Apr 112011

Well, it’s been ten months since my last post on this topic.  I believe if my site was The Consumerist, their response would fall into the ‘Taking it Seriously’ category.  For those of you interested in this topic, the  transcripts are below. (edited for the removal of sensitive or redundant information. Emphasis (bold) is mine.) If you’re not interested in the topic, skip this post if you know what’s good for you because I’m posting customer service correspondence. There will be a captioned cat at the bottom, so this post has THAT going for it.

Short version: If you’re logged into more than one computer with their Single Sign On (SSO) tool and you change your password at one of those computers the other SSO tool stays signed in, stops working, and offers no notification that this has happened. Outlook just shows you this lovely popup that explains everything very eloquently.

As I have been with this service for a while, we’ve had a chance to experience the password change cycle, and would like to ask for a change in function for the process.

I allowed my password to expire to experience how often the user would be notified, and how they would be notified. I tested on XP and Win7 desktops, which performed pretty much the same in this task. I received a systray notification about once per day telling me my password was expiring.

When my password expired, I did NOT get a ‘Hey, you’re expired now’ popup. Email just stops working when it expires. Outlook displays ‘Need Password’ in the bottom right, and you will get the credential popup from Outlook. The former is easy to miss, and the latter is VERY confusing in appearance to a user since the server name is nearly unidentifiable to them. Many people think they are now supposed to log into that popup box in Outlook, and never look at the Sign-In tool again!

Worst of all, the Sign In tool box still shows you as being signed in (solid blue, no red x)! We have trained our users that a solid blue Sign in tool means they are properly signed in. This behavior also occurs if a user changes their password at home, then arrives to work and wonders why their email isn’t working despite the sign-in tool saying they are signed in.

I would like to request that the sign in tool does a better job of checking its current credentials, and that its icon change in a way that notifies the user that they are no longer properly signed in. Also, either a systray popup notifying them that their password has expired/changed, OR disabling the Sign-In tool’s Auto-minimize feature when the password is expired (since many users seem to just click systray balloons away)
Thank you for your consideration.

We take the issue very seriously and understand the inconvenience. However, at this time the design of the system is to warn users only when their password is about to expire. Single Sign On will stay signed in even after the password expires, until the user signs off. Once the user signs off, it will prompt them to change their password. I do understand the inconvenience with programs like Outlook that constantly check for credentials every time it query’s the server.

I see that this issue has been submitted to the Development Team and is being considered for a future release of the BPOS Service. It may have an improvement when Office 365 is released later this year.

I recognize what you said in your previous communication: “However, at this time the design of the system is to warn users only when their password is about to expire.” I hope it IS being strongly considered for a change in behavior. A SSO tool that doesn’t track the user’s current authentication status across multiple machines is lacking in my opinion. Part of the utility in your service is the ease with which we can set users up with their work email at a desktop at work, a laptop, and their home computer. This advantage becomes a headache as soon as a user changes their password at one of these locations, and the other locations fail to automatically notice they are no longer authenticated.

Take the Google Talk application as an example. I have it installed on three machines. If I change my password for Gmail at any location, when I log into another location I’m nearly immediately shown a prompt to enter my current password. This is the kind of behavior I’d expect from a SSO tool.

Thank you for your response. We greatly appreciate feedback with issues like this from our customers, as it helps us tailor the product into a more user friendly, streamlined product. I apologize that we do not have an immediate fix for you, but it is being strongly considered for future updates and versions, including Office 365.

Well, if you made it this far, you’re either very interested or you fell asleep and your nose is on the Down arrow key. I promised a captioned cat picture, and I’m following through dammit!

This information about the Sign in tool is true as of v 1.0.1427.040.

May 262010

This is a point of some mild irritation for me. First, I’ll explain what is installed on your computer, and their password requirements.

When you use the MSOL service, you install their Sign In tool. This tool’s purpose is to manage the various applications you have available to you as part of their BPOS suite, and to log you in automatically. It’s very similar to something like the Google Talk client when you remove the “Talk” part of the client’s function. It logs you in, and provides updates to your online service.

Next, is their password requirements:

– At least 7 characters.  [No arguments here.]

– A combination of Upper and Lower case letters. [yay!]

– At least one number or symbol. [Perfect. More secure than my bank which actually disallows symbols]

– Cannot change your password more than once in 24 hours. [Eh?  I know this is to defeat people who change their passwords multiple times to get back around to their original password. But read the next bullet…]

– Cannot re-use your previous 25 passwords. [TWENTY FIVE??? With the previous bullet item in effect, this rule effectively just tracks your ability to track your progress through 25 combinations of Password01 through Password25. This adds nothing but trouble for IT who has to explain why their email password is impossible to remember. My prediction: Everyone in the company has a Post-It note stuck to their monitor with a number between 1 and 25 written on it… If we’re lucky.  In reality, it’ll probably be the whole password.

I thought I’d take some time and add a few more helpful rules.

– You may not use any letter or number that you used in your previous eleven password changes.
– Submit your identity for a background check and home inspection so we can be sure you’re not using a family member/pet name or birthday.
– Hold the laser in your mouse up to your eye for a retina scan

Ok, I’m feeling a little better. Moving on to a new complaint. We all know how users can be about changing their passwords.  They wait until the very last day, often only changing it when Windows refuses to let them log into their computers without doing so.  (I certainly do this with my domain login.) With the Sign In tool, you receive daily notification at about two weeks out that your password is expiring. No problem there. My problem lies in what happens when your passwords DO expire.

  1. Your email just stops sending/receiving.
  2. The icon in your system tray that reports that you are signed in still says you are signed in, and never provides a popup letting you know your password has expired.
  3. Outlook throws the following helpful box up at you:

Ah, good old RED001.local.  Users know what to do with that, don’t they?  Don’t get me wrong here, users had to ignore 10-20 notifications that this day was coming in order to get here, but that is what users do. Software needs to be tolerant of this. I have a request in with Microsoft to improve how their tool works and I’ll update this when I get their response.


How to switch MSOL Exchange Hosted from External Relay to Authoritative mode.

 How-To, MSOL Exchange Hosted, W2K Migration  Comments Off on How to switch MSOL Exchange Hosted from External Relay to Authoritative mode.
Mar 262010

Authoritative OK. Of the approximately 6 people who have seen this site, everyone bailed about halfway through that headline except the guy I worked with who wrote this how-to. No problem, I’ll just press on. :)

So, what did that headline mean? In one of my previous articles on Exchange Hosted, I mentioned ‘email coexistence’. What this means, is that we weren’t ready to shut our Exchange server down. There were accounts on that server that either has not been migrated, or were not ready to be disabled. So what Exchange hosted allows you to do is set up your Exchange server as an External Relay.

Continue reading »

Mar 202010

Wow, that headline is a mouthful. What do I think of it, and what can you expect if you decide to use it? Is the name of the service catchy enough? What are the things you need to know before you make the transition?  I’ll try to write it all up in this article, so brace yourself for a long one. (I will continue to add items to this page as they come up)

If you want to brush up on my previous MSOL write ups, first I talked about why we chose MSOL Hosted Exchange. Next, I moved on to the migration process, and then followed it up with a post about how the service worked with Outlook 2003/2007 from a user standpoint. Finally, what it is like to administer it. Continue reading »


Using MSOL’s Exchange Hosted with Outlook 2003/2007

 MSOL Exchange Hosted  Comments Off on Using MSOL’s Exchange Hosted with Outlook 2003/2007
Mar 142010

MSOL Hosted ExchangeThis article is covering my thoughts on the usability of Outlook using MSOL’s Exchange Hosted, I will cover the administration in a later post. If I was going to throw a rating out there it’d be a solid 8/10, with a perfect 10 being a local connection to a healthy Exchange server. Keep in mind as I review this service, I’m looking at it from the point of view of a user in a small business who is migrating from an Exchange server.


  • Your data can’t get any safer. It’s locked away in a Microsoft data center, not on some tapes that you’re supposed to bring home, but in reality you just leave them on the table by the server. OK, you take them home and stick them on the table by the door so you won’t forget them.  Either way, Microsoft is being safer with your data than you likely are. Or at least I hope so.
  • Universal accessibility. Your Exchange server is now outside your company’s little walled domain. No VPN required, users get the same email experience at home as they have at work, and it all stays in sync.  This means calendars, free/busy time, email, public folders that are hosted by MSOL, OWA and ActiveSync connectivity for mobile devices, everyone gets easy full access to it. This is huge, and outweighs many cons for us.
  • Easy to set up. You install the Microsoft Online Sign In tool, give it your login and password, then press two simple buttons to set up the machine. A user who is not technically adept can be sent a link to the download with simple instructions, and they will not have a problem getting it up and running. Well, on second thought, no guarantee on the prior statement.

Continue reading »


MSOL Exchange Hosted Migration

 MSOL Exchange Hosted, W2K Migration  Comments Off on MSOL Exchange Hosted Migration
Mar 102010

MSOL Hosted ExchangeSo, What is the process like, you ask?  It’s a lot to describe, feel free to ask for more details, I’m skipping over a lot to keep this post from becoming a novel. I also have a little amnesia from the night. Not everything went as smoothly as we’d hoped, and it was a little too crazy to take notes.

The first thing I want to make clear is that if Microsoft offers $500 to hire the firm that helps you migrate your data, take note: This is a coupon. (This was not made clear to us by Microsoft, which was no fault of our consultants’) The actual cost of the consultants that you hire to migrate your data varies greatly based on the level of involvement you require of them.  In our case, we have a pretty technically adept IT dept, and they still quoted us $2000, even after the $500 discount.  Not an unreasonable fee when you look at the services they were offering and the amount of time they were going to spend. But our proposal to our boss was written based on the quote that Microsoft gave us, that had us believing $500 was covering the complete cost of the migration. After a little negotiation, we were able to get the quote down to under a grand, and had it based on hours instead of a flat fee.

So, what did these people do?  The biggest part is they help you plan. We had a great plan from the start, but they make sure you cover all of your bases.
Continue reading »


MSOL Exchange Hosted

 MSOL Exchange Hosted, W2K Migration  Comments Off on MSOL Exchange Hosted
Mar 072010

MSOL Hosted ExchangeAbout six months ago…

With the end of W2K Server looming, and failing hardware, it was obvious that we needed a plan to replace our aging Windows Server 2000/Exchange 2003 mail server.

Our original thought was to build a new mail server.  We spent a few weeks looking into how to properly recover an Exchange server from disaster. While my supervisor and myself are not lacking in the day-to-day administration of an Exchange server, we recognized that what it takes to learn to run an Exchange server when things go terribly wrong was well out of the available amount of time we had. (I had a favorite chapter from a book we read on the topic. It was titled: “How to lose your job with Exchange“) With that in mind, costs were calculated. The backups, the testing, the dev environment, the need to keep replaceable hardware on hand, the power requirements, and of course, the cost of downtime every time there was a problem at our building.  I work for a company who only has about 50 employees, but half of those employees work in offices outside of the office that would house the exchange server, and many of them are on the other side of the globe.  When our internet service went down, so did email.  When the power went out, so did the email.  When we rebooted for Windows Updates, down went the email.
Continue reading »