“Bring your AI to work” is here: Microsoft edition - What Multiple Account Access to Copilot means

on
Multiple Account Access to Copilot On October 1. 2025 Microsoft released a blog post explaining how employees now can use Copilot from their personal 365 plans to work on organizational data. This is of course, an extension of the already existing "Multi account" feature that was released for corporate accounts a "couple of months" ago. In other words, “bring your own Copilot” is now a real thing in Word, Excel, PowerPoint, Outlook, and OneNote on desktop and mobile, with enterprise protections intact. “Bring your AI to work” is an important topic, and banning AI altogether might not be the answer. Whether sanctioned or shadow, AI has already entered everyday knowledge work. Microsoft’s new multi‑account access offers a safer path where employees can use Copilot from their personal Microsoft 365 subscriptions on work files, while the file’s access, auditing, and compliance still flow through the work identity and tenant. That’s better than users copy‑pasting sensit...

502_3 bad gateway IIS AAR RP for Lync

on
I encountered a "new" error message this week, as I was finalizing a Lync 2013 deployment for a customer. When I say new, it was new to me, as I had not seen this before. Everything was set up for remote access and federations, but certain features, such as mobility did not work right away. I decided to test the URL's from the outside, and was surprised to find the following error message:


This deployment was set up with a IIS ARR for reverse proxy. I searched for the 502 (502.3 to be exact) on forums and internet in general, but could not find any answer to my exact issue.

I verified firewall ports and connectivity was ok. I also checked the web sites on port 4443 and 8080 from a client inside, and saw no apparent errors.

I went through the deployment guide one more time (step by step), and discovered I had forgotten to import the internal CA ROOT to the Reverse Proxy machine. Once this was installed, it all worked just fine.

The reason I decided to write this post, is because the root cause was not very obvious to me (only after reading tracing logs and checking the step by step guide again, was I able to figure out the problem). And I wanted to write a reminder to myself, and maybe help somebody else if they happened to forget to import the ROOT CA.

The 502 "invalid response" can be a lot of things. Certificate error being one of them. Now I know.

For those looking for a guide to set this up, I have two links for you:
This is the one I used: http://uclobby.wordpress.com/2013/08/02/configuring-arr-for-lync-server/

And here is one from nexthop: http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

I preferred the first one, as it was a more "general" rule to catch all. But it might not suit all scenarios. The one from nexthop is much more detailed, and will have you set up a rule for each URL.