Saturday, September 10, 2016

Parnter Sharing with Office 365 and Azure AD B2B

With Office 365 and SharePoint Online, a common question is how can I external sharing with Partners. 

In SharePoint Online, the concept of External Sharing has been around for a while.  You have the ability to identify users you want to share with and administrative capabilities to manage external users.

One challenge people have is doing B2B sharing with SharePoint Online.  SharePoint Online external sharing does have PowerShell, so you can do some automation external sharing, however sometimes you just need a better approach.

Azure AD B2B Collaboration

Another approach to do external sharing with partner organizations is with a feature called Azure AD B2B.

With this capability you can:
  • Organizations no longer have to managed a separate directory for external users nor have to go through the complexity of setting up federated auth on a per partner basis.
  • Allows partner/external users to use their own credentials to access data you are sharing getting you out of the password management business.
  • Removes partner/external user access with the user leaves their organization.  If the partner organization is turning off the accounts when the person leaves, you are assured their access to your data and applications is also being removed.
  • Capability allows you to perform bulk invites of partner organizations.
  • Partner users are invited and confirmed through an email notification process.
  • If the partner organizations do not have Azure AD, no problem.  The partner users will complete the invitation process and have a free Azure AD account created for them that they will use to access shared data and applications.
  • Set-up external sharing with partner organizations that goes beyond just Office 365 and SharePoint Online.
Azure B2B Collaboration -

Azure B2B Video -

Learn all about the Azure AD B2B Collaboration Preview -

Manage external sharing for your SharePoint Online environment -

Visio Online and Visio on iPad Preview

There are some recent announcements for Visio that are exciting.

Visio Online
First, Visio Online has been released in Preview and you have the ability to add it to your tenant through the Office 365 First Release program.  This feature allows you to view Visio diagrams through a browser.  For the preview it currently only allows you to view Visio diagrams.

This capability is different from the traditional Visio Services that is part of SharePoint Online Plan 2 (which is part of E3).  Visio Services I would term as the legacy solution from SharePoint Enterprise to allow you to render Visio diagrams through browser.  This new Visio Services capability is the solution moving forward and is aligned with Office Online.

Visio on iPad
Second, a preview of Visio on iPad App has been released.  This allows you have a nice Visio app to access your drawings stored in OneDrive for Business, SharePoint Online, etc.

Public Announcement -
Visio Online Preview -
Visio Online FAQs for Preview -
Visio for iPad Insider Program -
Visio for iPad Insider Program FAQs -

Monday, September 5, 2016

Office 365 MDM or Microsoft Intune?

I have been asked several times, what are the MDM capabilities available in Office 365 versus what additional capabilities do you get with Intune?

In this quick article I will explore the differences.

What is Office 365 MDM?
In Office 365 there are several native MDM capabilities.

First there is Exchange ActiveSync (EAS) which is part of Exchange Online.  With EAS you:
  • Have the ability to manage an inventory of mobile devices that are connected to Exchange Online. 
  • Have the ability to remotely wipe email from a device.
  • Have the ability to enforce mobile device configuration settings, such as PIN requirements, PIN lengths, etc.
Second with E1, you also get Office 365 MDM.  With this you:
  • Can prevent access to both email and documents based on device enrollment and compliance policies.
  • Protect against root and jail broken devices.
  • Have reporting on devices that do not meet IT policy.
  • Have selective wipe capability that allows you to wipe Office 365 data without impacting personal data.
Behind the scenes, Office 365 MDM leverages Microsoft Intune to help deliver these solutions.

What is Intune?
Microsoft Intune is Microsoft’s cloud mobile and PC management platform.  Sometimes customers will want to add this to help them manage devices and applications beyond what Office 365 natively provides.  With Intune you:
  • Have the ability to manage traditional PCs MACs; not just mobile devices.  Plus you can manage Linux and UNIX servers.
  • Have a full Mobile Device Management (MDM) platform available to you to protect enterprise assets beyond Office 365.
  • Have the ability to create profiles for certificates, VPN, email profiles and Wi-Fi settings.
  • Have the ability to enroll and manage corporate owned devices.
  • Can deploy and protect customer built line of business apps using Mobile Application Management.
  • Can securely protect access to corporate data using Office mobile and custom line of business apps by using Mobile Application Management by restricting such actions as copy, cut, paste, save as to only applications managed by Intune.
  • Can enable more secure web browsing.
As you can see, this is a much more comprehensive solution you have access to.

Why do you need both? 
All depends on your approach.  Microsoft Office 365 has the ability to integrate with many third-party MDM providers.  Customers do have the power of choice.  Intune does provide unique capabilities for Mobile Application Management (MAM) to protect data on mobile devices without compromising the end user experience.  However, the big value sell of Intune is the expanded set of solution to manage PCs and MACs.

What are these new plans?
Intune is bundled into EMS.  EMS used to stand for Microsoft Enterprise Mobility Suite.  Now, EMS stands for Enterprise Mobility + Security.

Plus, the new EMS Suite has taken very similar plan structures as Office 365.  For instance:
  • EMS E3 includes Azure AD Premium P1, Intune, Azure Information Protection Premium P1 (Azure Rights Management (RMS)), and Advanced Threat Analytics
  • EMS E5 includes Azure AD Premium P2, Azure Information Protection Premium P2 (Intelligent classification) and Cloud App Security.
As you can see Intune, lands in the EMS E3 bundle or you can purchase it a-la-carte.  See references below.


Exchange ActiveSync -
Overview of Mobile Device Management (MDM) for Office 365 -
Controlling Access to Office 365 and Protecting Content on Devices -
Capabilities of built-in Mobile Device Management for Office 365 -
Choose between MDM for Office 365 and Microsoft Intune -
Create and deploy device security policies -
Enroll your mobile device in Office 365 -
Introducing Enterprise Mobility + Security -