New Office 365 Security Whitepaper

There is a new Whitepaper called “The Microsoft Approach to Compliance in the Cloud”. It is really good and you should check it out - http://blogs.technet.com/b/trustworthycomputing/archive/2014/04/22/the-microsoft-approach-to-compliance-in-the-cloud.aspx

Office 365 Federation Updates

There was some good information in this blog that really cleared the air on a few topics which I talk a lot about with customers - http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/

A lot of times I am asked, can authentication federation with Office 365 can be done with something other than Active Directory Federation Services (ADFS) and Active Directory (AD)? The answer has always been yes as there are other third-party STS servers that have been supported plus other LDAP directories are supported.

However with this recent announcement this story has been cleaned up a bit. Here are the high level facts you need to know:

• Active Directory (AD) can be used to synchronize your directories to Office 365. You can use DirSync to do this. Everyone knows this. If you have multiple AD forests, you will need to use Forefront Identity Manager (FIM).
• LDAP directories can also be synchronized with Office 365. Again you will need to use FIM to support this. Recommend that you talk with your licensing person at Microsoft. Remember a full FIM CAL is not needed when all you are using is the FIM synchronization service. I am not a licensing expert on FIM so I recommend you double check.
• SAML 2.0 is now offered as an authentication federation option now with Office 365. This allows a whole host of STS identity providers to authenticate with Office 365. The important note is that SAML 2.0 support is for “passive authentication” scenarios which as you may know is used for browser based authentication.
• Office 365 has supported and will continue to support WS-Federation and WS-Trust to support ADFS and other WS-* identity providers.
• So what about the Rich Clients? When we are talking rich clients we are talking such client applications as Lync client, Office Desktop clients (Word, Excel, PowerPoint, Outlook, etc.), etc. In the Microsoft Office 365 world, it is not just browser only, there are tons of other clients that can to connect to Office 365 service. Authentication using these rich clients is referred to as “active authentication” which currently requires WS-Trust. If you want to have federated authentication and you need to support rich clients, you will need to use an STS identity provider that supports WS-Federation and WS-Trust. You will need to use either Active Directory Federation Services (ADFS) or a qualified solutions partner that can support this level of authentication. A list of third-party approved providers is listed here - http://technet.microsoft.com/en-us/library/jj679342.aspx and information about the program for getting third-party qualified is listed here - http://blogs.office.com/2014/01/30/the-works-with-office-365-identity-program-now-streamlined/.
• So is the Rich Client scenario ever going to support SAML 2.0 and Passive Authentication? The answer is YES. It is reflected in the public roadmap of these two blogs http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/ and http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/. There will be an update to Office 2013 client applications, in the year 2014, which will allow Office 2013 client applications to support SAML 2.0 (or Shibboleth) passive authentication.

These changes in Office 365 federation authentication are great changes to supporting more enterprise scenarios.

Office for iPad and Office Mobile

There was a major announcement for Office 365 this week that I think almost everyone heard about this week. iPad for Office is now available. For business Office 365 business customers (and consumers) this was long awaited and a proof to world that Microsoft is making a commitment to be a devices and services company. Here are the big facts that everyone should know:

• Office for iPad supports Word, PowerPoint and Excel.
• Office for iPad for free allows you to read, view and present.
• Office for iPad subscription service with Office 365 allows you to create and edit.
• Office Mobile for iPhone and Android phones is now free, just like on a Windows Phone. No Office 365 subscription is needed.
• Office for iPad when creating and editing will ensure that content and formatting will be maintained. This is really important for business scenarios to ensure the integrity of documents as a record.
• Remember all this gets hooked into OneDrive and OneDrive for Business. This means your documents follow you everywhere. I will have to say that OneDrive for Business has literally changed the way I work. When I work with files on my laptop on in OneDrive or any SharePoint Online document library, I have access to all my recently edited Office files on my phone. So when I am on the run, I always have access to what I have been working on. Plus all my OneDrive for Business files accessible from Office Mobile / Office for iPad. Office is not longer just on my PC, it is everywhere I am working across devices. All the Office files (and other file types) are managed in the corporation and are discoverable.

I am telling you. Office Mobile / Office for iPad / OneDrive for Business is literally a game-changer in how your business people work across devices.

Then when you start looking at all the Lync Apps available on Windows Phone, iPhone, iPad and Android you can really see how productive people can really become.

http://blogs.office.com/2014/03/27/announcing-the-office-you-love-now-on-the-ipad/

SharePoint Online Unlimited Storage

I have not had a lot of time to blog about the most recent SharePoint Conference. There was a lot of good things presented. With my focus on Office 365 and SharePoint Online, the announcement that gave me the most excitement was that Site Collection storage was being expanded to 1 TB with the ability to purchase unlimited storage - http://blogs.office.com/2014/03/14/sharepoint-online-announces-1tb-site-collections-and-unlimited-tenant-storage-scale/

When I heard this I was blown away. We now have a similar solution for SharePoint Online, like we have for Exchange Online. Customers no longer have to worry about how much data they have. Microsoft Office 365 can hold it all.

Office 365 Power BI is now Generally Available

If you did not hear this week, there was a big announcement that Power BI has now moved into General Availability for Office 365. Please read this announcement - http://blogs.office.com/2014/02/10/power-bi-for-office-365-now-available-to-do-more-with-business-insights-in-excel/.

Now you may be wondering, what is this actually mean if you actually own Office 365 or SharePoint Online Plan 2? I actually found this table right here gave the exact answer I was looking for - http://www.microsoft.com/en-us/powerBI/pricing.aspx#fbid=qNWaVwao6BA.

The core features of Power BI for Office 365 you get:

• BI Sites
• Scheduled Data Refresh
• Enterprise Data Search
• Data Stewardship
• Mobile BI
• Natural Language Query

So if you are an existing E3/E4 customer, you get those features.

Remember with SharePoint Online Plan 2 you already get BI solutions such as Excel Services, Power View and Power Pivot reporting through the browser, etc. For more information read the Service Description here - http://technet.microsoft.com/en-us/library/sharepoint-online-insights-service-description.aspx.

Additionally with Office ProPlus and Excel you get Data Discovery & Access, Data Modeling & Analysis and Visualization which equates to Power Query, Power Pivot, Power View and Power Map.

So you may be asking, what are these new features. I have pulled together some quick references for you to read:

• Power BI Site - http://www.microsoft.com/en-us/powerbi/default.aspx
• BI Sites – Here is a good article that speaks exactly to Power BI Sites - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/power-bi-sites-on-power-bi-for-office-365-HA104097290.aspx.
• Scheduled Data Refresh – Here is a good article here - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/schedule-data-refresh-for-workbooks-in-power-bi-for-office-365-HA104180761.aspx. This solution is heavily tied to the Data Management Gateway. I have blogged about it before and you should check this out - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/introduction-to-data-management-gateway-HA104079171.aspx.
• Enterprise Data Search – Several new features that allows to search for data across your organizations and the public internet. This solutions serves of as a foundation for identifying data sources.
• Data Stewardship – This is a role of a person in the organization or organizes data sources, manages data definitions, publishes data assets, etc. There are several administration screens and solutions for them to manage data across the enterprise. For more information, I recommend reading this - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/understanding-the-role-of-data-stewards-in-data-management-HA104079191.aspx. I highly recommend reading through these - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/data-management-experience-in-power-bi-for-office-365-help-HA104079156.aspx.
• Mobile BI – There are apps and web pages rendering support so that reports can be published and accessed across mobile platforms.
• Natural Language Query – I have not dug up an article on this but is a new natural language query capabilities which allows users to ask questions to get answers. Users will enter questions and then Power BI will interpret and generate answers using interactive charts and graphs based on available data.

Frankly I need to spin up on this a little bit more, but wanted to get some quick information out to folks…

Office 365 and Third-Party STS Providers

I have been asked a lot lately how other STS providers could be used to federate authentication with Office 365 instead of using ADFS.

• Here is the listing of third-party STS services that have officially tested with Microsoft - http://technet.microsoft.com/en-us/library/jj679342.aspx.
• For information about Shibboleth Identity Provider with Office 365, please read here - http://technet.microsoft.com/en-us/library/jj205456.aspx. Here is another good whitepaper on AD FS 2.0 Federation with Shibboleth 2 and the InCommon Federation - http://technet.microsoft.com/en-us/library/jj205456.aspx.

Additionally there was an announcement about a new program to get third-party identity providers (STS providers) tested and approved with Office 365 quicker. If you want to get one that you are working approved, recommend to them to read this - http://blogs.office.com/2014/01/30/the-works-with-office-365-identity-program-now-streamlined/.

New Office 265 Multi-Factor Authentication and Roadmap Announcement

There as a big announcement that was publically disclosed recently that Multi-Factor Authentication (MFA) was added to the Office 365 service - http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/. Here is a detailed article about it - http://technet.microsoft.com/en-us/library/dn383636.aspx. This is a really exciting announcement about for MFA, two-factor authentication, 2FA, etc.

However I like to make clear that Office 365 has always been able to support 2FA and this was achievable through configuration of federation with ADFS (or other STS servers). So it is possible to integrated RSA, smart cards, etc. but the policy for third-party 2FA is managed by the customer and enforced through ADFS (or other STS servers). The new Office 365 MFA offering discussed here will be immensely valuable to customers who do not have federated authentication and are using Cloud Based IDs. If you do not know much about Office 365 authentication, I recommend you start with the Service Description and read some of the linked articles - http://technet.microsoft.com/en-us/library/office-365-user-account-management.aspx.

Another important announcement discussed is that Office 2013 client applications “native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business, with a release date planned for later in 2014”. This will work with this new solution Office 365 MFA as well as third-party 2FA solutions that have been implemented on-premise (i.e. RSA, smart cards, etc.).