Microsoft



Moodle + Office 365: Better togetherA Setup Guide Microsoft FrancePublished: July 2015Version: 1.0Authors: Frédéric Chiaroni (Edunao), Nicolas Humann (Exakis), Romain Lacour (Exakis), Philippe Beraud (Microsoft France), Nicolas Frindel (Microsoft France)For the latest information on Office 365, please see: TOC \o "1-2" \h \z \u Introduction PAGEREF _Toc423704601 \h 4Objectives of this paper PAGEREF _Toc423704602 \h 5Non-objectives of this paper PAGEREF _Toc423704603 \h 6Organization of this paper PAGEREF _Toc423704604 \h 7About the audience PAGEREF _Toc423704605 \h 7Building a test lab environment PAGEREF _Toc423704606 \h 8Provisioning an Office 365 environment PAGEREF _Toc423704607 \h 10Creating the Office 365 accounts PAGEREF _Toc423704608 \h 10Configuring the SharePoint Online privileges PAGEREF _Toc423704609 \h 14Provisioning an Azure environment PAGEREF _Toc423704610 \h 16Understanding the ongoing costs of virtual machines in Azure PAGEREF _Toc423704611 \h 17Adding the Azure trial to the Office 365 account PAGEREF _Toc423704612 \h 17Preparing the local environment for Azure PAGEREF _Toc423704613 \h 18Deploying the core Azure-based environment PAGEREF _Toc423704614 \h 23Completing the DNS registrations PAGEREF _Toc423704615 \h 26Setting up the Moodle platform PAGEREF _Toc423704616 \h 29Setting up the Moodle server PAGEREF _Toc423704617 \h 29Setting up and configuring the database server PAGEREF _Toc423704618 \h 33Pointing the domain name o2m.contoso123.fr to the Moodle server PAGEREF _Toc423704619 \h 36Installing the SSL/TLS certificate PAGEREF _Toc423704620 \h 39Opening the rights on the Moodle configuration files PAGEREF _Toc423704621 \h 40Setting up and configuring Moodle from the web PAGEREF _Toc423704622 \h 41Setting up the Microsoft resources for Moodle PAGEREF _Toc423704623 \h 43Setting up and configuring the Office 365 services on Moodle PAGEREF _Toc423704624 \h 52Configuring the plugins PAGEREF _Toc423704625 \h 52Configuring the Office 365 single sign-on PAGEREF _Toc423704626 \h 53Integrating with Microsoft Office 365 PAGEREF _Toc423704627 \h 61Integrating with OneNote PAGEREF _Toc423704628 \h 63Illustrating the user experience PAGEREF _Toc423704629 \h 67Signing in to Office 365 PAGEREF _Toc423704630 \h 67Signing in into Moodle PAGEREF _Toc423704631 \h 69Configuring the synchronization of the Moodle calendar with Office 365 PAGEREF _Toc423704632 \h 70Going further PAGEREF _Toc423704633 \h 72Appendix A Microsoft plugins for Moodle PAGEREF _Toc423704634 \h 73Microsoft Office 365 plugins PAGEREF _Toc423704635 \h 73Microsoft Services plugins PAGEREF _Toc423704636 \h 73IntroductionMoodle is an open source Web-based platform designed to provide all the tools required for classroom management, where teachers and students have the ability to smoothly and easily collaborate on a day-to-day basis. As the recognized leading learning management system (LMS), Moodle is unsurprisingly used in more universities and schools than any other LMS in the world to provide large populations of students with dematerialized training content through a compelling and motivating environment.Microsoft Office 365 provides secure anywhere access to professional email, shared calendars, instant messaging (IM), video conferencing, and document collaboration. It represents the cloud version of the Microsoft communication and collaboration products with the latest version of the Microsoft desktop suite for businesses of all sizes. Office 365 indeed notably includes:Microsoft Office 365 ProPlus. Microsoft Office 365 ProPlus is the Office software that can be installed locally on a device (computer, phone, or tablet) as a subscription. Depending on the device type and related operating system, it includes the following programs: Access, Excel, InfoPath, Skype for Business (formerly Lync), OneNote, Outlook, PowerPoint, Publisher, Word, etc. The programs have the same features and functionality as other versions of Office. For example, Word in Office 365 ProPlus works the same way it does in Office Professional 2013. This version of Office is included in E3, E4, A3, Business and Business Premium plans and is therefore the logical companion of Office 365 services. The programs of the Office suite can be deployed easily in a click-to-run mode on a Windows computer, either directly from the Office 365 portal or from the local network with your own management tool.NoteFor more information, see the Microsoft TechNet article Getting started guide for deploying Office 365 ProPlus.NoteFor more information about the different types of licenses available for Office, go to the following pages: Choose an offer and Offers and prices for Office 365 Education.Microsoft Exchange Online. Exchange Online offers cloud-based email, calendar, and contacts with the most current antivirus and anti-spam solutions. It enables access to email on virtually any mobile device and takes advantage of options for voice mail, unified messaging, and archiving.Microsoft SharePoint Online/One Drive for Business. SharePoint Online is a cloud-based service for creating sites that connect colleagues, partners, and customers using enterprise social networking and collaboration like Yammer. OneDrive for Business is a large capacity personal storage space hosted in the Microsoft Cloud, allowing users to access their documents anywhere and to facilitate their sharing.Microsoft Skype for Business Online. Skype for Business Online offers cloud-based IM, presence, and online meeting experiences with screen sharing, voice and video conferencing.NoteFor additional information on Office 365 in addition to the content of this paper, please refer to the Office 365 Community web site (blogs, forums, wikis, etc.).Serving nearly 80 million users worldwide, Moodle has already changed the face of classroom management. With open-source plugins developed by Microsoft and available with their complete source code on the GitHub forge, Moodle now benefits from an integration path with Office 365. Combined with Office 365, which is being embraced in a big way by the education world thanks to its business-class productivity tools and the above Office 365 ProPlus benefit, Moodle becomes even more powerful to ultimately bring a better and more productive classroom experience to teachers and students alike. The Moodle with Office 365 integration is thus helping to reinvent productivity in education with: Easy Access.? Your Office 365 username and password now get you into Moodle with no additional credentials to remember.? Moodle is now also accessible from the new Office 365 app launcher, meaning it’s just a few clicks away from any of your favorite Office 365 apps like Delve, Outlook Web App, SharePoint and others. Work Offline.? Moodle courses can now include Office documents (Word, PowerPoint, Excel, etc.) that can be edited on any device and even offline – no need to stop working if you don’t have an Internet connection.Mobile Friendly, Cross-Platform. Moodle calendar events can be synced with Office 365 and will show up in all of your mobile devices that support Exchange – iOS, Android, Windows, etc. Classroom Ready.? Teachers and faculty can embed their interactive Office Mix lectures in Moodle courses and manage Moodle assignment submissions through OneNote and store the Moodle course documents on OneDrive.NoteFor additional information, see the blog posts Office 365 and Moodle: An Open Approach to Transforming Classrooms and Office 365 and Moodle integration.Objectives of this paperThis paper aims at providing the audience with a better understanding of the Moodle with Office 365 integration, how it works and can be easily deployed, along with the related configuration of the various plugins. For that purpose, this document also provides a complete end-to-end walkthrough to not only illustrate how to smoothly rollout the Moodle with Office 365 solution but also as an opportunity to depict how the Microsoft Azure platform can be a more than ideal candidate to host your Moodle platform.NoteMicrosoft Azure is a flexible and open cloud computing platform hosted in Microsoft datacenters delivering scalable and reliable Internet-scale services. It offers on-demand access to these services, so that users only pay for what they use, while benefiting from almost unlimited capacities.As an IaaS platform (Infrastructure as a Service), it enables you to deploy (complex) workloads (servers, networking and storage infrastructure) in the cloud that you can control and manage on your terms. These capabilities will be illustrated in this document.Also, as a PaaS platform (Platform as a Service), it includes a number of features, which can be used individually or composed together in a public or hybrid cloud fashion. As illustrated hereafter, the Azure services catalog comprises compute, data, and application capabilities/augmentations for web sites, mobile back-ends, media streaming, SQL/ NoSQL databases, caching, etc. which can be directly consumed and integrated in your solutions regardless where they reside.NoteAzure Active Directory is the service that Office 365 uses for identities and other necessary information relating to them. This service can be synchronized and eventually federated with an existing on-premises identity infrastructure, such as Active Directory, another LDAP directory, etc, to unify user identities, but these scenarios are not explained in this document. For more information about Azure Active Directory (Azure AD), see the series of papers available at such, this document describes all the steps that pertains to the Moodle + Office 365 solution, including:How to build a suitable Azure-based test lab environment to later host your instance of the Moodle platform as a set of virtual machines.How to deploy a standard Moodle environment on that basis.How to subscribe to and configure Office 365 with test users.How to configure the above plugins for the Moodle and Office 365 integration.NoteFor additional information, see the document Office 365 Plugins for Moodle.Important noteThe procedures, command lines etc. suggested in this context are provided as is for test purposes only and are devoted to an ad hoc test lab environment. Prior testing, adaption, and validation are required before any use in a production environment. Every steps are explained so that Moodle with Office 365 projects can be more easily completed, and consequently enabling teachers and students to realize the full potential of this integration.The document concludes by illustrating the user experience for teachers and students.Non-objectives of this paperThis document doesn’t provide a full description of the Moodle, Office 365 or Azure platforms. It rather focuses on key aspects that aims at providing the readers an understanding on how to setup and leverage the Moodle with Office 365 integration and solution.It doesn’t provide neither guidance for setting up and configuring the solution in a production environment – beyond highlighting key technical aspects - nor a complete technical reference for these platforms. See the documentation that relates to each platform for any further anization of this paperTo cover the above objectives, this document is organized around the key milestones for the Moodle + Office 365 solution, each of them being addressed in the following sections: REF _Ref423682938 \h \* MERGEFORMAT REF _Ref423683103 \h \* MERGEFORMAT Building a test lab environment. REF _Ref423682745 \h \* MERGEFORMAT Provisioning an Office 365 environment. REF _Ref418059033 \h \* MERGEFORMAT Provisioning an Azure environment. REF _Ref423682765 \h \* MERGEFORMAT Setting up the Moodle platform. REF _Ref423682774 \h \* MERGEFORMAT Setting up and configuring the Office 365 services on Moodle. REF _Ref423682781 \h \* MERGEFORMAT Illustrating the user experience.About the audienceThis document is thus intended for system architects and IT professionals who are interested in understanding the Moodle with Office 365 integration.Building a test lab environmentA challenge in creating a useful test lab environment is to enable its reusability and extensibility. Because creating a test lab can represent a significant investment of time and resources, your ability to reuse and extend the work required to create the test lab is important. An ideal test lab environment would enable you to create a basic lab configuration, save that configuration, and then build out multiple test lab scenarios in the future by starting with the base configuration. Moreover, another challenge people are usually facing with relates to the hardware configuration needed to run such a base configuration that involves several (virtual) machines.For these reasons and considering the above objectives, we have tried to streamline and to ease as much as possible the way to build a suitable test lab environment with an “on-premises” Moodle platform, to consequently reduce the number of instructions that tell you what servers to create, how to configure the operating systems and core platform services, etc. and, at the end, to reduce the overall effort that is needed for such an environment. Thus, this document will leverage the following subscriptions:An Azure subscription. Azure Virtual Machines will enable to host:One intranet member server running Ubuntu Server 14.10 that will be configured as the MySQL serverOne Internet-facing member server running Ubuntu Server 14.1 that will configured as the Moodle Server. Version 2.7 of Moodle will be deployed on this machine.An Office 365 subscription. As per construction for the Moodle with Office 365 integration. Office Enterprise E3 licenses allow to benefit from all the functionalities and notably to get Office 365 ProPlus. Interestingly, every Office 365 subscription has an Azure AD directory underneath, i.e. a robust identity and access management service that will be leveraged for the single sign-on (SSO) capabilities of the Moodle with Office 365 integration.Considering the above choice and elements, the test lab environment we suggest to build will be as follows:Let’s start by provisioning the above Microsoft Office 365 and Azure subscriptions. Provisioning an Office 365 environmentAs mentioned above, and by essence, an Office 365 subscription is required for the suggested test lab environment.To sign up to a free 30-day Microsoft Office 365 Enterprise E3 trial, follow the instructions to the Office 365 Enterprise E3 trial version.NoteFor more information, see the article Sign in to Office 365.For the course of this walkthrough, we’ve provisioned an Office 365 Enterprise (E3) tenant: nfr123. and created the vanity domain contoso123.fr underneath. You will have to choose instead of them domain names of your choice whose name is currently not in use. Whenever a reference to nfr123. or contoso123.fr is made in a procedure, it has been replaced by the corresponding domain name of your choice to reflect accordingly the change in naming.At this stage, we assume that you already have an active Office 365 subscription.Creating the Office 365 accountsTo illustrate the Moodle with Office 365 integration, some Office 365 test users will be necessary. These users should have an Office 365 license assigned to access to the relevant Office 365 services.The Moodle with Office 365 integration also requires an "System API" account with the appropriate privileges to sustains the requirements of the integration, in particular with SharePoint Online for the automatic creation of the collaborative workspaces for each Moodle course.This section will cover how to create the test users, create the "System API" account, and grant this system account the adequate privileges on the SharePoint Online platform.Creating the test usersFor the purpose of our test lab environment, we will start by creating four test users: Teacher Martin, Student 1, Student 2 and Student 3, each with an Office 365 E3 license assigned to benefit from the Office 365 services.To create the above test users, proceed with the following steps:Open a browsing session and navigate to the Office 365 management portal at in with an administration account of the Office 365 subscription.In admin shortcuts on the right of the user interface, click Add new users as highlighted above in yellow.On the details page, specify the user information that pertains to the account to create, and then click Next.On the settings page, fill in the additional information. The user must not be an Office 365 administrator. Set the appropriate location for the user depending on your geography, for example France in our illustration. Click Next.On the assign licenses page, select Office 365 Enterprise E3 as well as all the available option underneath, e.g. Office 365 ProPlus, Skype for Business Online, Office Online, etc. so that the user can use all the available Office 365 functionality. Click Next.On the send results in email page, type an e-mail address where the user will receive the password generated by the platform, for example “Teacher@contoso123.fr” in our illustration. Users can later change their password when they will sign-in for the first time. Click Create.The user has now been created. The assigned password is displayed in results, so that you can potentially communicate it to the user by a mean other than e-mail if needed for some reasons. Click Create another user.Repeat steps 4 to 7 for the other users to be created. At the end of these operations, click Finish.When using the Office 365 platform in a production environment, the accounts can be created automatically via identity management systems for example.Moreover, it is also possible to use the same identities as the ones in your existing on-premises identity infrastructure, such as Active Directory for example, or another LDAP directory, using synchronization and single sign-on (a.k.a. federation) mechanisms if necessary. NoteThe newly generally available Azure AD Connect tool can be used for that purpose for example. This is the one stop shop for connecting your on-premises directories to Azure AD, whether you are evaluating, piloting, or in production. Azure AD Connect provides a single and unified wizard that streamlines the overall onboarding process for both directory synchronization (single or multiple directories) AND single sign-on if you want to. For additional information, see the Microsoft articles Integrating your on-premises identities with Azure Active Directory and Azure Active Directory Connect.These scenarios are not further covered in this paper.NoteFor more information about these scenarios and their implementation in different types of environments, see the Azure AD/Office 365 Single Sign-On with AD FS in Windows Server 2012 R2 (Part 1 and Part 2bis) and Azure AD/Office 365 Single Sign-On with Shibboleth 2 whitepapers. Creating the so-called "System API" accountLet's deal with the so-called "System API" account. You can call this account whatever you like. In our example, we are going to create the account moodleapi@contoso123.fr.To create the account, follow the same procedure as the one illustrated in the previous section for the test users. However, in this case, please ensure that the administrator's privileges are granted to the account (on the settings page).Do not allocate an Office 365 Enterprise E3 license to this account, since it does not need a mailbox nor the other Office 365 services.Configuring the SharePoint Online privilegesYou now need to grant the "System API" account the appropriate privileges on the SharePoint Online platform, so that this account can automatically create the necessary site for each Moodle course.Proceed with the following steps:Open a browsing session and navigate to the Office 365 management portal.On the left pane, click SharePoint.In the SharePoint admin center, select the site collection that will host the Moodle sites, for example in our illustration. Click Owners, and then Manage Administrators.The manage administrators dialog opens up.In Site Collection Administrators, enter the name of the previously created "System API" account, for example moodleapi@contoso123.frin our illustration, in addition to the Company Administrator account that is already present.Click OK.Provisioning an Azure environmentAs mentioned before, an Azure subscription is also required for this test lab environment. If you do not already have an Azure account, you can sign up for a free one-month trial. If you have an MSDN subscription, see Azure benefit for MSDN subscribers on the Azure Web site.NoteOnce you have completed your trial tenant signup, you will be redirected to the Azure account portal and can proceed to the Azure management portal by clicking Portal at the top right corner of your screen. At this stage, and regardless of the chosen option, we assume that you have an Azure subscription in place to proceed with the steps in this guide.Introducing virtual machines in AzureAzure Virtual Machines provides support for virtual machines (VMs) provisioned from the cloud. At a glance, a VM consists of a piece of infrastructure available to deploy an operating system and an application. Specifically, this includes a persistent operating system (OS) disk, possibly some persistent data disks, and internal/external networking “glue”/connectivity to hold it all together. With these infrastructure ingredients, it enables the creation of a platform where you can take advantage of the reduced cost and ease of deployment offered by Azure.To mimic an on-premises deployment with a multi-VM workload as needed here, virtual networks are also required. This is where Azure Virtual Networks come into play. Azure Virtual Networks let you provision and manage virtual networks (VNET) in Azure. A VNET provides the ability to create a logical boundary and place VMs inside it. VNET also provides the capability of connecting Azure Cloud Services (VMs, web roles, and worker roles). Azure Virtual Network provides control over the network topology, including configuration of IP addresses, routing tables and security policies. A VNET has its own private address space. The address space is IPv4 only (but could be extended to IPv6 in a future release). NoteAzure Virtual Network also allows to securely extend on-premises networks into the cloud. With the ability to assign a private address range for its VNET, you can indeed treat it as an extension of your own corporate private network address space by establishing appropriate gates (VPN gateway) between your on-premises corporate private network and virtual network(s) in Microsoft Azure. For that purpose, Azure Virtual Network enables to set up secure site-to-site connectivity between the organization’s corporate VPN gateway and Azure, and then to connect the organization’s on-premises corporate network to the organization’s Azure tenant by using a VPN gateway along with the industry-standard IPsec protocol.?With such a capability, IT administrators can easily create a logically isolated private environment in Azure, and connect it to the organization’s on-premises IT infrastructure by using a secure VPN tunnel. Once set up, the isolated Azure environment can be viewed as a natural extension of the on-premises corporate network.To synthetize, Azure Virtual Network allows you to create private network(s) of VMs in your Azure tenant environment that you can assign IP addresses to (and then optionally connect to your data center through a VPN gateway). Using this method, you can seamlessly connect on-premises (virtual) machines to VMs running in your Azure tenant.The fundamental requirements for deploying Moodle on VM(s) in Azure differ very little from deploying it in VMs (and, to some extent, physical machines) on-premises.Understanding the ongoing costs of virtual machines in AzureVirtual machines in Azure incur an ongoing monetary cost when they are running. This cost is billed against your free trial, MSDN subscription, or paid subscription. NoteFor more information about the costs of running Azure virtual machines, see Virtual Machines Pricing Details and Azure Pricing Calculator on the Azure Web site. To minimize the cost of running the test lab virtual machines, you can do one of the following:Create the test lab environment and perform your needed testing and demonstration as quickly as possible. When complete, delete the test lab virtual machines from the VIRTUAL MACHINES page of the Azure management portal.Shut down your test lab virtual machines into a de-allocated state from the VIRTUAL MACHINES page of the Azure management portal as covered later in this document. However, you should start your virtual machines in a specific order.Adding the Azure trial to the Office 365 accountOnce you have signed up and established your (test) organization with an account in Office 365 Enterprise E3, you can then add an Azure trial subscription to your Office 365 account. This can be achieved by accessing the Azure Sign Up page at with your Office 365 global administrator account. You need to select Sign in with your organizational account for that purpose.NoteYou can log into the Office 365 administrator portal and go to the Azure Signup page or go directly to the signup page, select sign in with an organizational account and log in with your Office 365 global administrator credentials. Once you have completed your trial tenant signup you will be redirected to the Azure account portal and can proceed to the Azure management portal by clicking Portal at the top right corner of your screen. At this stage, you should have an Office 365 Enterprise E3 trial subscription with an Azure trial subscription.Preparing the local environment for AzureMicrosoft Azure PowerShell is the module for Windows PowerShell that you can use to control and automate the deployment and management of the Moodle workload in Azure.The configuration of Azure PowerShell on a local computer consists in:Installing Azure PowerShell, Verifying that Azure PowerShell can run scripts, and enabling scripts to run in Windows PowerShell,Verifying that WinRM allows Windows PowerShell to connect, and configuring WinRM to support basic authentication.Note that this local computer must have Internet connectivity.Installing Azure PowerShell To install the Azure PowerShell module, proceed with the following steps:Open a browsing session and navigate to the Azure Downloads page. Scroll down to Command line tools.Click Install.When prompted to run or save the .exe installation file (WindowsAzurePowerShell.3f.3.3fnew.exe), click Run. A Web Platform Installer 5.0 dialog opens up.Click Install to continue.Click I Accept. At the end of the installation, click Finish to close the Web Platform Installer 5.0 wizard.Click Exit.You can run then the cmdlets from the Azure PowerShell console.Connecting to your Azure subscriptionTo connect to your Azure subscription with the Azure PowerShell console, proceed with the following steps:On the local computer, type "power" in the search function in the Start screen. This search will return the list of applications containing the word "power," including Microsoft Azure PowerShell. Click on the application to start the console of the same name.Run the following command in the Microsoft Azure PowerShell console: Add-AzureAccountA sign-in dialog opens up.Type the email address corresponding to your Azure account and click Continue. You’re redirected to a Sign In page.Type the password associated with your account and click Sign in. Azure authenticates you, saves the credential information, and then closes the dialog. A message states that your subscription is now selected as the default subscription.Once connected to your default subscription, you can use the built-in Help system to list and get help about the cmdlets in the Azure PowerShell module. To list the available cmdlets, run the following command:help azureYou can then display help about a specific cmdlet by typing help followed by the name of the cmdlet, for example “help New-AzureVM”.NoteFor instructions, see the Microsoft TechNet articles How to install and configure Azure PowerShell and Get Started with Azure Cmdlets.NoteFor more information about the cmdlets in the Azure PowerShell module, see the Microsoft MSDN article Azure Management Cmdlets.Enabling Windows PowerShell scriptsTo verify that Azure PowerShell can run scripts, proceed with the following steps;Open an elevated Azure PowerShell command prompt, and run the following command:Get-ExecutionPolicyIf the value returned is anything other than RemoteSigned, you need to change the value to RemoteSigned. Note A digital signature is required from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including email and instant messaging programs) so that they can run. However, a digital signature isn’t required on scripts that you have written on the local computer (not downloaded from the Internet). Finally, you can run scripts that are downloaded from the Internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet. For more information, see the Microsoft TechNet article about_Execution_Policies.Run the following command if needed:Set-ExecutionPolicy RemoteSignedWhen asked, press “Y” to confirm the operation.Enabling WinRM for remote PowerShell shellTo verify that WinRM allows Windows PowerShell to connect, proceeds as follows:In the above elevated Azure PowerShell session, run the following command to check the status of the WinRM service:sc query winrmIf the WinRM service isn’t running, start it with the following command:net start winrmRun the following command:winrm get winrm/config/client/authIn the results, look for the value “Basic =”. If the value is “Basic = false”, you must change the value to “Basic = true”.If the value has to be changed, run the following command:winrm set winrm/config/client/auth @{Basic="true"}The value between the braces { } is case-sensitive. In the command output, verify the value “Basic = true”.If you started the WinRM service in step 2, run the following command to stop it:net stop winrmYou are now ready to setup the virtual machines needed for the Moodle platform.This is the purpose of the next section.Deploying the core Azure-based environmentBy following the instructions outlined hereafter, you should be able to successfully prepare your Azure-based test lab environment for the Moodle platform. As stated before, the Moodle platform will be based on individual virtual machines (VMs) running the Ubuntu Server 14.10 distribution.Important noteIndividual virtual machines (VMs) are needed to separate the services provided on the network and to clearly show the desired functionality. This being said, the suggested configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab networking environment. Any modifications that you make to the configuration details provided in the rest of this document may affect or limit your chances of successfully setting up the Azure-based test environment that will serve as the basis for the Moodle with Office 365 integration. We recommend following this guide as-is first to familiarize yourself with the steps involved, before attempting a deployment on an environment with a different configuration.Microsoft has successfully built the suggested environment with Azure IaaS, and Ubuntu Server 14.10 virtual machines.For greatly ease the deployment of a typical Moodle environment, and rather than creating all of the above resources manually from the Microsoft Azure management portal, we will use a PowerShell script that will perform all of the required actions automatically for.The script New-MoodleEnvironment.ps1 provided with this paper (file Moodle-Office-365-Setup-Guide-(PS-Scripts).zip, available for download) can be used to deploy your own environment to host Moodle in Microsoft Azure. This sample script is inspired by the scripts available in the Script center.To execute the script, connect your PowerShell session to your Azure subscription and execute the following command:.\New-TestLabEnvironment.ps1 -ServiceName "o2m-contoso" -Location "North Europe" -MoodleServerName "o2m-moodle" -MoodleVMSize "Medium" -MysqlServerName "adfs1" -MysqlVMSize "Medium" -VNetAddressPrefix "10.0.0.0/16" -Subnet1AddressPrefix "10.0.1.0/24" -Subnet2AddressPrefix "10.0.2.0/24" The main actions taken by the script are described in detail in the following sections.Creating the virtual networksXML configuration files containing all the network configurations of a subscription are used to create virtual networks in Azure.The configuration procedure is as follows.Export the network configuration of the subscription, if virtual networks have already been configured.If the exported file is empty, create the basic structure of the XML configuration file.Check that the virtual network to be created does not already exist.Add the information on the virtual network to the XML configuration file, with the configuration of the sub-networks.Import the configuration file into the subscription to update the configuration of the network.The network configuration is exported by executing the following Get-AzureVNetConfig command:Get-AzureVNetConfig -ExportToFile C:\temp\azure-vnet.xml The configuration file for the virtual networks required by our Moodle platform is as follows:<?xml version="1.0" encoding="utf-8"?><NetworkConfiguration xmlns:xsd="" xmlns:xsi="" xmlns=""> <VirtualNetworkConfiguration> <Dns /> <VirtualNetworkSites> <VirtualNetworkSite name="m2o-contoso123vnet" AffinityGroup="m2o-contoso123aff"> <AddressSpace> <AddressPrefix>10.0.0.0/8</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="m2o-contoso123vnet-subnet1"> <AddressPrefix>10.0.1.0/24</AddressPrefix> </Subnet> <Subnet name="m2o-contoso123vnet-subnet2"> <AddressPrefix>10.0.2.0/24</AddressPrefix> </Subnet> </Subnets> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration></NetworkConfiguration>The subscription is configured with the complete XML file by executing the following Set-AzureVNetConfig command:Set-AzureVNetConfig -ConfigurationPath C:\temp\azure-vnet.xml Creating the affinity groupThe affinity group is created by executing a simple New-AzureAffinityGroup Power Shell command, as follows:New-AzureAffinityGroup -Name $AffinityGroupName -Location $Location -Label $AffinityGroupName -ErrorVariable lastError -ErrorAction SilentlyContinue The variables $AffinityGroupName and $Location must be entered before executing the command.In the proposed script New-MoodleEnvironment.ps1, these values are automatically generated according to the input parameters of the script.Creating the Cloud serviceThe Cloud service that will contain our virtual machines for the test lab environment is similarly created by executing a PowerShell command.It is important to properly attach our Cloud service to the affinity group that we have just created using the AffinityGroup parameter.New-AzureService -ServiceName $ServiceName -AffinityGroup $AffinityGroupName -ErrorVariable lastError -ErrorAction SilentlyContinue Creating the storage accountThe storage account is created by the command New-AzureStorageAccount.Here again, it is important to specify the affinity group to which our storage account must be linked.New-AzureStorageAccount -StorageAccountName $StorageAccountName -AffinityGroup $AffinityGroupName Deploying the MySQL virtual machineFor the deployment of the virtual machines, the proposed script New-MoodleEnvironment.ps1 starts by asking for the identification information that will be used for the local administration account of the virtual machines.$credential = Get-Credential -Message "Please provide the administrator credentials for the virtual machines" $username = $credential.GetNetworkCredential().username$password = $credential.GetNetworkCredential().password Then, a sequence of PowerShell commands:Create the virtual machine envelope with the command New-AzureVMConfig,Personalize the virtual machine with the command Add-AzureProvisioningConfig,Connect the VM to the right sub-network with the command Set-AzureSubnet,Add an additional 100 GB data disk with the command Add-AzureDataDisk.$mysqlServerVM = New-AzureVMConfig -Name $MysqlServerName -InstanceSize $MysqlVMSize -ImageName $image.ImageName | Add-AzureProvisioningConfig -Linux -LinuxUser $username -Password $password | Set-AzureSubnet -SubnetNames $subnet2Name | Add-AzureDataDisk -CreateNew -DiskSizeInGB 100 -DiskLabel 'mysqldatadrive' -LUN 0 Finally, the virtual machine is created with the command New-AzureVM, by specifying:The Cloud service in which the machine is deployed, The configuration that we have just created,And the virtual network to which this virtual machine must be connected.New-AzureVM -ServiceName $ServiceName -VMs $mysqlServerVM -VNetName $VNetName –WaitForBoot Deploying the Moodle virtual machineThe same operations are repeated for the virtual machine that will host the Moodle Web site.$moodleServerVM = New-AzureVMConfig -Name $MoodleServerName -InstanceSize $MoodleVMSize -ImageName $image.ImageName | Add-AzureProvisioningConfig -Linux -LinuxUser $username -Password $password | Set-AzureSubnet -SubnetNames $subnet1Name | Add-AzureDataDisk -CreateNew -DiskSizeInGB 100 -DiskLabel 'moodledatadrive' -LUN 0 New-AzureVM -ServiceName $ServiceName -VMs $moodleServerVM -VNetName $VNetName -WaitForBoot Creating the HTTP (80) and HTTPS (443) endpointsEndpoints in Azure allow certain services available on our virtual machines to be exposed directly on the Internet.Since Moodle is primarily a web site, the HTTP and HTTPS services must be exposed for our Moodle site to be accessible over the Internet.By default, on Linux machines, Azure creates an endpoint to expose the SSH services on the Internet. This provides access to the Linux environments hosted in Azure, without having to install a VPN infrastructure with Azure, by passing directly over the public IP of the Cloud service.Perform the following sequence of actions to create the endpoints on a virtual machine:Retrieve the required virtual machine by executing the command Get-AzureVM.Add the endpoint with the command Add-AzureEndpoint.Update the virtual machine with the command Update-AzureVM.In the proposed script New-MoodleEnvironment.ps1, all of these actions are performed by the following command block:Get-AzureVM -ServiceName $ServiceName -Name $MoodleServerName |Add-AzureEndpoint -Name "HttpsIn" -Protocol "tcp" -PublicPort 443 -LocalPort 443 -LBSetName "MoodleWebFarm" -ProbePort 80 -ProbeProtocol "http" -ProbePath "/" | Update-AzureVM Once all these actions have been completed, our Azure environment and our virtual machines are ready to install Moodle and the MySQL pleting the DNS registrationsIn order to access your Moodle platform with a domain name other than the one supplied by default by Microsoft Azure (for example m2o-contoso123svc. in our illustration), you must own an Internet domain name.For the purpose of this illustration, we have already acquired the public domain name contoso123.fr, which is used for our entire test lab environment.On the administration page of your Internet domain, add a CNAME (Alias) type record so that a name of your choosing points to your Moodle site.In our example, we want our Moodle site to be accessible at the address do this, we have to create a CNAME record in our domain contoso123.fr with the following information:Host: o2mPoints to: m2o-contoso123svc.Log onto the Microsoft Azure Management portal to find out the domain name of your Azure platform. Once connected to the portal, go to the Cloud service that hosts your Moodle platform.At the bottom of the Cloud service dashboard page, you will find the DNS name of the service that can be accessed over the Internet. This is the name that points to the public IP address allocated to your Cloud service by Microsoft Azure.Setting up the Moodle platformYour Azure subscription should now be ready to install the Moodle platform at this stage.This section describes in sequence the setup of:The Apache server required by Moodle,The MySQL server,Moodle itself,The Office 365 integration plugins for Moodle.Setting up the Moodle serverThis section assumes that the provided script New-MoodleEnvironment.ps1 has already been executed with the suggested parameters configured. If this is not already the case, see section § REF _Ref418059033 \h \* MERGEFORMAT Provisioning an Azure environment.Setting up the Apache HTTP serverTo setup the Apache HTTP server, proceed with the following steps:Log onto the Moodle server using the SSH client of your choice (for example, the PuTTY) client:Host name: m2o-contoso123svc.Port: 49909Enter the following user name and password when invited to do so by the server:User name: "moodleadmin"Password: "Contoso123!?"Switch to thesuper user (root) mode with the following command:moodleadmin@m2o-moodle:~$ sudo –sUpdate the packages of the Linux distribution.root@m2o-moodle:~$ apt-get updateInstall the Apache HTTP serverroot@m2o-moodle:~$ apt-get install apache2NoteVersion 2.4.10 of the Apache HTTP server is installed with this Linux distribution.Setting up the PHP script language and its extensionsTo now setup the PHP script language and its extensions, proceed with the following steps:From the previous SSH connection, install the PHP script language with the following command:root@m2o-moodle:~$ apt-get install php5NoteVersion 5.5.12 of the PHP script language is installed with this Linux distribution.Install the PHP cURL extension.root@m2o-moodle:~$ apt-get install php5-curlNoteThe PHP cURL extension facilitates communications with many servers using numerous protocols and allows data to be exchanged between Moodle platforms over the MNet network.Install the PHP XML -RPC extension.root@m2o-moodle:~$ apt-get install xmlrpcNoteThe PHP XML-RPC extension allows procedure calls to be made on a remote computer. Install the PHP GD extension.root@m2o-moodle:~$ apt-get install php5-gdNoteThe PHP GD extension is used to create and handle various image formats.Install the PHP INTL extension.root@m2o-moodle:~$ apt-get install php5-intlNoteThe PHP INTL extension is used to internationalize PHP scripts, and in particular the numbers, dates and times.Install the PHP OPcache extension.root@m2o-moodle:~$ apt-get install php5-opcacheNoteThe OPcache extension improves the performance of PHP by storing the bytecode of the precompiled scripts in shared memory. The installation of this extension is not compulsory, but is strongly recommended by Moodle.Install the PHP LDAP extension.root@m2o-moodle:~$ apt-get install php5-ldapNoteThe PHP LDAP extension activates the integration of the LDAP protocol by PHP. LDAP is a communications protocol used to interrogate and modify directory services.Install the PHP MySQL extension.root@m2o-moodle:~$ apt-get install php5-mysqlNoteThe PHP MySQL extension allows for connections to MySQL databases from PHP scripts.Setting up the additional packages required by MoodleTo install the additional packages required by Moodle, proceed with the following steps:From the previous SSH connection, install TeX Live.root@m2o-moodle:~$ apt-get install texliveNoteTeX Live provides a LaTeX environment. LaTeX is a system used to create documents and mathematical equations. It is widely used in scientific circles. LaTeX is required by Moodle's standard document creation plugins.Install Aspell and its English dictionaries.root@m2o-moodle:~$ apt-get install aspellroot@m2o-moodle:~$ apt-get install aspell-usNoteAspell is a spell checker required by Moodle's standard document creation plugins. The required English libraries can be found here: NTP.root@m2o-moodle:~$ apt-get install ntpNoteNTP (Network Time Protocol) is a protocol that synchronizes the local clock in a computer with a reference time over a computer network.Install Sendmail.root@m2o-moodle:~$ apt-get install sendmailNoteSendmail is used to send and receive e-mail.Setting up Moodle from the serverIt is also possible to install Moodle directly, in the same way as we installed the HTTP server, by executing the following two commands. But this option is not recommended in so far as, in this case, we cannot control the versions of Moodle (e.g., 2.7 vs. 2.8) and SQL (e.g., MySQL vs. PostgreSQL) that are installed. The versions depend on the chosen Linux distribution.root@m2o-moodle:~$ cd /var/www/htmlroot@m2o-moodle:/var/www/html$ apt-get install moodle We are rather going to install Moodle using the versions available on the official Moodle web site.To do that, proceed with the following steps:Still from the same SSH connection, create the directory src.root@m2o-moodle:~$ mkdir /srcroot@m2o-moodle:~$ cd /srcNoteMoodle will be downloaded into this directory in the next step.Download version 2.7 of Moodle in tgz format.root@m2o-moodle:/src$ wget the time of writing, the most recent version of Moodle was version 2.8, which was first released on November 10, 2014. Version 2.7 was first released in May 12, 2014. We have chosen to install version 2.7 of Moodle, because it is an LTS version (Long-Term Support), which means that it will be maintained by Moodle for 3 years, instead of 18 months for regular versions. Moreover, not all the plugins developed by the Moodle community are compatible with version 2.8 of Moodle.NoteThe links used to download the latest version of Moodle and the versions of Moodle that are still maintained are respectively available on the Latest Release and Other supported releases pages of the official Moodle site (see the link behind the button Download tgz).Extract the Moodle files from the archive.root@m2o-moodle:/src$ tar -xzf moodle-latest-27.tgzMove the Moodle directories to a directory that is accessible on the web.root@m2o-moodle:/src$ mv moodle /var/www/moodleCreating the moodledata directorymoodledata is the directory where Moodle stores the files created or downloaded from the platform. All the content created by users will be stored in this directory, and in particular the courses, documents, images and videos hosted on the platform.To create this directory, proceed with the following steps:Still from the same SSH connection, create a secure directory called moodledata.root@m2o-moodle:~$ mkdir /var/moodledataNoteFor security reasons, the moodledata directory must not be directly accessible from the web. Therefore, it must not be created in the directory /var/www/.Notemoodledata is the default name of this directory, but it can be renamed.Authorize the HTTP server to use the moodledata directory.root@m2o-moodle:~$ chown www-data:www-data -R /var/moodledataroot@m2o-moodle:~$ chmod g+rws -R /var/moodledataNoteDepending on the Linux distribution in use, the Apache user and the default Apache group can be called www-data, nobody or apache.NoteThe command chown (change owner) is used to change the owner of the directory, while the command chmod (change mode) changes the privileges of the directory. At this point, we add (+) read (r) and write (w) privileges to the moodledata directory and its sub-directories (-R), and make sure that Moodle keeps these privileges for all the files that are created or deposited in the directory, irrespective of the Moodle user who creates or downloads the files.Setting up and configuring the database serverMoodle supports various types of database servers:MySQL,PostgreSQL,Microsoft SQL Server,MariaDB,Oracle.It is advisable to use a MySQL database server. Even if the core of Moodle is compatible with Microsoft SQL Server, this is not the case for all the plugins developed by the Moodle community. This is the reason why we will opt to use a MySQL database server in our test lab environment.Setting up the database serverTo setup the database server, proceed with the following steps:Log onto the MySQL server using the SSH client of your choosing (for example PuTTY):Host name: m2o-contoso123svc.Port: 59337Enter the following user name and password when invited to do so by the server:User name: "moodleadmin"Password: "Contoso123!?"Switch to super user (root) mode.moodleadmin@m2o-mysql:~$ sudo –sUpdate the packages of the Linux distribution.root@m2o-mysql:~$ apt-get updateInstall the MySQL server.root@m2o-mysql:~$ apt-get install mysql-serverEnter the administrator password of the database server, for example "Contoso123!" in our illustration and press ENTER.Confirm the administrator password of the database server, for example "Contoso123!" in our illustration and press ENTER.Configuring the database serverTo configure the database server, proceed with the following steps:From the previous SSH connection, log onto the database server as the administrator.root@m2o-mysql:~$ mysql -uroot -pType the password, for example “Contoso123!" in our illustration.Enter password: Log onto the MySQL database.mysql> connect mysql;Authorize the Moodle server to connect to the MySQL database.mysql> CREATE USER 'moodleadmin'@'10.0.1.4' IDENTIFIED BY 'moodleazure';mysql> GRANT ALL PRIVILEGES ON * . * TO 'moodleadmin'@’10.0.1.4' IDENTIFIED BY 'moodleazure' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;Notemoodleadmin is the username of the virtual machine hosting the Moodle server. 10.0.1.4 is the public IP address of the virtual machine hosting the Moodle server. moodleazure is the password that the Moodle server uses to log onto the MySQL database.Update the access privileges to the database to apply the recent changes. mysql> FLUSH PRIVILEGES ;Quit the MySQL database.mysql> quit ;Opening the MySQL server on the virtual networkSince the MySQL server is installed in packages, by default, it is configured as local. Consequently, it must be made accessible from the virtual network between the two virtual machines.Proceed with the following steps:Still working from the same SSH connection, edit the MySQL database configuration file. root@m2o-mysql:~$ vi /etc/mysql/fFind the line bind-address and replace the value 127.0.0.1 with 10.0.2.4 to open the MySQL database on the virtual network.bind-address= 10.0.2.4Note10.0.2.4 is the public IP address of the virtual machine hosting the MySQL server.Restart the database to apply the new configuration.root@m2o-mysql:~$ service mysql restartNoteThe following command can be executed on the Moodle server to check that the MySQL can be accessed from the Moodle server by the user moodleadmin we configured in step REF _Ref415215815 \r \h \* MERGEFORMAT 4. If everything is functioning correctly, we can enter the password moodleazure to access the mysql> invite.root@m2o-moodle:~$ mysql –hm2o-mysql –umoodleadmin pPointing the domain name o2m.contoso123.fr to the Moodle serverThe virtual hosting service (or vhost) should be activated on the Moodle server in order to point the domain name o2m.contoso123.fr to the Moodle server. Virtual hosting can also address several instances of Moodle hosted on a shared Apache HTTP server (e.g., a production instance of Moodle and a qualification instance of Moodle).If you have logged off the Moodle server, log on again by repeating steps REF _Ref415215787 \r \h \* MERGEFORMAT 1 to REF _Ref415215791 \r \h \* MERGEFORMAT 3 in section § REF _Ref417991729 \h \* MERGEFORMAT Setting up the Apache HTTP server.Activate the virtual hosting service on the Apache HTTP server.root@m2o-moodle:~$ cd /etc/apache2/mods-enabledroot@m2o-moodle:/etc/apache2/mods-enabled$ ln -s ../mods-available/vhost_alias.loadNoteThe command ln creates a symbolic link (-s) with the target file vhost_alias.load in the current directory. To deactivate the hosting service, simply delete the symbolic link. In this way, the target file is not deleted and can be used again to reactivate the service.Restart the Apache HTTP server.root@m2o-moodle:~$ service apache2 restartCreate a virtual hosting configuration file for Moodle.NoteUse the default virtual hosting configuration file as a starting point.root@m2o-moodle:~$ cd /etc/apache2/sites-availableroot@m2o-moodle:/etc/apache2/sites-available$ cp 000-default.vhost 030-moodle27.confroot@m2o-moodle:/etc/apache2/sites-available$ vi 030-moodle27.confAdd the name of the server above the line ServerAdmin webmaster@localhost.ServerName o2m.contoso123.frReplace the default root directory with /var/www/moodle27.DocumentRoot /var/www/moodle27Add a permanent HTTP redirection in order to force the HTTPS connection on all the pages of the platform.Redirect Permanent / the following lines after the root file in order to configure access control.<Directory /var/www/moodle27>Options -Indexes +FollowSymLinks +MultiviewsAllowOverride NoneAllow from all</Directory>NoteThe -Indexes option prevents the list of files from being displayed. The +FollowSymLinks option allows symbolic links to the followed. The +Multiviews option authorizes file variants (for example, in the event of multiple languages). It is optional. The AllowOverride None directive prevents access rights from being overridden using .htaccess files. It is very important to deactivate this directive in order to protect the security of a Moodle platform. Finally, the Allow from all directive allows users to access the platform from the web.Edit the log files as shown below in order to reflect the virtual hosting instance.ErrorLog ${APACHE_LOG_DIR}/error_moodle27.logCustomLog ${APACHE_LOG_DIR}/access_moodle27.log combinedSave the changes and exit the text editor.:wqActivate the new configuration.root@m2o-moodle:~$ cd /etc/apache2/sites-enabledroot@m2o-moodle:/etc/apache2/sites-enabled$ ln -s ../sites-available/030-moodle27.confNoteThe .conf file extension is essential for the configuration to be properly applied.Installing the SSL/TLS certificateTo install the SSL/TLS certificate, proceed with the following steps:From the same SSH connection, activate the SSL/TLS service on the Apache HTTP server.root@m2o-moodle:/etc/apache2/sites-enabled$ cd /etc/apache2/mods-enabledroot@m2o-moodle:/etc/apache2/mods-enabled$ ln -s ../mods-available/ssl.loadroot@m2o-moodle:/etc/apache2/mods-enabled$ ln -s ../mods-available/ssl.confroot@m2o-moodle:/etc/apache2/mods-enabled$ ln -s ../mods-available/socache_shmcb.loadCreate an SSL virtual hosting configuration file.root@m2o-moodle:/etc/apache2/mods-enabled$ cd /etc/apache/sites-availableroot@m2o-moodle:/etc/apache2/sites-available$ cp 030-moodle27.conf 030-moodle27-ssl.confroot@m2o-moodle:/etc/apache2/sites-available$ vi 030-moodle27-ssl.confNoteUse the virtual hosting configuration file that we have just created as a starting point.Edit the first line as shown below so that the virtual hosting functions in HTTPS.<VirtualHost *:443>Note443 is the HTTPS port.Edit the log files as shown below in order to reflect the SSL virtual hosting instance.ErrorLog ${APACHE_LOG_DIR}/error_moodle27-ssl.logCustomLog ${APACHE_LOG_DIR}/access_moodle27-ssl.log combinedAdd the lines before the </VirtualHost> tag.SSLEngine onSSLCertificateFile /home/moodleadmin/star_contoso123_fr.crtSSLCertificateKeyFile /home/moodleadmin/star_contoso123_fr.keySSLCertificateChainFile /home/moodleadmin/DigiCertCA.crt<FilesMatch "\.(cgi|shtml|phtml|php)$">SSLOptions +StdEnvVars</FilesMatch><Directory /usr/lib/cgi-bin>SSLOptions +StdEnvVars</Directory>BrowserMatch "MSIE [2-6]" \nokeepalive ssl-unclean-shutdown \downgrade-1.0 force-response-1.0BrowserMatch "MSIE [17-9]" ssl-unclean-shutdownNotestar_contoso123_fr.crt?is the wildcard SSL/TLS certificate of the domain *.contoso123.fr, star_contoso123_fr.key is the private key and DigiCertCA.crt?is the associated SSL/TLS chain certificate.NoteFor more information about the added SSL/TLS parameters, see the comments in the default SSL configuration file default-ssl.conf in the same directory.Save the change and exit the text editor.:wqActivate the new configuration.root@m2o-moodle:/etc/apache2/sites-available$ cd /etc/apache2/sites-enabledroot@m2o-moodle:/etc/apache2/sites-enabled$ ln -s ../sites-available/030-moodle27-ssl.confRestart the Apache HTTP server to activate the SSL service and to apply the new configuration.root@m2o-mysql:/etc/apache2/sites-enabled$ service apache2 restartRun an Apache configuration test to check that the configuration files are OK. root@m2o-moodle:/etc/apache2/sites-enabled$ apachectl configtestNoteIf everything is OK, the command returns Syntax OK.Opening the rights on the Moodle configuration filesTo open the rights on the Moodle configuration files, proceed with the following steps.Whilst still working from the same SSH connection, authorize the editing of the Moodle configuration files so that the platform can be installed from the web.root@m2o-moodle:/etc/apache2/sites-enabled$ cd /var/wwwroot@m2o-moodle:/var/www$ chmod o+w moodle27NoteFor security reasons, remember to cancel this write authorization, once the platform has been installed from the web.Apply a write authorization to the plugin directories, so that the plugins can be installed.root@m2o-moodle:/var/www$ cd /var/www/moodle27root@m2o-moodle:/var/www/moodle27$ chown www-data:www-data modroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data blocksroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data authroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data filterroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data user/profile/fieldroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data localroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data mod/assign/submissionroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data mod/assign/feedbackroot@m2o-moodle:/var/www/moodle27$ chown www-data:www-data repositoryroot@m2o-moodle:/var/www/moodle27$ chmod g+w mod blocks auth user/profile/field local mod/assign/submission mod/assign/feedback repository filterNoteThis operation is necessary for each type of plugin to be installed. In this case, the write authorization is only applied in the plugin directories corresponding to the types of plugins that we intend to install in our demonstration.Setting up and configuring Moodle from the webAt this point of the installation of the test lab environment, make sure that the DNS record of the domain name o2m.contoso123.fr points to the Moodle server. If this is the case, you can continue. If not, repeat the previous steps.Setting up Moodle from the webProceed as follows to install Moodle from the web:Go to English (en) – or the language of your choice-, and then click Next.Type "/var/moodledata/moodle27" in Data directory, and then click Next.Select Enhanced MySQL (native, mysqli) in Type, and then click Next.Enter: "m2o-mysql" in Database server, "moodle27" in Database name, "moodleadmin" in Database user, "moodleazure" in Database password, "3306" in Database port.Click Next.NoteKeep the default value mdl_ in the Tables prefix field. Note3306 is the default port of the MySQL database.Read the conditions of use of Moodle, and then click Continue. Moodle then checks the prerequisites for the installation. Every status must be OK in order to continue.Click Continue. Moodle is then installed component by component. This may take a few minutes.Once all the components have been installed, click Continue.Creating the administrator account of the Moodle platformAt this point of the installation, we are going to create the administrator account of the Moodle platform. Proceed with the following steps:In the Installation dialog, fill in at least the empty compulsory fields of the administrator profile, i.e. New password ("CustomAdminPassword") and email address ("admin@contoso123.fr"). NoteYou can also personalize the other fields of the platform administrator profile on this page. These settings can be changed at a later date.Click Save profile.Configuring the front pageWe are now going to configure the Moodle front page.Proceed with the following steps:In New settings – Settings for the next front page, enter at least the compulsory empty fields of the home page, i.e. the Complete site name ("Contoso University" in our illustration) and the Abbreviated site name ("Contoso University"). NoteThese settings can be changed at a later time.Click Save changes.The setup of a standard Moodle platform is now complete at this stage.?You are redirected to the platform's home page.Locking the Moodle configuration filesOn the Moodle server, you must now protect the Moodle configuration files against being modified from the Moodle web for security reasons. If you have logged off the Moodle server, log on again by repeating steps REF _Ref415215787 \r \h \* MERGEFORMAT 1 à REF _Ref415215791 \r \h \* MERGEFORMAT 3 in section § REF _Ref417991729 \h \* MERGEFORMAT Setting up the Apache HTTP server.Enter the following commands from the SSH console:root@m2o-moodle:~$ cd /var/wwwroot@m2o-moodle:/var/www$ chmod o-w moodle27Setting up the Microsoft resources for MoodleThe integration between Office 365 and Moodle is based on two sets of Microsoft plugins for Moodle.Office 365 integration plugins. This set of six plugins integrates Moodle with Word Online, OneDrive for Business, the Outlook calendar and other functionality, such as Office Mix. This set of plugins uses the Azure AD directory to provide a single sign-on (SSO) service with Office 365.Microsoft Services plugins. This set of seven plugins completely integrates Moodle and OneNote to improve the management of assignments, submissions to assignments for the students and the teachers' comments on the assignments submitted.NoteIntroducing OneNote Class Notebooks—a flexible digital framework for teaching and learning describes the use of digital OneNote notebooks for teaching.There are several methods to install the Moodle plugins:From the directory of Moodle plugins (i.e., from ),From a ZIP file,From a FTP client,Directly on the Moodle server.The first method is the preferred one since it guarantees to have the latest version of the plugin that is compatible with the version of Moodle that we have installed.This method however requires to freely register on the site.?We will use this method to install our test lab environment.Creating a free account on To create a free account on , proceed with the following steps.Open a browsing session and navigate to site is based on Moodle.Click Log in in the top right of the screen.Click Create new plete at least the mandatory fields: Username, Password, Email address, Email (again), First name and Last name, and answer the security question. Click Create new account.NoteA request for confirmation of the registration is sent to the email address entered in the form. Click on the link in this email address to activate the account.Setting up the plugins from the Moodle plugins directoryNow that the account is active, we can install the Moodle plugins.Proceed with the following steps:Log onto the site using the username and the password defined in the previous section.Navigate to the Moodle platform and, if necessary, sign-in with the administrator account again by clicking Log in in the top right of the screen.Under ADMINISTRATION on the left pane, click Site administration, plugins, and then Installer plugins.Click Install plugins from the Moodle plugins directory. You should then be redirected to the site.Click Log in.Log in using the username and the password defined in the previous section.NoteThis step establishes the link between the Moodle platform o2m.contoso123.fr and the account that we have just created.Enter Office 365 in the search field and click Search plugins.Click the plugin OpenIDConnect.Click Install now.Click Install now on the line Université Contoso.Click Continue. Moodle checks the plugin before installing it. All the tests must be OK in order to continue.Click Install plugin.Repeat the steps 8 to REF _Ref415215746 \r \h \* MERGEFORMAT 12 for the 12 other Microsoft plugins.Microsoft Office 365 Integration (local_o365)Office 365 Integration (local_office365)Office365 Connection (profilefield_o365)OneDrive for Business (repository_office365)OpenIDConnect Management (profilefield_oidc)Microsoft Account (local_msaccount)Microsoft OneNote (local_onenote)Microsoft OneNote (repository_onenote)Microsoft Services (local_microsoftservices)OneNote block (block_onenote)OneNote Feedback (assignfeedback_onenote)OneNote submissions (assignsubmission_onenote)oEmbed Filter (filter_oembed)NoteFor more information about the role of each one of the plugins listed above, see REF _Ref418065289 \h \* MERGEFORMAT Appendix A The set of Microsoft plugins.NoteAll these plugins are accessible from the results that is made in step REF _Ref415215927 \r \h \* MERGEFORMAT 7, apart from the oEmbed Filter plugin, for which a new search must be run. In step REF _Ref415215933 \r \h \* MERGEFORMAT 8, it is possible to open the download page of each plugin in a new tab to make the installation of the plugins easier.NoteThe database cannot be updated before installing all the plugins because some of them are required by others.Once the last plugin has been installed, click Update the database now.Once all the updates have been completed, click Continue.Moodle displays the list of the newly available settings, following the installation of the new plugins. There is no need to apply these settings at this point.Navigate to to return to the home page of the Moodle platform and ignore these settings for the time being.Starting cron on the HTTP servercron is a program that automatically executes scripts or commands, on a given date and at a given time specified in advance. Moodle uses cron to schedule its maintenance operations.To start cron, proceed with the following steps:If you have logged off the Moodle server, log on again by repeating steps REF _Ref415215787 \r \h \* MERGEFORMAT 1 to REF _Ref415215791 \r \h \* MERGEFORMAT 3 in section § REF _Ref417991729 \h \* MERGEFORMAT Setting up the Apache HTTP server.Edit the cron configuration file.root@m2o-moodle:~$ crontab -eSelect the vim text editor.Add the following line at the end of the file.*/10 * * * * /usr/bin/wget -q -O /dev/null command executes the Moodle cron PHP script every 10 minutes.Save changes and exit the text editor.:wqSetting up and configuring the Office 365 services on MoodleThe Office 365 services complete the Moodle learning platform by increasing the productivity of students and teachers.The set of Office 365 integration plugins completely enables an integration path with Word Online, OneDrive for Business, OneNote and the Outlook calendar, as we have already mentioned.This section discusses their implementation in our test lab environment.NoteFor more information, see the corresponding Moodle documentation.Configuring the pluginsThe first step consists in activating and configuring the OpenID Connect authentication plugin that allows for single sign-on between the Office 365 platform and Moodle.Log onto Moodle as the platform administrator, and proceed with the following steps. Go to Site administration Plugins Authentication. Click Manage authentication. Locate the OpenID Connect authentication plugin and click on the "eye" to activate it.Click on Settings. The OpenID Connect page plete the fields:In Provider Name, enter a name that can be used to select an authentication provider. This is usually the name of the organization. For example in our illustration, enter "Contoso123”.In Auth Endpoint, enter "".In Token Endpoint, enter "".In Redirect URI, enter the address of your Moodle site followed by /auth/oidc, for example in our illustration "".Click Save changes.Leave the OpenID Connect page open. We will return to it later.Configuring the Office 365 single sign-onTo enable Moodle to authenticate Office 365 identities, you have to configure the Azure AD directory used by your Office 365 subscription so that it authorizes your Moodle application to use the identities declared in it.The Azure management portal allows you to manage your Azure Active Directory. To begin with, we are going to link the Azure AD directory used by the Office 365 tenant with the Azure subscription that contains the Moodle environment. This will enable you to manage all the Azure resources from a single portal.Proceed with the following steps:In a new tab in the browser, navigate to the Microsoft Azure management portal at and sign-in.Click "+" and select: APPLICATION SERVICES ACTIVE DIRECTORY DIRECTORY CUSTOM CREATEThe Add directory dialog opens up.Select Use existing directory.Check I am ready to log off.Authenticate yourself with an Office 365 account.Click Continue.Log off, then log on again with your Azure account.Registering an application in the Azure portalThe next step in the configuration of single sign-on (SSO) between Moodle and Office 365 consists in registering the Moodle application in the Azure AD directory, so that it can be granted certain privileges.To register the Moodle application, proceed with the following steps:If you are not already logged onto the Microsoft Azure portal, log on at ACTIVE DIRECTORY?on the left pane and select your Azure AD directory.In the top menu, click APPLICATIONS. If no applications have been installed yet, this page only displays the Add an application link. Click this link or ADD at the bottom of the tray.The What do you want to do? dialog box opens.Click Add an application my organization is developing.On the?Tell us about your application page, specify a name for your application, for example “O2m.Contoso123” in our illustration. Leave WEB APPLICATION WEB AND/OR WEB API selected for the type, and then click the arrow icon in the bottom right.On the App properties page, specify:In SIGN-ON URL the redirection address of your Moodle?instance previously configured for the OpenID Connect protocol, for example “” in our illustration.In APP ID URI the main address of your Moodle instance, for example “” in our illustration.Click the check mark icon in the bottom right, and then click OK.Configuring the application that provides identities to MoodleOnce the application has been added, you simply need to perform a few configuration steps to allow Moodle to use the Azure AD/Office 365 identities.Proceed with the following steps:In the Microsoft Azure management portal, select the Moodle application that you have just created.Click CONFIGURE and scroll down to Client ID.Copy the value of the field. You will need it to finalize the configuration of the OpenID Connect plugin in Moodle. This will correspond to an eponym field. Scroll down to keys.In Keys, select 1 year for the duration.A new key is created.Click SAVE at the bottom of the tray to save the newly created key.Copy the value of the key. You will need it to finalize the configuration of the OpenID Connect plugin in Moodle. This will correspond to a Client Secret field. Back in the OpenID Connect configuration page of your Moodle instance, copy the above values to the related target Client ID and Client Secret fields.Click Save changes.Back in the Microsoft Azure management portal, in the above Moodle configuration page, scroll down to permissions to other applications. Click Add application. A Permissions to other applications opens up. Click the "+" on the right of both Office 365 Exchange Online and Office 365 SharePoint Online.Click the check mark icon at the bottom right to close the dialog.Click Delegated Permissions next to Office 365 Exchange Online, and then select:Read and write users calendarsRead users calendarsLikewise, click Delegated Permissions next to Office 365 SharePoint Online, and then select:Read and write user filesRead user files Have full control of all site collections Read and write items and lists in all sites collectionsRead and write items in all site collectionsRead items in all site collections Click Application Permissions next to Windows Azure Active Directory, and then select:Read directory dataFinally, click Delegated Permissions next to Windows Azure Active Directory, and then select:Read directory dataEnable sign-on and read users’ profilesAccess your organization’s directoryClick SAVE at the bottom of the tray.Adding a user to the applicationOnce the Moodle application has been configured in Azure AD, you must then assign users to it so that Azure AD can allow them an access.Proceed with the following steps:Still in the Moodle application page in the Azure management portal, click USERS.In USERS, select the Office 365 user(s) who should be able to access this application, namely in our illustration, the test users Teacher Martin, Student 1, Student 2 and Student 3 created earlier in this document, see section § REF _Ref423624521 \h \* MERGEFORMAT Creating the test users.Click ASSIGN at the bottom of the tray.Click YES to confirm.Integrating with Microsoft Office 365Proceed with the following steps:In Moodle, go to the ADMINISTRATION Plugins Local plugins page.Click Microsoft Office 365 Integration.Click Set User of the System API User option.Enter an Office 365 administrator type user. It is preferable to use a specific account for this purpose. In our illustration, we have already created an Office 365 administrator account called moodleapi@contoso123.fr.Check Sync users from Azure AD to synchronize the Azure AD users with the Moodle instance.For the Application Permissions part, click Update to check that the permissions have been correctly set on Azure AD.In AAD Tenant, enter the default domain of the subscription. For example, if the subscription is contoso123., enter "contoso123.".In OneDrive for Business URL, enter the complete qualified DNS name (FQDN) of the OneDrive for Business spaces. If the SharePoint Online tenant is contoso123., like in our illustration, enter "contoso123-my.".Click Save changes.In SharePoint Link, enter the complete address of the SharePoint site you want to use for Moodle. For example, if the main SharePoint site collection is nfr123., like in our example, enter "".If the site does not exist in the target SharePoint Online environment, Moodle will create the site automatically. To do this, your "System API" account that was configured in section § REF _Ref418021163 \h \* MERGEFORMAT Creating the "System API" account for integration with Moodle must be the administrator of the parent site or of the target site collection.Once Moodle has finished creating the site in SharePoint, the element in the Moodle configuration page turns green. The integration of the Office 365 plugins is now complete.Click Save changes.Integrating with OneNote The set of Microsoft Services plugins enable a complete integration between Moodle and OneNote in order to improve the management of assignments, submissions to assignments for the students’ and the teachers' comments on the assignments submitted.This section looks at their implementation in our Azure-based test lab environment.NoteFor more information, see the corresponding Moodle documentation.Proceed with the following steps for the OneNote integration:Go to the Moodle administration site and click Site administration Plugins Activity module OneNote submission. Check Enable by default.In OneNote page size, select Taille limite de dép?t Site (80 Mo).Click Save changes.Go to the Moodle administration site and click Site administration Plugins Activity module Assignments Feedback plugins OneNote feedback. Tick Enable by default.Click Save changes.Open a new tab on your browser, go to and sign in with you Microsoft account.Navigate to the site Application name, type a name to identify the Moodle site, for example "Moodle" in our illustration.Select a language, for example English (United States) in our illustration.Click I accept.Under Settings on the left, select API settings.Check No under Mobile or desktop client application.Check Yes?under Restrict JWT issuing.Specify the root domain, for example "o2m.contoso123.fr" in our illustration.Specify the redirection address, which is "" in our illustration.Click Save.Under Settings on the left, now select App Settings.Copy the value Client ID and Client secret (v1). This should sound somehow familiar. You will unsurprisingly need these values to finalize the configuration of the Microsoft Account plugin.Navigate to the Moodle administration site and click Site administration Plugins Local plugins Microsoft Account.Paste the information that you’ve just copied in the corresponding fields.Click Save changes.At the end of this step, the installation, configuration and integration with Office 365 have been completed.Illustrating the user experienceSigning in to Office 365The easiest way to connect to Office 365 is to use the Office 365 user portal.Proceed with the following steps:Open a browsing session and navigate to the Office 365 user portal at in with the credentials, i.e. e-mail address and password, of one of the previously created test users.Once authenticated, you’re redirected to the home page of the portal, which shows all the available Office 365 applications.Click the apps launcher in the upper left corner of the page.Click My apps to access other applications assigned to you. Since you have completed at this stage the integration of the Moodle environment with your Office 365 subscription, the latter appears in the list of the available applications that you can access, if you have signed in with one of the test user.The Contoso University app can be pinned in the app launcher for quick access to Moodle from Office 365. Right-click Contoso University, and then select Pin to app launcher.Signing in into MoodleInterestingly, you can alternatively sign-in into Moodle directly by using one of the Office 365 test accounts created earlier in this document, and all of this without having to navigate first through the Office 365 portal.Proceed with the following steps:Open a browsing session and navigate to the Moodle site, for example in our configuration.Click Log in in the upper right corner.Click Log in in the upper right corner.Under Log in using your account in, click Office 365. You should now be automatically redirected to the Azure AD portal. Enter your Office 365 credentials, and then click Sign in. Once authenticated, you are redirected towards the Moodle site, while being connected to it.Configuring the synchronization of the Moodle calendar with Office 365The synchronization of the Moodle calendar is not configured by default and is left to the user's initiative.To synchronize, log into Moodle with a user account. Proceed as follows:In Moodle, navigate to View profile.On the Office 365 Connection line, click Manage.At the bottom, click Outlook Calendar Sync.Check the various types of calendar to be synchronized, then click on Save to complete the configuration.Once the synchronization has been activated, all the new events assigned to this user will be automatically sent to their Office 365 calendar.Going furtherWe wanted this paper to be readily usable by readers - for tests and experiments - and to show how to facilitate the rapid extension of the Moodle services with Office 365.In this document, we decided to execute Moodle on virtual machines hosted in Microsoft Azure. Such an approach allows to rapidly and smoothly create a test lab environment that is suited to the needs of tests/fine-tuning, and that can be quickly and dynamically resized for production purposes and changes of scale.With the virtual machines and all the features that relates to a IaaS platform, we’ve only scratch the surface in terms of services that Microsoft Azure can provide to sustain your need. We’ve shortly mentioned earlier in this document some of the PaaS, such as web applications or managed databases. These services optimize the services provided by your Moodle solution, allowing you to focus on the content of the teaching platform and the corresponding services. The whitepaper Enabling Hybrid Cloud Today with Microsoft Technologies depicts some augmentations that may make sense in your own environment. For more information on the additional capacities of Microsoft Azure, or for any questions about this paper, Moodle, Azure or Office 365, please contact us. Thank you for reading this paper.See you soon!Appendix A Microsoft plugins for MoodleMicrosoft Office 365 pluginsThis is a Shell plugin that functions using dependencies with all the other Office 365 plugins. It helps to maintain the consistency with the other plugins.OpenID Connect (). The OpenID Connect plugin delivers the single sign-in (SSO) functionality using configurable identity providers.Microsoft Office 365 Integration (). This plugin provides the libraries and services that feed the other Office 365 plugins. As well as implementing the Office 365 APIs, this plugin also handles a broad variety of Moodle events in order to fully integrate Office 365 in a Moodle environment. OneDrive for Business (). This plugin provides access to OneDrive for Business as a data repository. It can also access SharePoint sites configured by local_o365 for each Moodle course, which can be used by teachers as a shared data repository.Office 365 Connection (). This plug establishes a link with the user profiles in order to access the Office 365 management functions.OpenIDConnect Management (). This plug establishes a link with the user profiles in order to access the OpenID Connect management functions.oEmbed Filter (). The hyperlinks of the oEmbed protocol that point to the supported sites are replaced by an embedded version. This filter directs students to videos on external sites without exiting Moodle and prevents them from being distracted by other content. The following sites are currently supported: YouTube*, Vimeo*, Ted*, SlideShare, Screenr, Issuu, Poll Everywhere, Soundcloud and Microsoft Mix*Also supports optional "lazy" downloads. With these sites, a thumbnail of the video is displayed, which is immediately replaced by the video itself when the user clicks on it. This shortens the time taken to download and reduces consumption of network bandwidth.Microsoft Services pluginsAll the Microsoft Services plugins depend on this Shell plugin. It is used to maintain all the other plugins. Microsoft OneNote Block (). This plugin provides a container for the Microsoft account sign-in button and the action buttons used with Microsoft OneNote.Microsoft Account API Local Plugin (). This plugin provides a simple client API for authentications based on OAuth2 and to manage access tokens for the Microsoft accounts. It also provides help functions that allow calls to the REST APIs using the Microsoft account.Microsoft OneNote Online API Local Plugin (). This plugin provides a client API that is common with the other Microsoft plugins so that Moodle users can use Microsoft OneNote Online. This includes operations such as browsing the notebooks, sections and pages. Students can submit their assignments in OneNote and the teachers can respond by sending their feedback on the assignments. It uses the Microsoft Account local plugin for authentication and the OneNote Online REST API.Microsoft OneNote Assignment Feedback Plugin (). This plugin allows teachers to grade assignments and comment on the assignments submitted by students using OneNote. It includes a view of a student's assignments in OneNote, the creation of the corresponding OneNote page with the comments on the submitted assignment, saving the comments in OneNote in Moodle in the form of a zipped file containing the HTML and any images contained in the submitted assignment and the recreation of the OneNote page from the zipped file in Moodle, if necessary.Microsoft OneNote Assignment Submission Plugin (). This plugin provides the functionality specific to a student working on an assignment in OneNote. It includes the creation of a OneNote page corresponding to the assignment, saving the student's work in OneNote in Moodle in the form of a zipped file containing the HTML and any images contained in the assignment and the recreation of the OneNote page from the zipped file in Moodle, if necessary. It uses the Microsoft OneNote API Local plugin to perform certain operations.Microsoft OneNote Repository Plugin (). This plugin allows users to browse the content in OneNote Online, such as the notebooks, sections and pages using the Moodle file picker UI. It also allows them to download the content onto their own OneNote page. It uses the Microsoft OneNote API Local plugin to perform certain operations.oEmbed Filter (). The hyperlinks of the oEmbed protocol that point to the supported sites are replaced by an embedded version. This filter directs students to videos on external sites without exiting Moodle and prevents them from being distracted by other content. The following sites are currently supported: YouTube*, Vimeo*, Ted*, SlideShare, Screenr, Issuu, Poll Everywhere, Soundcloud and Microsoft Mix*Also supports optional "lazy" downloads. With these sites, a thumbnail of the video is displayed, which is immediately replaced by the video itself when the user clicks on it. This shortens the time taken to download and reduces consumption of network bandwidth. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download