New Exchange Policy Configuration analyzer

If you have a look in your Threat Management policies in Security and Compliance you’ll see a new tile called Configuration Analyzer as shown above. The direct URL is:

https://protection.office.com/configurationAnalyzer

When you select this tile you’ll see a screen like that shown above which compares your current policy settings to Microsoft best practices.

If you expand any of the headings you’ll the settings in question and what the recommendation is on the right. You’ll also see a link that allows you to easily Adopt this setting.

If you do select the Adopt link, you’ll be presented with the above warning asking you whether you wish to proceed and Confirm or Cancel the change.

You will also see a Configuration drift analysis and history option as shown above. This allows you to compare changes in configuration over time and their effect. Basically, whether changes made improve email security or not.

If you want to learn more about Microsoft’s best practice configurations I suggest you take a look at my previous article:

New templated email policies

I see this as a further step towards what I spoke about here:

The changing security environment wit Microsoft 365

and how Ai will soon do all this automatically.

Custom Praise badges in Microsoft Teams

If you navigate to the Teams admin portal and expand the Teams apps option from the menu on the left, you should see a Managed apps option. You can locate the Praise app by using search on the right.

If you select the Praise app you’ll then see a screen like that shown above. If you then select the Settings option just under the information banner you get the badges options.

Generally, default badges are enabled but why not also enable the Social and emotional learning badges for education as well? They are free after all!

Preview of the Social and emotional learning badges for education

When you do so, you’ll see the additional badges shown above in your Teams Praise app.

Even better, further down, you can also add you own custom Praise apps.

Just update a suitable badge graphic and add the details about the badge.

So now, when you Praise someone in Teams, you have many more options, including your own custom ones as shown above.

When selecting an image, keep badge dimensions in mind. For the best quality, we recommend uploading an image file that is 216 x 216 pixels (which are the maximum dimensions). Avoid stretching or distorting the image to fit these dimensions.

The above is from a great Microsoft article:

Manage the Praise app in the Microsoft Teams admin center

that provide lots of information about the Praise app and badges. So I recommend you take a look to learn more.

Revisiting some facts around Microsoft 365 backup

A while ago I wrote an article:

Do you need to backup Office 365?

Recently, Tony Redmond wrote this article on a similar topic:

Questioning Six Reasons Why Backing up Office 365 is Critical

That then lead to the following debate:

The Great Debate: The Need For Office 365 Backup [VIDEO]

I’ve also seen people quote the following from Microsoft:

Microsoft Services Agreement

which contains the following clause:

which reads:

“We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

However, it is important to note at the top of that document:

which reads:

“These terms (“Terms“) cover the use of those Microsoft consumer products, websites, and services listed at the end of these Terms here (#serviceslist) (the “Services“).”

Note hyperlink to “services” that agreement actually covers. That leads to the following URL:

https://www.microsoft.com/en/servicesagreement/#serviceslist

and when you look through that list there are no M365/O365 commercial services listed:

Thus, that Microsoft Services Agreement doesn’t apply when talking about data retention in Microsoft 365 commercial products.

In fact, the following slide was taken from a recent Microsoft Ignite 2020 presentation:

Here’s the time stamped video it came from – https://youtu.be/zBHXVGrxBqM?t=1971 (Protecting Exchange Online Mailboxes As A Secure Vault)

I will also highlight the following article:

Set the OneDrive retention for deleted users

which says:

“The minimum value is 30 days and the maximum value is 3650 days (ten years).”

As my original article states and Tony Redmond reinforces, the importance is to understand what M365 does out of the box with data retention and how that can and ‘should’ be configured to reduce risk. After which, third party products can be added to supplement what Microsoft 365 does. As I say, more backups are good but at some point they fail to significantly reduce risk for the investment made in them. That point is up to the individual business to determine.

It is important to have the correct information when it comes to data retention and recovery in Microsoft 365, and if you don’t appreciate what can be done with Microsoft 365 out of box then I’d encourage you to go and take a closer look, because it does a pretty good job in my opinion.

Need to Know podcast–Episode 256

We’ve crossed the 8 bit barrier and now into 16 bit episode numbers! I’ll give you a quick round up of what I thought was the most important announcements from Microsoft and where you can go to get all the information Microsoft recently provides about its products. Then I’ll speak with Microsoft MVP Lars Klint about his project with llamas. Yup, that’s the animal, not some secret code word. So listen in for some fun as well as interesting take away Lars has to share in this episode.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-256-lars-klint-and-llamas/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@larsklint

@directorcia

Introducing llama cam

llama cam

Lars Klint blog

Ignite book of news

Ignite on demand sessions

New management capabilities for Microsoft Defender Antivirus in Microsoft 365 Business Premium

Announcing Microsoft 365 Lighthouse for Managed Service Providers serving small & medium customers

Seven ways we’re empowering every person and every organization to thrive in a new world of work

Discover the new Teams feature that supports social-emotional learning

Microsoft Defender for Endpoint adds depth and breadth to threat defense across platforms

Announcing SharePoint Syntex

Celebrating the top OneDrive moments from Microsoft Ignite 2020

SharePoint admin and migration announcements at Ignite 2020

What’s New in Microsoft Teams

Collaboration, communication and knowledge sharing with Microsoft Teams, SharePoint, Project Cortex

October poll

ask-blackboard-chalk-board-chalkboard-356079

For October I’m asking people:

Do you feel things are changing too quickly with Microsoft 365?

which I greatly appreciate you thoughts here:

http://bit.ly/ciasurvey202010

You can view the results during the month here:

http://bit.ly/ciaresults202010

and I’ll post a summary at the end of the month here on the blog.

Please feel free to share this survey with as many people as you can so we can get better idea of there is too much change with Microsoft 365?

The changing security environment with Microsoft 365

First, a quick trip down memory lane. Back when Microsoft released Windows XP it had no local firewall (yep, I know, hard to believe now). After that fact being exploited by malicious software to spread through networks, Microsoft added a firewall to Windows XP in Service Pack 1. However, it didn’t automatically enable it. It remained something optional that was on the user to enable. Of course, given that most people are never going to enable a security feature that is optional, security issues continued. Then, with Service Pack 2, Microsoft enabled the firewall in Windows XP and it has been on ever since.

Most software is generally not configured as securely as it could be out of the box. In the case of Microsoft, it has to cater to a very, very broad audience with very different needs and configurations. Thus, it has fallen to the IT Professional for the business to implement the appropriate security using the features provided.

This equates to the Windows XP Service Pack 1 days. That is, the security capabilities are included but not enabled. And just like those days, only a very small percentage of them seem to get implemented. Multi Factor Authentication (MFA) is a great example of this. From Microsoft Ignite 2019 (i.e ONLY last year):

“it was discussed that out of all the Azure tenants globally, less than 8% of them WORLD-WIDE have enabled MFA. 99.9% of attacks on accounts are prevented by MFA.” – Reference

Even though EVERY Microsoft/Office 365 and Azure tenant includes MFA for identities, less than 8% have enabled it. This is hard to rationalise given the reality that doing so would prevent almost 100% of attacks. Clearly, it harkens back to the Windows XP Service Pack 1 days – if it ain’t on by default, then it will probably NEVER be turned on, no matter how much protection it provides.

So I hope you can appreciate, that in one aspect the IT security landscape hasn’t changed much from back when we had Windows XP (2002 if you check Wikipedia). I think however that this is in fact driving what I see as the ‘new’ security landscape for Microsoft 365.

The first big change with Microsoft 365 security is that Microsoft is beginning to move from Windows XP Service Pack 1 approach to a Service Pack 2 approach. That is, security enabled by default.

The first example of this is the End of support for Basic authentication and actively disabling it which you can read about here:

Deferred end of support date for Basic Authentication in Exchange Online

The next example is Security defaults.

Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:

Requiring all users to register for Azure Multi-Factor Authentication.
Requiring administrators to perform multi-factor authentication.
Blocking legacy authentication protocols.
Requiring users to perform multi-factor authentication when necessary.
Protecting privileged activities like access to the Azure portal.

If your tenant was created on or after October 22, 2019, it is possible security defaults are already enabled in your tenant. In an effort to protect all of our users, security defaults is being rolled out to all new tenants created.

and from – Introducing security defaults

“We will expand first to apply security defaults to all new tenants as well as applying it retroactively to existing tenants who have not taken any security measures for themselves.”

The next example are the new templated Exchange Online policies found in the Administration console which I have detailed previously here:

New templated email policies

Basically, this is a ‘Microsoft Security Baseline’ for securing Exchange online to best practices. You can read more about these at:

Preset security policies in EOP and Office 365 ATP

I can see a future where at least the Standard protection policy is applied to all new tenants out of the box.

Next, if you go and look in Microsoft EndPoint Manager you will see a growing number of similar baseline policies. I say growing, because a

New Security baseline for Office

is on the way.

At the moment, the smart approach is to use these baseline policies from Microsoft and then adjust or add as required to suit your own environment (i.e. Windows XP Service Pack 1 approach). Again, I see the day, in the not too distant future, where these baselines will be enabled by default (i.e. Windows XP Service Pack 2 approach).

Where I see a major difference between the Windows XP Service Pack 2 approach (i.e. security on by default) is with the introduction of Artificial Intelligence (AI). Thanks to telemetry from tenants and activities being fed back into the Microsoft Cloud, AI and Machine Learning (ML) can be used to look for anomalies. The best example of this Azure Sentinel.

In this new world of AI, you need to spend less time looking at individual events. In essence, you allow the AI to do that and determine what looks suspect based on EVERYTHING it sees in your environment and what it sees across the whole ecosystem. I can see a future where not only will the AI analyse all this data in a blink of the eye but it will also start taking action. For example, if you haven’t disabled basic authentication, it will disable it automatically because it knows that doing so is recognised by its algorithm to protect data to a high degree. I also believe we will also soon have the option for the AI to start taking ‘pro-active’ action to re-configure spam filtering to provide the best protection and adapt automatically to new methods of attack.

In short, I see a day, in the not to distant future, when all possible security options will be enabled by default and then AI will not only monitor but automatically adjust services and settings as required to meet the changing threat landscape. All of this will be driven by the growing volumes of telemetry that Microsoft collects from tenants big and small.

This all seems pretty marvellous, having a self adjusting security posture but perhaps the bigger question to consider is, what role does the IT Professional who is supposed to be setting this security configuration up manually today play in this future? Does a role for manual IT security configuration exist in the future? If not, where will the opportunities be in the IT security realm?

New conversation button in Teams

A New conversation button has appeared for me inside my tenant both on the desktop and on the web as shown. This is very much like the button you in the mobile experience of Teams.

One of the major challenges with conversations or chats in Teams was the simplicity that you could create new conversation threads. This simplicity was its own worse enemy unfortunately, because what you’d find is that people would post new message threads rather than posting to the current or existing one. Many users didn’t notice that fact and you ended up with many, many disjointed conversations. That reduced Teams chat benefits and effectiveness.

This New conversation button will ensure that any existing reply will stay in the existing thread and you’ll only get a new conversation by pressing that button. It also makes the interface between, desktop, mobile and web more consistent.

Look out for the New conversation button coming to your Teams environment soon.

Need to Know podcast–Episode 252

In this episode I speak with MVP Megan Strant all about adoption. However, in this discussion we focus on the human side of adoption and change management which can be really challenging for many organisations to successfully manage. Megan shares her experiences and provides some handy insight into how we can improve our chances of successful adoption of Microsoft 365.

Of course, there is always Microsoft Cloud news which I’ll bring you up to date with. We will be expecting a whole lot more once Microsoft Ignite starts, so stay tuned here for all the latest!