Microsoft Search and Exchange Online

This week, I had to go into Microsoft Outlook to find an old HR benefit email I had gotten some time ago.  This case, as Microsoft employee get a benefit of free Xbox Game Pass subscription.  I had some old emails on it, and wanted to find the link.  When I found the old emails, none of the links worked because there old.

Then all of a sudden a message came up saying, “Link from your organization”, here is the correct link.  I clicked it, it took me straight to the internal benefit site.  This was awesome and I was totally surprised I did not even know about this feature.

I then did some additional investigation.  I put in some other Microsoft corporate terms into Outlook search and got back tons of other result “Link from your organization” section which gave me links within the Microsoft intranet to webpages that had the information for me.

Well, there was a simple reason for this.  Many folks may not have seen this but Outlook and Office are now integrated with Microsoft Search.  This all started about a year ago.  Basically, whenever you put in a search in Outlook, there is a search in your email however additional resources available to you will be searched.  If you organization has set up Microsoft Search appropriately, you will get items in your mailbox plus items across the organization that you have access to. 

Resources

Microsoft Search | Microsoft Docs

Search in Outlook puts your results on top - Microsoft Tech Community

Enhanced performance, designed for simplicity – the new Outlook for Mac - Microsoft Tech Community

Microsoft Search—cohesive search that intelligently helps you find, discover, command, and navigate - Microsoft 365 Blog

Important Office 365 Security Recommendations

To mitigate threats consistent with the recent security incidents, here are some really good recommendations organizations should consider with regards to Office 365.  Go here - Protecting Microsoft 365 from on-premises attacks - Microsoft Tech Community

There are strongly recommended configurations that customers should be doing moving forward.

Teams Breakout Rooms GA

 This week Teams made a GA release of a new feature called Breakout Rooms.

This new capability gives meeting organizers the ability to create up to 50 breakout rooms.  Meeting participants then transition to the breakout rooms and participants can move between the breakout rooms.  Announcements can be made to each breakout room, and participants can be brought back to the main room.

I see some really interesting tele-work and tele-education scenarios where Teams Breakout Rooms can really help out.  

Announcement

Breakout rooms generally available today in Microsoft Teams - Microsoft Tech Community

Office 365 Secure Score and Azure Sentinel

This is actually really neat.  A new feature of Office 365 Secure Score was released as a Preview release that will allow customer to continuously sending Secure Score reporting to Azure Sentinel (or other third party SIEM).  Tons of customers are looking for way to “monitor” their tenant configuration and react to changes that they view as risky for their organization.

See announcement: Continuously Export Secure Score for Over-Time Tracking and Reporting (Preview) - Microsoft Tech Community

What is Office 365 Secure Score: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score

What is Azure Sentinel: Azure Sentinel – Cloud-native SIEM | Microsoft Azure

Office 365 Access vs Refresh Tokens

I had to provide a short write-up to some folks to help them with the understanding of how Office 365 and Sessions Tokens worked.  Hope this helps.

Access Token Definition

Clients use access tokens to access a protected resource. An access token can be used only for a specific combination of user, client, and resource. Access tokens cannot be revoked and are valid until their expiry. A malicious actor that has obtained an access token can use it for extent of its lifetime. Adjusting the lifetime of an access token is a trade-off between improving system performance and increasing the amount of time that the client retains access after the user’s account is disabled. Improved system performance is achieved by reducing the number of times a client needs to acquire a fresh access token. The default is 1 hour - after 1 hour, the client must use the refresh token to (usually silently) acquire a new refresh token and access token.

Refresh Token Definition

When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires. A refresh token is bound to a combination of user and client. A refresh token can be revoked at any time, and the token's validity is checked every time the token is used. Refresh tokens are reissued every time they are  used to fetch new access tokens.

Access Tokens

• Purpose: Give users access to resources (i.e. Exchange Online, SharePoint Online, Teams).
• Duration: Expire after 1 hour.
• Customer Revoke: Access Tokens cannot be revoked once it has been created.

Refresh Tokens

• Purpose: Alleviate the end user from having to continually input in their credentials and have no context to resources the user is accessing.
• Duration: Expire after 90 days.
• Customer Revoke: Refresh Tokens can be revoked at any time.

Commonality

• Requesting New Token: Whenever a new Access Token is requested, a new Refresh token is also provided to the requesting client (re-starting the 90 day count).
• Evaluation of Conditions: Every time a client presents a Refresh Token to AAD to obtain a new Access Token to resources, AAD Conditional Access will revaluate all conditions defined for the tenant and then provide the client new Refresh and Access Tokens to the client.

Microsoft Teams Sept 2020

Ok folks, Teams is cranking out capabilities at a pace even I am having trouble keeping up with.  In September 2020, please review this.

What’s New in Microsoft Teams | September 2020

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-september-2020/ba-p/1726562

• Offline Support in Desktop for limited network connectivity is an investment area.
• Other optimizations around desktop launching, video rendering, battery life optimization, etc. are investment areas.
• Up to 49 participants in large gallery view.

 

New capabilities on Microsoft Teams phones | September 2020

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/new-capabilities-on-microsoft-teams-phones-september-2020/ba-p/1727097

Several new capabilities that are tailored to how we work with Teams on a mobile device.  New home screens, customized views, quick access to apps, etc.

New inclusive features in Microsoft Teams and more | Ignite 2020 Edition

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/new-inclusive-features-in-microsoft-teams-and-more-ignite-2020/ba-p/1699915

The big news is the release of Live caption and Transcript.

New capabilities for Teams Management | Ignite 2020

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/new-capabilities-for-teams-management-ignite-2020/ba-p/1695234

Just tons of things…

Office 365 Compliance for Commercial, GCC, GCCH and DoD

I am commonly asked, what is Microsoft’s accreditation stance for Office 365 Commercial, GCC, GCC High and DoD for years.  Lately I get tons of questions bubbling up to me from System Integrators who work with the US Government.  In many cases they are seeking information on ITAR, CMMS, NIST 800-171, DFARs, etc, etc.

My colleague wrote this blog entry and I always suggest they read it.  Seems to always clear out the questions.

https://techcommunity.microsoft.com/t5/public-sector-blog/understanding-compliance-between-microsoft-365-commercial-gcc/ba-p/718445