Microsoft Viva

I think everyone was surprised by the recent announcement of the new Viva capability.  The announcements state “Today we are announcing Microsoft Viva, the first Employee Experience Platform (EXP) built for the digital era. Viva brings together communications, knowledge, learning, resources, and insights into an integrated employee experience that builds on Microsoft Teams to empower people to be their best, from anywhere.”

When I started to dig into what Viva really is, in Office 365 terms I was super impressed with the vision.  When Microsoft Teams went to market a few years ago, it was solution that brought together many users experiences inside of Office 365.  Previously SharePoint Online, OneDrive for Business and Skype for Business Online were horizonal solutions with level of integration, yet Microsoft Teams brought them together into a single immersive user experience.  I see the same thing with Viva.

Viva is bringing together Microsoft Workplace Analytics and Microsoft MyAnalytics into an immersive experience within Microsoft Teams.  Viva Insights is the next revolution of these capabilities which I would say are being highly under utilized by customers and users.  This brings these capabilities to the forefront.

Additionally solutions like Microsoft AI is being used to create a solution called Viva Topics which will help users share knowledge and connect people with each other in their everyday jobs.

All of these capabilities will be critical in supporting workforces that are transitioning out of offices and into remote work scenarios.  I see tons of potential, and cannot wait to watch this evolve.

References:

https://www.microsoft.com/en-us/microsoft-viva/overview

https://www.microsoft.com/en-us/microsoft-365/blog/2021/02/04/microsoft-viva-empowering-every-employee-for-the-new-digital-age/

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/introducing-microsoft-viva-the-employee-experience-platform-in/ba-p/2111481

Teams Approval App now GA

The Microsoft Approvals App has now gone GA in Microsoft Teams.  This is a simple application that will allow you seek approvals from peers or managers activities and files.  It is totally integrated withing the Teams user experience really need for everyday type of work you do.  Consider giving it a try.

Reference

Approvals in Microsoft Teams, Now Generally Available - Microsoft Tech Community

Microsoft Search and Exchange Online

This week, I had to go into Microsoft Outlook to find an old HR benefit email I had gotten some time ago.  This case, as Microsoft employee get a benefit of free Xbox Game Pass subscription.  I had some old emails on it, and wanted to find the link.  When I found the old emails, none of the links worked because there old.

Then all of a sudden a message came up saying, “Link from your organization”, here is the correct link.  I clicked it, it took me straight to the internal benefit site.  This was awesome and I was totally surprised I did not even know about this feature.

I then did some additional investigation.  I put in some other Microsoft corporate terms into Outlook search and got back tons of other result “Link from your organization” section which gave me links within the Microsoft intranet to webpages that had the information for me.

Well, there was a simple reason for this.  Many folks may not have seen this but Outlook and Office are now integrated with Microsoft Search.  This all started about a year ago.  Basically, whenever you put in a search in Outlook, there is a search in your email however additional resources available to you will be searched.  If you organization has set up Microsoft Search appropriately, you will get items in your mailbox plus items across the organization that you have access to. 

Resources

Microsoft Search | Microsoft Docs

Search in Outlook puts your results on top - Microsoft Tech Community

Enhanced performance, designed for simplicity – the new Outlook for Mac - Microsoft Tech Community

Microsoft Search—cohesive search that intelligently helps you find, discover, command, and navigate - Microsoft 365 Blog

Important Office 365 Security Recommendations

To mitigate threats consistent with the recent security incidents, here are some really good recommendations organizations should consider with regards to Office 365.  Go here - Protecting Microsoft 365 from on-premises attacks - Microsoft Tech Community

There are strongly recommended configurations that customers should be doing moving forward.

Teams Breakout Rooms GA

 This week Teams made a GA release of a new feature called Breakout Rooms.

This new capability gives meeting organizers the ability to create up to 50 breakout rooms.  Meeting participants then transition to the breakout rooms and participants can move between the breakout rooms.  Announcements can be made to each breakout room, and participants can be brought back to the main room.

I see some really interesting tele-work and tele-education scenarios where Teams Breakout Rooms can really help out.  

Announcement

Breakout rooms generally available today in Microsoft Teams - Microsoft Tech Community

Office 365 Secure Score and Azure Sentinel

This is actually really neat.  A new feature of Office 365 Secure Score was released as a Preview release that will allow customer to continuously sending Secure Score reporting to Azure Sentinel (or other third party SIEM).  Tons of customers are looking for way to “monitor” their tenant configuration and react to changes that they view as risky for their organization.

See announcement: Continuously Export Secure Score for Over-Time Tracking and Reporting (Preview) - Microsoft Tech Community

What is Office 365 Secure Score: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score

What is Azure Sentinel: Azure Sentinel – Cloud-native SIEM | Microsoft Azure

Office 365 Access vs Refresh Tokens

I had to provide a short write-up to some folks to help them with the understanding of how Office 365 and Sessions Tokens worked.  Hope this helps.

Access Token Definition

Clients use access tokens to access a protected resource. An access token can be used only for a specific combination of user, client, and resource. Access tokens cannot be revoked and are valid until their expiry. A malicious actor that has obtained an access token can use it for extent of its lifetime. Adjusting the lifetime of an access token is a trade-off between improving system performance and increasing the amount of time that the client retains access after the user’s account is disabled. Improved system performance is achieved by reducing the number of times a client needs to acquire a fresh access token. The default is 1 hour - after 1 hour, the client must use the refresh token to (usually silently) acquire a new refresh token and access token.

Refresh Token Definition

When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires. A refresh token is bound to a combination of user and client. A refresh token can be revoked at any time, and the token's validity is checked every time the token is used. Refresh tokens are reissued every time they are  used to fetch new access tokens.

Access Tokens

• Purpose: Give users access to resources (i.e. Exchange Online, SharePoint Online, Teams).
• Duration: Expire after 1 hour.
• Customer Revoke: Access Tokens cannot be revoked once it has been created.

Refresh Tokens

• Purpose: Alleviate the end user from having to continually input in their credentials and have no context to resources the user is accessing.
• Duration: Expire after 90 days.
• Customer Revoke: Refresh Tokens can be revoked at any time.

Commonality

• Requesting New Token: Whenever a new Access Token is requested, a new Refresh token is also provided to the requesting client (re-starting the 90 day count).
• Evaluation of Conditions: Every time a client presents a Refresh Token to AAD to obtain a new Access Token to resources, AAD Conditional Access will revaluate all conditions defined for the tenant and then provide the client new Refresh and Access Tokens to the client.