OneDrive for Business Sync Blocking

There have some features that I have been following closely and very excited to see that they are being introduced into the Office 365 service.

First there is a new announcement about new controls that are being added to OneDrive for Business and SharePoint Online. One of the biggest questions I have had from customers coming to Office 365 is how can document data be controlled such that documents are not synchronized to un-managed devices. Specifically this questions as in reference to the Document Sync capability which allows a user to press the Sync button on a document library that will sync all those files in that document library to a PC (and MACs). A new PowerShell command has been added that will allow administrators to block sync to all unmanaged PCs. I am really excited to see this become available for enterprise customers.

Announcement - https://blogs.office.com/2015/07/16/new-it-management-controls-added-to-onedrive-for-business/

Additionally there were some other announcements / reminders around enterprise control of data.

• Auditing capabilities are being expanded so that administrators can see how documents in OneDrive for Business and SharePoint Online. Now you be able to see download and read events along with a ton of other data points - https://blogs.office.com/2015/07/08/announcing-new-activity-logging-and-reporting-capabilities-for-office-365/.
• Remember that OneDrive for Business and SharePoint Online are integrated into the Office 365 MDM capabilities. So again, documents doing down to mobile devices can be managed through the Office 365 service - https://blogs.office.com/2015/07/21/explore-the-built-in-mobile-device-management-mdm-feature-for-office-365/.

Another new capability that was announced which I found really interesting is that OneDrive for Business can now have quota limits placed on it, just like SharePoint Online or even an Exchange Online mailbox. Why is this important? There are several compliance reasons why I have seen organizations wanting to limit the amount of data storage available to each individual user even though OneDrive for Business has a roadmap to provide unlimited storage. Most commonplace issue is data retention regulations or data storage policies. Even though OneDrive for Business an amazing solution that empowers end users, is it appropriate to store TBs of personnel video and music in a OneDrive for Business site? Depending on the company this may not be appropriate and quotas can be used as a way to control data storage.

As a SharePoint guy, I am super excited to see the features come into the service. I am now seeing concepts for data storage and control becoming consistent across Exchange Online, SharePoint Online and OneDrive for Business. This type of alignment is a key differentiator.

Office 365 Compliance Tools for Non-Microsoft Data

There was a really interesting announcement made for enterprise customers who are using Office 365. One of the biggest differentiators of Office 365 is its focus on provide enterprise ready compliance solutions. Today Office 365 provides rich solutions for retention, archiving, eDiscovery, and Legal Hold across Exchange Online, SharePoint Online, OneDrive for Business, Office Online and Skype for Business online.

So what is new? The Office 365 compliance features can now be used for archiving non-Microsoft data. Once the non-Microsoft data is archived in Office 365, the Office 365 compliance and eDiscovery solutions can be used on that data.

This will be enabled through partner solutions such as Actiance and Globanet. These solutions provide the ability to bring in data from such solutions as Twitter, Facebook, Yammer, LinkedIN, Yahoo messenger, GoogleTask, Cisco Jabber, Box, DropBox, etc. into Office 365. This is available because of the new auto-expanding archives solutions in Office 365. Remember that depending of on the plan purchased each user has unlimited storage in mailboxes. There is an import services that allows organizations to import TBs of data. These partner solutions take advantage of this import service.

Now when your compliance officer can do eDiscovery, retention and hold across Office 365 and all of this other non-Microsoft data. This is very exciting and very empowering.

Announcements

Announcing auto-expanding, highly scalable archives for Office 365 email - https://blogs.office.com/2015/06/03/announcing-auto-expanding-highly-scalable-archives-for-office-365-email/

Announcing archiving for non-Microsoft data in Office 365 - https://blogs.office.com/2015/06/30/announcing-archiving-for-non-microsoft-data-in-office-365/

New Office 365 Compliance Search Feature

Office 365 is adding a new solution called Compliance Search to the Office 365 Compliance Center. What this capability will allow you to do is complete an entire search for data across Office 365 (Exchange Online, SharePoint Online, and OneDrive for Business) without having to use the eDiscovery Center of SharePoint Online or the In-Place eDiscovery in Exchange Online.

Why is this being done? Organizations sometime require the ability to search across all data in Office 365. The new Compliance Search capability will provide organizations a quick solution to start searching for data. If case management is required, then the eDiscovery Center of SharePoint Online or the In-Place eDiscovery in Exchange Online should be utilized.

It is important to note that:

• There are no limits on the number of mailboxes and sites that you can search.
• There are also no limits on the number of searches that can run at the same time.
• There are different limits for eDiscovery Center of SharePoint Online or the In-Place eDiscovery in Exchange Online.
• The new Compliance Center allows for searching across a broad set of data and is not associated to eDiscovery Center of SharePoint Online or the In-Place eDiscovery in Exchange Online.
• Legal Hold and Case Management cannot be initiated from the search results of the Compliance Search. If Legal needs to be applied, you will need to re-query for the data in the eDiscovery Center of SharePoint Online or the In-Place eDiscovery in Exchange Online and then place the items on legal hold. In the public announcement, it states that over the next several months Legal Hold and Case Management will be added into the Compliance Search user experience.

Announcement - https://blogs.office.com/2015/06/17/introducing-compliance-search-in-office-365/

TechNet – detailed information on how to use this new capability - https://technet.microsoft.com/en-US/library/ms.o365.cc.ComplianceSearch.aspx

Office 365 First Release for Specific Users

A while ago Office introduce the First Release program. This was a new solution to allow forward leaning organizations to access new features as quick as possible.

There was a recent announcement that the First Release program was be modified to now allow customers to select specific end users to receive First Release features. This beneficial because new features will not be pushed to the entire organization, it will just be pushed to those users. This will organizations to do some review of these new features with some power users before it pushed to the entire organization. Organizations can customize their change management processes based on this.

It is worth noting that the First Release program is available to Exchange Online, SharePoint Online, Office 365 Nav bar and Office 365 Admin Center today. The First Release program for select users is not available for SharePoint Online.

Remember there are tons of way your organizations can get prepared for change. There is the:

• Public Office 365 Roadmap website
• Office 365 Public and Private Preview Programs
• Notifications through the Office 365 Admin Center
• Review the Office 365 Blog for announcements
• If you are a managed customer through Microsoft Consulting Services (MCS) you can get NDA roadmaps and planning

Announcement - http://blogs.office.com/2015/05/05/manage-change-and-stay-informed-in-office-365/

New OneDrive for Business and OWA Integration

There was an announcement a few days ago that I very happy to see because I have had customers ask for this a lot.

The new feature being added is that from OWA, you now have the ability to save attachments to OneDrive for Business. Yes, I am excited to see this.

This new feature really is starting to unify the full browser experience for customers. A few months ago, Office Online was integrated with OWA so that users can immediately edit Word, Excel and PowerPoint attachments and then send those edits right back to people.

With the new Save to OneDrive for attachments, users can just save their attachments they want to work on right to OneDrive for Business through the browser.

Why is this great to hear?

• If you are a heavy Sync user, the attachment(s) saved to OneDrive will be pushed to all your devices.
• There could be scenarios where you are accessing Office 365 and all you have is a browser. If you want move that file out of OWA and start working with it in OneDrive for Business, you can do that.
• There are scenarios where customers because of their policies turn off the ability to download attachments out of OWA. Having this new capability allows users to be able to continue to work with attachments without having to download a file to an unmanaged device.

Announcement - http://blogs.office.com/2015/05/18/outlook-web-app-onedrive-for-business-just-got-better/

New Unified DLP for Office 365 Coming Soon

At the RSA Security Conference (April 2015) and the Ignite Conference there were some new announcements for the futures of Data Loss Prevention for Office 365.

What is available right now?

There are multiple solutions in Office 365 right now.

• Exchange Online DLP – there is a powerful solution that was released with Exchange 2013. Read more here - https://technet.microsoft.com/en-us/library/exchange-online-message-policy-recovery-and-compliance.aspx
• Outlook 2013 / OWA – There is DLP Policy tips presented to users as they author email.
• AD RMS / Information Rights Management – learn more here - https://technet.microsoft.com/en-us/library/exchange-online-message-policy-recovery-and-compliance.aspx
• Routing Outbound email – Sometimes organizations have additional DLP solutions on-premises and they want to route all outbound email through it - https://technet.microsoft.com/en-us/library/exchange-online-mail-flow.aspx
• SharePoint Online / OneDrive for Business DLP – Last year DLP was added to SharePoint Online and OneDrive for Business. Here is some information on this - https://technet.microsoft.com/en-us/library/b6db338b-522b-44bf-afb7-1de7827691d0#bkmk_DLP

So what is new?

New Unified DLP in Compliance Center

Even with all of this, there is more required and Office 365 is stepping up. Office 365 is planning to provide a comprehensive and unified Data Loss Protection (DLP) solution across Exchange Online, SharePoint Online, OneDrive for Business and Office ProPlus. This new unified experience will allow customers to define a single DLP policy and see consolidated DLP reporting for something like PII across Office 365 workloads, not just Exchange Online. This is super exciting!!!

New SharePoint Online and OneDrive for Business Policy Tips

SharePoint Online and OneDrive for Business had a DLP capability for compliance to find the data, yet there was no policy tip feature. Now a new Policy Tip feature is being introduced that will proactively notify end users they are placing content that violates policy in SharePoint Online and OneDrive for Business.

New SharePoint Online and OneDrive for Business Solutions

The initial release allowed you to find data, the feature set is being enhanced.

In Preview Right Now

• Detect external sharing and apply actions – This is nice because the policy can detect if the SharePoint site itself has permissions given to external users.
• Scope policies to specific locations / sites – This is nice because there may be specific sites where different policy needs to be applied.
• Scanning for document properties – Will check for DLP not just in a file, but in the metadata, that is good to have.
• Block / restrict access to sensitive content – Basically the ability take action on sensitive data once it has been found.
• Customized Policy tips – just mentioned this above.

Additionally there is a phase 3 that is being worked on. It is targeted for H2 CY15 and would include:

• Exceptions for locations / conditions – This will allow you to create a policy and then create exception rules that state a specific site is allowed to have sensitive data.
• Ability to encrypt content as an action – Once a sensitive file is found, an AD RMS policy can then be placed on that data.
• Support for custom classifications and document fingerprinting – This will look at the structure of content.
• Shared by/by member of conditions
• Detect content scanning errors
• Richer content types and more enforcement endpoints

Policy Tips in Office ProPlus

As part of Office 2016, some new user experiences are going to be provided. Users will be notified in real-time in Work, Excel and PowerPoint that users are accessing sensitive content. That is awesome. DLP is being pushed farther down the stack. So if a user opens up a sensitive file from SharePoint Online or OneDrive for Business they will be notified.

Announcement - http://blogs.office.com/2015/04/21/evolving-data-loss-prevention-in-sharepoint-onlineonedrive-for-business-and-office-applications/

Ignite Conference Session - http://channel9.msdn.com/Events/Ignite/2015/BRK3181

Office 365 More Advanced Encryption Coming

There was an announcement that at the RSA Conference (April 2015) that was really interesting. Exchange Online was going to be adding some additional advanced encryption above what is already available today.

Today – There are a lot of good solutions in Exchange Online. There is Rights Management, S/MIME support and Office 365 Message Encryption (OME) which can all be used to encrypt what I call the message payload (the actual email). As well, Microsoft BitLocker drive level encryption has been applied into Exchange Online so data is encrypted at rest. Additionally remember that all data in transit to Office 365 is encrypted.

So what is being added? – On top of the really good encryption and protection, Microsoft is going to make more strides for Exchange Online. Last year, a new file based encryption solution was added for SharePoint Online and OneDrive for Business. This solution encrypts every file stored with its own unique key, and re-encrypts with a new key for subsequent update. There is a lot more to this solution. For Exchange Online, a similar content level encryption solution is be made available by the end of CY 2015.

The announcement also stated that in 2016, customers will be enabled to generate their own keys for this content level encryption across Office 365!

This just adds yet another layer of data protection and encryption demonstrating Office 365’s commitment. Very very very exciting.

Here is the announcement - http://blogs.office.com/2015/04/21/enhancing-transparency-and-control-for-office-365-customers/

Here is a good presentation from the recent Ignite Conference (May 2015) on Encryption solutions available today in Exchange Online - http://channel9.msdn.com/Events/Ignite/2015/BRK3172