https://docs.microsoft.com/en-us/office365/enterprise/office-365-vpn-split-tunnel
Sunday, May 10, 2020
Office 365 Split Tunneling
With COVID-19 many organizations are dealing VPNs that are stressed and saturated. One solution many organizations have been considering is using Split-tunneling for Office 365 traffic. If you have not looked at it, please do. There are several good articles that you should read up on.
https://docs.microsoft.com/en-us/office365/enterprise/office-365-vpn-split-tunnel
https://docs.microsoft.com/en-us/office365/enterprise/office-365-vpn-split-tunnel
New Microsoft Teams Features
I take it for granted because I get access to all the Office 365 features before they get on the market because I sit in Microsoft’s internal “dog food” deployment rings. Now I can finally talk about some features of Teams that were released in April 2020.
Here is a reference: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-april-2020/ba-p/1347929
Features I love are:
Here is a reference: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-april-2020/ba-p/1347929
Features I love are:
- We can now see 9 streaming videos vs. the previous of 4. The Brady bunch view.
- Raising Hands – Yes try using it. Helps you to control a room so you do not have people trying to talk over here.
- Background Effects – When you do a video, instead of just blur, have a nice picture in the background.
- Live Events Increased – will be raised from 10,000 to 20,000 through July 1, 2020.
- End the Meeting for all participants
- There is a new meeting dashboard.
- New Teams App Usage reporting
- New lobby controls
Sunday, May 3, 2020
Office 365 Records Management
A few days ago, it was announced that a new Records Management solutions went GA for Office 365. I was super excited to see this because I have done a lot of Records Management work in the early days of SharePoint 2007 and 2010. Back then, the SharePoint Server Records Management records collection was pretty basic. However after reading what we are now doing with Records Management with Office 365, I can see some huge steps forward. This is much more sophisticated than in-place records management using the content organizer.
Here are the key takeaways I had.
Announcement - https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-general-availability-of-records-management/ba-p/1347879
Announcement - https://www.microsoft.com/security/blog/?p=90980
Service Description - https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide
Licensing - https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#records-management
Here are the key takeaways I had.
- New and advanced capabilities to classify, retain and dispose data.
- Advancements leverage cloud machine learning capabilities to identity and classify records.
- New capability for event based retention policies.
- Works for SPO and EXO plus documents stored in Teams (which uses SPO).
- Requires you to purchase of E5 because it is leveraging advanced cloud features inside of data governance, labeling, etc. Minimally you need the Office 365 Advanced Compliance SKU. Apparently not everyone in the tenant needs to be licensed, only users with edit access where records management features are used must be licensed.
Announcement - https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-general-availability-of-records-management/ba-p/1347879
Announcement - https://www.microsoft.com/security/blog/?p=90980
Service Description - https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide
Licensing - https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#records-management
Sunday, April 26, 2020
Microsoft Teams Telework
Microsoft Teams usage has spiked globally to enable telework
and remote work scenarios in response to COVID-19. If you want to learn more, here are some links.
- https://techcommunity.microsoft.com/t5/microsoft-teams-blog/design-your-remote-work-culture-with-microsoft-teams-apps/ba-p/1317308
- https://www.microsoft.com/microsoft-365/partners/teams-apps-remote-work
- https://techcommunity.microsoft.com/t5/microsoft-teams-blog/it-essentials-for-enabling-remote-work-with-microsoft-teams/ba-p/1313220
- https://techcommunity.microsoft.com/t5/microsoft-teams-blog/stay-productive-and-connected-using-apps-in-teams/ba-p/1305854
Saturday, March 28, 2020
Office 365 and Azure Sentinel
I have been working with some customers on how to do analysis on their Office 365 audit logs. Here are some quick things to think about.
Here is a reference to the Office 365 audit logs. Remember, Office 365 logs are generally only stored for 90 days.
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
You can additionally purchase Advanced Audit logging, which gives you the ability to retina logs for a year.
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
The Office 365 Management API provides rest services you can use to download data.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-apis-overview
It is possible to sent the Office 365 Management API logs to a SIEM solution. This allows you to retain the logs for longer.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
Here is the schema to all the data in the Office 365 Management API.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema
Here is information on Azure AD Audit logs.
https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit
Also there is Azure Sentinel; it is a SEIM solution in the cloud.
https://docs.microsoft.com/en-us/azure/sentinel/overview
Here is how to connect Office 365 to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
Here is how to connect Azure AD to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity
Here is a reference to the Office 365 audit logs. Remember, Office 365 logs are generally only stored for 90 days.
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
You can additionally purchase Advanced Audit logging, which gives you the ability to retina logs for a year.
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
The Office 365 Management API provides rest services you can use to download data.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-apis-overview
It is possible to sent the Office 365 Management API logs to a SIEM solution. This allows you to retain the logs for longer.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
Here is the schema to all the data in the Office 365 Management API.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema
Here is information on Azure AD Audit logs.
https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit
Also there is Azure Sentinel; it is a SEIM solution in the cloud.
https://docs.microsoft.com/en-us/azure/sentinel/overview
Here is how to connect Office 365 to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
Here is how to connect Azure AD to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity
Wednesday, February 26, 2020
Office 365 Advanced Audit
Another announcement which customers have asked a lot about. There is a new E5 feature called Advanced Audit.
First - Depending on your license level, audit log retention can be increased from 90 days to 1 year. Prior to this, if customers needed retain logs for longer, customers would have to export logs to another location for retention.
Second - Previously customers will get throttled when pulling logs off the Office 365 Management Activity API. Now, there are options for bandwidth allocation if they are pulling large volumes of logs.
https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/power-faster-and-more-effective-forensic-and-compliance/ba-p/1183488
Sunday, February 23, 2020
Office 365 Insider Risk Management going GA
There was a recent announcement that the Office 365 Insider Risk Management is transitioning out of “preview” to “generally available”.
This is a really interesting solution that brings several Office 365 offerings for data protection and monitoring against risky end-user behavior. Insider Risk Management introduces the ability to create policy, create alerts, and then utilize a case management solution that will allow you to triage, investigate and action on events that you deem to be an issue. This can help you with monitoring every day challenges with departing employee data theft, data leaks and offensive/abusive behavior by individuals.
Announcement - https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-the-general-availability-of-insider-risk-management/ba-p/1180914
Overview - https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management
Getting Started - https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-configure
Subscribe to:
Posts (Atom)
Posts
