Tag: Office 365

Answering common questions with Office 365 Part 1

I was recently lucky enough to present at the Australian Partner Conference 2016 with Microsoft and two other resellers. The focus of our presentation was around how to answer common user questions with Office 365 and the features that it includes.

What I thought I’d do is share these questions and answers over a few blog posts. So here is part one.

Customer question – I know a lot of businesses that are getting hit by this crypto locker malware where their documents are being encrypted and there are being asked to pay a ransom. I am really worried that one of my employees may inadvertently open an infected file and we’d be in the same boat as we get lots and lots of attachments every day. How can Office 365 protect me against that?

Office 365 already includes advanced malware protection in email by default. With the E5 license you also get:

Advanced Threat Protection

as well which includes the ability to open suspect attachments in a sandboxed environment to determine what happens and take the appropriate action. More details of these features can be found in this video:

By default, every time a document is updated in SharePoint Team Sites or OneDrive for Business the previous version is saved. Thus, if a file does become encrypted it can be quickly rolled back to a previous version.

At the moment, if multiple files do become encrypted and uploaded there is no single command sequence that would allow you roll back multiple files. Unfortunately, rolling back to a previous version has to be done one file at a time. However, as I understand it, Microsoft is working on a process to roll back multiple files via a single command. I also believe it is possible to do this using advanced scripting (aka PowerShell).

Exchange Online also allows you to create rules to automatically exclude certain attachments and quarantine them before they are delivered to end users. A good reference is:

Reducing malware threats through file attachment blocking

You can also use a third party mail cleansing service, such as Mailguard, in front of Exchange Online.

Of course, the best best protection that you can have is informed and paranoid users. Part of any security policy for a business needs to be education not abdication of this to technology. Technology is not 100% reliable, there is always the chance of some attack slipping through the protective technology security net that is erected around the business. On the odd occasion that this should transpire if it greeted with informed and paranoid users then the chance of the payload being delivered, and the business being interrupted, is much lower. You know, an ounce of prevention and all that.

Office 365 provides some excellent protection by default. The premium Office 365 licenses provide better protection. Appropriate configuration and user education provide even more protection. Finally, there is always the option to integrate third party solutions.

Office 365 Advisor/Direct incentive changes coming

If you are NOT an IT reseller who makes money from being the ‘Partner of Record (POR)’ then you can safely ignore this article. However, if you are indeed a Microsoft partner who generates an important amount of income to your business from being an Online Services Advisor (OSA) then you should read on because you might get a bit of a shock.

I have always discouraged resellers from placing too much focus on the rebates they received from Microsoft from just selling Office 365. The main reason is that it takes away the focus from the new model of adding value to the old model of just reselling. As I forecast, now that Office 365 is gaining wider adoption the emphasis is shifting from actually selling Office 365 to implementing it. This also means that incentives are also shifting in that direction.

There are going to be major changes to the O365 Online Service Advisor (OSA) commissions model after 1 Oct 2016. In summary (from what I can determine), the major points are:

1. Partner needs a minimum silver competency in cloud productivity to claim incentives after October 1 2016.

2. Commissions will be based on product usage not licence count. The incentive is calculated based on Online Services Usage Rate Card value of eligible Office 365, EMS, Microsoft Intune and other SKUs. The commission rate will be 10%.

3. Sell only commissions will drop to 3% until 1st July 2017 on existing managed tenants acquired prior to 1 Oct 2016. After 30th June 2017 no more manage only commissions will be paid on any tenant.

4. Sell only commissions will be 0% for all tenants acquired after 1 Oct 2016.

References

https://partner.microsoft.com/membership/partner-incentives

http://www.channelpronetwork.com/news/end-approaches-microsoft-online-services-advisor-incentives

If you are not on CSP already you really need to make the shift along with your customer licenses! However, you should be really focusing on providing services that add value to the Office 365 product and any revenue derived from actually selling licenses is simply ‘nice to have’.

Office 365 Secure Score

One of the real differentiators that Office 365 provides I believe is security. A new initiative that Microsoft have announced is:

New security analytics service

image

You can try this out for yourself. Firstly, login to your Office 365 tenant as a global administrator. Then, in a new browser tab, navigate to:

https://securescore.office.com/

You’ll be asked to provide Secure Score permissions to your tenant as you see above. Simply select Accept to continue.

image

Your tenant will then be assesses and rated as you can see above (in this case on a demo tenant).

This site not only gives you a security rating for your own tenant but it also provides you with an Action list which you can undertake to make your tenant more secure.

image

image

As you slide the bar in the middle of the page you see your security score increase. However, when you do this, you also see the Actions in the queue increase. Basically, to make your tenant more secure you have to take more actions. Obvious!

image

You can drill into an Action item to get more details and you see above.

image

If you select the Learn More button you get an informational card appear on the right with a Launch Now link to take you straight to the location to make the change.

image

The most interesting item on this page is over on the right, under the Compare your score as shown above.

What I find interesting is that this demo E5 tenant, more or less out of the box, is over 4 times more secure than the average! Not sure how this average is arrived at, and maybe it currently doesn’t include every tenant, but WOW do a lot of people have a lot of work to do to secure their tenant!

You’ll find plenty of other great information on this page as well as ability to view your score over time, so it is worth spending time to explore.

In short, this is great tool from Microsoft. It is simple to use and understand as well as making improving your Office 365 security dead easy! If you have Office 365 then I’d suggest you go and check out your security score. After visiting, I reckon you’d be pretty much at least double your score following the recommendations the site makes.

Expand your Office 365 offerings

image

A surprising statistics is that most SMB resellers merely provide email migrations services to Office 365. Few provide anything when it comes to SharePoint, Yammer, Skype for Business, Power Bi and so on. This does create an real opportunity for those partners who build offerings around all the additional products and features of Office 365.

To help partners get up to speed with the full range of Office 365 Services I developed and run two very unique training sessions. These session are part hands on lab, part lecture and part team building, goal setting and business development. The focus is give you experience in real world environments with Office 365 environments while competing in groups to be crowned ‘top dog’ for the day! This is truly the most unique Office 365 training you’ll find out and a guaranteed way to get partners started down the additional revenue opportunities with Office 365.

Best of all, Microsoft is offering this all day training FREE to partners who register now. Places are strictly limited as classes are kept intentionally small.

There are two courses available, a ‘basic (START)’ and an ‘advanced (GROW)’. The next ‘basic (START)’ course you can register for is here:

AUWW143 – NEXT UP Consumption For SMB – START
19th September 2016 | 09:00AM – 05:00PM
Microsoft Brisbane,
Level 28, 400 George Street, Brisbane

https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x553965a294

The follow on ‘advanced’ course is also available for registrations here:

AUWW142 – NEXT UP Consumption for SMB – GROW
26th September 2016 | 09:00am – 05:00pm
Microsoft Brisbane,
Level 28, 400 George Street, Brisbane
 
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x5521037ff2

and

AUWW142 – NEXT UP Consumption for SMB – GROW
27th September 2016 | 09:00am – 05:00pm
Microsoft North Ryde,
1 Epping Road, Sydney
 
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x552616b792

If these aren’t convenient for you, make sure you contact your local Microsoft rep and ask when they will be available in a location near you.

I hope to see you there.

Need to Know podcast–Episode 113

A special episode with a true technology superstar. Jeffrey Snover, Microsoft Technical Fellow/Lead Architect for Enterprise Group, Azure Stack and PowerShell Architect joins us to talk about Microsoft Operations Management Suite (OMS) and of course, all about his baby, PowerShell. Jeff shares some really great insights into the birth of PowerShell and why scripting is so valuable is today’s modern IT environment. Of course you’ll also get a cloud news update from Marc and I as well as a special report about upcoming changes to the Microsoft reseller initiatives around Office 365. It’s a bumper episode packed with content. So listen along, give us some feedback and listen to wisdom the father of PowerShell.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-113-jeffrey-snover/

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Modern SharePoint Lists

SharePoint Online Site Collection limit increased to 25TB

Change to partner remuneration coming 1st October 2016

Marc’s blog with all the Azure news

@jsnover – Jeffrey Snover: Microsoft Technical Fellow/ Lead Architect for Enterprise Cloud Group/ Azure Stack Architect/ PowerShell Architect

Here is the must watch video on Jeff’s history at Microsoft https://www.youtube.com/watch?v=3Uvq38XOark

Use the PowerShell 5 Convert-String Cmdlet

Learning PowerShell

Getting Started with PowerShell 3.0 – Microsoft Virtual Academy Course

Microsoft Operations Management Suite Overview

Show feedback – feedback@needtoknow.cloud

Office 365 Collaboration, Skype and Backup

 

https://docs.com/d/embed/D25192961-2267-4946-0970-001023757425%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

https://docs.com/d/embed/D25192961-2098-0759-5380-001420694364%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

https://docs.com/d/embed/D25192961-1989-0156-9410-001012602264%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Here are some recent presentations I gave around Office 365:

Collaboration

Skype for Business

and

Backup

In essence they all point to the opportunity Office 365 provides IT resellers to go out and build services on stuff other than email migrations.

In short, if you are not adding value then your days are numbers. And simply moving data from one location to another and doing nothing else is not adding value!

Sharing Documents with Internal users using OneDrive for Business

A very common thing people want to is share document from their own OneDrive for Business with others. You can break this down into sharing with two different audiences, internal and external.

Internal users are users inside the same Office 365 tenant. While external users are those outside the users Office 365 tenant. The above video shows you how to share documents from a user’s OneDrive for Business with internal users. Look out for another video coming soon that details the process of sharing with external users.

This tutorial shows you how to share files with other users in your Office 365 tenant. You’ll see how to share a file, respond to an  invite and co-author a document. You’ll also see how to quickly locate files that others have given you access to from their own OneDrive.

Enabling DLP for SharePoint and OneDrive for Business

DLP or Data Loss Prevention is a way inside Office 365 (E3 suites or above) that you can protect data from leaving the organisation. You can use DLP to protect not only email attachments but also files in SharePoint Online Team Sites and user’s OneDrive for Business.

Office 365 provides a number of standard templates for protecting standard information, such as credit card information as detailed here, but you can also customise the DLP policies to protect any custom data you wish.

image

The first step in using DLP is to set up and enforce the policies you wish to use. To do this you’ll need to login to the Office 365 portal as an administrator with the appropriate rights. You’ll then need to navigate to the tenant Admin area. From the menu on the left hand side of the screen expand the Admin centers option. From the options that appear select the Security & Compliance item.

image

From the Security and Compliance console select Security policies on the left. From the options that then appear below this select Data loss prevention. If this menu item doesn’t appear then you current don’t have an Office 365 plan that supports DLP.

image

On the right hand side you will probably see that the list is empty. Select the Plus icon to create a new policy.

image

You can select from a number of templated policies if you wish but in this case select Custom and then the Next button.

image

You now need to select the areas in which this policy will apply. You can specify unique locations but for this example we’ll simply select all locations and then continue.

image

At the next screen select the Plus icon to set the rules for which you wish to test.

image

In the new window that appears select the Add condition button.

image

From the pull down menu that appears select Content containing sensitive information.

image

Select the Plus icon that appears to enter the actual rules.

image

Scroll down the list that appears and select Credit Card Number. You can select other items here but in this case all we want this example DLP rule to test for is credit card numbers.

Select OK to continue.

image

You should now see the entry appear in the list as shown above. You can edit this entry if you wish by selecting it and then pressing the Pencil icon (edit).

image

Select the Actions item from the menu on the left.

image

Select the Add actions button on the right.

image

In this example, select Block the content. This will prevent anything that matches this rule from being shared.

image

You should now see the blocking Action listed as shown above.

image

Select the Incident report option from the menu on the left. Enter the details if you wish to receive a report of any actions on this policy.

image

Select General from the menu on the left. Give this set of rules a name and save them.

image

You should now see the rules listing appear as shown above in the DLP policy you just created. You can create as many of these rules inside a single policy as you wish. However, best practice is always to keep it simple.

image

Give the DLP policy and name and select the option to Turn on the policy.

Select the Create to complete the policy creation process.

image

You should now see the policy listed in the DLP area as shown above. You should also see that the Status is set to On.

The DLP policy will not come into effect immediately. It will take a little while (15 – 30 minutes typically in my experience) to roll out through your tenant.

image

To test the policy, create a document in your OneDrive for Business that contains credit card numbers as shown above. The numbers used here are verified public ‘test’ card numbers.

image

Now create a public View link that requires no sign-in as shown above. This should allow anyone who clicks on that link direct access to the file without the need of a login or password.

image

When the DLP policy is active anyone trying to access that link will have the content blocked as shown above. This confirms that teh DLP policy is working as expected.

image

If you also elected to get alerts you should fine one in your inbox as shown above.

Thus, DLP is a way to protect your Office 365 information by examining the contents against a set of rules that you create. It can examine both email and file data then take actions which you determine.

DLP is part of the E3 or better suite in Office 365.