Sunday, February 21, 2016

Office 365 Unified Audit Logging with SharePoint Online and OneDrive for Business

Introduction
SharePoint Online and OneDrive for Business audit logging as received an overhaul.  For the longest time, there were the following challenges:
  • View/down log events were not possible in SharePoint Online.
  • To turn on user event logs, you had to go to each site collection and turn it on.
  • Getting user event logs out of SharePoint Online was not easy, especially if you wanted to do it in an automate fashion.
These issues were a problem over and over again for enterprise customers who needed access to these logs for compliance scenarios.
 
I am happy to say, this gap is now gone.  This has been on the public roadmap for some time and it is now rolling out.  I am really impressed with the solution that been put in place.
 
Unified Audit Logging
We not have a Unified Audit Logging solution across Office 365.  SharePoint Online and OneDrive for Business provide a rich logging experience and is no longer second class to something like Exchange Online (which always had mailbox audit logging and Exchange admin logs).  With the new Unified Audit Logging solution in Office 365, you have both a user interface and APIs to go obtain user event logs from:
  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Azure AD
For SharePoint Online and OneDrive for Business logs, you now have access to event logs on view, create, edit, upload, download and delete; sharing actions like invitation and access requests; and synchronization activity.  You now can see who has accessed or had had potential access to data which has been a big deal for enterprise organizations when they are performing compliance investigations.  Cannot underscore how big of a deal this is.  See reference below to a detailed listing of the events captured Unified Audit Logging.
 
Search Audit Log User Experience
Gaining access to these logs is super simple.  You do not have to be a super technical person to gain access to these logs and you do not have to go to multiple places.  All you need to do is go the Office 365 Compliance Center, and go to the audit log site.
 
 
From there all you need to do is identify the types of logs you are looking for, in what day range, for what users and where in Office 365.  It could not be any simpler than that.


Once you have the search results, you can filter them down to specific log events that you are looking for.  You have an export button right there to dump out that set of logs.  Having that easy to use export button makes life so easy if you have been asked to turn over user logs.

And remember this is Unified Audit Logs.  This means you are getting user event logs across Exchange Online, SharePoint Online, OneDrive for Business and Azure AD all at one time.  I am just happy to see this feature.

Other Things You Should Know
Here are some important facts that you should know:
  • Exchange Online, SharePoint Online and OneDrive for Business audit logs are retained for 90 days.  Azure AD audit logs are retained for 180 days.
  • SharePoint Online / OneDrive for Business corresponding logs start to appear in 15 minutes after the event.  Exchange Online and Azure AD logs appear after 12 hours.
  • If you require longer term retention for audit logs, that are APIs and Web Services available (references below) which can be used to export that data and then retain that data for a longer period of time.  Microsoft ISV partners are building rich solutions around these APIs.
  • You have the ability to create your own more complex reporting and analysis solutions using these APIs as well.

Detailed listing of all the available log events across Exchange Online, SharePoint Online, OneDrive for Business, and Azure AD - https://support.office.com/en-US/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c#auditlogevents

SharePoint Online and OneDrive for Business Storage and File Size Increases

We have been waiting and they are finally in, SharePoint Online and OneDrive for Business max file size and storage has been updated.  Here is what has changed, and suspect a lot of people will be happy to hear it.

Max File Size Increase
File Size has now been increased to 10 GB per file; it was 2 GB.  This increase is for SharePoint Online and OneDrive for Business.  You can now store those bigger files and it really helps with storage of videos that can be used with Office 365 Video.

Additional Default Storage Per Tenant
More pooled storage has been added to the tenant by default.  Now every tenant will get 1 TB plus .5 GB per user for pooled SharePoint Online storage; it used to be 10 GB plus .5 GB per user.

OneDrive for Business Storage Increase
Unlimited storage is still going to be delivered for OneDrive for Business.  The first phase of that expansion was to increase OneDrive for Business storage per user from 1 TB to 5TB per user.  This increase has now been completed.

Announcement
https://blogs.office.com/2016/02/17/auditing-reporting-and-storage-improvements-for-sharepoint-online-and-onedrive-for-business/

Monday, February 15, 2016

Office 365 Groups is Expanding

Introduction
Office 365 Groups was a feature released some time ago.  Initially I had not played around with it too much because at the time as there were two things lacking:
  1. It was not integrated into my rich Outlook experience which is where I do all my group messaging and group calendars.
  2. It was lacking several of the enterprise capabilities I wanted to see.
These two issues have now been addressed and I see immense possibilities for Office 365 Groups for enterprise business. 

The game has changed and organizations should be taking a long, hard look at Office 365 Groups to change the way their users collaborate with each other.
What are Office 365 Groups?
In my personal opinion, Office 365 Groups is the replacement for distribution groups / lists with enhanced capabilities.  It brings together best of breed user experiences with email, calendar, OneDrive, and OneNote into a single unified user experience.  In the past:
  • If you wanted to share files with a group of people, you could create a SharePoint site but there was not true integrated email capability.  SharePoint had alerts and discussion boards yet the messaging experience was not integrated.
  • If you wanted a shared calendar SharePoint Online had one and its integration with the user’s Outlook calendar experience was ok, however the Outlook calendar capabilities were not available in SharePoint.  On the other side of the coin, you could create a shared group with an Outlook calendar yet all you had was a great calendar capability that was not integrated with messages and files.
  • Distribution groups were not effective way for collaborating on files as you could email attachments to a group of people, however if you were trying to create a work product together there was no place to manage the files.
  • Sharing thoughts and ideas with a group was limited to just what you could capture in an email message, or attach to a message.
  • Even if you cobbled together a solution, access rights management always became a challenge across all the feature solutions.  You need to make sure the distribution group, shared calendar and SharePoint site were all using the same permissions.
  • Etc.
This all changes with Office 365 Groups.  When you create a group you get unified experience across Exchange, SharePoint, OneDrive, Office, Office Online, OneNote, etc. built specifically to cater to the needs for productivity collaboration.

In Office 365, the Office 365 Groups feature is considered to be a suite feature.  It is only available if you purchase a suite because all of Office 365 is used to deliver this experience.

I see this as a true trend for Microsoft and Office 365.  We are going to continue to see best of bread features brought together to deliver “solutions” versus just stand alone applications.

I highly recommend you review some of the links below and some of the videos to learn more about Office 365 Groups.
What has changed?

So what changed that got me completely hooked on Office 365 Groups?  1) integration with Outlook 2016, 2) Enterprise compliance feature integration and 3) the list of features coming down stream.  Let’s look at each one.

Outlook 2016 Integration with Office 365 Groups
What I was waiting for was deep integration with Outlook rich client.  Outlook on the Web (OWA) had deep Office 365 Groups integration, however I prefer to work in Outlook rich client.  When the integration was announced publically I was ecstatic to talk about it.

Creating an Office 365 Group is super simple.  I just create a new Office 365 Group right there inside of Outlook 2016.  I do not need to navigate away to a browser to create a group.


When I am in an Office 365 Group, I have the ability to:
  • Create new conversations or interact with existing ones.  Underneath the hood a mailbox was created for all users to access.
  • Click over to the shared calendar.  Underneath the hood a shared calendar was dynamically created.
  • Collaborate on files by clicking the Files button.  Underneath the hood a OneDrive for Business site was created and associated to the group.
  • A OneNote book was created for everyone to collaborate thoughts and information through.  Underneath the hood, a OneNote book was created in the OneDrive for Business site.
  • I have the ability to manage membership of the group right in Outlook and I have the ability to edit information about the group too.
The usage of this is endless.  You have the ability to quickly bring together groups of people to collaborate.  An experience SharePoint person may counteract by saying why not use a SharePoint Team Site?  My response would be SharePoint Team sites are great and still needed.  I would say if you know the level of communication and collaboration is more than file sharing, but needs to bring together email and calendar Office 365 Groups is the right feature.  Office 365 Groups are not a type of site that should I would use to bring in hundreds of users to access files and web content; in that case I would use a SharePoint Site.

What I find truly exciting about Office 365 Groups is that aligns to how I need to work in enterprise.  I am constantly working with tactical teams of people.  Everyone has specialties and we cross matrix with each other to complete critical timely tasks.  Office 365 Groups is a wonderful solution.  I can quickly create an Office 365 Group with a broad range of co-workers and we have an area where we can effectively work with each other.  I no longer have dig through email for that one-off conversation or file as I can quickly find it in the Office 365 Group.

Enterprise Compliance Integration with Office 365 Groups
Office 365 Groups when first released focused purely on the features and capabilities.  It was a rich solution but not all of the enterprise compliance features were available.  Now they are.  For instance:
  • eDiscovery and litigation hold is now available on Office 365 Group mailbox and calendar stored in Exchange Online.
  • eDiscovery and litigation hold is also now available on the Office 365 Group files that are stored in OneDrive for Business.
  • IRM messages and files is not integrated into Office 365 Groups.
  • Auditing events to group management events such as creation, updates, membership changes, etc. are available to see changes to the Office 365 Group over time.
Other Features Recently Added or being added soon
There are other recent features added to Office 365 Groups such as:
  • Dynamic Group Membership was added such that rule-based membership can be used to manage access to an Office 365 Group.  For instance, maybe there are directory based attributes that dictated whether a user can have access.
  • File quota management is now available.  Office 365 Groups utilize the shared storage of SharePoint Online and you have the ability monitor and control the size of Office 365 Group content.
  • Multi-domain support is being added.  This is needed when organizations have multiple email domains associated to a single tenant.  With this new feature, you have the ability to control what domain the Office 365 Group is associated to.
  • Office 365 Groups will comply with naming policies for emails alias set by the tenant administrators.
  • There is now PowerShell available to manage Office 365 Groups (see link below).
  • The ability to browse and join Office 365 Groups from Outlook 2016.
  • Yammer integration with Office 365 Groups.
  • Office 365 Admin app that will assist with central administration of Office 365 Groups.
  • Ability to limit the creation of Office 365 Groups to a specific group of people.  This will be controlled through policy by the tenant administrators.
  • Data Classification and customizable classification will be available for Office 365 Groups in the future.  This will allow you to create policy for groups that may be internal, unclassified, classified, corporate confidential, etc. and then allow you to manage policy to that content as appropriate.
  • Office 365 Groups will soon have a deletion recovery feature which will allow end users and administrators to undelete an Office 365 Group in a single action.
  • There will be a future feature to allow inactive Office 365 groups to be expired based on a configurable inactivity period.  This will be good for getting rid of stale groups no longer utilized.
  • General Office 365 Groups admin reporting will be expanded to allow for analysis to determine how they are being utilized.
  • Guest support will be added soon to Office 365 Groups to allow external users and team members to collaborate.
  • Hidden membership is being added to soon to Office 365 Groups as sometimes it is not appropriate to share the members of group to end users who do not have access to the Office 365 Group.
  • New Intune feature are being created to help with management of Office 365 Groups.
  • Office Delve will soon be integrated with Office 365 Groups so you can see activity occurring within groups you are associated to.
  • A new Office 365 Groups mobile app is being created to allow for rich mobile experiences.
  • Usage guidelines will be added soon to Office 365 groups.  This will allow administrators to educate end users on how they should be used in the organization.
  • There is a new project called Hummingbird which will help organizations migrate all of their distribution lists over to Office 365 Groups (see link below).
  • Integration with Office 365 Planner is now available so you can do project management with Office 365 groups (see link below).
To read more about these features coming out, just go to the Office 365 public roadmap (http://fasttrack.office.com/roadmap) and search on the word “Groups”. 
The future is bright for Office 365 Groups.  I recommend that if you are not using them
Resources
Office 365 Roadmap - http://fasttrack.office.com/roadmap
Announcement – Outlook 2016 now has Office 365 Groups Integration - https://blogs.office.com/2015/09/22/introducing-availability-of-office-365-groups-in-outlook-2016/
TechNet – Outlook 2016 Integration with Office 365 Groups - https://support.office.com/en-us/article/What-s-new-in-Outlook-2016-for-Windows-51c81e7a-de25-4a34-a7fe-bd79f8e48647?ui=en-US&rs=en-US&ad=US
Announcement - Office 365 Compliance features being added to Office 365 Groups - https://blogs.office.com/2015/12/09/office-365-groups-now-supports-ediscovery-litigation-hold-dynamic-membership-and-more/
Office 365 Service Description for Office 365 Groups - https://technet.microsoft.com/EN-US/library/office-365-suite-features.aspx
Office 365 Groups Introduction - https://support.office.com/en-us/article/Learn-about-Office-365-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2
PowerShell to Manage Office 365 Groups - https://support.office.com/en-US/article/Use-PowerShell-to-manage-Office-365-Groups-aeb669aa-1770-4537-9de2-a82ac11b0540
Hummingbird Project - https://github.com/Microsoft/hummingbird
Office 365 Planner - http://www.astaticstate.com/2015/12/new-office-365-planner.html

Office 2016 Deferred Branch

There was a small change with the Office 365 ProPlus release of Office 2016.  Originally there was:
  • Current Branch – monthly releases of updates would be received by the client.
  • Current Branch for Business – feature updates would be limited to four months.
Apparently after a lot of feedback this was changed to:
  • Current Channel – Formerly Current Branch
  • Deferred Channel – Formerly Current Branch for Business
Public Notification of Name Change - https://blogs.office.com/2016/02/09/deferred-channel-build-now-available-for-the-office-365-client-apps/