Why Student Advantage is more then just free office

Free office! For pretty much every youngster and educator in the UK. Crikey, what a deal!

It’s definitely something that gets parents and staff’s attention, with office costing circa £90 for home and student, it is a significant saving, and with the cross device usability (you can install on 5 devices including tablets) it is very appealing.

Clearly this is a great ploy for Microsoft marketing  – staff and pupils will now be hooked on the familiar and standardised programs for the rest of their lives. And as a result, business, where the big bucks are, will continue to invest in the product

So, aside from making sure schools are training the next generation of office users for the Microsoft coffers – we should look into why this is something that all schools should roll out…

And first off, it’s not for staffs benefit. Yes, they will probably create more with Microsoft products in the classroom, because they have improved access to the programs – which are, lets face it, the best around.

Actually, the fact is – in our case anyway – staff will probably not use free office for work as much as using the remote desktop, it will be faster sometimes to use office, but its just another tool we provide to make life as easy as possible for them. They have actually been using Office for free for years of course, in school. This just increases access.

No, the real benefit is for pupils. The ability to access their one drive, and do work on any device available to them is a game changer. The software will be the same as at school, so familiar, and work will be easily accessible. Single sign on means setup and access is simple. Web based version of office mean they don’t even need to install software.

Most pupils these days have tablets, and not laptops – well, office works on these as well now.

This ability for pupils, no matter what their financial situation to all be on an equal pegging for using technology to complete their homework is a great thing for schools to be offering. I know not all have internet, or a device – but the vast, vast majority at least have access.

This follows the route we have taken in school with our development plans, ICT is no longer just about dedicated IT rooms, it is making technology available for all when they need it, in easy to access, familiar way. We did it with our tablets, deploying some 380 odd which has made  huge impact to teaching and learning in school, and this roll out of office to pupils at home (along with their ability to use remote desktop) means we are, as much as possible, making IT easy to use at home for pupils. And that’s the key bit, making it easy. Remote desktop for pupils? Not at year 5. Office, which their parents set up to take advantage of, and instant access to save to school with no logging in or addresses? That’s easy!

Finally, as a MAC of 4 schools, this is something we are looking to roll out, because the biggest plus will be one drive and sharing documents, without having to join domains and all sorts. I will write about that more in the future, when I have had a chance to think it through, but the idea is an exciting one. And all this, under EES, at no extra cost.

 

 

O365 and SSO

Recently I decided that I wanted to give all my users the free office they can get under EES Student Advantage. I had looked into this before and it was one hell of a nightmare to set up I thought, looking at the poor Microsoft documentation, and my own lack of understanding.

Ultimately I wanted to do the following:

  • Have users be able to login to O365, using their local domain credentials
  • Only allow them access to OneDrive and to download office (we have local exchange 2013 here)

So here is what I did, with some of the bits I did wrong removed. I am hoping I can remember it all.

1) Get the licences

I had to get my EES supplier to add the licences I needed, so Luke at Millgate got this set up (well, he didn’t, someone else who has an idea of anything more then sales did!)

These Show up as Online Service Activations in VLSC – and you need to have a MS account ready set up to import them into. I actually found it really hard to find the link to sign up for education accounts – but here it is:

https://go.microsoft.com/fwlink/p/?LinkID=403742&culture=en-US&country=US

From this page: https://products.office.com/en-us/academic/compare-office-365-education-plans

You get trials for 30 days of the full blown plan (E2/E3) but they are not actually what I wanted, I don’t want full O365. When you activate your Online Service from VLSC it creates new plans for staff and pupils which only gives them access to download the software and One Drive.

The rest of this will probably work for setting up full blown O365, but I haven’t trialed it. It certainly will get the users in.

2) Getting your domain sorted

Start this one early. You need to get some DNS or MX records done on your domain to prove your ownership, its straight forward stuff, but you cant sync users and do anything without it. Once logged into the 0365 control panel (login.microsoftonline.com) select domains and follow the instructions.

At this point, I strongly suggest setting up a user that is not someone who will be migrated over from AD at any point, for instance, I setup an admin2

3) Sorting out the Sync and SSO

So bloody complicated.

  • If your domain is a .local or similar, or it doesnt match the your external domain, you will need to add an additonal UPN: https://technet.microsoft.com/en-us/library/cc772007.aspx
  • You will then need to change the UPN users will use – you can do this in bulk in AD (select a load of users, right click etc), and it has no effect on anything else (or at least hasn’t so far)
  • Choose a server to be your ADFS Server, that is not a DC, if you run a remote access server, with HAP or RDC (or both) with its own SSL already in place, great. You need an SSL to do all this wizardry.
  • Install the ADFS role on this server. Best practice is to work through a ADFS proxy as well, but, well, I didn’t. Note: if you are installing on Server2008R2 you will need to download ADFS 2.0 – so don’t install the role. Install the role if Svr 2012R2
  • Install the Windows Azure Active Directory Module for Windows PowerShell – login to your admin on 0365 > users > Manage SSO and its number 3
  • On another server download and install DirSync – the software that will Sync your AD to the cloud: https://technet.microsoft.com/en-us/library/jj151800 – this is pretty straightforward, but, you will need to redo it if you mess up anything such as change passwords, or setup the wrong domain or something. Once done, you should see users appear within 10 minutes.
  • Back on your AFDS server, run the AFDS powershell – these are the all important commands you need to follow to setup the link etc
  1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.
  2. Run $cred=Get-Credential. When this cmdlet prompts you for credentials, type your cloud service administrator account credentials.
  3. Run Connect-MsolService –Credential $cred. This cmdlet connects you to the cloud service. Creating a context that connects you to the cloud service is required before running any of the additional cmdlets installed by the tool.
  4. Run Set-MSOLAdfscontext -Computer <AD FS primary server>, where <AD FS primary server> is the internal FQDN name of the primary AD FS server. This cmdlet creates a context that connects you to AD FS.
    noteNote
    If you have installed the Microsoft Azure Active Directory Module on the primary server, then you do not need to run this cmdlet.
  5. Run Update-MSOLFederatedDomain –DomainName <domain>. This cmdlet updates the settings from AD FS into the cloud service and configures the trust relationship between the two.

Remember when it talks about a domain, you want the UPN that matches your external domain, not your internal one.

Finally – to get SSO working accross browsers: http://www.powerobjects.com/2012/11/02/adfs-and-single-sing-o-cross-browser/

I am not a great tutorial writer I am afraid, but hopefully this might put all the links and the general process in a useful place.