SharePoint Online Public Website Support Changing

There was a recent announcement that SharePoint Online is changing its support for public websites. I recommend that you read the following support article - http://support2.microsoft.com/kb/3027254

• Customers using public SPO sites today will be supported for next two years.
• Microsoft will be transitioning to third-party solutions. More information will be available in Jan 2015.

Office 365 GCC FedRAMP ATO

I am a little late on posting this huge news for Microsoft. Microsoft Office365 is the first cloud-based communication (including email) & collaboration service to obtain a FedRAMP Authority to Operation (ATO).
This is significant news based on the hard work we have been doing with US Federal customer to demonstrate our security and compliance.
For more information, please review the following:

• https://cloud.cio.gov/fedramp/microsoft
• http://blogs.office.com/2014/11/20/office-365-receives-fedramp-authority-operate-ato-hhs-oig/
• http://www.microsoft.com/en-us/government/blogs/cabine-level-agency-health-and-human-services-joins-other-federal-departments-to-improve-collaboration-productivity/default.aspx#fbid=-dkyTiA9gkE

New Office 365 GCC Service Description

There is a brand new service description on the Office 365 Government Community Cloud (GCC) service located here - http://technet.microsoft.com/en-us/library/office-365-government.aspx

There is a lot of good initial detail on the Office 365 GCC service and why Microsoft created this service.

Office 365 ProPlus Adding Passive Authentication

There has been a change I have been waiting on that. On the Office 365 Public roadmap it is called “Office 2013 client update to support passive authentication using SAML” - http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx.

What is this announcement?

Office 365 ProPlus / Office 2013 will be getting a modification to support 2FA authentication scenarios. This is enabled through the Active Direct Authentication Library (ADAL).

Why is it so important?

There are many customers who require 2FA to authenticate to the Office 365 service. For Office, the Outlook rich client typically comes up a lot because customers want to ensure that users using Outlook use 2FA to receive email. With Outlook today there are scenarios that organizations can implement to ensure there is 2FA with Outlook, however the better long-term solution is to have Office modified to support 2FA directly.

Specifically Office 2013 is changing such that is can support “passive authentication” scenarios in the same way a browser does.

This will enable is a cleaner solution with Office 365 MFA. More importantly it allows for additional support scenarios for organizations who use smart cards (PIV, CaC, etc.) to authenticate to the Office 365 service using the Office 2013 rich client.

What are some facts you should know?

Private Preview Release – Office 365 customers who are in the private preview program can have access to this.

ADAL Authentication – As I mentioned earlier, Office 2013 will be adopting passive authentication in the same way a browser authenticates. If you have AD FS implemented with Office 365, the user will authenticate through that federated trust relationship with Office 365. If you organization requires a second form factor (2FA) for authentication, the user will be required to provide it. A nice side effect of this is Outlook no longer needs to have direct access to the user’s password. Please read this blog for more details on the authentication process - http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx.

What Clients are impacted? - Word 2013, Excel 2013, PowerPoint 2013, Lync 2013, Outlook 2013, Publisher 2013, Visio 2013, Access 2013, Project 2013 and OneDrive for Business Sync Client.

Will this work with AD FS Only? – Please review information about other STS providers: http://blogs.office.com/2014/01/30/the-works-with-office-365-identity-program-now-streamlined/ and http://technet.microsoft.com/en-us/library/jj679342.aspx

Office 2010 Support? – No. This solution is for Office 2013 and Office 365 ProPlus.

References

New Announcement – Office 2013 update for SAML and 2FA Auth - http://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/

Original Announcement - http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/

SAML 2.0 Announcement - http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/

Outlook Connectivity with MAPI over HTTP Announcement - http://blogs.technet.com/b/exchange/archive/2014/05/09/outlook-connectivity-with-mapi-over-http.aspx

Skype for Business Announcement

There was a big announcement this week that Lync is being rebranded as Skype for Business. Please review the following announcement for the exact details - http://blogs.office.com/2014/11/11/introducing-skype-business/.

What are my takeaways?

• In H1, Lync will transition its brand to Skype for Business.
• Skype for Business will be available through Office 365 and/or customers can deploy Skype for Business on-premises. Customers who have Lync on-premises today, “No new hardware is required” is required to support this transition.
• The user experience will begin to merge such that Skype for Business has a similar experience to Skype.

This is very similar and consistent change that Microsoft did to OneDrive and OneDrive for Business brands. These are very similar solution offerings however there is a different offering for consumers and business. As a result of this change there is a pretty common user experience between OneDrive and OneDrive for Business. OneDrive and OneDrive for Business are not the same implement. OneDrive for Business is specific to Office 365 only. OneDrive for Business has enhanced features to support enterprise business scenarios (supported through SharePoint Online). Customers who are 100% on-premises still have the ability to deploy OneDrive for Business within their SharePoint 2013 on-premises deployments.

Current Office 365 Encryption Solutions

The question comes up a lot on is does Office 365 support encryption? The answer is Yes and there are lots of encryption solutions implemented.
A great resource that you should always start at is the Office 365 Trust Center - http://trust.office365.com. You should also review the Office 365 Security Whitepaper located here - http://www.microsoft.com/en-us/download/details.aspx?id=26552.
I usually break this down into a couple different views. Encryption in Transit, Encryption at Rest and Payload Encryption.

Encryption in Transit
All Office 365 traffic / data is encrypted in using SSL/TLS to client machines connecting to the service. Read about this in the Office 365 Security Whitepaper.

Encryption at Rest
BitLocker has been deployed to encrypt data at rest inside of Office 365.
Additionally for OneDrive for Business and SharePoint Online a new file based encryption solution has been implemented. Read about both of theses in the Office 365 Security Whitepaper.

Payload Encryption
There are additional solutions that customers can choose to utilize with Office 365 to encrypt data.

S/MIME was actually the original intent of why I was writing this blog; but I figured it was worth communicating that encryption is more than just S/MIME. S/MIME encryption of email is supported with Office 365. Please review these two article for more information: http://blogs.office.com/2014/02/26/smime-encryption-now-in-office-365/ and http://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx.

UPDATE 1/2/2015 - Shortly after I wrote this blog, a really good article was created here - http://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx

Rights Management Service (RMS) is supported as well. Office 365 supports both Windows RMS or Azure RMS. You can use RMS is a great solution to assist with DLP for email and documents. You have the ability to create policy to encrypt data. For SharePoint Online please review the Service Description here - https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c?ui=en-US&rs=en-US&ad=US. For Exchange Online please review http://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx.

Office 365 Message Encryption (OME) is another solution that is available to you. This is another solution provided that allows you administrators to create policy to encrypt data that is leaving the organization. For detailed information, please review this - http://technet.microsoft.com/library/dn569286.aspx.

Additionally in Exchange Online Protection (EOP) you have the ability to enforce Transport Layer Security (TLS) for SMTP messages to partners. For more information, please review the following - http://technet.microsoft.com/en-us/library/jj723154(v=exchg.150).aspx.

New Office 365 App Launcher

Again there has been a new usability function added to Office 365. Some people call it the “Waffle”. It is in the top left hand corner and when you click on it, you can get to any Office 365 App.

I absolutely love it. It is changing the way I use Office 365.

I will be honest, at times Office 365 felt like SharePoint Online, OneDrive for Business, Exchange Online, Lync Online, Office Online, Yammer, etc. were all separate applications. Now through the browser, these applications are all meshed together. I challenge people to spend the entire day in the browser experience and you will see everything is connected.

The “Waffle”, officially called the Office 365 App Launcher provides you the ability to quickly access apps. You can create a Word Online file, jump over to OWA, etc. You have the ability to pin your own personal items into the menu as well that you use the most. Plus organizations can customize the App Launcher with custom theme for your company.

Reference - http://blogs.office.com/2014/10/16/organize-office-365-new-app-launcher-2/