Get to know the new Microsoft SharePoint Migration Tool:

TOOL.png

For many years SharePoint Migration has been a very challenging task for all the SharePoint professionals as it really requires a lot planning, assessment and careful implementation to ensure that the data remains secure and it doesn’t gets missed during the migration.

While the migration between SharePoint on-premises environment is really straight forward where you need to follow the content database detach/attach or content database copy/restore method, that was not the case while migrating the data from on-premises to Office 365 (i.e. SharePoint Online). You had to depend on many third-party tools such as AvePoint, Sharegate and Metalogix etc. to do this and these tools were indeed very costly to afford. Microsoft recently introduced the Migration API that takes advantage of Azure Blob storage which was quite convincing to use but required a lot of manual effort and even using that you couldn’t perform a migration at the site collection level. So, with all these challenges/uncertainties revolving around SharePoint on-premises to SharePoint online migration, Microsoft has announced the release of its own native Migration tool on Ignite last week. This tool is in beta version for now and is available for the public to download and explore from this link below.

Download link: _ https://hrcppestorageprod.blob.core.windows.net/migrationtool/default.htm

The best part about this tool is, it’s free and you don’t need to be a global admin or a SharePoint admin in Office 365 to use this. All you need is a write access to the destination SharePoint Online site collection and you can use this tool to migrate your data.

Alright, now let’s dive bit deeper and see how to make use of this tool and what are the features we get with this tool that can help to streamline the migration process.

How to use the Microsoft SharePoint Migration Tool?  

1.To begin with, please use the link below to download and install the Microsoft SharePoint migration tool as shown in the image below.

Download link: _ https://hrcppestorageprod.blob.core.windows.net/migrationtool/default.htm

1.PNG

2.Once done click on “Install “on the next screen as shown in the image below.

2.PNG

3. This should start to download and install the tool as shown in the image below.

3.PNG

4. After downloading and installing the tool, you would get the below screen. Please go ahead and click on next.

4

5. You would be prompted for your Office 365 credentials, please go ahead and sign-in with your Office 365 username and password.

6.PNG

6. Once done entering your credentials, please click on sign-in as shown in the image below.

7.PNG

7. After you have successfully signed-in to the tool, you would be seeing three options asking where is your source data as shown in the image below.

8

8. In this example, I wanted to migrate the data from a “File Share” to a “SharePoint Online site” and hence I’m choosing File Share as the source as shown in the image below and it asks me to choose the folder.

9.PNG

9. Once done choosing the file share path, please go ahead and click on next as shown in the image below.

10

10. So, once you’re done choosing the source path you would be prompted to choose the destination SharePoint site as shown in the image below. Please specify the site URL and also the document library to where you need to move your content.

11

Note: Please make sure that you have site collection admin access to the target site because only then it would retrieve the document libraries in the drop-down

11. Once done adding both the source and destination, please go ahead and click on add and the tool will add this to the list of tasks as shown in the image below.

13.PNG

12. So as shown in the image below, you can see the list of tasks added for migration and if required you can add few more tasks as well.

Note: The tasks that you add here can be of different types (meaning, you can add a task for migrating contents from a file share to a SharePoint Online site and the second one can be to migrate data from a SharePoint on-premises site to a SharePoint Online site and the third one can be a bulk migration task using a CSV file)

15

  1. You can also use the pause button if required to pause the migration process as shown in the image below.

18.PNG

14. Once you click on the “Migrate” button you can notice that the migration process has started as shown in the image below.

19

15. Finally, once the migration is completed you can check the completion status as shown in the image below. In addition to that you can also click on the “Open report” button to get the migration reports.

20

16. Once you click on the “Open report” button the windows explorer will open the below mentioned folder structure from where you can access the migration reports.

23.PNG

26

17. This is how the contents in the report would look like.

21

22

  1. Finally, you can check the document library in the destination SharePoint Online site to confirm whether the files have been migrated successfully .In my case please see the image below which confirms that the files have been migrated successfully.

24

 

19. So in the above example I showed you how to perform a migration using this tool from a file share to a SharePoint online site. Similarly, you can do the same for migrating the files from a SharePoint on-premises site to a SharePoint online site. However, before doing so please check and ensure that you have site collection access on both the source and destination. Finally, you can plan bulk migration tasks using the CSV file option. I’ll discuss in detail about that in a different article very soon .

What happens behind the scenes while using the Microsoft SharePoint Migration Tool?

Well, just in case if you’re interested to know what happens behind the screen while using the tool the steps below should give you an overview about that.

On a high level this is what happens,

  1. You enter your Office 365 credentials to authenticate yourself.
  2. Then you get prompted to enter the source (i.e. File Share or SharePoint on-premises site URL or the CSV file for bulk migration) and the destination SharePoint Online site where you want to migrate the files.
  3. Once you’re done specifying the details and click on the migrate button , the tools takes care of scanning , packaging , uploading and importing the files and all these tasks are performed in parallel across all the files submitted for migration .

Let’s dig bit further and see what happens at each stage …

On the Authentication stage:

After opening the tool, the first thing we must do is authenticate to the destination SPO site (i.e. the tenant where you will be migrating your files) by providing your username and password .By doing so the tool associates the migration jobs with your account.  This allows you to resume your migration from another computer if needed by logging in with the same credentials. This account should be a site collection administrator of the destination where you want to migrate the files.

On the Scanning stage:

Once you click on the “Migrate” button, a scan is performed on every file. Please note that a scan is always performed; even if you elect to not migrate your files (see Advanced Settings). The scan verifies that there is access to the data source and write access to the SharePoint Online destination. It also scans the file for known potential issues and risks.

On the packaging stage:

On the packaging stage, a content package is created that contains a manifest consisting of 8 XMLs.

On the uploading stage:

On the uploading stage, the content package is uploaded to Azure with the manifest. Before a migration job can be accepted from a SPO provided Azure container, the data is encrypted at rest using the AES CBC 256 standard. The files are encrypted along with the manifest files.

On the importing stage:

On the importing stage, the key is provided to SPO SAS. Only Azure and SPO are interacting to fetch and migrate the content into the destination. This process is a timer job based, but does not prevent other jobs from being queued up. During the import, a report is created in the working folder and live updates are made. After the migration job is completed, the log is stored in the Azure container and a final report is created. A log is stored in each Manifest Container.

Recommendations for using the Microsoft SharePoint Migration Tool:

For best performance:

CPU 64-bit Quad core processor or better
RAM 16 GB
Local Storage SSD : 150 GB free space
Network card 1 Gps
Operating System Windows Server 2012 R2 or Windows 10 client

.NET Framework 4.6.2

 

For slow performance:

CPU 64-bit 1.4 GHz 2-core processor or better
RAM 8 GB
Local Storage Hard disk: 150 GB free space
Network card High speed internet connection
Operating System Windows Server 2008 R2, Windows 7 updated or better

.NET Framework 4.6.2

Impact on the file permissions when it’s migrated:

The user permission would be retained to the cloud provided that the user accounts are synced to Azure AD using AAD Connect tool and the users have SharePoint Online licenses assigned to them.

The below mentioned table should give you an overview about how the user permissions are mapped when a user is synced to Azure AD and when he/she is not synced:

 

User sync status File Share SharePoint on-prem files
User mapped between on-premises and SPO (using AAD Connect tool  or a user mapping file provided) There are only two types of permissions that will be migrated; Read and Write.

 

If a file has Write permission for user1, then the file will be set to Contribute for user1 in SPO. If a file has Read permission for user1, then the file will be set to Read for user1 in SPO.

 

Note: At this time, the special permissions, such as Deny, will not be saved.

All the unique permissions on a file will be migrated to SPO.  Inherited permissions will not be migrated.
No user mapping (not-synced, no user mapping file) Files will be assigned the default permission of the location to which it has been migrated in SPO. Files will be assigned the default permission of the location to which it has been migrated in SPO.

Behavior of the tool when you choose SharePoint on-premises and File Share:

SharePoint on-premises: If you select the SharePoint on-premises option, you will be asked to enter the name of the SharePoint Server site where your files are located and prompted for your credentials for that site. You will indicate what document library you wish to migrate.

Note: As of now the tool only supports SharePoint 2013

File Share: If you select the File share option, you will be asked to enter the location of the file share, the URL of the SharePoint Online site and document library where they will be moved.

Advanced settings in the Microsoft SharePoint Migration Tool:

Use the advanced settings option in the tool you can perform the below mentioned tasks as well.

In order to make use of the “Advanced settings” option on the SharePoint Migration Tool, please make use of the gear icon on the window where you see the “Migrate” button after specifying the source and destination as shown in the image below.

27.PNG

29.PNG

Setting Description
Only perform scanning If you wish to scan the files as a pre-assessment to migration, turn Only perform scanning on.
Enable incremental migration By setting enable incremental migration to On, it lets you rerun the migration jobs at a later date, migrating only the changes or additions since the previous run.

 

Important: If you wish to be able to submit this job again for incremental migration, this setting must be set to On before the initial migration job is submitted.

Migrate file version history If set to No, only the most recent version of the file will be migrated. If set to Yes, you can choose whether to keep all versions, or limit it to a specific number.
Do not migrate hidden files If set to On, hidden system files will not be migrated.
Do not migrate files created before If you choose to limit what files are migration based on creation date, set your values in this section. This may be to limit the number of files migrated or to adhere to overall company governance policy regarding file retention.
Do not migrate files modified before If you choose to limit what files are migration based on modified date, set your values in this section. This may be to limit the number of files migrated or to adhere to overall company governance policy regarding file retention.
Do not migrate files with these extensions To prevent certain file types from migrating, list each extension, separating it with a vertical bar. For example, mp4|avi|mkv. Do not include the leading “.” before the extension name
Do not migrate files and folders with invalid characters By default, the setting is set to Off. This is the recommended setting. The tool will attempt to move all the files without filtering on characters. If any file can’t be accepted into SPO, a failure message will be generated for that file.

 

If set to On, the tool will skip any potential special characters. While this can improve performance when the source potentially contains a high number of files containing invalid characters, it also has drawbacks. To prevent malicious activities, source packages that generate more than 100 errors to the destination server will be blocked. As a result, all valid files in that package would also be blocked.

Active Azure Directory lookup By default, this is set to On. If no User mapping file is provided by the user, then Active Azure Directory is used as the default for user mapping.
Preserve user permissions By default, this is set to On. If set to Off, no permissions will be preserved.
User mapping file By default, Azure AD lookup is used to map users when submitting migration jobs. If you wish to use your own mapping file, select the file to be used by clicking Choose file. If you choose to use a custom user mapping file and you want to preserve user permissions, turn off Active Azure Directory lookup. By doing so if a user isn’t found in the mapping file, the tool won’t look in up in AAD.
SharePoint Migration Tool work folder By default, a temp folder will be created. If you wish to specify a specific working folder, enter the name here.
Use custom Azure storage If you wish to use your own Azure storage, set this value to On.

 

If you choose to turn on, additional fields will display to enter your account and key, and settings to select if you want to enable or disable encryption, and whether temporary files are deleted when migration is complete.

Conclusion:

The Microsoft SharePoint Migration tool in indeed a powerful and free to use tool. As of now the product is in beta version and Microsoft is continuously working on enhancing the tool by adding many cool features which you normally get to see on any third party migration tool such as Sharegate , Metalogix or AvePoint . You can even plan a migration of terabytes of data by using this tool so that your users can start taking advantage of the cool features in cloud. Last but not least, given the features and simplicity of this tool, this is definitely a must have tool for every SharePoint Admin out there.

You can also read this article on the Hubfly blog site too by going through the link below and very soon I’ll be making a  demo video on the Microsoft SharePoint migration tool which would be avaialble on the Hubfly blogsite .

Please subscribe to the Hubfly blogsite for many cool articles on SharePoint & Office 365 .

Here’s the link : http://www.hubfly.com/blog/migration/microsoft-sharepoint-migration-tool-step-by-step-walkthrough/

Good luck with the Microsoft SharePoint Migration Tool….Happy SharePointing!!!

 

Advertisements

Purchasing a new service to your Office 365 tenant:

1

This is going to be a very simple article where I’ll be describing about how to add a new service to your Office 365 tenant. Let’s say there comes a scenario where your organization has been using Office 365 for quite some time and all of a sudden, the business shows interest on a new Office 365 service then you need to follow the steps mentioned in this article below to purchase that new service for your existing Office 365 tenant. Alright, let’s get started….

Note: Please ensure that you have global admin access in your tenant to perform these steps.

  1. Sign into the Office 365 admin center and navigate to the “Billing “section as shown in the image below.

2.png

2. Under the billing section, please click on the “Purchase services” option as shown in the image below.

3.png

3. Once you click on the “Purchase service “option it will take you to a page where you can see the list of services that’s available for you to purchase as shown in the image below.

4.png

4. Choose the one that you’re looking for, you can either go for a trial subscription or purchase it completely. In my case I’ve chosen the “Enterprise Mobility + Security E5 “service as shown in the image below.

5.png

5. Once done it will take you to the screen where it says “Try now “, please click on it as shown in the image below.

6

6. After that you would be taken to the Order receipt page where you can see your confirmation number as well as your Order details. Please review it and click on Continue as shown in the image below.

7.png

7. So, this concludes the process of purchasing a new service, you can validate this by going to the “Subscriptions “section under the “Billing “category in the Office 365 admin center as shown in the image below. You should be able to see the service that already existed and the one you purchased now.

8.png

8. In addition to that you can also run the “Get-MsolAccountSku “command to verify it.

9

 

 

Thanks for reading this post …..Good luck with Office 365 !!!

User guide to enroll your iOS Device with Microsoft Intune and to configure your Outlook mobile app

31.png

If your company or school uses Microsoft Intune for Mobile Device Management and Mobile application management, you can enroll your iOS device to get access to company email, files, and other resources. When you enroll your devices, your IT department can manage the resources, keep them secure, and give you the freedom to use your preferred device to get your work done.

The steps mentioned below should be followed by all users who hold an Apple device to enroll their iPhone/iPad with Microsoft Intune so that your device can be managed by Microsoft Intune.

Note:

  • Please make sure that your device has a good Wi-Fi connectivity or a good 3G/4G connection before doing the below mentioned steps.
  • Please ensure that your iOS version is not less than 8.0

Detailed steps:

  1. Open the App Store and search for Microsoft Intune company portal app as shown in the image below.

1

  1. Download and install the Microsoft Intune Company Portal app. Once done you should be able to see it in your Apple device home screen as shown in the image below.

2.jpg

3. Open the Intune company portal app and sign in with your Office 365 UPN address as shown in the image below.

3

  1. Enter your Office 365 UPN password as well as shown in the image below.

4

5. Once done you would be redirected to the Company Access setup page as shown in the image below.

5

6. Click on Begin on the top right corner of the screen and this will start preparing your portal as shown in the image below.

6

7. You would be taken to a screen which describes why you need to enroll your device , you can go through the guidelines if required and click on continue as shown in the image below.

7

8.The next screen will tell you what can be viewed by your IT Admin once the device has been enrolled with Intune and what cannot be viewed by the IT Admin. You can go through all the details if you’re concerned about your privacy and click on continue.

8

9. Now the next screen will ask you to click on “Enroll” to enroll your device with Intune, please go ahead and click on Enroll.

9.jpg

  1. Once done the next screen will prompt your for Multi-Factor Authentication which is nothing but an extra layer of security just to ensure that your connection is legitimate.

10.jpg

11. Based on which option you chose above you would either get a text message or a phone call with a passcode, please go ahead and enter the code correctly and click on next as shown in the image below.

11.jpg

12. Once done the device enrollment process will start and you would see the below mentioned screen.

12.jpg

13. After that would get the below mentioned screen asking you to install the profile for Mobile Device management, please go ahead and click on install as shown in the image below .

13.jpg

14. You would also get the installation prompt in the next few screens, please go ahead and click on install on the next screens. Once done if you already have a passcode for your device it would prompt for that, please key-in that passcode as shown in the image below .

30.jpg

15. On the next screen you would be asked if you trust this profile for Mobile device management, please go ahead and click on Trust as shown in the image below.

14

16. You would be taken to the certificate enrollment process in the next screen as shown in the image below.

15.jpg

17. Once done you would be taken to the below mentioned screen asking you to open the Company portal app as shown in the image below. Please go ahead and click on open.

16

18. After that’s completed you would get the below screen where you can notice that the portal is getting prepared.

17

19. You would get the below mentioned screen post that, please go ahead and click on install as shown in the image below.

18.jpg

20. The next screen will ask you to choose your device category, please go ahead and choose the correct option. In my case I’ve chosen “personal-owned device “ as I’m enrolling my personal iPhone with Intune .

19

21. Once done you would be prompted to change your passcode as shown in the image below, please go ahead and change it and confirm it once again as shown in the image below.

 

Note: Please make sure that you don’t forgot your passcode

20.jpg

22. After confirming the passcode, you would be taken to the below mentioned screen which confirms that your device has been successfully enrolled with Intune.

21.jpg

22.jpg

23.  Now go back to home screen in your iPhone and open the Intune company portal app .You can check the list of apps which are available for download from company portal app as shown in the image below.

23

24. Now you can search for the “Outlook” mobile app in the portal and install it as shown in the image below.

Note: If you’re IT admin has configured a policy in Intune such that you should only be using the Outlook mobile app that’s available in the Intune Company portal to configure your emails, then you won’t be able to download and use the Outlook mobile app that’s available in the App store. This is part of Mobile application management in Intune. In addition to that you won’t be able to do the below mentioned things based on the policies which your IT admin has enforced.

  1. A user tries to copy the content from his Office 365 mailbox and tries to paste it in his personal email account (i.e. Gmail, Hotmail etc..) and Intune restricts it.
  2. ii) A user tries to download an attachment from his Office 365 mailbox and tries to save it to his Drop box or personal OneDrive and Intune restricts it.

Please go through the link below to know more about the MAM policies in Intune :_ https://docs.microsoft.com/en-us/intune-classic/deploy-use/configure-and-deploy-mobile-application-management-policies-in-the-microsoft-intune-console

24.jpg

25. Once you’re done installing the “Outlook” mobile app from the Intune company portal, please go back to the home screen and open the “Outlook” app as shown in the image below.

25.jpg

26. Open the Outlook mobile app, you would be prompted to choose the email account which you want to setup. In my case it prompts to either add both my Office 365 email account as well as my Hotmail account. I’ve chosen to configure Office 365 email account only as shown in the image below. In your case you might only see your Office 365 email account.

Note: Even if you have added your Hotmail account , Intune will take care of only your Office 365 mail address and not your Hotmail account .

26.jpg

  1. Once you’ve chosen your Office 365 email account, please give it some time and your mailbox will start downloading all the emails, contacts and meetings etc. as shown in the image below.

28.jpg

28. You can also use some cool features like @mentions and focused inbox in Office 365 as shown in the image below.

29.jpg

29. In addition to this you can also remotely manage your mobile device from your laptop or PC once it’s enrolled with Intune by accessing the Intune Company portal site. In order to do that, please login to the below mentioned URL using your Office 365 UPN address and password.

https://portal.manage.microsoft.com/

30 .Once done you should be able to see your Apple device which has been enrolled with Intune as shown in the image below.

30.png

31. You can rename, remove, reset the passcode as well as remotely lock your device from your laptop/PC from here. So if you ever encounter a scenario where your device has been lost/stolen you can remotely wipe if from here.

Thanks for reading this post!!!  Good luck with Intune.

 

Recording of my Webinar on SharePoint Online Communication Sites:

Webinar logo

Webinar Recording :_ https://youtu.be/rmpdFA0XiAg

Link to the PPT Slides :_ https://www.slideshare.net/VigneshGanesanMCPMCI/overview-of-communication-sites-in-sharepoint-online

Please keep checking my blog site for more webinars and useful articles .

Webinar on SharePoint Online Communication Sites

Hi All,

Please join us for a webinar on August 12th,2017 at 6:00 pm IST on ” Overview of Communication Sites in SharePoint Online” .

WEBINAR

Agenda:

  1. Introduction to Communication sites in SharePoint Online​

2. Different designs and what’s inside a communication site?​

3. Demo on creating Communication sites​

4. Demo on Customizing Communication sites​

5. Benefits of using Communication sites​

6. What’s lacking in Communication sites?

We’ll be discussing in detail about SharePoint Online Communication Sites and all it’s new features and functionalities.

Webinar details : http://www.c-sharpcorner.com/events/overview-of-communication-sites-in-sharepoint-online

Get to know Microsoft 365:

e1.pngYep you read it correctly, it’s not Microsoft Office 365 and its Microsoft 365. Well by saying so I didn’t mean that Microsoft Office 365 is going away or it’s getting renamed as Microsoft 365. This is a new service which was introduced by Satya Nadella 2 days back on Microsoft Inspire which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees. I’m sure most of you would have already read about this today and if not please take a moment in reading this article where I’ve explained in detail about Microsoft 365 and what are the services it delivers and how it can enhance your business.

  1. What is Microsoft 365?

Well as I already mentioned above this is a new service which was introduced by Microsoft two days back which brings together Office 365, Windows 10 and Enterprise Mobility + Security.

  1. Is this something new or was this service already present?

To be very precise, this isn’t something new and in fact this is the successor of the most successful service , “Secure Productive Enterprise” which was introduced by Microsoft on October 2016 .

e2.png

  1. What happens to Secure Productive Service now?

Moving further, Secure Productive Service would be replaced by Microsoft 365.

  1. Do we have different flavors in Microsoft 365 as well like Secure Productive Enterprise?

Yes, we have two flavors in Microsoft 365, 1. Microsoft 365 Business which is meant for small organizations and 2. Microsoft 365 Enterprise which is meant for large organizations

  1. What are these two flavors meant for and how can they enhance my business?

Microsoft 365 Enterprise:

  1. Unlocks creativity by enabling people to work naturally with ink, voice and touch, all backed by tools that utilize AI and machine learning.
  2. Provides the broadest and deepest set of apps and services with a universal toolkit for teamwork, giving people flexibility and choice in how they connect, share and communicate.
  3. Simplifies IT by unifying management across users, devices, apps and services.
  4. Helps safeguard customer data, company data and intellectual property with built-in, intelligent security.

Microsoft 365 Business:

  1. Helps companies achieve more together by better connecting employees, customers and suppliers.
  2. Empowers employees to get work done from anywhere, on any device.
  3. Protects company data across devices with always-on security.
  4. Simplifies the set-up and management of employee devices and services with a single IT console.
  5. How about the plans for Microsoft 365?

Microsoft 365 Enterprise is available in two plans, E3 and E5

  1. When would Microsoft 365 be made available for the public?

Microsoft 365 Enterprise will be available for purchase from August 1st, 2017 onwards. You get to purchase both the plans (E3 & E5)

Microsoft 365 Business will be available in public preview on August 2nd, 2017. It will become generally available on a worldwide basis in the fall of 2017, priced at US $20 per user, per month.

  1. How do I get to know more about the services and features available in both the flavors of Microsoft 365 ?

        Please go through the links below to know more about the features and services available in both the flavors.

For Business: _ https://www.microsoft.com/en-us/microsoft-365/business

For Enterprise: _ https://www.microsoft.com/en-us/microsoft-365/enterprise

Thanks for reading the post. Good luck with Microsoft 365.

 

PowerShell to on-board list of users to Office 365 and assign them Office 365 licenses:

1.jpgOffice 365 is a SaaS platform which is  being used by many organizations these days and it becomes quite hard for IT administrators to on-board their users to Office 365 manually .Of course , this may not be the case when your user identities gets synced to Azure AD from on-premises AD using AAD connect tool .However, if you’re one of the organizations who totally buried all your IT infrastructure implementation and decided to go with a Cloud implementation completely then possibilities are such that you as an IT administrator should take care of on-boarding your users to Azure AD .As we all know , this is indeed quite a time consuming task if we have to do it manually and then assign the appropriate licenses to all the users . So, to surpass all those manual effort, I’ve put together this PowerShell script which will do the magic for you. Alright, let’s get into the details ….

1.Sign-in to your Office 365 admin center using your global admin account and navigate to the “Active users” section as shown in the image below.

2.png

2.At this moment, you might see only the user account which was used to set-up the Office 365 tenant.

Note: In my case, you might see 3 users as I manually created them using the “Add a user “option.

3.Create a CSV file which has the details of all your users by following the guidelines mentioned in this article. The below mentioned screenshot depicts the CSV file which I’ve prepared which has the list of all my users.

3.png

4. Once done, please login to the PowerShell window and type the below mentioned command as shown in the image below. This will tell you the type of license that your tenant is using and how many licenses have been utilized till now.

4

Note : In my case you can notice that my tenant is on  Office 365 E5 Enterprise E5 plan +EMS  (Enterprise Mobility ) and it also displays how many licenses have been consumed till now .

5. Prior to running the above command, please ensure that you’re connected to your Office 365 tenant via PowerShell, if not please follow the below article to do that first.

https://technet.microsoft.com/library/dn975125.aspx

6. Now, let’s specify the required variables for the PowerShell script.

$UsersToAdd = Import-Csv C:\Users\Vignesh\Documents\Import_User_Sample_en.csv

$LicenseToAdd = “sptech80:ENTERPRISEPREMIUM” à This information can be grabbed from the Get-MsolAccountSKU command which we ran in the above step.

$UsageLocation = “US”

$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $LicenseToAdd

5

7.Once you’re done specifying the required variables, please go ahead and run the below mentioned PowerShell command as shown in the image.

$UsersToAdd | ForEach-Object {

New-MsolUser –UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName

Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation

Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $LicenseToAdd -LicenseOptions $LicenseOptions

}

6.png

8.You may notice that your users are getting created after running the script as shown in the image above and the licensing tab might display the status as “False”. That’s due to the time taken for the script to reflect the licensing details as it first creates the user and then assigns the license to the user’s account. This is quite normal and hence you don’t need to panic about the “isLicensed” column

9. You can verify the status of the users as well as the licenses assigned to them by running the “Get-MsolUser” command. This time it should display the licensing details correctly.

10. Additionally, you can also navigate to the “Active users” section to verify the same.

8.png

Thanks for reading this post ….Good luck with Office 365 !!!

What is Secure Score in Office 365?

Secure-Keyboard-Hero

This post is on a new service which was introduced by Microsoft couple of months back called as “Office 365 Secure Score “. If you’ve ever wondered how secure your Office 365 tenant really is, then it’s time about time now to stop wondering because we have “Secure Score “now to take care of that. So, what’s this new service called as Office 365 secure score? What does it do? How do I make use of it? …. Well, I’m going to answer all those questions that you have in your mind about Office 365 secure score in this article and you will also learn about how to make use of this service to enhance your business with Office 365. Alright, let’s get started …. Shall we?

What is Office 365 secure score?

This is how Microsoft defines Office 365 secure score … “The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk “. To put it in very simple words, it’s a tool that runs on the background and checks the security standards of all the service used by you as an organization (i.e. SharePoint Online, Exchange Online, Skype for Business Online, Azure AD etc. …) and assigns a credit score.

What’ the idea behind Office 365 secure score?

The approach by Microsoft to this experience was very simple. First, they created a full inventory of all the security configurations and behaviors that customers can do to mitigate risks to their data in Office 365 (there are about 77 such things in total). Then, they evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk. Lastly, they measured the extent to which the service has adopted the recommended controls, add up the points, and present it as a single score.

How to use Office 365 secure score?  

  1. The first thing you would notice once you login to the secure score portal is the welcome screen (check the screenshot below) which gives you a small definition about Office 365 secure score. In the below mentioned screenshot I’ve logged into the secure score portal of my Office 365 tenant by accessing this URL (i.e. https://securescore.office.com/ ) and I get this screen which gives me a welcome message about Office 365 secure score.

1.PNG

Note: If you already logged into your tenant you can directly access the Secure Score URL which I mentioned above and it will allow you inside the portal without prompting for your credentials once again.

2. Once you read all the welcome messages about Secure score you will get two different tabs as shown in the image below.

                    i)Dashboard.

                   ii )Score Analyzer.

2

3. The first tab which says “Dashboard” is where you get to see the secure score summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity. The below mentioned screenshot depicts the secure score summary of my Office 365 tenant where I’ve scored 61 out of 344 as on May 27, 2017.

14.PNG

4. The next section on the “Dashboard” tab after the “Secure score summary” section would be the section which tells how to improve your score. It gives you the targeted score that you can achieve for your tenant and lists out the action items to improve your score. You can make use of the slider to preview your improved score as shown in the image below.

15.PNG

5. The next section will list out all the pending action items that I’m supposed to complete to achieve the maximum score.

4

6. Now, let’s look at few pending action items to see what it means and how it would impact my Secure score in Office 365.

i) Designate less than 5 global admins:

16.PNG

This one says that I should designate less than 5 global administrators for Office 365 tenant and in my case, I’ve breached it by making it as 6. Hence, it’ asking me to correct it and it also gives me an overview about the score I would get by doing so.

ii) Enable MFA for all global admins:

17.PNG

This one says that I have to enable Multi factor authentication for all my 6 global admin accounts as none of accounts have that enabled and this is considered to be a security breach. It also tells me that I can achieve a score of 50 by doing so.

7) The next section under the “Dashboard” tab is the “Risk Assessment “section which gives me an overview about the top threats in my tenant. It is very important that Office 365 global administrators should read this and understand the risks they are mitigating every time they take an action.

18.PNG

Let’s look at the “Account breach” scenario here and see the details about the risk.

19Compare your score:

The Office 365 Average Secure Score is calculated from every Office 365 customer’s Secure Score. You can use this section to understand how your score stacks up against the average score.

Note: The Average Secure Score only includes the numerator of the score, not the denominator. So, the average points may be higher than you can achieve because there are points in controls associated with services that you have not purchased (meaning , you might be using a different plan such as E3 whereas other customers might be using E5 or other plans) .

5

 

Alright, now let’s look at the “Score Analyzer” tab in the Secure Score portal.

Score Analyzer:

As of now, it’s only the global administrators who have access to the “Secure Score “portal and in the future, it would be made available to other administrators as well such as SharePoint Online administrator, Exchange Online administrator & Skype for Business administrator. However, in the interim you can use the “Score Analyzer “tab to export the secure score results and share it with your executives or stakeholders or other administrators (i.e. SharePoint Online, Exchange Online etc.)  so that they’re aware of the progress that’s made on risk mitigation in Office 365. The Score Analyzer experience allows you to review a line graph of your score over time, to export the audit of your control measurements for the selected day to either a PDF or a CSV, and to review what controls you have earned points for, and which ones you could act on.

  1. The below mentioned image depicts the “Score Analyzer” tab of my secure score portal.

6.PNG

2. I can make use of the “Export “button on the top right corner to export these results in PDF & CSV format.

7.PNG

3. It also gives you an overview of all the “Complete “and “Incomplete” actions and the scores associated to those action items as shown in the image below.

10.PNG

4 .The “Complete “and “Incomplete” actions are classified based on three different categories as you see below (i.e. Account, Data & Device)

20.PNG

5. Finally, I can make use of the “Export “button which I mentioned above to export the results to a PDF/CSV Please check the image below to see a sample report.

8.PNG

So finally, to conclude, the Secure Score is indeed a great tool to keep your Office 365 tenant as secure as possible and at the same time you need to be aware that the Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Resources to know in detail about Secure Score in Office 365:

Microsoft Mechanics video on Office 365 Secure Score: https://youtu.be/h__nxWlm5Nc

Office 365 Secure Score API:  https://blogs.technet.microsoft.com/office365security/using-the-office-365-secure-score-api/

You can also check my Webinar recording on Office 365 where I’ve shown a small demo on Office 365 secure score. Here’s the link to that: https://youtu.be/HYcfXWN30O0

Thanks for reading this post …. Good luck with Secure Score in Office 365!!!

 

Webcast of SharePoint Virtual Summit:

sharepoint-virtual-summit-2017.jpg

For those who missed to attend the SharePoint Virtual Summit session which was held on May 16th , please make use of the link below to watch the webcast on demand

https://event.microsoft.com/events/2017/1705/SharepointSummit/

Watch the webcast to learn how to create a connected workplace in Office 365 with OneDrive and SharePoint, integrated with Yammer, Microsoft Teams, Windows, PowerApps and Microsoft Flow.

In this webcast , Microsoft has unveiled the latest innovations and roadmap, and you’ll learn how industry-leading customers are leveraging these technologies as part of their digital transformation. Discover how Office 365, connected with Windows and Azure, is reinventing productivity for you, your teams and your organization.

Happy SharePointing !!!

Recording of my Webinar on Getting started with Microsoft Office 365 :

Thumbnail.PNG

Webinar Recording :_ https://youtu.be/HYcfXWN30O0

Link to the PPT Slides :_https://www.slideshare.net/VigneshGanesanMCPMCI/getting-started-with-microsoft-office-365-by-vignesh-ganesan

Please keep checking my blog site for more webinars and useful articles .