporate, they get two suggestions coming up. So the second question is, are those accounts actually necessary?
Question About OneDrive "Physical" Storage Location for Microsoft 365 Business Basic Plan
Dear Microsoft 365 Experts, I have a question. I recently signed up for a Microsoft 365 account with the "Microsoft 365 Business Basic" plan, where the domain name ends with "@onmicrosoft.ca" and I selected Canada as my home country. After creating this account, I was pleased to see that Microsoft Teams and Exchange Online are hosted in Canada. However, for OneDrive, the storage location is not specified. Why is the storage location not in Canada? I need to store my data in Canada for work-related compliance reasons. How can I change the OneDrive storage location to Canada? Thank you! MikeMismatch between exchange recipients list and mailboxes set up in 365 Admin?
I'm a little new to 365 administration, so please excuse me if I am being a little thick here. I am looking at a 365 Tenant, there are around 100 licensed users (and therefore around 100 mailboxes allocated), but if I go to exchange admin and look at recipients, there are only 40, including shared mailboxes. My first thought was that perhaps only mailboxes that had actually been used were listed, but I checked one of the "missing" mailboxes in the 365 admin centre and apparently they have 8 Gigabytes of emails in that mailbox. Indeed the same user has three accounts, each with their own license and mailbox (don't ask why, I didn't set this up), I see two of them in the recipients list in Exchange admin. What am I missing?Where does Teams get its user list from? I can't make sense of which accounts I see vs which I can't
OK, so I have a currently rather unusual situation. I am looking at a 365 Tenant. A number of users have four accounts on the same tenant (let's not even get into why, cleaning things up is part of the reason I got called in). When you start typing their name into teams it comes up with three of them as a suggestion (I only want one) Account 1: has just been used for ActiveDirectory for permissions to the company's Distributed File System (stored in on on premises servers in various locations). This account has to the best of my knowledge never had a license or mailbox associated with it, and so has never been on the global address list, it's also never had the teams app enabled for it. I don't want this one to show, but it does Account 2: A now defunct account which used to have a Business Standard license assigned to it, but has now had the licensed removed. Before the license was removed this account was hidden from the GAL and its teams app disabled. I don't want this one to show, but it does Account 3: An now defunct account which still has a Business Standard license, but with Teams deselected in the Apps. I don't want this one to show... and it doesn't Account 4: An account shared via a multi tenant organization (the users in question have been migrated to a new tenant). So these are members (not guests) but external ones. I want this to show, and it does. Now, accounts 2 and 3 will be deleted soon, whether we can get rid of account 1 depends on whether the necessary access to the DFS can be done using account 4 (which I need to look into next). However for the time being they are all there so I was trying to hide accounts I don't want users trying to message on teams from teams, and I cannot make any sense of which I see which I don't. To sum up. Account that has never been on the Global Address List and never been activated for Teams - Shows Account that used to have a license and was on the GAL, and used in teams - Shows Account that still has a license, but has been removed from GAL and had teams app disabled - Doesn't show Account that has no license and is not on the GAL, but has teams on it's host tenant - Shows After a previous inquiry I set "Scope directory search using an Exchange address book policy" in the teams setup, but I have not set up any specific address book policy as yet. I have tried showing and hiding people from the global address list, and also the "ShowInAddressList" setting in Entra (which seems to only be available through graph?). Nothing seems to make a difference (it doesn't help that Teams takes forever to update its local cache for this stuff, so maybe a change DID make a difference at some point and I missed it). I cannot find any logic as to which of these accounts is showing in the auto suggests and which not, most notably that account 1 shows but account 3 doesn't. So, where is Teams getting its list of contacts from?
Login problems, continuously getting the same message
Every time i login on an app i get the same message: "More information required" "Your organization needs more information to keep you account secure". Then i have the options to Use a different account or Learn more. I can just press Next and the message goes away. After that i get another message: "Keep your account secure" "Your organization requires you to set up the following methods of proving who you are." Below that, there is a message: "Success!" "Great job! You have successfully set up your security info. Choose "Done" to continu signing in". "Default sign-in method:" When i press done, the message goes away. But i keep getting the 2 messages every time i change an app or even a menu option. So to be clear, this happens every time i switch apps. I.e. from Exchange to Azure, to Outlook. When i press "Next" and "Done" i get access to the app. But this is really annoying. What am i doing wrong? I'm the admin of a small company, and i cannot figure out what setting i changed or need to change. The property "Enable Security Defaults" is already set to no.Multi Tenant Organization - one shared user not showing up in Global Address List
I set up a multitenant organization with two tenants. Overall it seems right, users can find each other and chat fairly seamlessly on teams, and shared users appear on the opposite global address list. However, one user is an exception. They appear on their home tenant's Global Address list, but not on the other tenant's (all other shared users appear to). They are members on the other tenant (as are the rest of the shared users), and are not set as hidden on a global address list anywhere I can see. I can't see anything different about them in any way. They were neither the first nor the last to be shared, and I have tried unsharing then sharing them again. They can however be found on teams by typing their name. Probably not related, but I will point out that the one other thing I have not managed to get working is a "chat" link on people's outlook directory listings. None of the shared users have one, despite being chatable with on teams. Any idea where I might look for the culprit?I've set up a Multi Tenant Organization, but I'm not sure if the user contact information is correct
I have two 365 tenants (divisions of the same company) that want to be able to communicate as seamlessly as possible without merging the tenants. Now from what I could read and see on videos, a Multi Tenant Organization was the way to achieve this. I've found a number of YouTube videos explaining how to set one up (easy enough it seemed) but none that really showed the effects of this (I think they are pitched at people who probably have experience of B2B collaboration in 365) so I'm not sure exactly what I should expect. Anyway, I set up the MTO, shared a few users, and also found the "External Access With Trial Tenants" setting (one of the tenants is new, and so still in the trial period). I see the users show in the user lists, with the expected EXT address and a "No" for the "Guest" column, and they appear in each other's "Default Global Address List" in Outlook.. so far, so good I seem to be able to instigate chats within Teams, which is good. But if I look at their profiles in outlook or teams, then they always seem to show as offline unless I've got an active chat going on with one, and there is "chat" link for them. I don't know because so far I haven't found anything that shows, from the user perspective, the result of a correctly set up MTO. So should I expect the status of a synced user to show their actual connection status to their tenant"? So far they haven't unless I've instigated a chat, and in that case the recognition of the other party being connected only seem to go one way, so only one of the two parties in a cross tenant chat shows as connected in their respective tenants. And should there be a "Chat" link? (there isn't) Note: the above is the profile of a local user who was actually offline not one synchronized in from another tenant. I just used that as it could illustrate the two parts I have questions about.
Microsoft 365 Windows 11 external user or guest user sign in
Consider the following situation: CompanyA has a Microsoft 365 tenant with licensed users. CompanyA has a business relationship with CompanyB which also has a Microsoft 365 tenant. All of CompanyB's Windows 11 Pro computers are Entra ID joined and Intune enrolled. All of CompanyB's users have Microsoft 365 Business Premium licenses. An employee of CompanyA is stationed at CompanyB's office and needs to use one of CompanyB's computers as his primary computer. How would a technician have to configure things so that CompanyA user can sign into CompanyB's Windows 11 Pro computer and work like normal? I've done some reading online but most of the articles focus on access to cloud resources, whether that be Microsoft Teams or Entra Enterprise Apps or similar resources. I haven't found an article touching on Windows 11 sign in. MatthewA little confused by multi-tenant organization and teams
I've recently set up a Multi Tenant Organization with two Tenants, and set a few users to sync between the two. They all show up correctly in the opposite tenant users list in the admin centre, though sometimes it takes a while. Some seem to be added to the global address directory, but not others (I think possibly the first I added was, later additions are not). But most crucially, they do not seem to come up as people to do teams chats with, which is the most required feature. I'm guessing there is something I haven't set correctly, or some manual sync I am not running, but the example videos all seem to stop at showing that the user has appeared in the other tenant as a member, there's nothing showing how to then make use of this fact (such as including them in a teams chat). Can anybody point me in the right direction?Clipchamp’s brand kit: simplifying consistent video creation for organizations
Empowering our users to tell stories worth sharing lies at the heart of what we do at Clipchamp, and in a world increasingly focused on enterprise narratives, it’s become clear that these stories are often needed to help communicate the ethos of a brand. That’s why we’re excited to share more about our refreshed brand kit feature, designed to improve organizational branding capabilities within our video editor. With this update you now can organize a comprehensive collection of video elements—like logos, colors, and fonts—into a brand kit, for your teams and organizations to apply to any video. Whether it's an internal team meeting recording or a ‘how-to' video showcasing new product features, users and organizations can easily ensure that their brand identity is represented correctly, every time. Our brand kit empowers admins and brand managers to collate approved assets and share brand kits across global teams, ensuring that visual standards are consistent across the board, and across the world. GIF of Microsoft Clipchamp Brand kit and the branded elements it supports This ability to ensure that assets are uniform means that consistent content is now achievable at scale, helping to bolster the clarity of messaging for large enterprises, while leveraging a familiar and easy-to-use interface that doesn’t require extensive video editing experience. The flexibility and ease of uploading branding elements to your brand kit means that you can ensure not only the clarity of the message, but also its aesthetic and creative presentation with images, music, graphics and more. By the end of March 2025, brand managers and admins will be able to leverage template generation as well, allowing their teams to create foundational branded projects that can be easily replicated, modified, and reused. Brand consistency across your organization Organizations in today’s digital-first world understand the critical importance of consistent messaging and visuals in maintaining a cohesive brand narrative, for both internal and external communications. With Clipchamp's brand kit feature, ensuring uniformity of content is now easier than ever. "Knowing that all our content is aligned with our brand guidelines - whether it's the logo, fonts, colors, or even the music - gives us total confidence in the product. It saves time and helps every team member, no matter their design skills, to produce professional, on-brand videos." Paul Burke, Head of Global Brand at Amadeus. Once set up, your brand kit integrates directly into Clipchamp, appearing by default for all users in your organization. This eliminates the need for manual uploads or version control headaches. To get started, here are the steps below. If you want a deeper dive into creating and sharing brand kits across your organization, check out more details here 1. Select an existing SharePoint site or create a new site to host the brand kits This can be any type of site, such as a communication site, a team site that's connected to a Microsoft 365 Group, or a modern team site that isn't connected to a Microsoft 365 Group. Then, add the people you want to be able to upload files as members or owners of the site or Microsoft 365 Group. 2. Use PowerShell to designate the document library as org asset type BrandKitLibrary Ensure you have SharePoint PowerShell client versions >= 24830.12754 or download the most recent. Run the cmdlets in a PowerShell terminal. Connect-SPOService -Url https://yourorg-admin.sharepoint.com/ -Credential admin@yourorg.onmicrosoft.com (The parameter -Url points to the admin site.) Configure the new Document Library as Org Asset Type: BrandKitLibrary Add-SPOOrgAssetsLibrary -OrgAssetType BrandKitLibrary -LibraryUrl https://yourorg.sharepoint.com/sites/BrandGuide/brandkit In the above example "BrandGuide" is the SharePoint site and "brandkit" is the document library name. 3. Create a brand kit and add media within Clipchamp Select the 'Brand kit' section in the left side panel and select 'Create brand kit'. Choose the folder you designated as a BrandKitLibrary in the previous step. You may wish to share the brand kit to collaborate with colleagues on populating assets. To share the brand kit while preparing it, select "Share brand kit". Provide recipients with the link and ensure they have edit access. Sharing consistent assets across different locations ensures that every video being shared looks on-brand and reinforces brand recognition, no matter where it’s seen. Plus, we’ve made sharing brand kits simple by using familiar OneDrive patterns. That way, users don’t have to interact with unfamiliar technologies—just seamless access to everything you need, so you can stay focused on creating professional, polished content. Add a wide range of your media assets A screenshot of a video editing project in Clipchamp, with the brand kit panel open The brand kit feature in Clipchamp allows for a broad range of assets to be uploaded, ensuring that users can express their brand narrative through a variety of media. Clipchamp supports an array of branding elements, including logos, colors, fonts, images videos, graphics, music, and sound effects. A screenshot of a video editing project in Clipchamp, with the brand kit panel open. The cursor hovers over the 'Add colors' section, while logos, fonts, and images are also displayed There is a strong case for adding branded elements to enterprise content: it helps to easily generate a strong brand identity, while building trust with your audience, and maintaining a professional lens on content production. Clipchamp also allows users to upload multiple branding options, so you can add your primary and secondary color palettes, or light and dark design schemes. Feedback We are so excited to bring users some new additions to brand kit and would love to hear feedback around the organizational sharing experiences. Please head to this link to share with us your insights or feedback, so we can continue to create the best possible experiences for our users.
