Need to Know podcast–Episode 266

Jeff Alexander from Microsoft joins me to catch up and talk about the ‘new normal’, securing remote environments, update management, migrations and more. Jeff also shares some handy information about the Microsoft Fasttrack service and why everyone should take advantage of it. I also bring you up to date with what’s happens in the Microsoft Cloud at the top of the show, so lean back, listen in and enjoy.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-266-jeff-alexander/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show

Resources

Jeff Alexander – @jeffa36, About Me, Linkedin

Benefits of Fasttrack

Cloud Management Gateway

Microsoft Secure Score

Azure AD Conditional Access

Microsoft Zero Trust

Windows 10 Cloud Configuration

Overview of Windows Autopilot

Microsoft adoption

Step-by-step threat protection in Microsoft Defender for Office 365

Announcing the iOS/iPadOS Security Configuration Framework

OneDrive sync 64-bit for Windows now in public preview

Block BCC Messages to Distribution Groups in Exchange Online

Install Viva Connections today

Get started with trials for Microsoft Viva Topics

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

SharePoint: 20 years young

New threat and vulnerability management experiences in Microsoft 365 security

Email filtering reports

Launching threat analytics for Microsoft 365 Defender

Best practices for migrating to SharePoint and OneDrive

Improvements in Microsoft Forms

Microsoft Forms is a handy way to collect all sorts of information. There have been some handy recent improvements.

image

Per roadmap item 79448 – now you can bold, italic, underline, etc headings as shown above.

image

Also now when you share a form you’ll see a Shorten URL option as shown above.

image

Don’t overlook the ability to also grab a QR code, in the same location, as shown above.

As mentioned in Roadmap item 79448:

Microsoft Teams: Forms Polls in Teams Meetings Improvements

A set of top asks will be addressed with this general release. Polls in Teams Meetings now support guests and an optimized mobile experience.

I’ve highlighted what I’m excited to see, polls in Teams now supporting guest users!

Microsoft Forms is great way to collect all sorts of information, from inside and outside your business. It also makes a great front end on a Power Automate sequence to save you further time and money. Here’s a great place to start learning more:

Introduction to Microsoft Forms

Email filtering reports

image

There are some real nice and helpful email report in your Microsoft 365 Security console if you haven’t taken a look recently. You can pull them up by visiting:

https://security.microsoft.com/securityreports

as shown above. Then selecting Email & collaboration reports on the right.

image

The one I really like is the Mailflow status summary which you can drill into further by clicking on the heading or selecting the View details button.

image

If you then select the Funnel option across the top as shown, you get an idea of the number of bad emails that are being caught by each stage of the filtering process, from top (total in) to bottom (remaining out).

SNAGHTMLc4b85a0

However, the report I love is the one you get when you select the Tech view as shown above. Why? Because this one even shows you results from DMARC as highlighted.

image

Many also allow you to Create schedule as shown above,

image

that allows you to email the reports regularly.

Keep an eye on the reporting areas of your tenant, as they are rapidly improving and expanding!

Exchange Online AV engines

image

I have found that many don’t appreciate that Exchange Online uses anti virus engines from multiple providers, apart from Microsoft.

“We have partnerships with multiple anti-malware technology providers, so messages are scanned with the Microsoft anti-malware engines, two added signature based engines, plus URL and file reputation scans from multiple sources. Our partners are subject to change, but EOP always uses anti-malware protection from multiple partners. You can’t choose one anti-malware engine over another.:

per – How many anti-malware partners do you have? Can I choose which malware engines we use?

So email will be scanned by three (3) engines in total. One from Microsoft and another two from third parties.

CIAOPS Need to Know Microsoft 365 Webinar – April

laptop-eyes-technology-computer

OneDrive for Business a pretty handy service inside Microsoft 365 that many people fail to full utilise . In this session I’ll help you better understand what OneDrive for Business is and how you can use it to improve your work productivity. I’ll also have the latest news from Microsoft and as always there will be time for your questions.

You can register for the regular monthly webinar here:

April Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – April 2021
Friday 30th of April 2021
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Native external sender notifications in Exchange Online

image

I’ve never been a big fan of setting up rules to add a HTML banner to inbound emails, as shown above, that “warn” a user about an external email source. I dislike this solution for a number of reasons, including that it is something that an attacker can replicate, it creates a certain amount of complacency for the receiver and it ends up embedded in every reply to the email going forward.

i do however understand what is trying to be achieved here due to a lack of something provided by Exchange Online. That is, until now! A native approach is now available.

image

image

You can now get the External tag, as shown above, to appear in all versions of Outlook (desktop, web and mobile) to help understand the origin of email messages. I like this solution much better because it is built into the platform and appears in an area that an attack would find really hard to replicate. Having such labelling as a native part of Exchange Online is a much better approach I feel.

image

image

You also get the above when you view the email item.

You can enable this on new inbound messages received (only from the point you enable it going forward) using PowerShell.

image

You’ll need to firstly ensure that you have the latest version of the Exchange Online V2 PowerShell module. The minimum version required is 2.0.4. To verify this, and to ensure all the Microsoft 365 PowerShell modules are current in your environment, I encourage you to use my script:

https://github.com/directorcia/Office365/blob/master/o365-update.ps1

that will verify and update if necessary. Just remember to run the PowerShell environment as an administrator prior to running my update script.

Now connect to Exchange Online using PowerShell. Again, you can use my script at:

https://github.com/directorcia/Office365/blob/master/o365-connect-exo.ps1

to do this. In fact, using that script will also ensure that you have the latest version of the Exchange Online PowerShell V2 module installed.

Once connected to Exchange Online as an administrator running the command:

Set-externalinoutlook -enabled $true

The best documentation is currently here:

https://github.com/MicrosoftDocs/office-docs-powershell/blob/master/exchange/exchange-ps/exchange/Set-ExternalInOutlook.md

as this is still a new command at this point in time. You’ll also note that the command also has an Identity and AllowList option that you can further customise your settings.

Once the command has been run it will take a few hours for the External label to start appearing on emails from outside the organisation.

I would expect to see further configuration options become available as well as improvements to the label display. However, a very handy option that will improve the security in your environment and I’d encourage you enable it today!

Microsoft 365 connectivity testing tool

image

Microsoft 365 provides a handy global Network health status page you’ll find here:

https://connectivity.office.com/status

You can view this page WITHOUT having to login to a tenant.

image

However, this same page also has some other handy diagnostics tools, for which you SHOULD login before running. I’ll share why you want to login later.

After logging to your tenant on this same page select Network Connectivity test on the left hand side or visit the direct link:

https://connectivity.office.com/

image

On the right hand side, all you need to do typically is select the Run test button as shown above.

image

This will then prompt you to download and run a small program on your desktop to assist with diagnostics. You may also find that you need to install .NET core as shown above. If so, simply follow the process to install .NET core and then run the program that was originally downloaded.

image

You’ll see it running around 660 individual tests as shown. Be patient, the last few take a few minutes to complete.

image

image

When complete you’ll get a nice overview report of your connectivity results as shown above. Make sure you scroll to the bottom of the window to get all the information. It is important to remember with the cloud that there many different points along a journey to and from a Microsoft 365 datacenter and not all of these are with Microsoft’s direct control. This report gives you a better idea of the latency that can occur between your location and the Microsoft datacenter where your tenant is located. When troubleshooting therefore, it is helpful to get an overall picture of the situation before focusing on where the real problem lies. This tool makes doing that much easier.

image

If you then select the Details tab at the top of the window as shown, you’ll get detailed connectivity information. Again, ensure you scroll right to the bottom of this page for all the details.

image

If you DID login to your tenant prior to running this report, the results will be saved and available under the Reports menu option on the left as shown. Every time you run a report while logged into the tenant, your report will be saved here. Very handy for historical comparisons.

Thus, the Microsoft 365 connectivity test site is a handy site to add to your toolkit. It’ll firstly let you know if there are any global connectivity issues that maybe affecting your access and, it will also allow you to run and record regular connectivity benchmarks which I think that you should do on a regard basis to get a better idea of performance to and from Microsoft 365 from your locations as well a troubleshoot connectivity issues.

Expect to see more features and capabilities rolled out here soon to you help troubleshoot connectivity issues to your Microsoft 365 tenant.