I have say, one of the top five questions I am asked by enterprise customers who are coming to the cloud is “how will my bandwidth change”? For large organizations this can be a complex discussion on understanding how the organization accesses the Internet today and how they plan to change with time with the introduction of devices. With many of the organizations I work with, they have very specific controls to ensure that all inbound and outbound traffic is routed through their networks so they can properly inspect the traffic.
With all that said, there was a recent blog created called “Tune and optimize performance of your Office 365 connection” - http://blogs.office.com/2014/10/29/tune-optimize-performance-office-365-connection/. There some good information here if you are trying to figure out what is the bandwidth impact of Office 365 to your organization.
Network Planning and Performance Tuning reference - https://technet.microsoft.com/library/f97c2f06-0426-443d-8a16-d98abb0da252. This TechNet Article has been around for a long time and is updated on a regular basis. I highly recommend organizations read this as part of their evaluation when going to Office 365. Additionally there are calculators for Exchange, Lync and OneDrive for Business that you should review. There are network tools to analyze traffic, along with best practices and network planning activities.
Finally there is a new Microsoft Virtual Academy on Office 365 Performance Management located here - http://www.microsoftvirtualacademy.com/training-courses/office-365-performance-management. There are numerous modules in here with some really good facts. I really liked Module 7 which was a session on best practices on what some consultants have seen. In it they said there is no perfect number that can be determined before a deployment, however the most impact that they have seen is upwards to 20% new traffic and based on your Internet connection methods remote offices will be most impacted. Additionally I liked Module 8 on Configuring Firewall Whitelisting Planning because this is something that comes up a lot with customers whom I work with.
Sunday, January 18, 2015
Friday, December 26, 2014
SharePoint Online Public Website Support Changing
There was a recent announcement that SharePoint Online is changing its support for public websites. I recommend that you read the following support article - http://support2.microsoft.com/kb/3027254
- Customers using public SPO sites today will be supported for next two years.
- Microsoft will be transitioning to third-party solutions. More information will be available in Jan 2015.
Thursday, December 4, 2014
Office 365 GCC FedRAMP ATO
I am a little late on posting this huge news for Microsoft. Microsoft Office365 is the first cloud-based communication (including email) & collaboration service to obtain a FedRAMP Authority to Operation (ATO).
This is significant news based on the hard work we have been doing with US Federal customer to demonstrate our security and compliance.
For more information, please review the following:
This is significant news based on the hard work we have been doing with US Federal customer to demonstrate our security and compliance.
For more information, please review the following:
- https://cloud.cio.gov/fedramp/microsoft
- http://blogs.office.com/2014/11/20/office-365-receives-fedramp-authority-operate-ato-hhs-oig/
- http://www.microsoft.com/en-us/government/blogs/cabine-level-agency-health-and-human-services-joins-other-federal-departments-to-improve-collaboration-productivity/default.aspx#fbid=-dkyTiA9gkE
Tuesday, December 2, 2014
New Office 365 GCC Service Description
There is a brand new service description on the Office 365 Government Community Cloud (GCC) service located here - http://technet.microsoft.com/en-us/library/office-365-government.aspx
There is a lot of good initial detail on the Office 365 GCC service and why Microsoft created this service.
Saturday, November 15, 2014
Office 365 ProPlus Adding Passive Authentication
There has been a change I have been waiting on that. On the Office 365 Public roadmap it is called “Office 2013 client update to support passive authentication using SAML” - http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx.
What is this announcement?
Office 365 ProPlus / Office 2013 will be getting a modification to support 2FA authentication scenarios. This is enabled through the Active Direct Authentication Library (ADAL).
Why is it so important?
There are many customers who require 2FA to authenticate to the Office 365 service. For Office, the Outlook rich client typically comes up a lot because customers want to ensure that users using Outlook use 2FA to receive email. With Outlook today there are scenarios that organizations can implement to ensure there is 2FA with Outlook, however the better long-term solution is to have Office modified to support 2FA directly.
Specifically Office 2013 is changing such that is can support “passive authentication” scenarios in the same way a browser does.
This will enable is a cleaner solution with Office 365 MFA. More importantly it allows for additional support scenarios for organizations who use smart cards (PIV, CaC, etc.) to authenticate to the Office 365 service using the Office 2013 rich client.
What are some facts you should know?
Private Preview Release – Office 365 customers who are in the private preview program can have access to this.
ADAL Authentication – As I mentioned earlier, Office 2013 will be adopting passive authentication in the same way a browser authenticates. If you have AD FS implemented with Office 365, the user will authenticate through that federated trust relationship with Office 365. If you organization requires a second form factor (2FA) for authentication, the user will be required to provide it. A nice side effect of this is Outlook no longer needs to have direct access to the user’s password. Please read this blog for more details on the authentication process - http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx.
What Clients are impacted? - Word 2013, Excel 2013, PowerPoint 2013, Lync 2013, Outlook 2013, Publisher 2013, Visio 2013, Access 2013, Project 2013 and OneDrive for Business Sync Client.
Will this work with AD FS Only? – Please review information about other STS providers: http://blogs.office.com/2014/01/30/the-works-with-office-365-identity-program-now-streamlined/ and http://technet.microsoft.com/en-us/library/jj679342.aspx
Office 2010 Support? – No. This solution is for Office 2013 and Office 365 ProPlus.
References
New Announcement – Office 2013 update for SAML and 2FA Auth - http://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/
Original Announcement - http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/
SAML 2.0 Announcement - http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
Outlook Connectivity with MAPI over HTTP Announcement - http://blogs.technet.com/b/exchange/archive/2014/05/09/outlook-connectivity-with-mapi-over-http.aspx
Skype for Business Announcement
There was a big announcement this week that Lync is being rebranded as Skype for Business. Please review the following announcement for the exact details - http://blogs.office.com/2014/11/11/introducing-skype-business/.
What are my takeaways?
- In H1, Lync will transition its brand to Skype for Business.
- Skype for Business will be available through Office 365 and/or customers can deploy Skype for Business on-premises. Customers who have Lync on-premises today, “No new hardware is required” is required to support this transition.
- The user experience will begin to merge such that Skype for Business has a similar experience to Skype.
This is very similar and consistent change that Microsoft did to OneDrive and OneDrive for Business brands. These are very similar solution offerings however there is a different offering for consumers and business. As a result of this change there is a pretty common user experience between OneDrive and OneDrive for Business. OneDrive and OneDrive for Business are not the same implement. OneDrive for Business is specific to Office 365 only. OneDrive for Business has enhanced features to support enterprise business scenarios (supported through SharePoint Online). Customers who are 100% on-premises still have the ability to deploy OneDrive for Business within their SharePoint 2013 on-premises deployments.
Current Office 365 Encryption Solutions
The question comes up a lot on is does Office 365 support encryption? The answer is Yes and there are lots of encryption solutions implemented.
A great resource that you should always start at is the Office 365 Trust Center - http://trust.office365.com. You should also review the Office 365 Security Whitepaper located here - http://www.microsoft.com/en-us/download/details.aspx?id=26552.
I usually break this down into a couple different views. Encryption in Transit, Encryption at Rest and Payload Encryption.
Encryption in Transit
All Office 365 traffic / data is encrypted in using SSL/TLS to client machines connecting to the service. Read about this in the Office 365 Security Whitepaper.
Encryption at Rest
BitLocker has been deployed to encrypt data at rest inside of Office 365.
Additionally for OneDrive for Business and SharePoint Online a new file based encryption solution has been implemented. Read about both of theses in the Office 365 Security Whitepaper.
Payload Encryption
There are additional solutions that customers can choose to utilize with Office 365 to encrypt data.
S/MIME was actually the original intent of why I was writing this blog; but I figured it was worth communicating that encryption is more than just S/MIME. S/MIME encryption of email is supported with Office 365. Please review these two article for more information: http://blogs.office.com/2014/02/26/smime-encryption-now-in-office-365/ and http://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx.
UPDATE 1/2/2015 - Shortly after I wrote this blog, a really good article was created here - http://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx
Rights Management Service (RMS) is supported as well. Office 365 supports both Windows RMS or Azure RMS. You can use RMS is a great solution to assist with DLP for email and documents. You have the ability to create policy to encrypt data. For SharePoint Online please review the Service Description here - https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c?ui=en-US&rs=en-US&ad=US. For Exchange Online please review http://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx.
Office 365 Message Encryption (OME) is another solution that is available to you. This is another solution provided that allows you administrators to create policy to encrypt data that is leaving the organization. For detailed information, please review this - http://technet.microsoft.com/library/dn569286.aspx.
Additionally in Exchange Online Protection (EOP) you have the ability to enforce Transport Layer Security (TLS) for SMTP messages to partners. For more information, please review the following - http://technet.microsoft.com/en-us/library/jj723154(v=exchg.150).aspx.
A great resource that you should always start at is the Office 365 Trust Center - http://trust.office365.com. You should also review the Office 365 Security Whitepaper located here - http://www.microsoft.com/en-us/download/details.aspx?id=26552.
I usually break this down into a couple different views. Encryption in Transit, Encryption at Rest and Payload Encryption.
Encryption in Transit
All Office 365 traffic / data is encrypted in using SSL/TLS to client machines connecting to the service. Read about this in the Office 365 Security Whitepaper.
Encryption at Rest
BitLocker has been deployed to encrypt data at rest inside of Office 365.
Additionally for OneDrive for Business and SharePoint Online a new file based encryption solution has been implemented. Read about both of theses in the Office 365 Security Whitepaper.
Payload Encryption
There are additional solutions that customers can choose to utilize with Office 365 to encrypt data.
S/MIME was actually the original intent of why I was writing this blog; but I figured it was worth communicating that encryption is more than just S/MIME. S/MIME encryption of email is supported with Office 365. Please review these two article for more information: http://blogs.office.com/2014/02/26/smime-encryption-now-in-office-365/ and http://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx.
UPDATE 1/2/2015 - Shortly after I wrote this blog, a really good article was created here - http://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx
Rights Management Service (RMS) is supported as well. Office 365 supports both Windows RMS or Azure RMS. You can use RMS is a great solution to assist with DLP for email and documents. You have the ability to create policy to encrypt data. For SharePoint Online please review the Service Description here - https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c?ui=en-US&rs=en-US&ad=US. For Exchange Online please review http://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx.
Office 365 Message Encryption (OME) is another solution that is available to you. This is another solution provided that allows you administrators to create policy to encrypt data that is leaving the organization. For detailed information, please review this - http://technet.microsoft.com/library/dn569286.aspx.
Additionally in Exchange Online Protection (EOP) you have the ability to enforce Transport Layer Security (TLS) for SMTP messages to partners. For more information, please review the following - http://technet.microsoft.com/en-us/library/jj723154(v=exchg.150).aspx.
Subscribe to:
Posts (Atom)
Posts
