Federating AZURE with Workspace ONE Access and Office 365 as a service

Part 1: Setting Up a Developer Account

One needs to setup an Office 365 E3 Developer subscription account to be able to integrate with Workspace ONE. In this section we will walk through and setup the required developer subscription that allows you a 12 -month free trial.

An Important NOTE! 

  • Be sure to to take notes and document your configurations immediately. 
  • Be 100% clear from your document what your assigned domain name is.
  1. Navigate to the URL:  https://developer.microsoft.com/en-us/microsoft-365/dev-program Do not select JOIN NOW.

2. To the right of the page first select Sign In

3. On Microsoft Sign in Page type in the email address of an account you own
(NB! If this account is already associated with an office 365 account you will have to create a new account)

3.1 Alternatively next to NO account? select Create one!

3.2 On the Create account page type your custom email address

3.3 Select Next

3.4 On the Create a password window type a unique password and select Next

3.5 On the Create account page type in your country and Birthdate and select Next

3.6 On the Verify email page notice you need to enter a code, log into your gmail account and select the email and find the code and then enter the code in the Enter Code area and select Next

3.7 On the Create account, page enter the custom security letters for your login

3.8 On the Stay Signed in page, select Yes

3.9 On the Sign in page type in your custom email address and select Next

3.10 On the Enter password page, type in your password and select Sign in

4.1 To the left of the page, select the Microsoft icon

4.2 Then look to the right of the page and select your account Icon, next select Add your name

4.3 On the Your info page under First name type your custom name and under Surname type your custom Surname, type in the matching security letters and select Save

 

5.0 Open an Incognito browser session with Google Chrome and copy the following url in the Browser address bar,

https://developer.microsoft.com/en-us/office/dev-program

5.1 To the right select Sign In, On the Sign In page type in your custom email address and select Next

5.2 On the Enter password window, type the custom password you created and select Sign in

5.3 On the Stay signed in? window select Yes

5.4 On the Join Office 365 Developer program today page select JOIN NOW>

5.5 On the Office 365 Developer Program Signup page select your Country/Region and type in the name of your Company and select the two checkboxes for terms and conditions and information and select NEXT

 

6. On the Office 365 Developer Program Preferences page select What Industry do you work in, focus area & enough check box and options to make sure the Join button becomes available and the select JOIN

7. Close the Welcome to the Office 365 Developer Program! Window by selecting Close

8. On the Office 365 Developer Page select SET UP SUBSCRIPTION

9. In the Setup your developer subscription window, create a unique admin account , for example, your username could be CloudAdmin and your Domain could be your firstname and surname
NB! Ensure you document these credentials

10. When you are done select Continue

11. On the Add phone number for security windows type in your Country Code and your phone number

12. Select SEND code , follow through on the security picture block selecting your relevant pictures, and select Next Enter the Code from your phone and select Set up

 

13. Once your registration is complete you can login in using your new ADMIN account. On the your Office 365 Subscription page select and right click the Go to subscription hyper link and select Open Link in New Tab

14. On the Sign In window , Enter your password and select Sign in

15. On the Office 365 Page almost in the middle select Admin

16. On the sign in page pick your new CloudAdmin account

17. If you get prompted with a Welcome to Office 365 Admin Center Page select Skip

18. Notice the Office 365 E3 Developer Setup is incomplete. Select Go to guided Setup box

NOTE: Before moving onto the next section, ensure that you are 100% clear what YOUR registered Domain will be.

In the course lab we will use a Domain naming convention based on the location we are delivering at.

For example if this training session was being delivered in AMER , your domain name might be 

amerpso01.euc-livefire.com for student number 1. If we have 18 attendees there will be 18 different registered Domain names using the above mentioned naming convention. we have automated the dns configuration for this lab, so we will use a vrealize automation self service portal to configure your dns zone.

On the Microsoft 365 admin center  ensure the Connect a domain you already own radio button is selected and below type your registered Domain name (this example in the screenshot is only for demo purposes) select Next

19. Click Continue without installing Office Apps.

Note when registering your own domain name with Office 365, there are several approaches. The most seamless and trouble free approach is to register your own Domain Name with GODADDY. This provides a seamless experience and the verification takes seconds once you have your own domain name from GODADDY. GODADDY is an example of a name provider that seamlessly integrates with Microsoft's Office 365. If one chose this option your name that you use would belong to you for however long you choose to use your Office 365 Tenant

Another approach is to do this manually. EUC Livefire already owns a domain name which is hosted in AWS Route53. In the Office 365 setup wizard you will notice there is a step by step guide on how to setup your zone in AWS Route53 manually. We have chosen to automate this process for the sake of time.

If you choose this option the zone provided to you by Livefire associated with your tenant will possibly only be active for a maximum of a month and you will then have to find your own Domain name.

If you choose to follow the Livefire option, we have automated this process for your convenience using VMware VRA. Generally DNS name configuration in AWS Area 53 is a completely Manual process. We have automated more than 98% of this process. You will however interface with VMware vRealize Automation for 2 configurations.

1. MS record modification

2. MX record modification

You do not have Access to AWS AREA53. You will be using VMware vRealize Automation to facilitate the edit of these records

20. On the Verify domain page notice there are step-by-step instructions to follow,

Notice that there are DNS records called TXT name, TXT value and TTL

  • Note!. We have our Hosted DNS service in called AREA53 on AWS. We have our own euc-livefire.com Zone. Each of you have your own registered Zone Database, that is part of the EUC-Livefire.com namespace. eg. Tokyo01.euc-livefire.com. Your Office 365 instance will need to be verified with this namespace .To do this will require to modify your DNS subzone, working with the vrealize automation portal in a different browser tab while your doing your o365 tenant.
    1. Click on the copy icon next to your MS record
    2. Select Verify at the bottom of the screen

      NB! At this point ignore any error messages !

 21

  • On your Controlcenter2 desktop, from your task bar open your FireFox Browser 
    1. Next to the bookmarks bar open vrealize automation
    2. Next to the "Select your domain" dropdown menu select corp.local
    3. Select Next

22.  

  • VRA automation continued ...
    1. In the username field type vra-euc-student
    2. In the password field type VMware1!
    3. select Sign in

23. VRA automation continued ...

  • In the update zone records catalog object, select  Request

24.

  • VRA automation continued ...
    1. Next to zone prefix dropdown menu select the amerpso.
    2. Next to zone number drop down menu select your dns zone number as described in your information sheet
    3. Under Records update next to MS record replace the existing record your MS record and Paste your MS record,
      NOTE ensure that your MS record is enclosed in Quotation Marks
    4. Select Submit

25. Wait until the progress shows 100% and continue with your lab. you might need to refresh your browser if you see no progress bar.

26 .Go back to your o365 domain configuration and click on verify. it might give you an error because of the time it takes to replicate DNS configurations and it might require you to click on verify a couple more times.

27. On Add new users window select DO IT LATER select Next

28. On the How do you want to connect your domain  page select Continue

29. On Add DNS records page select Continue

If you see an error in MX records, follow the below steps.

30

  • If you get an error mentioning your MX records follow these steps:
    1. Click on the the copy icon next to Expected record
    2. On your ControlCenter2 server, Go back to the update zone records tool, select REQUEST
    3. Get to your zone and paste the MX records,
      • NOTE the example, there is a zero in front MX record, this is a priority field and should not be deleted.
    4. Select SUBMIT
    5. Go to your 0365 domain configuration and Continue the domain again.
    6. If successful you will see the Share Microsoft teams page.

 

  • On the Add DNS Records page.
    1. When ready select Continue at the bottom of the Add DNS Records window. If there is a failure on any records reach out to the EUC-livefire instructor team to get the records fixed and select
                Continue again.  Note you might have to give a few minutes for the records to update in DNS before selecting Verify
    2. Notice that when Verify is successful the you just configured your Office 365 Tenant successfully will show and you are ask to provide feedback related to your experience.
  • However, If Verify is Not successful and its MX related in the message go to the next step in this exercise.

 

31. Click on Continue.

32. Click Go to Admin Center.

33.  On the Microsoft 365 Admin center left navigation panel,

  1. Select the 3 parallel dots in the black bar to the left of the console, this will expand the options.
  2. Click on Settings and select Domains.
  3. Notice the custom domain is the default domain for O365. We will change the default domain to onmicrosoft.com. Click on your <YOURCUSTOM>.onmicrosoft.com domain.

34.

  • In the Domain interface,
    1. Select Set as default. On the pop up screen, again click on Set as Default.
    2. Your custom domain cannot be the default domain when federating with Workspace ONE Access. Select Close. Check to see that you have a corresponding configuration in the domain portion of your setup as the screenshot.

Part 2: Federating Office 365 with Workspace ONE Access.

In Part 2 of this lab session we will now federate our Office 365 Tenant with a Workspace ONE Access SAAS tenant.

  1. Using your Tenant Admin credentials, login into your SAAS Workspace ONE Access Tenant.
    1. To the right of the Workspace ONE Access console under Tenant Admin select Administration Console

 

2. Select the Identity & Access Management tab

  • To the right in the Identity & Access Management tab select Setup > User Attributes

 

3. In the User Attributes interface notice you have already set userPrincipalName and distinguishedName to Required and you have already created the objectGUID attribute.

These are pre-req requirements for Federating Office 365 with Workspace ONE Access.

4.

  • On your ControlCenter2 desktop server select your Software shortcut and open the path to the Applications folder. In the Applications folder open the Azurefiles folder.
    1. Open the msoidcli_64.msi installer and when prompted select Run
    2. On the Microsoft Online Services Sign-in Assistant Setup page select the I accept the terms in the Licence agreement... checkbox. Select Install,
    3. When the installer is done select Finish
    4. If prompted to restart then do so and login as administrator

5.

  • Under the same Azurefiles folder,  
    1. Select and launch the AdministrationConfig-en.msi , select Run. On the Open File - Security Warning window select Run
    2. On the Windows Azure Active Directory Module for Windows Powershell Setup window select Next
    3. On the License Terms window , ensure the I accept the terms radio button is selected and select Next
    4. On the Install Location window, select Next
    5. On the Ready to Install window select Install
    6. Select Finish

6.

  • On your ControlCenter server desktop, you will notice a Windows Azure Active Directory for Powershell Shortcut.
    1. Right click the Windows Powershell and select Run as administrator
    2. For your convenience we have added all the powershell commands to a TXT file that is available in the software folder on the desktop.You can copy the commands from the file directly into the powershell. Please note some of the commands require editing
    3. Simply browse to \\cs1-pd1.euc-livefire.com\software\Applications\Azurefiles where you will find the file powershell commands.txt
    4. In the Powershell Console type the following
    5. Connect-MsolService
    6. When prompted for User name and Password, use your Cloud Admin account e.g. [email protected]

 

If you face the error, 'This account is blocked." This is caused by the default security policies on Azure AD which blocks any Powershell access to Azure AD. We will have to disable the default security policy to allow the access. Admins can create a custom Conditional Access policy to allow powershell with required security policies and block/ allow specific users. Follow the below steps to allow access to Azure AD using Powershell.

7. On the Microsoft 365 admin center,

Navigate to Show More > Azure Active Directory.

8. On the Azure Active DIrectory admin center,

Click on Azure Active Directory from the left navigation panel. Scroll down to find Properties option on the overview page. Click on Properties.

9. At the bottom of the page, Click on Manage Security Defaults.

10. On the right pop up screen titled Enable Security Defaults. Switch the toggle to NO. Hit Save. Retry on Control Center Machine to observe the login is successful. Proceed to the next step.

11.

  • On your ControlCenter server desktop, in the Windows Azure Active Directory for Powershell  application, type

    Connect-MsolService

 

  1. When prompted for User name and Password, use your Cloud Admin account e.g. [email protected]
  2. Notice no error is received.
  3. Next we have to create a Service Principal account type in the powershell

    $sp = New-MSOLServicePrincipal -DisplayName 'ServPrinc1' -Type password -Value 'VMware1!'
  4. Next we are going to assign a role to the ServPrinc1 user
    Add-MsolRoleMember -RoleName 'User Account Administrator' -RoleMemberType ServicePrincipal -RoleMemberObjectId $sp.ObjectId

12.

  • Revert back to your Workspace ONE Access SAAS Tenant Admin Console
    1. Select the Catalog Tab in the Admin Console, select NEW
    2. In the New SaaS Application window under Definition select or browse from catalog
    3. In the DEFINITION window to the right in the search area type off
    4. Select Office365 with Provisioning by selecting the   +    sign to the right

13. On the New SAAS Application window select Next

14. In the New Saas Application window, in the Configuration section add the following:

  • Under Target URL add the following. Actual text to copy to edit into the configuration is in BLUE
  •  edit the last area after hint=
    ............................
    domain_hint=amerpso01.euc-livefire.com
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid+profile&redirect_uri=https%3a%2f%2foutlook.office365.com&domain_hint=amerpso01.euc-livefire.com

15.  

  • In the New Saas Application window, in the Configuration section leave the following default:

      -Single Sign-On URL / Application ID / Username Format / Username Value

  1. Add the following: under Application Parameters in the tenant line under Value add YOUR custom Fully Qualified Domain Name ie amerpso01.euc-livefire.com
  2. Under Application Parameters in the issuer line under Value add your custom domain name (without the .com part) ie amerpso01.euc-livefire.com

Make sure there are no hidden carriage returns if you paste this in

16. In the New Saas Application window, in the Configuration section under Advanced Properties leave the following default:

-Enable Multiple O365 Email Domains / Credential Verification / Signature Algorithm / Digest Algorithm / Assertion Time
-Under Custom Attribute Mapping in the UPN and ImmutableID keep the values default

  • In the New Saas Application window, in the Access Policies section select NEXT

.

17.  In the New Saas Application window, in the Summary section select SAVE

18.

  • We will now do the Entitlement configuration of the User
    1. In the Catalog for Web Apps select the Office 365 with Provisioning and select Assign
    2. In the Assign wizard type Mark in the search area under Users / User Groups, select [email protected]
    3. Under Deployment Type, select the drop down arrow change the Deployment Type to Automatic
    4. In the Assign wizard, review your configuration, in the bottom right hand corner select SAVE

Part 3. Configuring domain trust

1. On your ControlCenter Desktop, Select the Start Button to launch the Start Menu and select Administrative Tools

  1. Select Active Directory Domains and Trusts shortcut
  2. In Active Directory Domain and Trusts mmc select and right-click Active Directory Domains and Trusts [ControlCenter2.euc-livefire.com]
  3. Select Properties
  4. Under the UPN Suffixes Tab under Alternative UPN suffixes type your custom domain name. the example we have in this lab is tokyo01.euc-livefire.com
  5. Select Add , select OK to close the window, close the Active Directory Domains and Trusts Window.

 

2.

  • On your ControlCenter Desktop close Active Directory Domain and trusts.
    1. In the Administrative tools folder select Active Directory Users and Computers shortcut and select open
    2. Under the euc-livefire.com domain, expand the Corp > Marketing Organisational Units
    3. You will notice we have your custom User Account & Users 1 to 4. Select and right-click User1 and select Properties
    4. Select the Account tab, to the right of User logon name: select the drop down arrow and select your custom domain
    5. Repeat these tasks for all 4 users and the Custom User Account you created in the first lab. Close the Active Directory Users and Computers window

Part 4: Using Azure ADconnect for user provision to Azure AD

In this part we are goin to install Azure AD Connect tool to provision users to azure AD from on premise Active Directory.

Please note: It is best practice to use Azure AD connect tool but not a requirement. You can also provision users to Azure AD from Workspace ONE Access using Office365 with Provision application with Setup Provisioning ENABLED.

1. From your Controlcenter machine desktop, open the Software shortcut on your desktop and navigate to the Applications > Azurefiles >ADconnect folder.

2. Double- click on AzureADConnect.msi and click run on the security warning

3. On the Welcome to Azure AD Connect window check the box next to "I agree to the license terms and privacy notice" and click Continue

4. In the Express Settings window click on "Use express settings"

5. On the "Connect to Azure AD" window, fill in your credentials for your microsoft account and click Next

6. In the "Connect to AD DS" window fill in your domain credentials, USERNAME: EUC-LIVEFIRE\ADMINISTRATOR, PASSWORD: VMware1!

7. Verify your custom domain is verified

8. Check the box next to "Continue without matching all UPN suffixes to verified domains" and click Next

9. On the "Ready to configure" windowmake sure the box next to "Start synchronization process when configuration completes" is checked and click Install. Getting to the following step should take a couple of minutes.

10. In the "Configuration complete" window click "Exit"

Part 5: Setting up the SAML between Workspace ONE Access and Office 365

  1. Ensure you do the next section on your ControlCenter2 server .
    1. Login to your to the Workspace ONE Access Admin Console, as Admin, under the Catalog > Web Apps tab to the right select SETTINGS
    2. In the Settings window under SaaS Apps, select SAML Metadata, in the right hand pane under the SAML Metadata heading select DOWNLOAD under Signing Certificate
    3. Using Notepad++ Open the signingCertificate.cer from your default download location .

2. In the signingCertificate.cer we will remove all carriage returns the document

Do this with Notepad++ on your ControlCenter server. Any hidden carriage returns will cause this exercise to FAIL

  1. Remove the -----BEGIN CERTIFICATE----- and  -----END CERTIFICATE----- lines from the certificate.
  2. Then select the certificate portion of the file and click ctrl + F in the Replace tab at the top type \n in the Find what field.Leave the Replace with field empty. Make sure the Search Mode at the bottom is Extended.  Then click on Replace All.
  3. Your certificate should now no longer have carriage returns. Notepad++ will tell you how many instances were replaced and your certificate will look different.

 

3. On the ControlCenter2 server and open the existing Powershell interface we were working with earlier (from the shortcut on your desktop). please copy, edit and paste the commands from the text file called powershell comands, located in your Software folder (linked in your control center desktop), in the \Applications\Azurefiles folder.

Run the following command:  


Connect-MsolService

  • In the Powershell Console type the following using your Cloudadmin credentials. The example we use is [email protected]
    and your password

4. Next we edit the following Powershell commands for our environment and include the certificate string as part of this command.

  1. Edit the sample string by replacing  any instance of tokyo01 with the city and number from YOUR CUSTOM Fully Qualified Domain name, i.e. london08
  2. Edit the sample string by replacing aw-euclivefire.vidmpreview.com with YOUR CUSTOM SAAS Workspace ONE Access Tenant Fully Qualified Domain name

    example 1 is the string without the certificate|
    example 2 is the string with the certificate which you will have to append without introducing any hidden returns into Powershell
Set-MsolDomainAuthentication -DomainName tokyo01.euc-livefire.com -Authentication Federated -IssuerUri “tokyo01.euc-livefire” -FederationBrandName “tokyo01Corp” -PassiveLogOnUri “https://aw-euclivefire.vidmpreview.com/SAAS/API/1.0/POST/sso” -ActiveLogOnUri “https://aw-euclivefire.vidmpreview.com/SAAS/auth/wsfed/active/logon” -LogOffUri “https://login.microsoftonline.com/logout.srf” -MetadataExchangeUri “https://aw-euclivefire.vidmpreview.com/SAAS/auth/wsfed/services/mex” -SigningCertificate
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Set-MsolDomainAuthentication -DomainName tokyo01.euc-livefire.com -Authentication Federated -IssuerUri “tokyo01.euc-livefire” -FederationBrandName “tokyo01Corp” -PassiveLogOnUri “https://aw-euclivefire.vidmpreview.com/SAAS/API/1.0/POST/sso” -ActiveLogOnUri “https://aw-euclivefire.vidmpreview.com/SAAS/auth/wsfed/active/logon” -LogOffUri “https://login.microsoftonline.com/logout.srf” -MetadataExchangeUri “https://aw-euclivefire.vidmpreview.com/SAAS/auth/wsfed/services/mex” -SigningCertificate MIIFIDCCAwigAwIBAgIGPBaJynnGMA0GCSqGSIb3DQEBCwUAMEgxIDAeBgNVBAMMF1ZNd2FyZSBJZGVudGl0eSBNYW5hZ2VyMRcwFQYDVQQKDA5BVy1FVUNMSVZFRklSRTELMAkGA1UEBhMCVVMwHhcNMTkwMjA0MjEzMTAyWhcNMjkwMjAxMjEzMTAyWjBIMSAwHgYDVQQDDBdWTXdhcmUgSWRlbnRpdHkgTWFuYWdlcjEXMBUGA1UECgwOQVctRVVDTElWRUZJUkUxCzAJBgNVBAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApWfE7UfEG9iupk538HEUrqfAKb5VlcnsGrQCz9+Hb1QrDba8vvPWNp+H3MhkZ1RZS43mvy+3JVFEuEsCIqHyRrKsJVIswPda2eQKW/Y7jd3RHZFoxoqbvF4kOyJq5+k38xI/8t8Olkv2ruYYHwUZ+SDJpWdxFqbrpcBAFac5IYj7lPoPlOv9na+lZ7V8ddWQCrsNydKfndUPeBiUj389Xer0ckzHTcYjeGG82X9NHDXVsmbiMFrDnP0ZbMCD21CMOGyZ8wKFzbx3toStDuqyF6MbXv3tpVCnF/sELJaJNxbfdoslNGfbyNWiv/UQ7h8XDOywqpzMZkZkch/Bl6Ny1cS3UDW6GYgYuJHkmRu9Pgqv/98QpFueBrrR71+9WTLocSVxgbBCdyrgwVOHAJK1+yZOrYuiLIGcdJfhjczOaN/8dJnzYspxgW9tIxZ2SmQQDTy9zscvad2rplOZFqj9MQbDUmdanr52ksQ85jboArLW9B5TVmxefDtoPMiK6GKsR/Q+ygEplsyDT1S6eGzXaVBOQFGjjAFQ3c0wOQtZ0Q6+JJRk3KO4X2F5arDRZKTCfEyzH8VYwaJ04BJBmlkPQs14IKzAhwR/cqBzKnSFUxbeqm5U/YLeyaO03NKEYimHqoW7cEB9sPQnO7YUuZOG0KqHrC0S8dVt6dk5adfa0LECAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAiadCYNp2OVfFIlD3I3iQhLCvmc1hVKMEzz1FJNEAMZ3JZgwBEYLHL7d8kiRjI7c4hvZ62P2eQ2bC6z3lzqGVK8GNyUPGMKKgcFOgjJrK+roP4s740cbn4hQX3j3cOLCuQKQ2NkzwF0+5qGU26vOvlwnE8SONR4OxgScW2Bu55E5NOQj+Tu45Pt2KYZpSv9ZP9KJj75AqwmfkynomDBYZXT4WbSft5HDt7VXkFS6OPz41i32yqDTtHePLKbJ83LcXEETDVfyfigS1m1VWwcDp9sLfbqA4yEIoGFNO5KMssHOkVeCFCjzCs06B1pVHoWYqqNOg0gMU0vpX+gFcj7tHJklhbHUcqQpnYs/AJyL0pEroVZTBJS3UgK9vMEage9P+hoVqiX9g+Csd0GjRLExlpkm3uFKt0su05UQ0E9PrYpOS74YbmuRFEUJ5R5PzxSAWErG/SxPWNtGKzKdGjJzBmErOgShODflleURanuL18FDqBR7KXGOnNWDNk5GKVcB2LWqmmz6AmCkFee9oPju6hT+Y4M3O6mmP6dxjTILPUAddObZUUFhhX8fyjpTDUjTzKWdPaf5G4/ISfSqa0CoCFaNGTeEhoR9NtjYlabENZMuD2OoVDacMQvRMN1IbtilDF9ISROG3jzVJDNtFvwkuRzUJ5QyUEAuBZ6xpVEt/8Do=

5. We will now check the federation with the following command in the powershell. Replace with your custom Domain.

Get-MsolDomainFederationSettings -domainName amerpsoXX.euc-livefire.com

The settings will return output regarding the settings that make up this federation.

Part 6: In this part, we will now start testing the federation to see and ensure it it working properly

1.

  • Login back to your office 365 Tenant with your office Admin account with this url https://admin.microsoft.com/Adminportal/Home?source=applauncher#/homepage and use your cloudadmin account
    1. In the left-hand pane under Home, select Users > Active users. Notice that Marketing group Users 1 - 8 has been automatically provisioned with the unique suffix appended for the user principle name. Also notice that your users are Unlicensed. Select users 1-8
    2. Select the radio buttons next to User 1 to User 8. This is includes your Custom User
    3. From the top menu options and select Manage product licenses
    4. In the Manage Product licenses window select Replace radio button. You will see an option to select a location. Select United States.
    5. Enable the Microsoft E5 Developer (without Windows and Audio Conferencing) by checking it to enable.
    6. Click on Save Changes.
    7. NB! - Validate that your Cloudadmin account is licensed as well. This will depend on whether you started off with a custom Outlook account or used another email in the beginning of the course labs.  If not re-apply to the licensing to this account and then ensure that you can open the Cloudadmin mailbox. This requirement must be done before starting your OKTA lab.

2.

  • Open up an Incognito session of your browser and connect to your SAAS instance of Workspace ONE Access.
    1. On the login window ensure that on the select your domain window, euc-livefire.com is selected, select Next
    2. In the username section, use your custom username ie user35pso and the password VMware1! select Sign in

3.

  • In the Workspace ONE console
    1. Under Apps select All Apps
    2. Next Office 365 with Provisioning select Open
    3. You should now see the Microsoft Office365 console

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.