Connect to Exchange Online PowerShell with MFA enabled account

Connecting to Exchange Online was only possible with an account that did not have MFA enabled because it only can handle basic authentication. This is an issue because Microsoft advises us to have accounts that can do administrative tasks to have MFA enabled. Now we must choose between an account that has no MFA and a possible security breach and an account that cannot connect to Exchange Online. To solve this, we had an account that was disabled by default and when we had to do Exchange tasks we enabled it.

SharePoint Saturday Munich 2017

This year of SharePoint Saturday’s started with the one in Munich last weekend. This time there was also a preconference session on Friday. The sessions on Friday and Saturday were held at the brand-new building of Microsoft Germany. Friday session This year they organized two preconference sessions. A developer one about Office Dev PnP and an IT Pro about SharePoint 2016. I went to the SharePoint 2016 session where they talked about all the aspects of SharePoint 20116.

Upgrading an Office 365 Group to a Microsoft Team

Arjan Cornelissen
Since a Microsoft Teams depends on Office 365 Groups and creating a Microsoft Team creates an Office 365 Group I wanted to know if it was possible to upgrade an already existing Office 365 Group to a Microsoft Team. This is possible but you need to keep a few things in mind to have the ability to upgrade a Microsoft Team. So let’s first start at the beginning, creating a Microsoft Team can be done within the Microsoft Team application by clicking on “Create team” and you will get this simple screen to create a new team

Azure AD Connect with multiple forests

Arjan Cornelissen
In the last week of 2016 I was working on some issues that some users in certain groups were not synchronized to Azure AD. The users itself were in Azure AD but the group membership did not sync. The problem here was that the users were in another forest than the group. At this customer, we have multiple forests with users from the different countries and they start to work together more and now we had some complaints that the users where not able to access resources while they placed them in the correct groups.

Azure Active Directory Connect Health update

Arjan Cornelissen
Since some time we have the ability to see the health of the Azure Active Directory Connect in the new portal ( and since a few days I saw that the sync errors are now displayed in this blade as well. This is a great addition, because it will give a better overview of the synchronization errors than the email you get every 30 minutes. I also have noticed that there are rules created to move this email to another map when it arrives because it gives a lot of clutter in the mailbox.

Azure B2B updates

A week ago Microsoft released the public preview of the Azure B2B invitation API. I have seen this at Ignite in September that they were working on that. The announcement can be found here With this announcement I went looking into this what other options there already are for inviting a partner into your AD. The options at this moment are: Upload CSV file thru Add a user in the new portal https://portal.

Azure AD-directory settings

Arjan Cornelissen
This week I was trying to find a good way to disable the creating of Office 365 Groups from creating. I love the functionality of Office 365 Groups but it is still missing some key elements from using in a large corporation. The main thing missing is the ability to have naming convention, now you say but they released that. Well that is partly true. The naming convention is only applied when you create an Office 365 Group in Exchange, Outlook or the Groups app.

Error: requested federation realm object does not exist

Arjan Cornelissen
A few weeks ago we got a few users telling us that they were not able to sign in to Office 365 with an error message “AADSTS50107: Requested federation realm object does not exist”. After searching the internet I only found errors with a whole domain not able to sign in because it was a subdomain and that was not recognized by Office 365. The affected users where able to sign in to other applications on ADFS and other users where able to sign in to Office 365 with that same domain name.

Ignite 2016 Atlanta summary

Last week I had the privilege to attent Microsoft Ignite in Atlanta. This week was full of news, sessions and a lot of walking. Besides the sessions, this year the expo hall was large, I have spend a lot of time at the expo talking to venders, partners and Microsoft. I have created a PDF from all my notes. On a few notes I have references to slides, the slides should be come available on https://myignite.