Saturday, December 15, 2018

What is your biggest challenge with the Microsoft Cloud

pexels-photo-356079

Tis the season for a survey I think. What I’d like to do is start off with this one question:

What is the biggest challenge you face with the Microsoft Cloud?

That’s it. Just one question. You can answer the question here:

http://bit.ly/mscloudsurvey

I’ll collate all the answers and report back on the results. I’ll try and group the issues into categories so you get a better of idea of what generally are the major challenges a majority of people have.

It doesn’t matter whether you are an end user, business, IT resellers, IT professional, whatever, please take a moment to share what you find most challenging about the Microsoft Cloud (Office 365, Microsoft 365, Azure, etc)

The more people that take a moment to answer the more results and information we’ll have to share. The results are anonymous.

Thanks in advance for completing the survey.

Thursday, December 13, 2018

Microsoft Online PowerShell Setup/Update scripts

One of the biggest challenges setting up a PowerShell environment for Microsoft Online is install ALL the different modules for each service into PowerShell. Thankfully, the latest version of PowerShell makes that really easy. All you need to do is:

1. Run your PowerShell environment as an administrator

2. Run install-module <module name>

for each service.

Now the challenge is finding all the module names, because unfortunately they are not consistent.

Thus, to make life easier I have uploaded a script to do this for you at my GitHub repository here:

https://github.com/directorcia/Office365/blob/master/o365-setup.ps1

This script will install the following modules for you:

1. Azure AD

2. Azure AD Rights Management

3. Microsoft Teams

4. SharePoint Online

5. Microsoft Online

6. Azure

Unfortunately, at this point in time, the Skype for Business module is a downloadable MSI install, not something we can do inside PowerShell easily.

Of course, once you have these installed, they’ll also need to be updated regularly as updated modules are released. I’ve taken care of that for you also with an module update script here:

https://github.com/directorcia/Office365/blob/master/o365-update.ps1

So you only need to run the install script once to get the modules and then you just need to run the update script to ensure you have the latest version of the modules.

That should make using PowerShell with Microsoft Online easier.

Wednesday, December 12, 2018

Need to Know podcast–Episode 197

In this episode we focus on security starting with our interview of Alex Wilson from Yubico talking all about multi factor authentication. We take the time to dive deep into the benefits of using devices like the Yubikey to protect identities an help prevent phishing attacks. Brenton and I also discuss a number of interesting security items before the interview as well as give you the latest updates from the Microsoft Cloud.

Take a listen and let us know what you think -feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-197-yubikey/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Alex Wilson - alex.wilson@yubico.com

Yubico

@contactbrenton

@directorcia

Join us for the 200th episode

Australia gets world-first encryption busting laws

Australia passes new law to thwart strong encryption

Microsoft adopts ethical principles aiming to bar misuse of facial recognition technology

New breakthrough in combating tech support scams

Mastercard and Microsoft join forces to Advance Digital Identity Innovations

New Office app icons

Outlook on iOS gets a redesign

CIAOPS Patron program

Friday, December 7, 2018

Unable to save attachments to SharePoint Online

One of the most important things when you implement adoption is to have a positive initial experience. This typically means ‘easing’ a user’s transition during the adoption process. If too many things are different, then there is much more likely to be a negative impression of the new processes. This slows adoption and at worst, can actually halt it in its tracks.

When moving to Microsoft 365, one of the most common things that a user needs to accomplish to be able to save and add attachments to emails. They have been performing this seamlessly using on premises file servers for years. They simply select to attach and then navigate to the file, attach it, then send. Easy.

Unfortunately, as I have documented before:

Saving attachments to SharePoint

it isn’t easily done with SharePoint Online. This is really strange, given that SharePoint Online is the place where users should save and access common files in the Microsoft Cloud. Let’s take a look at the issues I’m taking about.

image

So an email arrives in my inbox on Outlook on the desktop, as shown above.

image

I want to upload this directly into an existing SharePoint stand alone Team Site, but as you can see the only option I have is my own personal OneDrive for Business or a range of Office 365 Groups and Teams that already exist.

Just to make sure I haven’t missed anything, I’ll select the More option at the bottom of the list.

image

Now I only have the option to save to a Group (which includes Microsoft Teams). So, let’s say I select the Sales Group (which is actually a Microsoft Team).

I’m now returned to Outlook. Where did that attachment actually go?

image

So, if I call up my Sales Team and rifle through all the file locations in Teams interface, I can’t find the file as you see above!

image

Turns out that the attachment I saved is placed into the root of the default Document Library in the Microsoft Team as you see above. But guess what? There is no way to actually see that unless I navigate to that location via SharePoint. I actually can’t see that attachment I just saved if I’m using the Microsoft Teams app! They all end up in the root of the Documents location, which isn’t accessible in the Teams app!

image

This means, that the only REAL solution for users to save the document to other locations in various SharePoint Document Libraries, is to firstly sync those destination locations to their desktop and then save the attachments the old fashioned way to the sync location so they will end up in SharePoint.

That means, to save or add attachments I firstly have to sync EVERY location I might want to save a file too!

image

Outlook Web Access is actually worse than the desktop client as the only options you have are to download or save to OneDrive for Business as seen above.

image

Interestingly, if I want to attach a file from a SharePoint site I can navigate to Browse Web Locations, select the Team Site I want

image

and I see a Windows Explorer pane where I can navigate to locate the file I wish to attach, just like on premises days. However, the look and feel here is pretty dated and requires Windows Explorer to be working and may pop up warning dialogs which will freak most users out.

image

When I use Outlook Web Access I can Browse cloud locations for an attachment

image

I effectively only see my OneDrive for Business as shown above.

These experiences leave a bad taste in the mouth for users, especially first time users grasping with the ‘modern’ way of working. They need to have an experience which is pretty much identical to the one they had on premises. Why can’t we simply save and add attachments directly from SharePoint Online Team Sites like we have always been able to do from on premises network file shares?

I’m seeing this end user frustration more and more in the field and was prompted to write the article to hopefully rally the masses to get a change enacted. So the best thing you can do is visit this UserVoice request:

https://office365.uservoice.com/forums/264636-general/suggestions/18553747-please-enable-the-attachment-of-sharepoint-files-w

and vote it up.

Next, tweet about getting this enabled to the following accounts:

https://twitter.com/Outlook

https://twitter.com/SharePoint

https://twitter.com/Microsoft365

and

https://twitter.com/jeffteper

I will be!

Perhaps I’m missing something obvious here and if I am please let me know but I don’t think I am. Help me raise awareness and improve Outlook so it is easier for users to adopt Microsoft 365!

Wednesday, December 5, 2018

Organization doesn’t allow you to use work content

image

Let’s say you have a bright and shiny Microsoft 365 Business tenant that you have configured out of the box. This means you have set up the default policies, assigned licenses and installed the software for users.

Your user now receives an email like the above with a PDF attachment. The system has Adobe Acrobat reader set as the default PDF reader.

image

The user selects to open the attachment.

image

Adobe Acrobat launches as expected but you receive the above error:

There was an error opening this document. Access denied.

image

Instead, the user downloads the file to a local drive and then tries to upload it into a SharePoint Document Library as shown above.

image

They are greeted by another error:

Can’t use work content here.

Your organization doesn’t allow you to use work content here.

What’s going on? Why can’t users save files? In short, the reason is Windows Information Protection (AIP). You can read more about what WIP is here:

Protect your enterprise data using Windows Information Protection (WIP)

By default Microsoft 365 Business has WIP enabled. This means there is now a distinction between ‘corporate’ and ‘personal’ data. Corporate data is data that is created using pre-defined ‘corporate’ apps like Word, Excel, PowerPoint etc. Personal data is EVERYTHING else i.e. PDFs, files from network shares, local files. Why? Because these files were NOT created by the apps authorised by the WIP policy that has been enacted by Microsoft 365 Business.

Is there are correct way to se up WIP so you don’t get these hassles? Yes, there sure is but in this article let’s keep it simple and cover off how to disable WIP for the time being so users can get on with their work.

image

Locate the Microsoft 365 admin center and then select the Device Policies tile as shown above.

image

You should then see a list of policies as shown above. In this case, I have two Application Policies for Windows 10 (one for enrolled devices and another for non-enrolled devices).

If you have multiple Application Policies for Windows 10 you’ll need to take the following actions on each policy.

image

Select the policy to edit it. Details of the policy you select should appear on the right as shown above.

Locate the Restrict copying of company data line. Here you’ll see the Setting is ON, thus WIP is enabled. To change this setting, select the Edit hyperlink to the right as shown.

image

You should that that Prevent users from copying company data to personal files is ON as shown.

image

Change this setting to Off as shown and then select Save.

While you wait for that to sync to the Windows 10 desktops (which should only take a few moments) let’s go into the back end of Intune and see where this setting actually is.

image

Navigate to Intune in the Azure portal and select Client apps from the main menu as shown above.

image

On the blade that appears, select App protection policies as shown.

image

This should display the application policies with the same names as you see in the Microsoft 365 admin center. Here are only application policies, device policies are elsewhere in Intune.

Select your Application policy for Windows 10.

image

From the blade that appears select Required settings as shown. On the right will be displayed the state of Windows Information Protection.

If WIP is enabled, the option here will be Block.

image

However, now you have changed the policy via the Microsoft 365 admin center the setting should be Off as shown above.

This confirms that WIP is now disabled in our environment.

image

If you now return to SharePoint on the workstation, and assuming the policy has synced to the desktop, the upload of the file should work.

image

Along with everything else that was blocked, including viewing PDFs.

Thus, to overcome the WIP issues with Microsoft 365 Business out of the box, you will probably need to change the Application Policy for Windows 10  as shown above.

How do you correctly configure WIP for your environment to take advantage of all the protection it offers? Stay tuned for an upcoming article on just that.

Monday, December 3, 2018

CIAOPS Need to Know Office 365 Webinar–December

laptop-eyes-technology-computer

For the last webinar of 2018 we are going to take a look back at everything that’s changed with Office 365 and what we can expect to see in 2019. If you want a summary of what’s been and what’s to come then this is webinar for you! There’ll also be the usual detailed updates of everything that’s happened in the Microsoft Cloud for December as well.

You can register for the regular monthly webinar here:

December Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – December 2018
Thursday 20th of December 2018
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.