I’ll be talking on SharePoint Saturday Hyderabad

Hi Folks,

Please join me for a session on driving Office 365 adoption in your organization . You aren’t really successful with your Office 365 deployment if you have just deployed all the core Office 365 services but your users are not using it and are still in love with all the legacy solutions that you have .Hence, in this session I’ll be talking about how to successfully adopt Office 365 and transform your organization. I’ll share some guidance, best practices, and resources to help you create your own adoption plan including training, communications, and an internal champions program.

If you’re an organization who has spent heavily on deploying Office 365 but fails in user adoption then this session should give you some good insights . Also , in addition to that we have many other cool sessions as well , so please use the link below to enroll yourself for this event .

Registration link :_ http://www.spsevents.org/city/Hyderabad/Hyderabad2019/home

Sessions :_ http://www.spsevents.org/city/Hyderabad/Hyderabad2019/sessions

See you all on March 9th….

As always ,Happy SharePointing!!!

Getting started with Microsoft Flow

Flow

Webinar Recording : https://youtu.be/KpPGnKtftFI

Link to the PPT Slides : https://www.slideshare.net/JayanthiP4/getting-started-with-microsoft-flow/

Purchasing a new service to your Office 365 tenant:

This is going to be a very simple article where I’ll be describing about how to add a new service to your Office 365 tenant. Let’s say there comes a scenario where your organization has been using Office 365 for quite some time and all of a sudden, the business shows interest on a new Office 365 service then you need to follow the steps mentioned in this article below to purchase that new service for your existing Office 365 tenant. Alright, let’s get started….

Note: Please ensure that you have global admin access in your tenant to perform these steps.

Sign into the Office 365 admin center and navigate to the “Billing “section as shown in the image below.

2. Under the billing section, please click on the “Purchase services” option as shown in the image below.

3. Once you click on the “Purchase service “option it will take you to a page where you can see the list of services that’s available for you to purchase as shown in the image below.

4. Choose the one that you’re looking for, you can either go for a trial subscription or purchase it completely. In my case I’ve chosen the “Enterprise Mobility + Security E5 “service as shown in the image below.

5. Once done it will take you to the screen where it says “Try now “, please click on it as shown in the image below.

6. After that you would be taken to the Order receipt page where you can see your confirmation number as well as your Order details. Please review it and click on Continue as shown in the image below.

7. So, this concludes the process of purchasing a new service, you can validate this by going to the “Subscriptions “section under the “Billing “category in the Office 365 admin center as shown in the image below. You should be able to see the service that already existed and the one you purchased now.

8. In addition to that you can also run the “Get-MsolAccountSku “command to verify it.

Thanks for reading this post …..Good luck with Office 365 !!!

Recording of my Webinar on SharePoint Online Communication Sites:

Webinar Recording :_ https://youtu.be/rmpdFA0XiAg

Link to the PPT Slides :_ https://www.slideshare.net/VigneshGanesanMCPMCI/overview-of-communication-sites-in-sharepoint-online

Please keep checking my blog site for more webinars and useful articles .

Get to know Microsoft 365:

Yep you read it correctly, it’s not Microsoft Office 365 and its Microsoft 365. Well by saying so I didn’t mean that Microsoft Office 365 is going away or it’s getting renamed as Microsoft 365. This is a new service which was introduced by Satya Nadella 2 days back on Microsoft Inspire which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees. I’m sure most of you would have already read about this today and if not please take a moment in reading this article where I’ve explained in detail about Microsoft 365 and what are the services it delivers and how it can enhance your business.

What is Microsoft 365?

Well as I already mentioned above this is a new service which was introduced by Microsoft two days back which brings together Office 365, Windows 10 and Enterprise Mobility + Security.

Is this something new or was this service already present?

To be very precise, this isn’t something new and in fact this is the successor of the most successful service , “Secure Productive Enterprise” which was introduced by Microsoft on October 2016 .

What happens to Secure Productive Service now?

Moving further, Secure Productive Service would be replaced by Microsoft 365.

Do we have different flavors in Microsoft 365 as well like Secure Productive Enterprise?

Yes, we have two flavors in Microsoft 365, 1. Microsoft 365 Business which is meant for small organizations and 2. Microsoft 365 Enterprise which is meant for large organizations

What are these two flavors meant for and how can they enhance my business?

Microsoft 365 Enterprise:

Unlocks creativity by enabling people to work naturally with ink, voice and touch, all backed by tools that utilize AI and machine learning.
Provides the broadest and deepest set of apps and services with a universal toolkit for teamwork, giving people flexibility and choice in how they connect, share and communicate.
Simplifies IT by unifying management across users, devices, apps and services.
Helps safeguard customer data, company data and intellectual property with built-in, intelligent security.

Microsoft 365 Business:

Helps companies achieve more together by better connecting employees, customers and suppliers.
Empowers employees to get work done from anywhere, on any device.
Protects company data across devices with always-on security.
Simplifies the set-up and management of employee devices and services with a single IT console.
How about the plans for Microsoft 365?

Microsoft 365 Enterprise is available in two plans, E3 and E5

When would Microsoft 365 be made available for the public?

Microsoft 365 Enterprise will be available for purchase from August 1^st, 2017 onwards. You get to purchase both the plans (E3 & E5)

Microsoft 365 Business will be available in public preview on August 2^nd, 2017. It will become generally available on a worldwide basis in the fall of 2017, priced at US $20 per user, per month.

How do I get to know more about the services and features available in both the flavors of Microsoft 365 ?

Please go through the links below to know more about the features and services available in both the flavors.

For Business: _ https://www.microsoft.com/en-us/microsoft-365/business

For Enterprise: _ https://www.microsoft.com/en-us/microsoft-365/enterprise

Thanks for reading the post. Good luck with Microsoft 365.

PowerShell to on-board list of users to Office 365 and assign them Office 365 licenses:

Office 365 is a SaaS platform which is being used by many organizations these days and it becomes quite hard for IT administrators to on-board their users to Office 365 manually .Of course , this may not be the case when your user identities gets synced to Azure AD from on-premises AD using AAD connect tool .However, if you’re one of the organizations who totally buried all your IT infrastructure implementation and decided to go with a Cloud implementation completely then possibilities are such that you as an IT administrator should take care of on-boarding your users to Azure AD .As we all know , this is indeed quite a time consuming task if we have to do it manually and then assign the appropriate licenses to all the users . So, to surpass all those manual effort, I’ve put together this PowerShell script which will do the magic for you. Alright, let’s get into the details ….

1.Sign-in to your Office 365 admin center using your global admin account and navigate to the “Active users” section as shown in the image below.

2.At this moment, you might see only the user account which was used to set-up the Office 365 tenant.

Note: In my case, you might see 3 users as I manually created them using the “Add a user “option.

3.Create a CSV file which has the details of all your users by following the guidelines mentioned in this article. The below mentioned screenshot depicts the CSV file which I’ve prepared which has the list of all my users.

4. Once done, please login to the PowerShell window and type the below mentioned command as shown in the image below. This will tell you the type of license that your tenant is using and how many licenses have been utilized till now.

Note : In my case you can notice that my tenant is on Office 365 E5 Enterprise E5 plan +EMS (Enterprise Mobility ) and it also displays how many licenses have been consumed till now .

5. Prior to running the above command, please ensure that you’re connected to your Office 365 tenant via PowerShell, if not please follow the below article to do that first.

https://technet.microsoft.com/library/dn975125.aspx

6. Now, let’s specify the required variables for the PowerShell script.

$UsersToAdd = Import-Csv C:\Users\Vignesh\Documents\Import_User_Sample_en.csv

$LicenseToAdd = “sptech80:ENTERPRISEPREMIUM” à This information can be grabbed from the Get-MsolAccountSKU command which we ran in the above step.

$UsageLocation = “US”

$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $LicenseToAdd

7.Once you’re done specifying the required variables, please go ahead and run the below mentioned PowerShell command as shown in the image.

$UsersToAdd | ForEach-Object {

New-MsolUser –UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName

Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation

Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $LicenseToAdd -LicenseOptions $LicenseOptions

}

8.You may notice that your users are getting created after running the script as shown in the image above and the licensing tab might display the status as “False”. That’s due to the time taken for the script to reflect the licensing details as it first creates the user and then assigns the license to the user’s account. This is quite normal and hence you don’t need to panic about the “isLicensed” column

9. You can verify the status of the users as well as the licenses assigned to them by running the “Get-MsolUser” command. This time it should display the licensing details correctly.

10. Additionally, you can also navigate to the “Active users” section to verify the same.

Thanks for reading this post ….Good luck with Office 365 !!!

What is Secure Score in Office 365?

Secure-Keyboard-Hero

This post is on a new service which was introduced by Microsoft couple of months back called as “Office 365 Secure Score “. If you’ve ever wondered how secure your Office 365 tenant really is, then it’s time about time now to stop wondering because we have “Secure Score “now to take care of that. So, what’s this new service called as Office 365 secure score? What does it do? How do I make use of it? …. Well, I’m going to answer all those questions that you have in your mind about Office 365 secure score in this article and you will also learn about how to make use of this service to enhance your business with Office 365. Alright, let’s get started …. Shall we?

What is Office 365 secure score?

This is how Microsoft defines Office 365 secure score … “The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk “. To put it in very simple words, it’s a tool that runs on the background and checks the security standards of all the service used by you as an organization (i.e. SharePoint Online, Exchange Online, Skype for Business Online, Azure AD etc. …) and assigns a credit score.

What’ the idea behind Office 365 secure score?

The approach by Microsoft to this experience was very simple. First, they created a full inventory of all the security configurations and behaviors that customers can do to mitigate risks to their data in Office 365 (there are about 77 such things in total). Then, they evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk. Lastly, they measured the extent to which the service has adopted the recommended controls, add up the points, and present it as a single score.

How to use Office 365 secure score?

The first thing you would notice once you login to the secure score portal is the welcome screen (check the screenshot below) which gives you a small definition about Office 365 secure score. In the below mentioned screenshot I’ve logged into the secure score portal of my Office 365 tenant by accessing this URL (i.e. https://securescore.office.com/ ) and I get this screen which gives me a welcome message about Office 365 secure score.

Note: If you already logged into your tenant you can directly access the Secure Score URL which I mentioned above and it will allow you inside the portal without prompting for your credentials once again.

2. Once you read all the welcome messages about Secure score you will get two different tabs as shown in the image below.

i)Dashboard.

ii )Score Analyzer.

3. The first tab which says “Dashboard” is where you get to see the secure score summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity. The below mentioned screenshot depicts the secure score summary of my Office 365 tenant where I’ve scored 61 out of 344 as on May 27, 2017.

4. The next section on the “Dashboard” tab after the “Secure score summary” section would be the section which tells how to improve your score. It gives you the targeted score that you can achieve for your tenant and lists out the action items to improve your score. You can make use of the slider to preview your improved score as shown in the image below.

5. The next section will list out all the pending action items that I’m supposed to complete to achieve the maximum score.

6. Now, let’s look at few pending action items to see what it means and how it would impact my Secure score in Office 365.

i) Designate less than 5 global admins:

This one says that I should designate less than 5 global administrators for Office 365 tenant and in my case, I’ve breached it by making it as 6. Hence, it’ asking me to correct it and it also gives me an overview about the score I would get by doing so.

ii) Enable MFA for all global admins:

This one says that I have to enable Multi factor authentication for all my 6 global admin accounts as none of accounts have that enabled and this is considered to be a security breach. It also tells me that I can achieve a score of 50 by doing so.

7) The next section under the “Dashboard” tab is the “Risk Assessment “section which gives me an overview about the top threats in my tenant. It is very important that Office 365 global administrators should read this and understand the risks they are mitigating every time they take an action.

Let’s look at the “Account breach” scenario here and see the details about the risk.

Compare your score:

The Office 365 Average Secure Score is calculated from every Office 365 customer’s Secure Score. You can use this section to understand how your score stacks up against the average score.

Note: The Average Secure Score only includes the numerator of the score, not the denominator. So, the average points may be higher than you can achieve because there are points in controls associated with services that you have not purchased (meaning , you might be using a different plan such as E3 whereas other customers might be using E5 or other plans) .

Alright, now let’s look at the “Score Analyzer” tab in the Secure Score portal.

Score Analyzer:

As of now, it’s only the global administrators who have access to the “Secure Score “portal and in the future, it would be made available to other administrators as well such as SharePoint Online administrator, Exchange Online administrator & Skype for Business administrator. However, in the interim you can use the “Score Analyzer “tab to export the secure score results and share it with your executives or stakeholders or other administrators (i.e. SharePoint Online, Exchange Online etc.) so that they’re aware of the progress that’s made on risk mitigation in Office 365. The Score Analyzer experience allows you to review a line graph of your score over time, to export the audit of your control measurements for the selected day to either a PDF or a CSV, and to review what controls you have earned points for, and which ones you could act on.

The below mentioned image depicts the “Score Analyzer” tab of my secure score portal.

2. I can make use of the “Export “button on the top right corner to export these results in PDF & CSV format.

3. It also gives you an overview of all the “Complete “and “Incomplete” actions and the scores associated to those action items as shown in the image below.

4 .The “Complete “and “Incomplete” actions are classified based on three different categories as you see below (i.e. Account, Data & Device)

5. Finally, I can make use of the “Export “button which I mentioned above to export the results to a PDF/CSV Please check the image below to see a sample report.

So finally, to conclude, the Secure Score is indeed a great tool to keep your Office 365 tenant as secure as possible and at the same time you need to be aware that the Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Resources to know in detail about Secure Score in Office 365:

Microsoft Mechanics video on Office 365 Secure Score: https://youtu.be/h__nxWlm5Nc

Office 365 Secure Score API: https://blogs.technet.microsoft.com/office365security/using-the-office-365-secure-score-api/

You can also check my Webinar recording on Office 365 where I’ve shown a small demo on Office 365 secure score. Here’s the link to that: https://youtu.be/HYcfXWN30O0

Thanks for reading this post …. Good luck with Secure Score in Office 365!!!

Recording of my Webinar on Getting started with Microsoft Office 365 :

Webinar Recording :_ https://youtu.be/HYcfXWN30O0

Link to the PPT Slides :_https://www.slideshare.net/VigneshGanesanMCPMCI/getting-started-with-microsoft-office-365-by-vignesh-ganesan

Please keep checking my blog site for more webinars and useful articles .

What is Customer Lock box in Office 365?

“Customer Lock box” –This terminology was something new to me until I heard it at Microsoft Tech Summit this year .There was one of these sessions which I was attending on Office 365 and the speaker was talking about this feature .Sadly only few folks in the room were aware of it and I was one among those folks who haven’t heard that terminology before.

Anyways, now that I’m aware of it I decided to write an article on it so that my readers get to understand about this cool feature in Office 365 and they can start using it in their Office 365 tenants.

So what is Customer Lockbox? To put it in simple words, it’s a feature that’s available in Office 365 to ensure that there’s zero interaction by Microsoft on your contents that’s saved in Office 365(i.e. SharePoint Online, Exchange Online, Skype for Business Online etc…)

Roughly around couple of years back Microsoft has come up with this feature to maximize the data security and privacy for Office 365 customers by ensuring that there’s zero interaction with the customer’s content by Microsoft engineers.

Almost all the service operations performed by Microsoft are either fully automated so there is no human interaction, or the human involvement is abstracted away from the customer’s content that’s stored in Office 365.

Only during some circumstances where something is broken in your tenant and you raised a support case for that , Microsoft engineers will access your content to fix it .So with this feature Microsoft enforces access control through multiple levels of approval, providing just-in-time access with limited and time-bound authorization. In addition to that all access control activities performed by the Microsoft engineer does gets logged and audited.

The below mentioned image depicts the complete approval process:

So with this feature Microsoft has given their assurance to its customers that their content will not be accessed by Microsoft employees without their explicit approval. It brings customers into the access approval process, requiring the customer to provide explicit approval of access to their content by a Microsoft employee for service operations.

Now that we have understood about this feature lets take a look on how this complete process works ….

Let’s consider a scenario where-in something is broken in SharePoint Online or Exchange Online and you raised a support case for that. The engineer upon reviewing your request feels that he/she might need access to your Exchange/SharePoint Online content to fix it .So this is how the process flows when you have Customer Lock box turned on in your tenant.

Administrators in the customer’s Office 365 environment are notified via email that there is a request for access as shown in the image below.

2. In addition to this the Office 365 Admin Center portal will also display requests that have been submitted to the customer for approval as shown in the image below.

3. You as an Office 365 administrator can approve or reject Customer Lock box requests. Check the image below where you get the option to approve or reject a request.

4. Microsoft can only proceed following approval of a Customer Lock box request. See the image below where the customer has approved a request by the engineer.

5. If a customer rejects a Customer Lock box request, no access to customer content will occur.

Note: Customer Lock box requests have a default lifetime of 12 hours; after which they expire. Expired requests do not result in access to customer content.

Enabling Customer Lockbox in the Office 365 admin center:

Sign in to Office 365 admin center
Go to the Office 365 admin center.
Navigate to Settings > Security & privacy and scroll to locate Customer Lock box

4. Click Edit and move the toggle on or off to turn lock box requests on or off.

Approve or deny a Customer Lock box request in the Office 365 admin center:

Sign in to Office 365 admin center
Go to the office 365 admin center
Navigate to Settings > Support > Service requests.

4. Select a customer lock box request, and then select Approve or Reject.

5. This is how the view looks in the new Office 365 admin center .Check the image below.

How to avail Customer Lock box for Office 365?

Customer Lock box for Office 365 will be available as part of a new premium Office 365 Enterprise Suite called E5

Thanks for reading this post ….I hope you will enable this feature in your Office 365 admin center which gives an extra layer of security to your contents in Office 365.

Terminologies one must be aware of in Office 365:

Listed below are the few important topologies one must be aware of while working on Office 365.

Active Directory Federated Services (AD FS):

On-premises security token service (STS) that provides simplified, secure identity federation and Web single sign-on (SSO) capabilities for users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. Federated identities with Modern Authentication-enabled clients interoperate with EvoSTS, which is the Azure AD STS.

AD FS indirectly supports CA scenarios, as it offers a set of controls known as client access filtering that allow the creation of perimeter network-based policies for IP range filtering, accessed workload, or client type (browser vs rich client).

Multi-Factor Authentication (MFA):

Protects access to data and applications by requiring a second form of authentication. Strong authentication is available through a range of verification options.

Azure Active Directory Premium:

All CA scenarios that leverage Azure AD require Azure AD Premium. Azure AD Premium adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. It includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management, identity protection and security in the cloud.

Azure Rights Management Services (RMS):

Uses encryption, identity, and authorization policies to protect files and email. Information protection that is applied by using Azure RMS stays with the files and emails independently of the location, allowing customers to remain in control of their data even when this data is in motion.

Conditional Access (CA):

CA allows customers to selectively allow or disallow access to Office 365 based on attributes such as device enrollment, network location, group membership, etc.

Device-based CA restricts access to devices that are managed by the organization and are in a healthy state. Device-based CA is a feature of Intune. Users must enroll their devices in Intune and validate that the device meets the organization’s access rules regarding device health and security.
There are other CA scenarios that do not require device enrollment, such as restrict access only from specific locations. These scenarios do not require Intune and are provided through Azure AD Premium access control features.

Data Loss Prevention (DLP):

Helps identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. DLP Policies enable you to notify users that they are sending sensitive information and to block the transmission of sensitive information.

Microsoft Enterprise Mobility + Security (EMS):

Provides identity and access management, MDM, MAM and Azure RMS. Intune is a part of EMS.

Microsoft Intune (Intune):

Intune is a cloud-based service that helps you manage Windows PCs, and iOS, Android, and Windows mobile devices. Intune also helps protect corporate applications and data. You can use Intune alone or you can integrate it with Microsoft System Center Configuration Manager 2012 R2 to extend your management capabilities.

Mobile Application Management (MAM):

Controls how corporate-managed applications work and interact with other managed applications and unmanaged applications (e.g., provides the ability to restrict user actions such as copy, paste, download, etc.). Available through Intune.

Mobile Device Management (MDM):

Provides the ability to configure mobile device policies, such as enforcing complex PINs or passwords, blocking devices that have been jail broken or rooted from syncing email, disabling Bluetooth, etc. Available through Office 365 MDM and Intune.

Modern Authentication:

Provides OAuth-based authentication for Office clients against Office 365 using Active Directory Authentication Library (ADAL). Replaces the Microsoft Office Sign-In Assistant. Allows for CA policies, so administrators can define granular applications and device-based controls for corporate resources.

Thanks for reading this post ….Good luck with Office 365 !!!