Sunday, November 20, 2016

Office 365 Third-Party Security App Management

There are several new features coming to Office 365 through Advanced Security Management (ASM), which is part of E5 which will give admin much more visibility and control of how Office 365 data is flowing out to third-party applications.

Productivity App Discovery
A new feature is being released to Advanced Security Management called Productivity App Discovery.  This solution will provide admins the ability to understand their organization’s usage of Office 365 and other productivity services.  This will help you understand how data from Office 365 or should be stored in Office 365 is being sent to outside applications that are not in your administrative control.


Apps Permission
Additionally, a new feature is being added that will allow Office 365 Admins to better monitor and approved third-party applications that are integrated with Office 365.  This again is part of Office 365 Advanced Security Management.

Users can connect a third-party application with Office 365.  When they do this, the user is provided information about what that integration means, however it may be common that the end user does not full ramifications in the security risk they may or may not be taking.


What App Permissions will do will provide the administrators the ability to review which third-party applications have access to Office 365 data.  Admins have the ability to approve or revoke access plus notify the users that access to the third-party application is revoked.




Resources
Productivity App Discovery - https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/

Third-party Apps with Office 365 - https://blogs.office.com/2016/10/31/enhanced-control-over-third-party-apps-now-available-in-office-365/

Overview of Advanced Security Management in Office 365 - https://support.office.com/en-us/article/Overview-of-Advanced-Security-Management-in-Office-365-81f0ee9a-9645-45ab-ba56-de9cbccab475

New ATP Features for Office, SharePoint and OneDrive

There were some new ATP features being released.  For instance there is new reporting capabilities, better performance with lower latency for emails/attachments that are being scanned, deeper URL detonation, and intelligence sharing with Windows Defender.

However, what got be excited is that ATP is being extended beyond Exchange Online.  ATP will now include protection for SharePoint Online, OneDrive for Business, Word, Excel and PowerPoint.  I found this to be really exciting.


Reference
New ATP Features Coming - https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/

New OneDrive for Businss Admin and Compliance Management Capabilities

Back at the Ignite conference, you may have heard or read up on all the new capabilities being released for OneDrive - https://blogs.office.com/2016/09/26/sharepoint-online-sync-preview-headlines-ignite-announcements-for-onedrive/

There are tons of new user experiences, updated / improved sync capabilities, better mobile capabilities, etc.

However, what I get very excited about is the enterprise and compliance features that are being added into OneDrive.  There are a few features that were buried down in the announcement that enterprise customers should pay attention to.
  • New OneDrive Admin Center – There is a new admin area being created just for OneDrive for Business.  It has been within SharePoint Online.
  • New User Level Controls – This new capability provides the ability to set things like storage quota and external sharing capabilities down to the specific user versus the entire organization.  External sharing can be set-up to be to whitelist of trusted business partner domains.
  • New User Support Features – There are new features that will assist the admin in supporting their end users to find files that they have misplaced or shared with the wrong people.
  • Remove User Access – There is new capability that will allow you to quickly sign a user out of the service quickly when the lost a device or you need to remove them from the service.
  • Retention After the User Leaves – Additionally when a user leaves or is terminated, there is new capability to assist you with moving or copying data to other locations.  There is additionally capability that will allow you to preserve files in a deleted user’s OneDrive for Business up to 10 years.  This is fairly consistent with the Inactive Mailbox feature of Exchange Online.



Updated Office 365 Administration

If you have not been watching, the Office 365 administration experience has been getting overhauls and new capabilities in the Fall of 2016.  Tons of new capability and reporting is bring provided.  Much of this has been based on years of feedback that have been coming from customers.

Here is the new home page that has been re-designed based on the most common tasks that are required.  There is also the ability to customize the homepage based on personal preference to the activities the administrator does the most.


New activity reporting is available to give you insight into how the Office 365 service is being used.










Plus the old service health dashboard has been redesigned.




Resources
Announcement plus a video - https://blogs.office.com/2016/09/27/office-365-administration-announcements-new-admin-center-reaches-general-availability-and-introducing-the-service-health-dashboard/

Announcement - https://blogs.office.com/2016/10/31/whats-new-in-office-365-administration-october-update/

Announcement - https://blogs.office.com/2016/09/13/new-usage-reports-for-sharepoint-onedrive-and-exchange/

Saturday, November 5, 2016

Introducing Microsoft Teams

Introduction
Microsoft Teams was just announced as being released as Preview to customers.

Microsoft Teams is a continued promise by Microsoft to bring together best of breed capabilities from such solutions as Skype for Business Online, SharePoint Online, Office Online and Exchange Online together to deliver feature rich productivity applications that are not siloed.  Office 365 Groups was the first, now we have Microsoft Teams.

Microsoft Teams introduces a new Persistent Chat solution that allows users to see chat discussions over time.  The chat discussions can be viewed over time between a group a people.  But it is much more than persistent chat.  Microsoft Teams will become a hub for teamwork.  Which quick integrated capabilities as Skype for Business Online, SharePoint Online and Office Online collaboration around content can initiated.  The team experience can also be customized as new tabs can be added to quickly access documents and other cloud services.

General Availability (GA) is set for CY 2017 Q1 with more features and capabilities being added after this.


Where does Microsoft Teams fit in the Overall Office 365 Picture
When you hear about Microsoft Teams you may immediately ask what about SharePoint Teams, Yammer, etc. and then ask when should I use Microsoft Teams.  I say the answer depends on what you are trying to accomplish and you should carefully look at how you end users work and what they are try to accomplish.  Each solution has its place in the enterprise.
  • Microsoft Teams – Recommend using when you have a defined group of users who are specifically working on a specific project.  Good for small groups of people who need to collaboration in reach time with each other.
  • Office 365 Groups – Recommend using when you have small groups of people who share conversations, group mailbox, files and content with each other, however they may not work in real-time with each other.
  • Yammer – Recommend using Yammer for across the “company wide” type of conversations and collaboration and communication.  Communities can be cross business disciplines.
  • SharePoint Online -  Recommend using when you have sharing and collaboration across an organization, or longer standing formal content management solutions.  Company intranets, repositories, applications, etc. are great for SharePoint Online.
  • Skype for Business Online – Continue using it phone calls, instant message, web meeting, etc.  Skype for Business Online is available across the Office 365 service and is the “glue” for collaboration.
As you can see, all these solutions are still relevant with the introduction of Microsoft Teams.

Turning Microsoft Teams On
It is pretty easy to do.  In the Office 365 Admin console, just go to Settings >> Services & Add Ins >> Microsoft Teams.

Some Other FAQs
  • Microsoft Teams is a Suite capability and is available through such plans as E1, E3 and E5.
  • There are Office 365 Connectors which can be used to receive updates from third party tools and services
  • There is a developer API preview available.
  • Microsoft Teams is a cloud feature only, and not available on-premises.
References
Announcement - https://blogs.office.com/2016/11/02/introducing-microsoft-teams-the-chat-based-workspace-in-office-365/
Video - https://blogs.office.com/2016/11/02/take-an-in-depth-look-at-microsoft-teams-now-in-preview/
Developer Preview - https://dev.office.com/blogs/microsoft-teams-developer-preview

Tuesday, November 1, 2016

Office 365 Business-to-Business (B2B) Capabilities

Introduction

This has come up a lot lately and I want to write something about this.  Business-to-business (B2B) capabilities are available in Office 365 and here are some features can consider turning on.
Skype for Business Online

Federation

Skype for Business Online external connectivity (federation) enables a Skype for Business Online user to connect with users in other organizations that use Skype for Business (as well as those that host their own Skype for Business Server on-premises). Federated contacts can see presence, communicate by using IM, and make Skype-to-Skype audio and video calls.

Skype for Business Online external connectivity requires the consent and correct configuration of both parties of the federation relationship. After the federation is set up by the administrators of both sides, users in each organization can see presence and communicate with users in the other agencies.

References

Public IM Connectivity


Additionally, Skype for Business Online can be configured to allow communications to consumer Skype.  This can enable communications scenarios with citizens and constituents.  Presence, instant messaging and video conversations is supported.

References

Exchange Online

Federated Sharing


Federation refers to the underlying trust infrastructure that supports federated sharing, a method for Microsoft Exchange Online users to share free/busy calendar data and contact information with recipients in other external federated organizations or with users that have Internet access. These include organizations that are also hosted by Exchange Online, or external Microsoft Exchange Server 2010 or Exchange Server 2013 organizations. Using organization relationships and sharing policies, Exchange Online administrators can enable users to send calendar-sharing invitations from Microsoft Outlook Web App or Microsoft Outlook 2010 or later.

Once configured, an organization will have the ability to coordinate schedules with people in different agencies or with friends and family members so that you can work together on projects or plan social events. With Office 365, administrators can set up different levels of calendar access in Exchange Online to allow businesses to collaborate with other businesses and to let users share their schedules with others. Business-to-business calendar sharing is set up by creating organization relationships. User-to-user calendar sharing is set up by applying sharing policies.

References

Exchange Online Protection

Trusted Partner Messaging


Organizations can set up secure mail flow with a trusted partner by using Office 365 connectors. Office 365 supports secure communication through Transport Layer Security (TLS). Agencies can create a connector to enforce encryption via TLS for business-to-business emails. Additionally, there is the ability to apply other security restrictions such as specifying domain names or IP address ranges from which your partner organization sends mail. TLS is a cryptographic protocol that provides security for communications over the Internet. Using connectors, you can configure both forced inbound and outbound TLS using self-signed or certification authority (CA)-validated certificates.
Note - this solution does not impact the actual end user experience of sending email between organizations, however it adds an additional level of security if desired for sending email between agencies.

References

SharePoint Online and OneDrive for Business


Guest Access


If an organization performs work that involves sharing documents or collaborating directly with vendors, clients, partners, or customers, it is possible to use SharePoint Online sites to share content with people outside your organization who do not have licenses for your organization’s Microsoft Office 365 subscription. When a site is shared in SharePoint Online, an email message is sent to the external user containing the invitation to join the site.
  • If the external user is already associated to an Office 365 tenant, that user can use that identity to access SharePoint Online sites and documents that are shared. 
  • If the external user does not have an Office 365 account, they can access SharePoint Online using Microsoft Account (Your Microsoft account is the one that you use for personal services like Xbox Live, Outlook.com, Windows 8, Windows Phone, and more).  Invitations can be sent to people with any type of email address, such as user@gmail.com, user@contoso.com, or user@Comcast.net. External users sign in to the shared site via a one-time association of their email address with a Microsoft account.
Additionally, site users can generate a Guest Link (an anonymous link to a document) to share documents stored in SharePoint Online with external users without requiring the external user to sign in. Site users can create a Guest Link right from where the document is stored, such as in OneDrive for Business or a team site library, by using the “Get a link” button.

Finally, there is solution called Restricted Domain sharing that you can consider using.  This allows for an Allow/Deny List based on email domain.  At the tenant level, administrators can limit sharing invitations to a limited number of email domains.  This is a powerful feature that will allow you to set-up controlled external sharing with your partners.

References

What is Office 365 Groups?


Office 365 Groups is the next generation of collaboration solution available in Office 365 that brings together “best of breed” collaboration experiences.  Office 365 Groups bring together Exchange Online, SharePoint Online, OneDrive for Business, Office Online, and Skype for Business Online into a unified end user experience.  When a group is created:
  • A mailbox is created for the group for shared email
  • A shared calendar is created for group meetings and events
  • A shared library is created to store files and documents
  • A OneNote notebook is created to share project information and meeting notes
  • A planning tool is available to organize and assign tasks

Note that Office 365 Groups is a “suite” feature requiring the acquisition of an Office 365 E3 (or higher) Suite.

Guest Access for Business-to-Business Collaboration


Office 365 Groups supports the ability to invite guests in a similar manner as SharePoint Online and OneDrive for Business.  Office 365 Groups has been available for time and this is a new feature that US Federal agencies should consider leveraging for cross-business collaboration.

Friday, October 21, 2016

Office 365 US Defense Cloud Announcement

There was an exciting public Microsoft announcement made at the Gartner conference this week.  The slogan goes, not all cloud are created equal. 

With that in mind, Microsoft has added two new offerings to the Office 365 for Government portfolio that are aligned to FedRAMP (NIST 800-53 rev4) and the DoD Cloud Computing (CC) Security Requirements Guide (SRG) v1.2.  The portfolio is:
  • New - Office 365 US Government Defense – FedRAMP and DoD CC SRG L5 – aligned to US Defense
  • New - Office 365 US Government Defense Contractors – FedRAMP and DoD CC SRG L4 – aligned to US Defense Industry
  • Office 365 US Government – FedRAMP and DoD CC SRG L2 – solution is aligned to US Federal Civilian, State, Local and Tribal Government.
This announcement truly differentiates Microsoft in the marketplace and demonstrates Microsoft’s commitment to providing secure cloud solutions.

Announcement - https://blogs.office.com/2016/10/18/how-the-office-365-us-government-cloud-meets-the-regulatory-and-compliance-needs-of-the-department-of-defense/

If you are unfamiliar with the DoD CC SRG – here is a reference to it - http://iase.disa.mil/cloud_security/Pages/index.aspx