Azure AD Management comes to ARM

 

  https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Getting-started-with-the-new-Azure-Active-Directory-management-experience/player

One of the missing pieces when it came to working with Azure in Office 365 was the ability to manage Azure Active Directory. Previously, this all had to be done via the older “classic” or Service Manager Portal, such as:

Configuring an Azure Single Sign On portal

Microsoft has just announced the preview of Azure Active Directory in the new Resource manager portal. You can read more about the announcement here:

The AzureAD admin experience in new Azure portal is now in public preview

Take a look at the above video to get a feel on what the new management experience is all about.

image

You can find the new option area in the new Portal by searching the services for “azure” as shown above and then selecting Azure Active Directory.

image

You should then see your Azure Active Directory as shown above.

You can do all the stuff you used to be able to do in the “classic” portal such as configure company branding.

Remember, that if you have Office 365 you also have Azure AD. All you need to do is enable it:

Enabling your Azure AD

and you’ll get access to these features for free.

It is really exciting to see Microsoft brining more and more features to the new Azure portal. Have a look for yourself today.

Answering common questions with Office 365 Part 2

This is the second article in a series of typical customers questions around Office 365. These questions were part of presentation I did with two other resellers at the Australian Microsoft Partner Conference in 2016. You’ll find the first part of the series here:

Answering common questions with Office 365 Part 1

The question for this article is:

Customer Question – There is a lot of talk about online privacy and governments spying on data. Although my business doesn’t have anything to hide how does Office 365 keep my data private and secure from unwanted ‘prying eyes’? I also have a legal responsibility to ensure my clients data remains secure and private. Can this be achieved with Office 365 to ensure I am compliant with any legislation?

In Australia, if you run up an Office 365 tenant today the data will be located in the Australian data centers. An administrator can easily see where their Office 365 data is located using this process:

Office 365 Data location

The E5 license provides functionality known as ‘Customer Lockbox’. This allows the customer to control who accesses their data by basically have requests for access come directly to the customer. I have written an article about this here:

Enabling Customer Lockbox

and you’ll also find some good information about Customer Lockbox in this video:

Information that is sent to and from Office 365 is encrypted:

Encryption in transit

Information saved in Office 365 is also encrypted at rest as detailed in this video:

Depending on the Office 365 license you have (typically E3 or above) you can enable and configure additional security measures to keep your data safe. One of these is Data Loss Prevention or DLP and I have previous detailed how to set this up for SharePoint:

Enabling DLP for SharePoint and OneDrive for Business

Office 365 also includes the ability to enable multi factor authentication. This means that not only do you need a login and password but you’ll also need something like a unique code sent via text message to login. You can read more about this here:

Set up multi factor authentication for Office 365

I’ve also previously covered how Office 365 includes basic Mobile Device Management (MDM) that allows you to protect which mobile devices connect to your environment as well as allowing you to set policies to ensure they are secure. You can read more about how to set that up here:

Office 365 Mobile Device Management

With plans from E5 and above you also get the ability to place information on ‘Legal Hold’ to preserve it for long periods of time. More information on those abilities is at:

Legal Hold

These plans also allow you to use advanced eDiscovery to search across all the data sources inside Office 365 for information that matches your pre-defined query. Here is an article I have written about eDiscovery with SharePoint Online:

SharePoint Online eDiscovery

here is a FAQ on eDiscovery:

eDiscovery FAQ

as well as as an overview article on eDiscovery in Office 365:

eDiscovery in Office 365

As I have written about previously, many users of E3 licenses and above don’t appreciate that they have the ability to use Rights Management to protect their documents no matter where they are located. My article explaining all this is here:

Office 365 E3 and above includes Rights Management

I also have an article on using Rights Management with SharePoint Online here:

Using Office 365 Rights Management with SharePoint Online

and here’s more information on Rights Management in Office 365:

Information Rights Management 

and how you use email message encryption:

Office 365 message encryption

As I have said before, the security features of Office 365 are one of the real differentiation points when it comes to online services. There are lots and lots more features I could dig into here but I’ll point you to a presentation I gave a while back on Office 365 security which is a good overall summary of what’s available:

https://docs.com/d/embed/D25195817-5129-1561-2200-001922537313%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

The slides are also available here as well:

https://doc.co/uWMfkS/qcihGm

I’ll also point you to the article I wrote on the new Microsoft Secure Score service that allows you to rate how secure your tenant is and then take actions to improve that:

Office 365 Secure Score

You can rest assured that Microsoft takes security very seriously and as such, has many features available across all plans to ensure your data remains private and secure. You can increase that security by using the Enterprise Plans such as E3 and above to enable even more security. For what these advanced plans provide, their cost is cheap. Really cheap. So if you haven’t considered what additional security plans like E3 include then I’d strongly encourage you to check out the features.

Watch out for the answers to more common questions with Office 365 coming soon.

Answering common questions with Office 365 Part 1

I was recently lucky enough to present at the Australian Partner Conference 2016 with Microsoft and two other resellers. The focus of our presentation was around how to answer common user questions with Office 365 and the features that it includes.

What I thought I’d do is share these questions and answers over a few blog posts. So here is part one.

Customer question – I know a lot of businesses that are getting hit by this crypto locker malware where their documents are being encrypted and there are being asked to pay a ransom. I am really worried that one of my employees may inadvertently open an infected file and we’d be in the same boat as we get lots and lots of attachments every day. How can Office 365 protect me against that?

Office 365 already includes advanced malware protection in email by default. With the E5 license you also get:

Advanced Threat Protection

as well which includes the ability to open suspect attachments in a sandboxed environment to determine what happens and take the appropriate action. More details of these features can be found in this video:

By default, every time a document is updated in SharePoint Team Sites or OneDrive for Business the previous version is saved. Thus, if a file does become encrypted it can be quickly rolled back to a previous version.

At the moment, if multiple files do become encrypted and uploaded there is no single command sequence that would allow you roll back multiple files. Unfortunately, rolling back to a previous version has to be done one file at a time. However, as I understand it, Microsoft is working on a process to roll back multiple files via a single command. I also believe it is possible to do this using advanced scripting (aka PowerShell).

Exchange Online also allows you to create rules to automatically exclude certain attachments and quarantine them before they are delivered to end users. A good reference is:

Reducing malware threats through file attachment blocking

You can also use a third party mail cleansing service, such as Mailguard, in front of Exchange Online.

Of course, the best best protection that you can have is informed and paranoid users. Part of any security policy for a business needs to be education not abdication of this to technology. Technology is not 100% reliable, there is always the chance of some attack slipping through the protective technology security net that is erected around the business. On the odd occasion that this should transpire if it greeted with informed and paranoid users then the chance of the payload being delivered, and the business being interrupted, is much lower. You know, an ounce of prevention and all that.

Office 365 provides some excellent protection by default. The premium Office 365 licenses provide better protection. Appropriate configuration and user education provide even more protection. Finally, there is always the option to integrate third party solutions.

Business cards are for giving away

The reason that I attend many events these days is simply because of the networking opportunity. People buy from people, not from websites, not from brochures, etc. They buy from people they know. This means it is critical to actually go out, show your face and connect with people one on one. Nothing drives opportunity faster than meeting with people in my experience.

So why, if meeting people is so beneficial do so many overlook the most basic thing you can do when you meet people at networking events?

It never ceases to amaze me how many people you meet who have some excuse for not having a business card they can give you. For me, part of the discipline of getting ready for a networking event is to ensure I have a wad of business cards in my top pocket every time. Typically, as soon as I meet someone at an event, they get a business card from my top pocket, automatically.

Your business cards do you no good sitting in a holder on your desk or locked away somewhere! The challenge you should set yourself at any networking event is to aim to give away ALL your business cards. That is the only acceptable excuse for not having cards in my books. Then bring more next time and give those all away.

If I don’t get a business card from a new contact, especially if they say they don’t have any on them, the chances of my doing business with them drops dramatically. Firstly, how do I contact or even remember them? Secondly, it tells me that aren’t organised, not really serious about making contact and you know what? Don’t really care about making it easy for me to work with them.

So, whatever system you need to develop, make sure that before you enter ANY networking event you have a wad of business cards you can give to everyone you meet. Doing so will increase your business I guarantee! Success is a system not a random sequence of events.

Office 365 Advisor/Direct incentive changes coming

If you are NOT an IT reseller who makes money from being the ‘Partner of Record (POR)’ then you can safely ignore this article. However, if you are indeed a Microsoft partner who generates an important amount of income to your business from being an Online Services Advisor (OSA) then you should read on because you might get a bit of a shock.

I have always discouraged resellers from placing too much focus on the rebates they received from Microsoft from just selling Office 365. The main reason is that it takes away the focus from the new model of adding value to the old model of just reselling. As I forecast, now that Office 365 is gaining wider adoption the emphasis is shifting from actually selling Office 365 to implementing it. This also means that incentives are also shifting in that direction.

There are going to be major changes to the O365 Online Service Advisor (OSA) commissions model after 1 Oct 2016. In summary (from what I can determine), the major points are:

1. Partner needs a minimum silver competency in cloud productivity to claim incentives after October 1 2016.

2. Commissions will be based on product usage not licence count. The incentive is calculated based on Online Services Usage Rate Card value of eligible Office 365, EMS, Microsoft Intune and other SKUs. The commission rate will be 10%.

3. Sell only commissions will drop to 3% until 1st July 2017 on existing managed tenants acquired prior to 1 Oct 2016. After 30th June 2017 no more manage only commissions will be paid on any tenant.

4. Sell only commissions will be 0% for all tenants acquired after 1 Oct 2016.

References

https://partner.microsoft.com/membership/partner-incentives

http://www.channelpronetwork.com/news/end-approaches-microsoft-online-services-advisor-incentives

If you are not on CSP already you really need to make the shift along with your customer licenses! However, you should be really focusing on providing services that add value to the Office 365 product and any revenue derived from actually selling licenses is simply ‘nice to have’.

Office 365 Secure Score

One of the real differentiators that Office 365 provides I believe is security. A new initiative that Microsoft have announced is:

New security analytics service

image

You can try this out for yourself. Firstly, login to your Office 365 tenant as a global administrator. Then, in a new browser tab, navigate to:

https://securescore.office.com/

You’ll be asked to provide Secure Score permissions to your tenant as you see above. Simply select Accept to continue.

image

Your tenant will then be assesses and rated as you can see above (in this case on a demo tenant).

This site not only gives you a security rating for your own tenant but it also provides you with an Action list which you can undertake to make your tenant more secure.

image

image

As you slide the bar in the middle of the page you see your security score increase. However, when you do this, you also see the Actions in the queue increase. Basically, to make your tenant more secure you have to take more actions. Obvious!

image

You can drill into an Action item to get more details and you see above.

image

If you select the Learn More button you get an informational card appear on the right with a Launch Now link to take you straight to the location to make the change.

image

The most interesting item on this page is over on the right, under the Compare your score as shown above.

What I find interesting is that this demo E5 tenant, more or less out of the box, is over 4 times more secure than the average! Not sure how this average is arrived at, and maybe it currently doesn’t include every tenant, but WOW do a lot of people have a lot of work to do to secure their tenant!

You’ll find plenty of other great information on this page as well as ability to view your score over time, so it is worth spending time to explore.

In short, this is great tool from Microsoft. It is simple to use and understand as well as making improving your Office 365 security dead easy! If you have Office 365 then I’d suggest you go and check out your security score. After visiting, I reckon you’d be pretty much at least double your score following the recommendations the site makes.

Expand your Office 365 offerings

image

A surprising statistics is that most SMB resellers merely provide email migrations services to Office 365. Few provide anything when it comes to SharePoint, Yammer, Skype for Business, Power Bi and so on. This does create an real opportunity for those partners who build offerings around all the additional products and features of Office 365.

To help partners get up to speed with the full range of Office 365 Services I developed and run two very unique training sessions. These session are part hands on lab, part lecture and part team building, goal setting and business development. The focus is give you experience in real world environments with Office 365 environments while competing in groups to be crowned ‘top dog’ for the day! This is truly the most unique Office 365 training you’ll find out and a guaranteed way to get partners started down the additional revenue opportunities with Office 365.

Best of all, Microsoft is offering this all day training FREE to partners who register now. Places are strictly limited as classes are kept intentionally small.

There are two courses available, a ‘basic (START)’ and an ‘advanced (GROW)’. The next ‘basic (START)’ course you can register for is here:

AUWW143 – NEXT UP Consumption For SMB – START
19th September 2016 | 09:00AM – 05:00PM
Microsoft Brisbane,
Level 28, 400 George Street, Brisbane

https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x553965a294

The follow on ‘advanced’ course is also available for registrations here:

AUWW142 – NEXT UP Consumption for SMB – GROW
26th September 2016 | 09:00am – 05:00pm
Microsoft Brisbane,
Level 28, 400 George Street, Brisbane
 
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x5521037ff2

and

AUWW142 – NEXT UP Consumption for SMB – GROW
27th September 2016 | 09:00am – 05:00pm
Microsoft North Ryde,
1 Epping Road, Sydney
 
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x552616b792

If these aren’t convenient for you, make sure you contact your local Microsoft rep and ask when they will be available in a location near you.

I hope to see you there.

Need to Know podcast–Episode 113

A special episode with a true technology superstar. Jeffrey Snover, Microsoft Technical Fellow/Lead Architect for Enterprise Group, Azure Stack and PowerShell Architect joins us to talk about Microsoft Operations Management Suite (OMS) and of course, all about his baby, PowerShell. Jeff shares some really great insights into the birth of PowerShell and why scripting is so valuable is today’s modern IT environment. Of course you’ll also get a cloud news update from Marc and I as well as a special report about upcoming changes to the Microsoft reseller initiatives around Office 365. It’s a bumper episode packed with content. So listen along, give us some feedback and listen to wisdom the father of PowerShell.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-113-jeffrey-snover/

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Modern SharePoint Lists

SharePoint Online Site Collection limit increased to 25TB

Change to partner remuneration coming 1st October 2016

Marc’s blog with all the Azure news

@jsnover – Jeffrey Snover: Microsoft Technical Fellow/ Lead Architect for Enterprise Cloud Group/ Azure Stack Architect/ PowerShell Architect

Here is the must watch video on Jeff’s history at Microsoft https://www.youtube.com/watch?v=3Uvq38XOark

Use the PowerShell 5 Convert-String Cmdlet

Learning PowerShell

Getting Started with PowerShell 3.0 – Microsoft Virtual Academy Course

Microsoft Operations Management Suite Overview

Show feedback – feedback@needtoknow.cloud