CIAOPS Need to Know Office 365 Webinar–April

laptop-eyes-technology-computer

For this month’s webinar we are going to take a look at the key skills required to be effective with Office 365. I’ll show you what these skills are and how to use them effectively to make the most of Office 365. Of course, I’ll also bring you up to speed with all the latest news and updates in the world of Office 365 and Microsoft 365.

You can register for free at:

April Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – April 2018
Tuesday 24th of April 2018
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.

Recalling message options in Office 365 OWA

There are many times when you want to recall a message you have sent in Outlook or Outlook Web Access (OWA). Generally, you should reconcile yourself to the fact that you won’t be able to achieve this but there is an option in OWA that you can set to allow you to ‘Undo’ you send.

To enable ‘Undo send’ in OWA navigate to OWA in your browser and select the Cog in the top right as shown above.

In the search box that appears type ‘undo’ and this should display the Undo send option as shown. Click on this result to navigate to the setting.

In most cases the Undo send option will be disabled as shown above. To enable simple select the Let me cancel messages I’ve sent for option.

By default, the time you have to undo the send is only 10 seconds so you may want to extend this to the maximum of 30 seconds by selecting that option from the pull down.

After you have made these changes make sure you select the Save button at the top to update your preferences.

With this option now configured at least you might have the ability to undo a sent email before it goes out. Again, this may not always work but at least now you have an option.

Using Office 365 PowerShell with MFA enabled

Enabling multi factor authentication (MFA) in Office 365 is best practice, especially for global administrators. However, doing so can raise some challenges when it comes to working with PowerShell command line and the ISE.

The above video tutorial takes you through the process of accessing your Office 365 tenant when you have MFA enabled. The commands that you need to also do this via the PowerShell ISE are here:

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+”\Apps\2.0\”) -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch “_none_”}|select -First 1)

$EXOSession = New-ExoPSSession

Import-PSSession $EXOSession

Now you can still have MFA enabled on your accounts while using PowerShell. Yes, there is more work to enable this but if it is harder then generally you know it is more secure!

Deploy Office 365 and Azure together

When you get an Office 365 license you also receive a free Azure tenant. This Azure tenant only generally has a single service enabled. That service is Azure Active Directory.

You do not pay for this, it is included with your Office 365 subscription and here’s how you are able to view it:

Enabling your Office 365 Azure AD access

The Azure tenant that you get with Office 365 won’t unfortunately provide you with access to other Azure services (such as Virtual Machines) out of the box but it can. The way that you enable this existing Azure tenant for other Azure workloads is that you now add a paid Azure subscription.

Thus, when you add a paid Azure subscription into an Azure tenant created by Office 365 you now get the ability to access all the Azure services (like Virtual Machines, Backups, etc.).

What I suggest is that when enable an Office 365 tenant you should also immediately add a paid Azure subscription. The reason I say that is that Azure billing is handled differently to Office 365.

Office 365 is a flat fee per month based on the user count in the tenant. Azure however is a consumption based pricing model generally. This means, you don’t pay for Azure services until you start using them. Thus, enabling a paid Azure subscription into you Office 365 subscription is not going to cost you anything until you start actually using Azure services.

Adding a paid Azure subscription immediately gives you the flexibility to spin up Azure services immediately when you need them instead of having to wait for the subscription to be provisioned. It means if you need a temporary server or some cloud backup then you can configure and start using that service immediately, no waiting as the tenant and services are ready to go.

So with an Office 365 tenant created and a paid Azure subscription in place what are most likely first Azure services you should consider? I’d be looking at Azure DNS to host the name server records for Office 365, a site to site VPN back to on premises infrastructure, Azure SMB Files and then probably Azure Backup and Site Recovery. The choice is yours and with the paid Azure subscription in place you can run these up whenever you need and feel assured that you’ll only be billed when you actually start using them.

In short, think of Office 365 and Azure together. This means they should be deployed together as there is no financial reason not to in my books. With both deployed you’ll be in a far better place to respond to whatever the needs of the business are.

The layers of Office 365 collaboration

One of the misconceptions that many have about Office 365 is that SharePoint Team Sites is the only place that you have files. My response to that is that SharePoint Teams Sites is not the hammer to every request for an Intranet. You need to case your gaze wider. You need to consider all the options that Office 365 provides. You need to think collaboration not just storage. You need to shift your thinking from the way it has been to the way it could be.

Now having lots of options for collaboration can make choice harder, I get it. The solution is knowledge. Know what each service does well and then determine if it is a good fit. If, after consideration of all the options, a stand alone SharePoint Team Site makes sense, then great, but in my experience that is rarely the case.

Here’s an Office 365 collaboration framework that I present people to help them understand how to better use the collaboration tools that Office 365 provides them.

The simple structure I start with is shown above. There are 5 layers, each embedded within each other.

The inner most layer, layer 1, is a personal OneDrive for Business. Next is layer 2 being Microsoft Teams. Layer 3 is good old SharePoint. Layer 4 is Yammer and the outside layer is everything outside Office 365.

The SharePoint layer, layer 3, has three sub layers that are still SharePoint features but should be considered independently. These sub layers are: layer 3A being Hub sites, layer 3B being Communication sites and finally layer 3C being the traditional stand alone SharePoint Team Site.

Layer 3C is where many seem to think is the only place available to them when it comes to document collaboration. Each layer provides its own unique abilities and should be utilised in its own unique way. Let me explain further.

As you move from layer 1 (OneDrive for Business) to layer 5 (external) there is a move away from creation of information to a consumption of information. For example, most people start working on document in their own private space (layer 1 = OneDrive for Business), when they are ready they push these into a shared space for their team (layer 2 = Microsoft Teams). Here they are worked on by more people and seen more people. From here they are then pushed to the next layer (layer 3 = SharePoint) where they are seen by even more people but now few people are actually making changes to the document. Finally, the document is pushed to layer 4 where it is announced with everyone in the business. This garners the most eyeballs most of whom are merely going to consume or view the work.

Think of this analogy. A single user creates a new HR policy document in their OneDrive for Business. When they are ready they push that into the HR Microsoft Team to get further input from others in HR. Once that process is complete the completed HR policy document is pushed to the Intranet (SharePoint) where everyone else in the company can view it. Once the document is pushed to the Intranet it is announced publically on the Yammer network were it is now available for all to consume, use and comment on it.

Just as the creation process changes from creation to consumption as it moves through the layers, likewise the audience grows, from the individual to the team and then to the whole business and potentially those outside the business. Thus, information generally flows from layer 1 through to layer 5.

Let’s break this down some more. A user creates a new document in the OneDrive for Business. At this point the document is undergoing 100% creation.

When the user is ready they move the document into the appropriate Microsoft Team. Now the user may belong to some Microsoft Teams in the structure (2A and 2B) and not to others (2C).

At this point the document is probably undergoing 75% creation and 25% consumption.

From here the document is pushed to a traditional Team Site. There can be many different Team Sites if required, that people may or may not have access to. In this case it is being pushed to Team Site 3CB.

The ratio of creation to consumption here probably falls below 50% i.e. more people are reading it than editing it.

I think you get the picture. The document continues its journey through the various layers with different, but increasing audiences, having access to the document. However, the further through the layers it gets, the less the document is edited but the more it is viewed.

The reality here is that layers 3A (Hub sites) and 4 (Yammer) are really just providing navigation to the completed document which probably actually physically lives in either a traditional SharePoint Team Site or a Communication Site inside layer 3. However, the consumers of the information don’t care where it is actually stored, they simply want to know how to get to it.

At each layer I can only see and access information that is relevant to me. If I am part of the Microsoft Teams that works on the document then I can contribute. If I am not, then that document won’t be visible to me until it is pushed to a location further along that I have access to.

This means that the working for the final product can remain hidden from those not involved. So, think of the Microsoft Teams area as the traditional location where groups of people “create” and “work” on the information. This should be the location where most files from a file server are migrated, they should not be ‘dumped’ into a single location at layer 3 (SharePoint). They should be ‘placed’ into an appropriate work area for that team.

So, you should build your collaboration framework on layers. The above is just a simplified model but it is a good place to start I believe. The next point to consider with collaboration is information flow. Chances are, information is going to need to flow through to different places i.e. even though the finance department works on budgets, at some point they need to be shared with others in the business. Collaboration is about creation AND sharing of information. Simply creating information doesn’t serve any real purpose or benefit the larger cause without actually sharing it.

In most cases, your layers are going to mimic what your business already looks like structurally i.e. you’ll have a financial team, a HR team, a management team, etc. Each of these groups needs to create and publish information, thus they make logical Microsoft Teams in your collaboration structure. You may of course not need or want all these layers but I urge you to consider using them as a ‘standard’ no matter how large or small your business as each layer bring unique features and functionality to the table.

In all of this, you will notice that the concept of an ‘Intranet’ is really at the extremity of collaboration creation. To me an Intranet is about 20% creation and 80% consumption. It is not really the place you go to do work. It is however, the place you go to find stuff from others in your business. Think of the Intranet like a bookcase at reception, into which each department places the end result of their work i.e. when the finance team is done with the budgets they place them in the finance folder in this bookcase for anyone else in the business to reference. Once they have done that, they go back to their Microsoft Team to start creating the next round of budgets they’ll publish.

This framework also couples well with my recommended adoption framework detailed here:

Focus on the ‘Me’ services first

In that I suggest you implement Yammer first (layer 4) and then OneDrive for Business (layer 1). Once that is successful you move to Microsoft Teams (layer 2) and finally the Intranet (layer 3). In short, you win the adoption battle by adopting a two prone attack at the outside layers and then proceed inwards. In my books, that is a more certain way to victory.

Office 365 is a toolbox with lots of options for you to work with. Hopefully, this framework makes it bit easier for you to look at a way to conquer collaboration rather than simply abdicate for storage when it comes to your information in Office 365.

March Office 365 Webinar Resources

CIAOPS Need to Know Office 365 Webinar – March 2018 from Robert Crane

Plenty of interest in security with legislation now making it even more important to protect information.

Slide from this month’s webinar are at:

https://www.slideshare.net/directorcia/ciaops-need-to-know-office-365-webinar-march-2018

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

Need to Know Podcast–Episode 176

After some Microsoft Cloud news Brenton and I dive into an introduction to Microsoft 365 and why it is important for Microsoft, customers and partners. We look at what it comprises and what the major benefits are. We discuss how security and device management are the heart of the product and why that is so important in light of recent compliance legislation. This is only the start of what will no doubt be an ongoing examination of Microsoft 365 and its role in the market.

Take a listen and let us know what you think –feedback@needtoknow.cloud

You can listen directly to this episode at

https://ciaops.podbean.com/e/episode-176-microsoft-365/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@contactbrenton

@directorcia

One year of Microsoft Teams

New experience in Outlook.com

How Office 365 protects your organisation from modern phishing campaigns

Azure AD Connect: Version release history

Update management, inventory and change tracking in Azure automation now generally available

Just in time VM access is generally available

Azure AD expiration policy for Office 365 Groups is now generally available

Microsoft expands cloud services in Europe and into Middle East

Using Office 365 labels

One of the best things about SharePoint is the ability to add ‘metadata’ about items. This makes it easier to filter, sort and search information. What you may not realise is that Office 365 itself has it’s own ‘metadata’ ability, known as Labels.

To create a label in Office 365 you’ll first need to navigate to the Security and Compliance center as an administrator. From there, select Classifications from the menu on the left and then Labels from the items that appear.

Now select the Create a label button on the right.

This will commence the label creation wizard as shown above. The first step is to give the label a Name and Description.

Press the Next button at the bottom of the dialog to continue.

In the next step you can determine whether you wish to associate a retention policy with this label. In this case, I’m creating a 2 year retention policy with a ‘disposition review’ before the data is deleted.

You’ll see a lot of these settings are similar to the Retention Policies you can create in Office 365 which I have written about here:

Using Retention Policies in Office 365

When complete, press the Next button to continue.

Review the options you have selected and then press the Create this label button at the bottom.

You should now see a summary of the label you just created as shown above. At this stage the label has been created but not applied anywhere in Office 365.

Select the Publish label at the top of the screen to apply this to Office 365.

This will kick off the label publishing wizard as shown above. You should already see the label that you just created shown as the label to publish.

Select Next to continue.

You now need to determine where this label will be applied in Office 365. You can elect to apply it across the entire tenant by selecting the All locations option at the top of the screen or select locations using the Let me choose option.

This means that you can target a specific label to a specific location in Office 365.

In this case, I’m going to apply the label to a specific Microsoft Team in the tenant. I select this location by ensuring the Office 365 Groups option is set to On and then selecting the Choose groups hyper link as shown above.

On the next screen I select Choose groups.

I then see a list of my Office 365 Groups and Microsoft Teams. In this case I’m going to select just the Special Projects group.

I should now see a banner at the to of the page that indicates my selection.

I select the Done button to continue.

I now give the policy a name and select the Next button to continue.

You should now see a list of all the options you have selected for this policy to review. You should also note the information message that the top that it may take up to 1 day for the label to appear for users and the limitations for Outlook mailboxes.

Select the Publish labels button to complete the process.

As detailed in the previous Retention Policies article, if you return to the policy you will see the status as shown above. You need to wait until that show success before the changes are available across you tenant.

You should now also see you policy listed as shown above. I have also created a second policy and applied in the same way.

After the label policy has been successfully applied across your tenant you can visit the SharePoint Team Site where it has been applied.

if you look at the Document Library in that location you see no obvious changes.

However, if you select Library settings from the COG in the top right of the screen

and then look in the Permissions and Management section as shown above, you will see an option Apply label to items in this list or library. Select this.

You’ll now see the ability to apply a label to item in this library automatically. This means when a new document is created here it will automatically assume the label you nominate. You can also elect to apply this label to any current unlabelled items in the library.

If you now select the list of labels that are available to be applied you should see the labels you just created in the Office 365 Security and Compliance center.

You can also modify the Document Library View to display the Labels field as shown. This will display the label that has been applied to that item.

If you now edit any item in that library you will see the Apply label field displayed as shown above.

When you edit this field, you will again see a list of labels you have created in the Security and Compliance center as shown above.

So the Office 365 labels act as a kind of managed metadata but the advantage they have over traditional SharePoint managed metadata is that these same labels can apply across different SharePoint, OneDrive and email locations in Office 365.

Another really great thing about Office 365 labels is that they can be applied to folders in SharePoint as well as individual items as shown above. Doing so means that everything in that folder will inherit the settings of the folder by default, just like SharePoint permissions.

Remember that labels are available across all Office 365 plans. With the Enterprise plans you get even more power when it comes to labels which I’ll dive into down the track.

Beware that you need to allow time for the policy to be applied across all your locations. In my experience this is generally quite quick with SharePoint and OneDrive but for Exchange it may take much longer. This is because each individual service applies and enforces the policy in its own way and own schedule.

In the case of Exchange the Managed Folder Assistant (MFA) handles the policy application. The MFA only runs on a seven day cycle so it can take this long for any of the policy to be applied to the mailboxes in question. You can run a PowerShell command to try and speed this process up somewhat but it is still somewhat hit and miss. So be patient after creating a new policy with email, it may take up to 7 days to be available.

I think the big take away here, and the different approach that needs to be adopted, is looking at data in a different way. Traditionally, most organisation have manually managed their own data. In reality, they haven’t really managed it at all because it takes too much work. They simply continue to create and save data in various locations with no real overarching management strategy. This allows mounts of data to accumulate, most of which no longer has relevancy. There is a cost to this.

With a bit of thought, up front planning and the use of Office 365 labels, organisations can better manage their data. They can create classifications that apply across their organisation, making it easier for users to tag data. This then allows the policies in operation in the background to take care of a large component of on going data management for them.

Like Alerts and Retention Policies, Labels are included in all Office 365 plans. They provide an easy to classify and manage across your tenant. They should be part of your information management strategy or in more official terms, the compliance policy within your organisation. To get the most from new tools like Office 365 you typically need to take a new approach to managing your information. Office 365 includes the tools to help you work smarter, so use them!