Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
The first webinar for the new year. Thanks to anyone who attended.
Slides from this months webinar are now available at:
https://www.slideshare.net/directorcia/ciaops-need-to-know-office-365-webinar-january-2018
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
We looked at user management in this session.
Watch out for next month’s webinar.
If you go to Intune in the Azure Portal, then select Device enrollment, then Windows enrollment, you see some new options for Windows Autopilot deployment as shown above.
If you need a refresher on where the settings where originally check out my previous article:
Introduction to Windows Autopilot
The above is what the deployment profiles option look like when you go there.
Here’s what it looks like in the original Business portal.
There isn’t a place to upload the machine identification file as yet in Azure as you can see here:
However, I would assume that it is coming.
So, keep your eyes posted to the Azure portal for more additions for Windows Autopilot.
When you start using Intune with services like Microsoft 365 Enterprise or stand alone you’ll need to add an Apple MDM push certificate to allow iOS devices to be managed by Intune. If you don’t, you’ll get errors when you try and add these devices.
Here’s how you create and add an Apple certificate to Intune.
When you initially go into Intune via the Azure portal you’ll need to set the Mobile Device Management Authority as shown above. Simply select the option for Intune MDM Authority and the Choose button to save the choice.
In the list of Intune options, under the Manage heading, select Device enrollment.
From the blade that appears, select Apple enrollment from the menu and the right side will then show a number of boxes.
Select the box in the top left that should have the heading Apple MDM Push Certificate.
Another blade will open. Under Step 1, select the Download your CSR hyperlink.
This will prompt you to save a file called IntuneCSR.csr to your computer.
In Step 2, select the hyperlink Create your own MDM push certificate.
This will open a new tab in your browser and take you to the above Apple site. You’ll need to have or create an Apple ID to login here.
You’ll need to accept the Terms of Use.
You’ll need to create a new certificate. To do so, select the option to Browse at the bottom of the window as shown above.
Navigate to the certificate file you downloaded from the Intune portal previously.
Then select Upload.
Next, select to Download the certificate created by the Apple site.
Return to the Intune portal and insert the Apple ID you used to create the certificate in Step 3.
In Step 4, upload the Apple certificate.
When complete, select the Upload button at the bottom of the page.
When you now look at the Intune portal the Apple MDM Push Certificates should now show a green tick, as shown above. This will now allow you to place iOS devices under Intune management.
In today’s security environment it is really no longer possible for human beings to manage security, it typically needs to be out sourced to software. Signature based security is too slow to keep up with constantly changing attacks and the best way is to look for anomalies in behaviour patterns.
Office 365 Cloud App Security is service that is included in E5 licenses but also available as a separate stand alone purchase (called Microsoft Cloud App Security in the store). Unfortunately, you can’t add Office 365 Cloud App Security to Business plans only Enterprise plans.
Basically, Office 365 Cloud App Security allows you to configure policies that trigger alerts for specific activity as well as suspending accounts exhibiting suspicious activity. Let’s see how.
To get to Office 365 Cloud App Security you need to navigate to the Security & Compliance Center as an Office 365 administrator. Open the Alerts heading on the left and select Manage advanced alerts from the options that appear.
On the right you will see a check box to Turn on Office 365 Cloud App Security.
Once this has been selected you will be able to select the button to Go to Office 365 App Security.
On this page you may see a number of policies in place already. Here, I’m going add a new policy. To get to this page again I select the Control option from the menu across the top of the page and then Policies from the items that appear.
To add a policy I now select the Create Policy button on the right as shown above, and then Activity policy from the items that appear. You may have less items in this list, it depends on what licenses you have in place for your tenant.
For the Policy Template option I am going to select from a list of pre existing templates and use the Logon from a risky IP address which is described as:
Alert when a user logs on to your sanctioned apps from a risky IP address. By default, the Risky IP address category contains addresses that have IP address tags of Anonymous proxy, TOR or Botnet. You can add more IP addresses to this category in the IP address ranges settings page.
You can see the list of existing policy templates above and of course, you can create your own custom one.
Once I have selected the policy I scroll down to the actual rules which appear in the Create filters for the policy section as shown above.
Basically you’ll see in this case that the rule looks at whether an IP is “risky” and the activity equals logon.
You can of course edit or define your own rules here if you want.
If you are wondering where the “risky” IP range is defined you’ll find these sorts of things in the upper left under the COG icon as shown above. In this case, look under the IP address ranges.
Once you save the settings you’ll be returned to the Policies page where you should now see the new policy as shown above.
To test this policy, I’m going to fire up a Tor browser and login to Office 365.
As expected, in a very short space of time (note it isn’t immediate. It may take a moment or two to appear) I get an alert and can view these by selecting the Alert option from the menu across the top of the page.
If I then click to open one of these alerts and select the General option in the middle of the page I get more information as shown above. You’ll see on the right that the IP category = “Risky” and this is because of a match to Tor and Anonymous proxy.
If I now select the User option in the middle of the page I get further information as to which user triggered this as shown above.
Likewise if I select the IP address option I get information about the networking in detail.
From here you can take actions on the alerts such as dismissing or digging deeper into the logs.
My advice would therefore be to enable all the default policy templates for your tenant as I have done for mine as shown above.
You’ll notice that I also have some custom policies in place as well. One of these is to provide an alert for repeated failed login attempts by a user.
Another policy is the one above that monitors logins by global administrators. You’ll see that I also restrict that policy to only apply when I am not on a corporate (i.e. office LAN) IP address.
My advice with custom policies is to start simply and broadly and tighten the rules up over time. There is nothing worse than setting a policy and getting deluged with alerts, so take it slow and increase restrictions over time to ensure you don’t overload yourself with false positives.
As I dig deeper into what is possible more I’m sure I’ll be adding additional policies to keep my tenant secure and provide a level of monitoring that no human could do. However, in today’s environment of increased attached I’d really recommend you look at adding Office 365 Cloud App Security to your tenant for enhanced protection.
A solo-cast from me this episode as Marc is busy doing his day job. A bit lonely for the first episode of 2018 but I’ll manage somehow. A quick episode to bring you up to date with what’s happening in the Microsoft Cloud as well as to introduce Microsoft 365 and what that is all about.
Take a listen and let us know what you think –feedback@needtoknow.cloud
You can listen directly to this episode at
https://ciaops.podbean.com/e/episode-173-marc-less/
Subscribe via iTunes at:
https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2
The podcast is also available on Stitcher at:
http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr
Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.
Resources
Outlook for Mac support creation of Office 365 Groups
Submit feedback request to Microsoft
SharePoint updates rolling out
Availability of Microsoft SharePoint Migration Tool
Apply labels to sensitive files
Just in time for Christmas, I have released two new online courses focused on Microsoft 365 Business:
Introduction to Microsoft 365 Business
and
Getting Started with Microsoft 365 Business
The Introduction course is aimed at giving you an overview of the Microsoft 365 product and how the Business plan fits inside. The Getting Started course is more a step by step guide taking you through what you can actually do with the Business plan.
Both of these new courses can be found at the CIAOPS Academy where you’ll also find extensive online courses for Office 365 and Azure. You can purchase the courses individually or in annual bundle that includes every course now and for the next twelve months.
I have more courses focused in Microsoft 365 (including some focused on the Enterprise plan) coming very soon.
The second family of Microsoft 365 subscriptions you can obtain are those from the Enterprise family. These give you a range of additional features and power when it comes to managing an securing your environment.
This material will give you an overview of what Microsoft 365 Enterprise is and the major differences to the Business offering.
Marc and I give you all the latest news and updates from the Microsoft cloud and then we do a deep dive into some SharePoint best practices. However, we are also looking for listener feedback on what you feel were the highlights of the Need to Know podcast for 2017. Send through your favourite bit and we’ll collate them and play the clips on our last episode for the year. It’s your change to relive the memories.
Take a listen and let us know what you think –feedback@needtoknow.cloud
You can listen directly to this episode at
https://ciaops.podbean.com/e/episode-171-sharepoint-online-best-practices/
Subscribe via iTunes at:
https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2
The podcast is also available on Stitcher at:
http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr
Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.
Resources
![clip_image001[6]](https://lh3.googleusercontent.com/-yP4ENlj0AKI/WmF_B0bXa3I/AAAAAAAAfl4/V3C9v-AI1IMh0iwoRLbxjY5LD8g-zddcgCHMYCw/clip_image001%255B6%255D_thumb%255B1%255D?imgmax=800 "clip_image001[6]")
![clip_image001[8]](https://lh3.googleusercontent.com/-OqRa2KLk9nM/WmF_DknewfI/AAAAAAAAfmA/Fg1QqNp28KEwAH1ETUMRXud_H0TpsDwmgCHMYCw/clip_image001%255B8%255D_thumb%255B2%255D?imgmax=800 "clip_image001[8]")
![clip_image001[10]](https://lh3.googleusercontent.com/-lYhiGloVQYI/WmF_FJ2tTRI/AAAAAAAAfmI/PUSeiP5N5-QJYZeFQdHkpWcC39c7I4ndgCHMYCw/clip_image001%255B10%255D_thumb%255B1%255D?imgmax=800 "clip_image001[10]")
![clip_image001[12]](https://lh3.googleusercontent.com/-xRLkpOgMCg0/WmF_G1j0gwI/AAAAAAAAfmQ/hZSbHmZ3OT0R4KoOqRrjjNlNWtF9dd_3ACHMYCw/clip_image001%255B12%255D_thumb%255B2%255D?imgmax=800 "clip_image001[12]")
![clip_image001[14]](https://lh3.googleusercontent.com/-GcGN908_DQk/WmF_IYjw9tI/AAAAAAAAfmY/cYPToXEf5vUoiE5_maYhWAUjV9W626a2wCHMYCw/clip_image001%255B14%255D_thumb%255B1%255D?imgmax=800 "clip_image001[14]")
![clip_image001[16]](https://lh3.googleusercontent.com/-hlYJon_yiT4/WmF_L1vnwvI/AAAAAAAAfmo/PzLCWX5ExyEUUoh_wXkn0NuufcmCv9ghwCHMYCw/clip_image001%255B16%255D_thumb%255B1%255D?imgmax=800 "clip_image001[16]")
![clip_image001[18]](https://lh3.googleusercontent.com/-A5Fy-fzfW0g/WmF_N__6-zI/AAAAAAAAfmw/ovO4yUU3q_QKEufea_5IHnYjLOpG2gHawCHMYCw/clip_image001%255B18%255D_thumb%255B1%255D?imgmax=800 "clip_image001[18]")
![clip_image001[20]](https://lh3.googleusercontent.com/-Bj7_mLrJJz0/WmF_PlXDIJI/AAAAAAAAfm4/x1Nli1yEsJMoyPtEzbU_1glFkcECWCIdgCHMYCw/clip_image001%255B20%255D_thumb%255B1%255D?imgmax=800 "clip_image001[20]")
![clip_image001[22]](https://lh3.googleusercontent.com/-Dvz63ljq8UE/WmF_Q9R8I7I/AAAAAAAAfnA/qluePPbCzFIphd2X9PVPMw8G7gF2TnZ8wCHMYCw/clip_image001%255B22%255D_thumb%255B1%255D?imgmax=800 "clip_image001[22]")
![clip_image001[24]](https://lh3.googleusercontent.com/-7ZkZJFM9c4Y/WmF_SFry8XI/AAAAAAAAfnI/fUmOtRGn4ZwkI5ZTNNi6bS3zmmgy012NACHMYCw/clip_image001%255B24%255D_thumb?imgmax=800 "clip_image001[24]")
CIAOPS 