If you’re in doubt about whether or not you can phase out ADFS, Ramiro Calderon wrote a very nice article on the different scenario’s where ADFS would still be required.
The ‘old’ Onedrive for Business client (groove.exe) is notoriously bad at synchronizing Sharepoint Online Libraries. If you want to block Onedrive from syncing Sharepoint Online libraries, just run the following command:
Set-SPOTenantSyncClientRestriction -GrooveBlockOption "HardOptIn"
Your users will receive a message to update their client.
Version 2.37 of OneDriveMapper has been released!
- Supports password save/caching (only if not using ADFS), enabled by default
- Dependency on external Windows7Library removed
- My Documents library redirection now supported natively, probably works on a lot of different MS OS versions now.
Get the new version here
Because I’ve been asked too many times and keep having to look up the commands, I’m just going to throw them here for reference. If your ADFS farm, federated with Office 365, goes down for some reason and is no longer reachable, the Microsoft way of unfederating your Office 365 logon domain won’t work, as the set-msoladfscontext command won’t be able to reach your ADFS machine.
Simply setting the domain’s authentication mode from Federated to Managed will also do the trick and allow your users to login with their synced passwords:
Import-Module MSOnline Connect-MsolService Set-MsolDomainAuthentication -Authentication Managed -DomainName yourlogondomain.com
For our enrollment process of customers in Office 365, we enable the Unified Audit Log by default, as this has a great number of benefits.
At first, the only way to do this was through the UI, but now we can enable the Unified Audit Log with the following Powershell command in the Exchange Online Remote Shell:
Or to disable the Unified Audit Log through Powershell:
Note that disabling the Unified Audit Log can only be done through Powershell.