What is Secure Score in Office 365?

Secure-Keyboard-Hero

This post is on a new service which was introduced by Microsoft couple of months back called as “Office 365 Secure Score “. If you’ve ever wondered how secure your Office 365 tenant really is, then it’s time about time now to stop wondering because we have “Secure Score “now to take care of that. So, what’s this new service called as Office 365 secure score? What does it do? How do I make use of it? …. Well, I’m going to answer all those questions that you have in your mind about Office 365 secure score in this article and you will also learn about how to make use of this service to enhance your business with Office 365. Alright, let’s get started …. Shall we?

What is Office 365 secure score?

This is how Microsoft defines Office 365 secure score … “The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk “. To put it in very simple words, it’s a tool that runs on the background and checks the security standards of all the service used by you as an organization (i.e. SharePoint Online, Exchange Online, Skype for Business Online, Azure AD etc. …) and assigns a credit score.

What’ the idea behind Office 365 secure score?

The approach by Microsoft to this experience was very simple. First, they created a full inventory of all the security configurations and behaviors that customers can do to mitigate risks to their data in Office 365 (there are about 77 such things in total). Then, they evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk. Lastly, they measured the extent to which the service has adopted the recommended controls, add up the points, and present it as a single score.

How to use Office 365 secure score?  

  1. The first thing you would notice once you login to the secure score portal is the welcome screen (check the screenshot below) which gives you a small definition about Office 365 secure score. In the below mentioned screenshot I’ve logged into the secure score portal of my Office 365 tenant by accessing this URL (i.e. https://securescore.office.com/ ) and I get this screen which gives me a welcome message about Office 365 secure score.

1.PNG

Note: If you already logged into your tenant you can directly access the Secure Score URL which I mentioned above and it will allow you inside the portal without prompting for your credentials once again.

2. Once you read all the welcome messages about Secure score you will get two different tabs as shown in the image below.

                    i)Dashboard.

                   ii )Score Analyzer.

2

3. The first tab which says “Dashboard” is where you get to see the secure score summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity. The below mentioned screenshot depicts the secure score summary of my Office 365 tenant where I’ve scored 61 out of 344 as on May 27, 2017.

14.PNG

4. The next section on the “Dashboard” tab after the “Secure score summary” section would be the section which tells how to improve your score. It gives you the targeted score that you can achieve for your tenant and lists out the action items to improve your score. You can make use of the slider to preview your improved score as shown in the image below.

15.PNG

5. The next section will list out all the pending action items that I’m supposed to complete to achieve the maximum score.

4

6. Now, let’s look at few pending action items to see what it means and how it would impact my Secure score in Office 365.

i) Designate less than 5 global admins:

16.PNG

This one says that I should designate less than 5 global administrators for Office 365 tenant and in my case, I’ve breached it by making it as 6. Hence, it’ asking me to correct it and it also gives me an overview about the score I would get by doing so.

ii) Enable MFA for all global admins:

17.PNG

This one says that I have to enable Multi factor authentication for all my 6 global admin accounts as none of accounts have that enabled and this is considered to be a security breach. It also tells me that I can achieve a score of 50 by doing so.

7) The next section under the “Dashboard” tab is the “Risk Assessment “section which gives me an overview about the top threats in my tenant. It is very important that Office 365 global administrators should read this and understand the risks they are mitigating every time they take an action.

18.PNG

Let’s look at the “Account breach” scenario here and see the details about the risk.

19Compare your score:

The Office 365 Average Secure Score is calculated from every Office 365 customer’s Secure Score. You can use this section to understand how your score stacks up against the average score.

Note: The Average Secure Score only includes the numerator of the score, not the denominator. So, the average points may be higher than you can achieve because there are points in controls associated with services that you have not purchased (meaning , you might be using a different plan such as E3 whereas other customers might be using E5 or other plans) .

5

 

Alright, now let’s look at the “Score Analyzer” tab in the Secure Score portal.

Score Analyzer:

As of now, it’s only the global administrators who have access to the “Secure Score “portal and in the future, it would be made available to other administrators as well such as SharePoint Online administrator, Exchange Online administrator & Skype for Business administrator. However, in the interim you can use the “Score Analyzer “tab to export the secure score results and share it with your executives or stakeholders or other administrators (i.e. SharePoint Online, Exchange Online etc.)  so that they’re aware of the progress that’s made on risk mitigation in Office 365. The Score Analyzer experience allows you to review a line graph of your score over time, to export the audit of your control measurements for the selected day to either a PDF or a CSV, and to review what controls you have earned points for, and which ones you could act on.

  1. The below mentioned image depicts the “Score Analyzer” tab of my secure score portal.

6.PNG

2. I can make use of the “Export “button on the top right corner to export these results in PDF & CSV format.

7.PNG

3. It also gives you an overview of all the “Complete “and “Incomplete” actions and the scores associated to those action items as shown in the image below.

10.PNG

4 .The “Complete “and “Incomplete” actions are classified based on three different categories as you see below (i.e. Account, Data & Device)

20.PNG

5. Finally, I can make use of the “Export “button which I mentioned above to export the results to a PDF/CSV Please check the image below to see a sample report.

8.PNG

So finally, to conclude, the Secure Score is indeed a great tool to keep your Office 365 tenant as secure as possible and at the same time you need to be aware that the Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Resources to know in detail about Secure Score in Office 365:

Microsoft Mechanics video on Office 365 Secure Score: https://youtu.be/h__nxWlm5Nc

Office 365 Secure Score API:  https://blogs.technet.microsoft.com/office365security/using-the-office-365-secure-score-api/

You can also check my Webinar recording on Office 365 where I’ve shown a small demo on Office 365 secure score. Here’s the link to that: https://youtu.be/HYcfXWN30O0

Thanks for reading this post …. Good luck with Secure Score in Office 365!!!

 

Recording of my Webinar on Getting started with Microsoft Office 365 :

Thumbnail.PNG

Webinar Recording :_ https://youtu.be/HYcfXWN30O0

Link to the PPT Slides :_https://www.slideshare.net/VigneshGanesanMCPMCI/getting-started-with-microsoft-office-365-by-vignesh-ganesan

Please keep checking my blog site for more webinars and useful articles .

 

What is Customer Lock box in Office 365?

1.png“Customer Lock box” –This terminology was something new to me until I heard it at Microsoft Tech Summit this year .There was one of these sessions which I was attending on Office 365 and the speaker was talking about this feature .Sadly only few folks in the room were aware of it and I was one among those folks who haven’t heard that terminology before.

Anyways, now that I’m aware of it I decided to write an article on it so that my readers get to understand about this cool feature in Office 365 and they can start using it in their Office 365 tenants.

So what is Customer Lockbox? To put it in simple words, it’s a feature that’s available in Office 365 to ensure that there’s zero interaction by Microsoft on your contents that’s saved in Office 365(i.e. SharePoint Online, Exchange Online, Skype for Business Online etc…)

Roughly around couple of years back Microsoft has come up with this feature to maximize the data security and privacy for Office 365 customers by ensuring that there’s zero interaction with the customer’s content by Microsoft engineers.

Almost all the service operations performed by Microsoft are either fully automated so there is no human interaction, or the human involvement is abstracted away from the customer’s content that’s stored in Office 365.

Only during some circumstances where something is broken in your tenant and you raised a support case for that , Microsoft engineers will access your content to fix it .So with this feature  Microsoft enforces access control through multiple levels of approval, providing just-in-time access with limited and time-bound authorization. In addition to that all access control activities performed by the Microsoft engineer does gets logged and audited.

The below mentioned image depicts the complete approval process:

2.png

So with this feature Microsoft has given their assurance to its customers that their content will not be accessed by Microsoft employees without their explicit approval. It brings customers into the access approval process, requiring the customer to provide explicit approval of access to their content by a Microsoft employee for service operations.

Now that we have understood about this feature lets take a look on how this complete process works ….

3.png

Let’s consider a scenario where-in something is broken in SharePoint Online or Exchange Online and you raised a support case for that. The engineer upon reviewing your request feels that he/she might need access to your Exchange/SharePoint Online content to fix it .So this is how the process flows when you have Customer Lock box turned on in your tenant.

  1. Administrators in the customer’s Office 365 environment are notified via email that there is a request for access as shown in the image below.

4.png

2. In addition to this the Office 365 Admin Center portal will also display requests that have been submitted to the customer for approval as shown in the image below.

5.png

3. You as an Office 365 administrator can approve or reject Customer Lock box requests. Check the image below where you get the option to approve or reject a request.

6.png

4. Microsoft can only proceed following approval of a Customer Lock box request. See the image below where the customer has approved a request by the engineer.

7.png

5. If a customer rejects a Customer Lock box request, no access to customer content will occur.

Note: Customer Lock box requests have a default lifetime of 12 hours; after which they expire. Expired requests do not result in access to customer content.

Enabling Customer Lockbox in the Office 365 admin center:

  1. Sign in to Office 365 admin center
  2. Go to the Office 365 admin center.
  3. Navigate to Settings > Security & privacy and scroll to locate Customer Lock box

8.png

4. Click Edit and move the toggle on or off to turn lock box requests on or off.

9.pngApprove or deny a Customer Lock box request in the Office 365 admin center:

  1. Sign in to Office 365 admin center
  2. Go to the office 365 admin center
  3. Navigate to Settings > Support > Service requests.

10.png

4. Select a customer lock box request, and then select Approve or Reject.

5. This is how the view looks in the new Office 365 admin center .Check the image below.

11.png

12.png

How to avail Customer Lock box for Office 365?

Customer Lock box for Office 365 will be available as part of a new premium Office 365 Enterprise Suite called E5

Thanks for reading this post ….I hope you will enable this feature in your Office 365 admin center which gives an extra layer of security to your contents in Office 365.

Terminologies one must be aware of in Office 365:

Listed below are the few important topologies one must be aware of while working on Office 365.Office 365

  1. Active Directory Federated Services (AD FS):

On-premises security token service (STS) that provides simplified, secure identity federation and Web single sign-on (SSO) capabilities for users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. Federated identities with Modern Authentication-enabled clients interoperate with EvoSTS, which is the Azure AD STS.

AD FS indirectly supports CA scenarios, as it offers a set of controls known as client access filtering that allow the creation of perimeter network-based policies for IP range filtering, accessed workload, or client type (browser vs rich client).

  1. Multi-Factor Authentication (MFA):

Protects access to data and applications by requiring a second form of authentication. Strong authentication is available through a range of verification options.

  1. Azure Active Directory Premium:

All CA scenarios that leverage Azure AD require Azure AD Premium. Azure AD Premium adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. It includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management, identity protection and security in the cloud.

  1. Azure Rights Management Services (RMS):

Uses encryption, identity, and authorization policies to protect files and email. Information protection that is applied by using Azure RMS stays with the files and emails independently of the location, allowing customers to remain in control of their data even when this data is in motion.

  1. Conditional Access (CA):

CA allows customers to selectively allow or disallow access to Office 365 based on attributes such as device enrollment, network location, group membership, etc.

  1. Device-based CA restricts access to devices that are managed by the organization and are in a healthy state. Device-based CA is a feature of Intune. Users must enroll their devices in Intune and validate that the device meets the organization’s access rules regarding device health and security.
  2. There are other CA scenarios that do not require device enrollment, such as restrict access only from specific locations. These scenarios do not require Intune and are provided through Azure AD Premium access control features.
  1. Data Loss Prevention (DLP):

Helps identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. DLP Policies enable you to notify users that they are sending sensitive information and to block the transmission of sensitive information.

  1. Microsoft Enterprise Mobility + Security (EMS):

Provides identity and access management, MDM, MAM and Azure RMS. Intune is a part of EMS.

  1. Microsoft Intune (Intune):

Intune is a cloud-based service that helps you manage Windows PCs, and iOS, Android, and Windows mobile devices. Intune also helps protect corporate applications and data. You can use Intune alone or you can integrate it with Microsoft System Center Configuration Manager 2012 R2 to extend your management capabilities.

  1. Mobile Application Management (MAM):

Controls how corporate-managed applications work and interact with other managed applications and unmanaged applications (e.g., provides the ability to restrict user actions such as copy, paste, download, etc.). Available through Intune.

  1. Mobile Device Management (MDM):

Provides the ability to configure mobile device policies, such as enforcing complex PINs or passwords, blocking devices that have been jail broken or rooted from syncing email, disabling Bluetooth, etc. Available through Office 365 MDM and Intune.

  1. Modern Authentication:

Provides OAuth-based authentication for Office clients against Office 365 using Active Directory Authentication Library (ADAL). Replaces the Microsoft Office Sign-In Assistant. Allows for CA policies, so administrators can define granular applications and device-based controls for corporate resources.

Thanks for reading this post ….Good luck with Office 365 !!!

 

 

Sync button missing in SharePoint Online doc library -Project site template:

Alright, so this article is going to be a simple one where I’ll be sharing my recent experience with SharePoint Online where the ‘’Sync Button “which you see on the document library went missing all of a sudden. If you’re not sure about what I’m talking, this image below should help you understand.

Sync 1.pngSo couple of days back ,  a user  who’s always known for finding bugs in SharePoint called me and said , ‘”Hey the Sync button is missing in SharePoint Online doc library ….” . I felt like, that’s not possible and I wanted to double check that. So I went ahead and took a look at the document library on a SharePoint Online team site and found that nothing is wrong with the “Sync button” and it was showing up perfectly fine.

So I took a look at the URL which he was referring to and found that it was missing which was really bizarre to me. Upon digging further I found that the site which he was referring to was a “Project Site “and the one which I tried first was a “Team site”. Now things got really interesting and I did some testing to isolate this issue. I tried reproducing this issue in different site templates and found that this was something specific to “Project site “(top level sites as well as subsites that make use of Project site template) alone. As this is on SharePoint Online I raised a premier support case to know what Microsoft had to say about this. The support engineer checked with the product group team and informed that this is a bug which was caused post the “New Experience” rollout which was released by MS few months back and it seems that many customers have already reported this issue to them.

If you’re hearing this for the first time, please take a look at this link below to understand this feature named “New Experience”.

https://support.office.com/en-us/article/Switch-the-default-experience-for-lists-or-document-libraries-from-new-or-classic-66dac24b-4177-4775-bf50-3d267318caa9?ui=en-US&rs=en-US&ad=US

Finally, based on my testing what I identified is listed below:

  1. On SharePoint Online Team sites, I don’t see this issue. Please check the image below …

Sync 1.png

2. On SharePoint Online Project sites, I can see this issue .Please check the image below (the sync button is missing)….

Sync 2.png

Note: MS has checked and confirmed that this issue is a known bug and will take at-least 3 to 6 months to get this fixed. Also as per MS it seems that this issue persists on other site templates also apart from “Project sites “.However, I didn’t get a chance to try them yet. So just in case you get a call or may be an email from users about this issue, please be informed that this is a known bug at the moment and will be fixed in 3 to 6 months’ time.

Workaround:  The workaround for this is to…. Go to the library settings –> Go to advanced settings –>Change the option in the list experience from New to Classic experience as shown in the image below. By doing so you’re switching back to previous document library experience.

Sync 4.png

Once you do that, you will notice the “Sync button” on a SharePoint Online Project site document library as shown in the image below.

Sync 3.png

Thanks for reading this post…. I hope this would save your time in troubleshooting this issue.  Happy SharePointing!!!

 

Microsoft Teams in Office 365

1.png

I hope everyone would agree to the fact that Office 365 has been one among the best products Microsoft has delivered till date and it’s good to see Microsoft adding a lot of new features and functionalities to the Office 365 suite every now and then. Today many organizations have started choosing Office 365 over on-premises Microsoft products as they’re easy to use and manage and in addition to that you get to remain up to date with all the latest updates.

  1. SharePoint provides intranets and content management solutions to more than 200,000 organizations and 190 million people.
  2. Yammer is the social network for work, enabling cross-company discussions for 85 percent of the Fortune 500.
  3. Skype for Business provides real-time voice, video and conferencing and hosts more than 100 million meetings a month.
  4. Office 365 Groups is our cross-application membership service that makes it easy for people to move naturally from one collaboration tool to another.

Today in this article, we will be discussing about “Microsoft Teams “, the new chat-based workspace in Office 365 that has built-in access to SharePoint Online, OneNote & Skype for Business Online. It was recently introduced by Microsoft couple of months back and acts as a hub for team chats, calls, meetings, and private messages.

Microsoft Teams mainly focuses on these four areas ….

  1. Chat for today’s teams
  2. A hub for teamwork
  3. Customizable for each team
  4. Security teams trust

Let’s look on all these areas and understand how Microsoft teams is built to support all these four areas that can enhance business as well as user experience.

  1. Chat for today’s teams:

It provides a modern conversation experience for today’s teams. Microsoft Teams supports not only persistent but also threaded chats to keep everyone engaged. Team conversations are, by default, visible to the entire team, but there is of course the ability for private discussions. Skype is deeply integrated, so teams can participate in voice and video conferences. You can also add emoji’s, stickers, GIFs and custom memes to make it their own.

  1. A hub for teamwork:

Microsoft Teams is built on Office 365 Groups and is backed by Microsoft Graph. So, it brings together the full breadth and depth of Office 365 to provide a true hub for teamwork. Word, Excel, PowerPoint, SharePoint, OneNote, Planner, Power BI and Delve are all built into Microsoft Teams so people have all the information and tools they need at their fingertips.

  1. Customizable for each team:

Since all teams are unique, Microsoft has invested deeply in ways for people to customize their workspace, with rich extensibility and open APIs available at general availability. For example, Tabs provides quick access to frequently used documents and cloud services. Microsoft Teams also shares the same Connector model as Exchange, providing notifications and updates from third-party services like Twitter or GitHub. In addition to that Microsoft has also included full support for the Microsoft Bot Framework to bring intelligent first- and third-party services into your team environment

  1. Security teams trust:

Microsoft Teams is designed in such a manner that it provides the advanced security and compliance capabilities that our Office 365 customers expect. Data is encrypted in transit and at rest. Like all other commercial services, Microsoft has implemented a transparent operational model with no standing access to customer data. Microsoft Teams will support key compliance standards including EU Model Clauses, ISO 27001, SOC 2, HIPAA and more. In addition to that, Microsoft Teams is served out of our hyper-scale global network of data centers, automatically provisioned within Office 365 and managed centrally, just as any other Office 365 service.

Availability of Microsoft Teams:

As of now Microsoft Teams is on preview mode and its general availability details can be found below.

2.png

Subscription details for Microsoft Teams:

If you have a personal Office 365 subscription, you won’t be able to access Microsoft Teams. To access the app, you need one of the following Office 365 license plans:

  1. Business Essentials
  2. Business Premium
  3. Enterprise E1, E3, or E5
  4. Enterprise E4 (for anyone who purchased this plan prior to its retirement)

Note: If you’re licensed for a suite plan like Office 365 Education or a non-suite plan like Skype for Business Online Plan 2, then you won’t be able to get the app. You need to change your license or purchase additional licenses for your company.

Alright, I guess we have now see enough about Microsoft teams. So, let’s see how to enable this in your Office 365 tenant so that your end users in your organization can start using this.

Note: I’ve chosen India in the county field while signing up for Office 365 and I’m able to see Microsoft teams in my tenant. If you’re not seeing that in your tenant it could be because you’re choosing a country where this feature is not available yet.

Turning on Microsoft teams in Office 365 tenant:

  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center as shown in the image below and click on the app launcher. You can optionally click on “Admin” option as shown below.

3.png

 

3. Click on “Admin” as shown in the image below.

4.png

4. Navigate to Settings and click on “Services & add-ins” as shown below.

5.png

5. On the Services & add-ins home page, choose Microsoft Teams as shown in the image below.

6.png

6. On the Microsoft Teams settings page that opens, click or tap to switch the toggle to the on position to turn on Teams for your organization, and then choose Save.Once you’re done you will be redirected to the Microsoft teams home page as shown in the image below and this where you need to enable the features specific to Microsoft teams.

7.png

7. On the Microsoft Teams settings page, in the General section, you can choose if you want to show an organization chart in user profiles. By default, this setting is turned on. To change this setting, click or tap to switch the toggle next to Show organization chart in personal profile to Off or On, and then choose Save.

8.png

8. In the Teams & Channel section you can manage team owners and members by using the Groups control panel in the Office 365 admin center portal. At this time, you cannot create teams from the Groups control panel – teams must be created by using the Microsoft Teams desktop client or web app which we will be discussing later in his article.

9.png

9. In the Calls & Meetings section, you can choose if users can use video and screen sharing during calls and meetings as shown in the image below.

10.png

10. In the Messaging section, you can turn on or turn off media content such as animated images, memes, and stickers etc.

11.png

Note: To turn on or turn off animated images, click or tap the toggle switch next to Add fun animated images to the conversations, and then choose Save. When animated images are turned on, you can apply a content rating to restrict the type of animated images that can be displayed in conversations. You can set the Content Rating to be one of the following:

  1. Strict
  2. Moderate
  3. No restriction

To turn on or turn off custom memes, click or tap the toggle switch next to Add customizable images from the Internet, and then choose Save.

To turn on or turn off stickers, click or tap the toggle switch next to Add editable images to the conversations, and then choose Save.

  1. The Tabs section, let you customize a channel to include content and capabilities your team needs every day. They provide quick access to frequently used documents and cloud services. In the preview release, there are several built-in tabs such as Files and Notes. In the Microsoft Teams client, at the top of the channel, users can add tabs for Word documents, PowerPoint presentations, Excel spreadsheets, OneNote notebooks, Power BI reports, and plans from Planner.
  2. You can turn on Tabs as shown in the image below.

12.png

Please check the Tabs section in my “Microsoft teams” desktop client below.

13.png

13. Finally, you can enable Bots as shown in the image below

14.png

Note: Using Bots, Microsoft Teams users can complete tasks such as querying information and performing commands by using bots. Users can also integrate your existing LOB applications with Microsoft Teams by using a bot.

To prevent or allow side-loading of proprietary bots, click or tap to switch the toggle next to Enable side loading of external Bots, and then choose Save.

Finally, once all the features are enabled this is how the Microsoft teams home page will look like…

15.png

16.png

Point to Note:

Although the Office 365 Global administrator has turned on this feature in the tenant end users may not see the Microsoft Teams app tile in the app launcher after an admin turns on Microsoft Teams for an organization. Admins can direct end users to go to https://teams.microsoft.com/downloads to get the desktop apps. To access the web client, users can go to https://teams.microsoft.com. For mobile apps, go to the relevant mobile store for Google Play, Apple App Store, and Microsoft Store.

Desktop client for Microsoft teams:

The below mentioned image depicts the desktop client for Microsoft teams using which I can create my team. You can do the same using web client as well.

Desktop client for Microsoft teams:

You need to sign in with your Office 365 credentials in the desktop client.

17.png

Web client for Microsoft teams:

You can check the web client below which opens on a browser and you can also notice that I’ve created my team in the image below.

18.png

 

Creating a team:

You need to use the Create Team on the bottom left of your screen as shown in the image below to create teams. In addition to you also have a “settings” option on the left corner which can help you turn on and off certain features.

19.png

20.png

Conversations in Microsoft Teams:

You can notice some conversations happening between the users in my team in the image below. You can mention a user, reply to a message and like a conversation or a reply.

21.png

In addition to that as mentioned earlier, you can add emoji’s to your conversations, attach files and also use the video camera icon to create new video meetings.

Adding a Tab:

Finally, you can add tabs using the “+” symbol as shown in the image below to add documents & One Note files to your conversations. You can notice that I’ve added a One Note file to my conversations in the image below

22.png

23.png

Microsoft teams is truly phenomenal and is a great way for users to communicate within themselves in a team . Please turn this on for your users so that they can enjoy this great application.

Thanks for reading this post …. Good luck with Microsoft teams in Office 365!!!

First Release in Office 365:

office-365

In this article, I’ll  will be discussing about “First Release in Office 365 “using which you can manage how your organization receive the regular updates from Microsoft for Office 365. Now, it’s a known fact that unlike on-premises the updates for Office 365 are pushed regularly and using this new feature in Office 365 you can designate that only certain individuals receive the updates first before it’s made generally available to everyone in the organization. By doing so you have ample amount of time to test these updates and check whether it breaks something (i.e. may be some custom functionalities) or you can remain on the default release schedule and receive the updates later.

So, to put it in simple words, ““First Release” update for Office 365 allows you to get access to updates faster than GA (General Availability) “.

Now, before we look on how to enable this feature in your Office 365 tenant, let’s take a look on the two type of release options.

  1. Standard Release
  2. First Release

Standard Release:

This is the default option where you and your users receive the latest updates when they’re released broadly to all Office 365 customers. This gives you extra time to prepare your support staff and users for upcoming changes. This is how Microsoft puts it:

“You and your users receive a select set of significant service updates 3 weeks or more after the official announcement. For at least 3 weeks, you have time to learn about the updates and prepare your employees.”

First Release:

With this option, you and your users can be the first to see the latest updates and help shape the product by providing early feedback. You can choose to have individuals or the entire organization receive updates early. This is how Microsoft puts it:

“You and your users receive a select set of significant service updates as early as one week after the official announcement. Choose this option if you and your employees are comfortable with regular updates to the Office 365 service.”

However, the default is to remain with “Standard Release”, which means that new functionality is released to your tenant when it’s good and ready.

The image depicted below gives a detailed explanation on the Office 365 release cycle:

14

So, as we’re done explaining what’s First release in Office 365, let’s look on how to enable that in your tenant. Remember, by default your tenant will be on “Standard Release “mode  and you need to enable “First Release “option.

Note: The Office 365 updates described in this article apply to Office 365, SharePoint Online, and Exchange Online. They do not apply to Skype for Business and related services.

Steps to activate First Release in your Office 365 Tenant:

  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center as shown in the image below and click on the app launcher. You can optionally click on “Admin” option as shown below.

1.png

3. Click on “Admin” as shown in the image below.

2.png

4. Navigate to Settings and click on Organization profile as shown below.

3.png

5. Once you’re on the Organization profile page you will see the “Release preference “option as shown in the image below. Please click the “edit” button to the change the settings for Release preference.

5.png

6. You will notice 3 options as shown in the image below.

16

7. Choose the option that best suits your need, I’m choosing the third option as I want to enable First release option only for selected users.

15.PNG

8. On the next screen where it asks for a confirmation, please select Yes.

7

9. On the next screen, you will be asked to add people for First release as shown below.

 

8.png

10. Please select users from the list of available users as shown in the image below. I’m choosing myself here. You can also search for a user in the search box.

9.png

11. Once done you will see an option which says your release preference has been updated.

11.png

12. Once you click on close you can check & verify the list of users subscribed for first release. Here in this case you can see my name.

12.png

13. Finally, you can check the Organization profile home page to verify the release preference settings.

13.png

This confirms that you I have turned on “First preference “for myself alone. The best practice is to enable this for power users or IT administrators so that they can check the features before it’s made generally available for all end users. However, it’s up to you on how you want to manage this for your users .

Thanks for reading this post …. Good luck with Office 365!!!!

 

Great opportunity for Office 365 folks:

office 365.png

Microsoft has  planned and set up 8 different Office 365 Labs webcasts that will be delivered during September and these are the topics that will be discussed in the webcast.

1. Office 365 Labs – Using PowerShell to automate tasks
2. Office 365 Labs – Mastering Azure AD Connect
3. Office 365 Labs – Mail flow
4. Office 365 Labs – Getting the best out of Outlook and Exchange Online
5. Office 365 Labs – OneDrive Synchronization 101
6. Office 365 Labs – Sharing and collaboration with internal and external users in SharePoint Online
7. Office 365 Labs – AD FS and multi-factor authentication explained
8. Office 365 Labs – Exchange Online compliance features (In-Place Archive, In-Place Hold, eDiscovery)

Please use this link below to enroll yourself for these sessions

Office 365 Labs webcasts coming in September

Part 2: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Followed to my previous article about useful office 365 cmdlets in SharePoint Online, in this article I’ll be showing you some more useful PowerShell cmdlets to generate SharePoint Online reports /SharePoint Online site administration. I see a lot of misconception with my fellow SharePoint workers on understanding the difference between SharePoint on-premises cmdlets and Office 365(SharePoint Online) cmdlets, please note that they all don’t have the same functionality even though they almost look similar. There is a lot of difference in what they exactly do, so please pay close attention while utilizing them.

1

So let’s get into the real meats and potatoes now…

  1. To create a new SPO Site collection:

SyntaxNew-SPOSite -Url https://vigx.sharepoint.com/sites/Vignesh -Title “Vignesh” -Owner “vigganesan89@vigx.onmicrosoft.com” -Template “STS#0” -TimeZoneId 10 -StorageQuota 200

2

Note: In the above mentioned command you need to specify the URL of your new site collection, Title Name, Template ID, Time Zone and Storage quota size. Please check my previous article on SharePoint Online command to get to know about SharePoint Online Template ID’s

Running this command will create a new site collection in SPO and you can verify this in your SPO admin center as shown below.

3

2.To list the groups, and all the group memberships, for all of your SharePoint Online sites.

Syntax:

$x = Get-SPOSite

 

foreach ($y in $x)

    {

        Write-Host $y.Url -ForegroundColor “Yellow”

        $z = Get-SPOSiteGroup -Site $y.Url

        foreach ($a in $z)

            {

                 $b = Get-SPOSiteGroup -Site $y.Url -Group $a.Title

                 Write-Host $b.Title -ForegroundColor “Cyan”

                 $b | Select-Object -ExpandProperty Users

                 Write-Host

            }

    }

Running the above mentioned command will display the results as shown below,

4.png

3.To list the groups, and all the group memberships, for a single site collection:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”

$x = Get-SPOSiteGroup -Site $siteURL

foreach ($y in $x)

    {

        Write-Host $y.Title -ForegroundColor “Yellow”

        Get-SPOSiteGroup -Site $siteURL -Group $y.Title | Select-Object -ExpandProperty Users

        Write-Host

    }

Running this command will display the results as shown below .

5

 4.To lock a SharePoint Online site:

SyntaxSet-SPOSite -Identity $site -Lockstate NoAccess

Specify the $site variable to the site which you want to lock.

6

Running this command will lock the site and when you try to access it you will get a 403 Forbidden error.

5.To unlock as SharePoint Online site:

Syntax:  Set-SPOSite -Identity $site -Lockstate Unlock

7.png

This will unlock the site that we just locked in the previous command.

6.To disable external sharing for a SharePoint Online site collection:

Syntax:

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -SharingCapability Disabled

8.png

You can verify this in your SharePoint Online admin center as shown in the image below. The site in question will have external sharing disabled as shown below.

9

7.To enable external user and guest sharing:

Syntax:

Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserandGuestSharing

10.png

Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the screenshot below.

11.png

Note: By default, this feature will be disabled for SPO sites and this has to be enabled if required.

8.To enable only external user sharing:

Syntax:  Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserSharingOnly

12.png

 Running this command will only enable external user sharing in a SPO site collection and you can verify that in the screenshot below.

15.png

9.To get the list of sites where sharing capability has been enabled:

Syntax:    Get-SPOSite | Where {$_.SharingCapability -ne “Disabled”}

13

  1. To get the list of sites where sharing capability is disabled:

Syntax:  Get-SPOSite | Where {$_. SharingCapability -eq “Disabled”}

14.png

 11.To change the owner of site:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -Owner “pritham@vigx.onmicrosoft.com”

16

12.To change the storage and resource quota of a site:

Syntax:

Set-SPOSite -Identity $siteURL -StorgaeQuota 1000 -ResourceQuota 500

13.To change the Title of the site:

Syntax:

Set-SPOSite $siteURL -Title “New Title”

17.png

This will change the title of the site in question. You can verify this below.

18.png

Thanks for reading this article. This is all I have for this post and I’ll be back with Part 3 of this article very soon.

Happy SharePointing !!!

Configuring Windows PowerShell to support SPO management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center:

office3652.jpg

Good evening  to all the Office 365 nerds out there, this article would be on how to configure Windows PowerShell in your client operating system to support Office 365 (i.e. SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Security & Compliance center). Well it’s a known fact that Microsoft has released the PowerShell module for all these products (SharePoint Online, Exchange Online, Skype for Business Online and Office 365 Security & Compliance center) separately and you can use that to manage these products separately .Listed below are the links to download those modules .

SharePoint Online Management shell: _ https://www.microsoft.com/en-us/download/details.aspx?id=35588

Skype for Business Online module: _ https://www.microsoft.com/en-us/download/details.aspx?id=39366

Exchange Online module: _ https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Office 365 Security & Compliance center: _ https://technet.microsoft.com/en-us/library/mt587091(v=exchg.160).aspx

Azure AD Module (this can be used for user and domain management tasks in Office 365): _ https://msdn.microsoft.com/en-us/library/jj151815.aspx .

So if you’re the guy who plays the IT administrator role in your company and if you’re the one who has Office 365 global admin role assigned to you and takes care of managing Office 365 then chances are that your desktop could look very messy as shown in the image below while you’re using the management shell and you’re definitely going to have hard time managing them .

29.png

So the idea here is to show guys how to configure PowerShell to support all these modules and be successful in managing Office 365 from a single PowerShell window.

Let’s get into the detailed steps now:

Note: Please bear in mind that you need to have Office 365 global admin access to perform these steps.

  1. Please install the Microsoft .NET Framework 4.5.x and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. in your PC.

Windows Management Framework 3.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=34595

Windows Management Framework 4.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=40855

  1. For Skype for business online module to function, you need a 64-bit operating system and hence please make sure you’re running a 64 bit version of Windows. Else you will end up getting an error  message as shown in the image below.

31.png

3.  Listed below are the 64-bit version of Windows that you can use

                                Windows 8.1 or Windows 8

                                Windows Server 2012 R2 or Windows Server 2012

                                Windows 7 Service Pack 1 (SP1)*

                                Windows Server 2008 R2 SP1*

  1. Once that’s done you need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online. Listed below are the links to download those modules.

Microsoft Online Service Sign-in Assistant for IT Professionals RTW

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

SharePoint Online Management Shell

Skype for Business Online, Windows PowerShell Module

5. Once you’re done installing all the modules you need to configure Windows PowerShell to run signed scripts for Skype for Business Online, Exchange Online, and the Security & Compliance Center. To do this, run the following command in an elevated Windows PowerShell session

Set-ExecutionPolicy RemoteSigned

1

6. Now inorder to identify whether you’re running Windows PowerShell using elevated permissions or normal mode, please check the prompt on your PowerShell screen.

PS C:\Windows\System32> –>Elevated permissions

 PS C:\Users\UserName>–>Normal mode

7. Now run the next below mentioned command to pass your Office 365 user name and password to Windows PowerShell in an encrypted way. Once that’s done you will get a windows dialog box prompting for your credentials as shown in the image below.

$credential = Get-Credential

2

8. Now key-in your Office 365 credentials and click on OK as shown below.

3

9. In-order to identify whether your credential object has been created successfully, please run the below mentioned command as shown in the image below and it should return the value.

Note: Windows PowerShell will never tell you anything when things go fine, it will silently pass on to the next line .It only yells at you when something went wrong. That’s the funny thing about Windows PowerShell.

$credential

30

10.  Now we are all good to and hence we can start connecting to Office 365, for that please run the below mentioned command.

Import-Module MsOnline

4

11. Once that’s done in-order to verify whether the module was imported successfully you need to run the below mentioned command. This should return the value as shown in the image below.                                Get-Module

12. Somewhere in the list of modules that are returned by this command you should see something that looks like this:  

  Manifest 1.0 MS Online {Add-MsolForeignGroupToRole, Add-MsolG…}.

If you see MSOnline listed, that means that everything went according to plan.

13. Since we have verified that the credential object has been created and also the MSOnline module has been loaded successfully the next step would be to connect to Office 365 using the Connect-MsolService cmdlet. For that run the below mentioned command as shown in the image below.

                                Connect-MsolService -Credential $credential

5

14. In-order to verify whether you have successfully logged into your Office tenant, please run the below mentioned command and verify your domain information as shown in the image below. In my case my domain name for Office 365 is “vigx” and you can see that in the image below.

                                                 Get-MsolDomain

32.png

15. After performing all the above mentioned we have successfully verified that we are able to establish a connection to the Office 365 tenant using our user name and password which has Global admin access in Office 365 . Now the next steps would be to create a connection to each modules separately (i.e. SharePoint Online, Exchange Online , Skype for Business Online & Security and Compliance center for Office 365 )

16 .Initially let’s get started with SharePoint Online by running the following command.   Import-Module Microsoft.Online.SharePoint.PowerShell –DisableNameChecking

Here the “DisableNameChecking” switch suppresses the below mentioned warning.

Warning: The names of some imported commands from the module ‘Microsoft.Online.SharePoint.PowerShell’ include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

17. In order to connect to SharePoint Online, you need to supply two pieces of information: your credentials and the URL of your SharePoint Online admin site. This is how the format is going to look like.

Note: You can get your SharePoint Online tenant URL by opening the tenant admin page. Check the screenshot below.

33

This is how the format will look like,

Admin URL: – https://vigx-admin.sharepoint.com   Connect-SPOService -Url https://vigx-admin.sharepoint.com -credential $credential

18. Once that’s done, please go ahead and run “Get-SPOSite” command as shown below and see the results .This should list all the SharePoint Online sites.

34.png

19. If you successfully get the list of all SharePoint Online sites then your command ran successfully.You can verify that by visiting the SharePoint Online admin center as shown below.

6.PNG

20. Also try running Get-MsolUser and see the result , this will return the list of all the users in Office 365 .This means you can now manage both SharePoint Online and Office 365 from the same Windows PowerShell window .

35.png

 

21. Now, let’s take a look on how to connect to Skype for Business Online (formerly as Lync Online)

Note:  Connecting to Skype for Business Online (and to Exchange Online or the Security & Compliance Center) is different than connecting to Office 365 or to SharePoint Online. That’s because the Skype for Business Online and Exchange Online cmdlets don’t get installed on your computer like the Office 365 and the SharePoint Online cmdlets do. Instead, each time you sign in, the appropriate cmdlets are temporarily copied to your computer. When you sign off, those cmdlets are then removed from your computer.

22. In order to connect to Skype for Business Online, please run the below mentioned command to import the Skype for Business Online module. For that run the below mentioned command.

                         Import-Module SkypeOnlineConnector

36.png

Note: The first time you might see some warning message which can be safely ignored.

23. Once the module has been imported, run the below mentioned command to initiate a new Sfbo session by running the below command.

$sfboSession = New-CsOnlineSession -Credential $credential

Note: By running the above command we have successfully created a remote PowerShell session. The above command is used to connect to an instance of Windows PowerShell running on one of the Office 365 servers.

37.png

24. Once that’s done you need to run the below mentioned command to download the “Skye for Business Online scripts /cmdlets” and other items. As already mentioned before Skype for Business Online commands are not similar to SPO cmdlets, Sfbo cmdlets need to be loaded every time you plan to use PowerShell to manage Sfbo. So now let’s load sfbo cmdlets to PowerShell by running the below mentioned command(you can notice the progress bar in the image below loading the cmdlets to Windows PowerShell)

Import-PSSession $sfboSession

10.png

25. Once Windows PowerShell is done loading the sfbo cmdlets you should notice something like this as shown in the image below. If you notice this in your screen then you have successfully made a connection to Skype for Business Online.

11

26. You can verify your connection to Skype for Business Online by running the below mentioned command.

Get-CsOnlineUser -Identity vigganesan89@vigx.onmicrosoft.com 

Note: This command will give the information for the user who has his UPN/SIP ID as vigganesan89@vigx.onmicrosoft.com

16

27.  Alright, till now we have seen how to configure Windows PowerShell to support SharePoint Online and Skype for business online, now let’s take a look on how to configure Windows PowerShell to support Exchange Online.

28. In order to proceed further, please run the below mentioned command which creates a remote Windows PowerShell session with Exchange Online.

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://outlook.office365.com/powershell-liveid/” -Credential $credential -Authentication “Basic” -AllowRedirection

Note: Why is the command for connecting to Exchange Online more complicated than the command to connect to Skype for Business Online? Technically, it’s not: both commands do the exact same thing. However, the Skype for Business Online team created its own cmdlet—New-CsOnlineSession—that hides some of the parameters (like Authentication and AllowRedirection) that are used when connecting to Exchange Online. Instead of requiring you to type that information yourself, the Authentication and AllowRedirection parameters are effectively built in to the New-CsOnlineSession cmdlet. You have to type those parameters when connecting to Exchange Online because Exchange Online uses the standard New-PSSession cmdlet to connect to Office 365. The disadvantage is that you have a little more typing to do. The advantage is that you don’t have to download and install an Exchange Online module. This will start loading the modules as shown in the screenshot below.

13.png

29. Once you’re done running the above command, please run the below command to import the Exchange Online remote session, just as we did for Skype for Business Online. Please check the screenshot below.

        Import-PSSession $exchangeSession –DisableNameChecking

38

30. Once you’re done running the above command you would get the results as shown in the image above.

31. After you get the desired results in the screen, try running the below mentioned command , you should see information about your Office 365 domains that are configured for email addresses in Exchange Online.

Get-AcceptedDomain

39

32. This confirms that you have successfully connected to Exchange Online, you can also verify that by running the “Get-Mailbox” command as shown in the email below. This should return the Mailbox information of the users who are in Office 365.

40

33. So till now we have seen how to manage the user administration/license management for Office 365 , SharePoint Online , Exchange Online & Skype for Business Online using Windows PowerShell .Now let’s see how to manage the Security and Compliance center in Office 365 using Windows PowerShell .

34. The connection instructions for the Security & Compliance Center are very similar to those for Exchange Online, but with a slight difference .Let’s take a look at it. To get started with, please run the below mentioned command which creates a remote PowerShell session with the Security & Compliance Center

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic –AllowRedirection

35. This will start loading the modules as shown in the image below.

20.PNG

36. Now in order to import the cmdlets for “Security and Compliance center” run the below mentioned command .This should look similar to the Exchange Online cmdlet. The DisableNameCheckingswitch isn’t required here as there are no unapproved verbs in the Security & Compliance Center. But the additional -Prefix ccparameter and value is something different here. The Exchange Online and the Security & Compliance Center share some cmdlets that have exactly the same names and provide the same functionality. Get-RoleGroup is an example.                                                                                             Import-PSSession $ccSession -Prefix cc

21.PNG

37. Now you can verify the result of the above command in the screenshot above.

38. In order to verify whether you have been successfully connected to “Security and Compliance center” in Office 365, please visit the below mentioned link and try executing the cmdlets there and see the results.

https://technet.microsoft.com/en-us/library/mt587093(v=exchg.160).aspx

39. So finally we have connected to all the instances of Office 365 (Office 365 user/license management, SharePoint Online, Exchange Online, Skype for Business Online & Security and Compliance center in Office 365) using Windows PowerShell and we also saw how to execute the appropriate cmdlets to manage them.

40. Now, run the below mentioned command to get the active sessions that are running .For that run the Get-PSSession

The Get-PSSession cmdlet should show you that you have at least three remote sessions open, one for Skype for Business Online, one for Exchange Online and one for the Security & Compliance Center (it’s possible you could have more than three remote sessions running, depending on whether you’ve used this instance of Windows PowerShell to connect to something else besides the Office 365 services). You should see something similar to the following.

41.png

41. Since we have verified the active sessions that are running, now run the below command one at a time to close the session. If you just close the Windows PowerShell window, your Skype for Business Online remote connection will remain active for the next 15 minutes or so. Because Skype for Business Online limits the number of simultaneous connections that any one person or any one domain can have open, that could be a problem. With Skype for Business Online, an individual administrator can have, at most, three open connections at one time, and a domain can have a maximum of nine open connections. If you sign in to Skype for Business Online and then exit without properly closing the session, that session remains open for the next 15 minutes or so. As a result, that’s one fewer connection available to you or to other administrators in your domain. So run the below mentioned command to close the remote sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully.

 

Remove-PSSession $sfboSession

                                Remove-PSSession $exchangeSession

                                Remove-PSSession $ccSession

 42. If you prefer to close all the sessions at the same time without doing it one at a time, please run the below mentioned command.

 

Get-PSSession | Remove-PSSession

 43. The above mentioned commands will stop the PowerShell sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully but not SharePoint Online and hence to stop the session for SharePoint Online , run the below mentioned command .

Disconnect-SPOService

43.png

44. Now inorder to verify whether we have successfully disconnected from SharePoint Online service run the below mentioned command and it should throw you an error.

44.png

45. This confirms that you have successfully disconnected from SharePoint Online management shell.

So finally we have seen how to configure Windows PowerShell to support SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center.