Friday, February 3, 2017

2007 Products Nearing End of Support

I saw that there was a reminder going around that some software was coming end of extended support in Calendar Year 2017.  For instance:
  • Office 365 ProPlus client using 2013 rich client is coming to an end 2/18/17.  This means you need to finish your transitions to Office 365 ProPlus 2016 client as soon as possible.
  • Exchange 2007 will be ending 4/11/2017.
  • Office 2007, Project Server 2007, and SharePoint 2007 are also coming to end of extended support.  I still see customers with SharePoint 2007 sitting out there.
  • OCS R2 (2007) has a little bit more time, 1/9/18.
I just call this out because in my mind, these 2007 releases was the first year where you could start seeing Microsoft’s vision of bringing together Exchange, SharePoint and OCS into a single collaboration platform.  That little presence “jellybean” was the start of something great.  Seeing what we have now with Office 365 where productivity is delivered as a SaaS service where Exchange, SharePoint, OneDrive, Skype, Office, Groups, Teams, etc., etc. are delivered in a fully integrated and seamless user experience brings a smile to my face. 

Here are some references:https://support.microsoft.com/en-us/lifecycle/selectindex
https://support.microsoft.com/en-us/help/3198497/office-2007-approaching-end-of-extended-support
https://blogs.technet.microsoft.com/exchange/2016/04/11/exchange-server-2007-t-1-year-and-counting/

Advanced Threat Protection adds URL Detonation and Dynamic Delivery

Every time I think there is something cool that is released, some even more interesting is going to be released into Office 365.  Let’s focus on Advanced Threat Protection (ATP).  Back in November there was announcement made that ATP was being expanded to protect Office, SharePoint Online and OneDrive for Business; I blogged about it here - http://www.astaticstate.com/2016/11/new-atp-features-for-office-sharepoint.html

Well there are some more features being released to ATP that are truly exciting.

First URL Detonation is being added.  What this will do is protect you against links to files.  If a user clicks on a link like below, what ATP will do is scan the file for anything malicious prior to providing the user access to the file.  This is in addition to what ATP already does with the Safe Links feature (checking the reputation of the URL).


Second, Dynamic Delivery is being added to the Safe Attachments feature.  What this will do is continue to send an email to a user which the attachments are being scanned.  The user will see a stub in Outlook telling them that their attachments are being scanned, and once scanning has been completed, they will be provided access to the email attachments.  Users will not have to wait as long now for getting their emails that are going through Safe Attachment analysis.
If the user clicks on the stub, they will be given a progress of the analysis.
It is truly existing to see these types of features being released in the ATP service.

Reference
https://blogs.office.com/2017/01/25/evolving-office-365-advanced-threat-protection-with-url-detonation-and-dynamic-delivery/

Friday, January 20, 2017

Location Based Conditional Access for SharePoint Online and OneDrive for Business

I have been waiting for this capability to be released for some time now – Location Based Conditional Access.

SharePoint Online and OneDrive for Business has released a new solution that will allowing admins to control where data is synchronized to.  Specifically, you can create policy that can block synchronization of SharePoint Online and OneDrive for Business data based on IP address ranges. 

Why this is important?  For instance, there are many enterprise organizations that do not want their documents and files to be synchronized to non-managed devices or non-managed networks.  In many cases, administrators may only allow browser based access to documents when the user access documents from non-managed devices or non-managed networks.

Note if you have, Azure Active Directory Premium (AADP) configured, AADP will enforce its policy first and then the new SharePoint / OneDrive policy will be enforced.

Reference - https://techcommunity.microsoft.com/t5/SharePoint-Blog/Introducing-Conditional-Access-by-Network-Location-for/ba-p/39274

Saturday, January 14, 2017

Office 365 and Azure Granted DoD L5 Provisional Authority (PA)

There was a major announcement this week.  Both Microsoft Office 365 and Azure have been granted a DoD Provisional Authority (PA) at Level 5 (L5) to store and process unclassified data.  This is a significant achievement which no other cloud vendor has been able to achieve across SaaS, PaaS and IaaS.  This is driven by the Office 365 US Government Defense and Azure Government (DoD Region) clouds.

The DoD Cloud Computing (CC) Security Requirements Guide (SRG) defines controls that Cloud Service Offerings (CSO) must adhere to beyond controls defined by FedRAMP (NIST 800-53).

Public Announcement - DOD Level 5 PA granted to Microsoft Azure and Office 365 - https://enterprise.microsoft.com/en-us/industries/government/dod-level5-p-ato-granted-microsoft-azure-office-365/

Public Announcement - Azure DoD Regions Accredited at Impact Level 5 and Now Generally Available - https://blogs.msdn.microsoft.com/azuregov/2017/01/13/azure-dod-regions-accredited-at-impact-level-5-and-now-generally-available/

Public Announcement - Microsoft Azure Government is First Commercial Cloud to Achieve DoD Impact Level 5 Provisional Authorization, General Availability of DoD Regions - https://azure.microsoft.com/en-us/blog/microsoft-azure-government-is-first-commercial-cloud-to-achieve-dod-impact-level-5-provisional-authorization-general-availability-of-dod-regions/

Not all clouds are created equal - https://enterprise.microsoft.com/en-us/industries/government/check-the-facts/

Microsoft Trust Center - Department of Defense (DoD) Provisional Authorization - https://www.microsoft.com/en-us/TrustCenter/Compliance/DISA#

Monday, December 26, 2016

Office 365 Advacned Data Governance

There was an announcement for a new feature of E5 being called Advanced Data Governance.  It was buried in an announcement back in Sept 2016.

Some time ago, Office 365 made several announcements for being able to consume corporate data from other major platforms.  There is a new Advanced Data Governance feature that will be coming to Office 365 that will provide you a dashboard that will give insight to the type of data you have, how it is classified, and how it is going to be retained.  There will also be tools to assist you with the data import process to filter out data that you do not need to retain, and you will have a tool that will allow you to set a central retention policy across all Office 365 solutions.  This is super exciting and I highly recommend you watch the session on this at the Ignite Conference.

Announcement - https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/

Ignite Conference Video - https://myignite.microsoft.com/videos/1323


Sunday, November 20, 2016

Office 365 Third-Party Security App Management

There are several new features coming to Office 365 through Advanced Security Management (ASM), which is part of E5 which will give admin much more visibility and control of how Office 365 data is flowing out to third-party applications.

Productivity App Discovery
A new feature is being released to Advanced Security Management called Productivity App Discovery.  This solution will provide admins the ability to understand their organization’s usage of Office 365 and other productivity services.  This will help you understand how data from Office 365 or should be stored in Office 365 is being sent to outside applications that are not in your administrative control.


Apps Permission
Additionally, a new feature is being added that will allow Office 365 Admins to better monitor and approved third-party applications that are integrated with Office 365.  This again is part of Office 365 Advanced Security Management.

Users can connect a third-party application with Office 365.  When they do this, the user is provided information about what that integration means, however it may be common that the end user does not full ramifications in the security risk they may or may not be taking.


What App Permissions will do will provide the administrators the ability to review which third-party applications have access to Office 365 data.  Admins have the ability to approve or revoke access plus notify the users that access to the third-party application is revoked.




Resources
Productivity App Discovery - https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/

Third-party Apps with Office 365 - https://blogs.office.com/2016/10/31/enhanced-control-over-third-party-apps-now-available-in-office-365/

Overview of Advanced Security Management in Office 365 - https://support.office.com/en-us/article/Overview-of-Advanced-Security-Management-in-Office-365-81f0ee9a-9645-45ab-ba56-de9cbccab475

New ATP Features for Office, SharePoint and OneDrive

There were some new ATP features being released.  For instance there is new reporting capabilities, better performance with lower latency for emails/attachments that are being scanned, deeper URL detonation, and intelligence sharing with Windows Defender.

However, what got be excited is that ATP is being extended beyond Exchange Online.  ATP will now include protection for SharePoint Online, OneDrive for Business, Word, Excel and PowerPoint.  I found this to be really exciting.


Reference
New ATP Features Coming - https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/