Need to Know podcast–Episode 126

For our continued focus on speakers at the upcoming Microsoft Ignite event on the Gold Coast we speak with Andrew McMurray from Microsoft about Azure Information Protection. Andrew’s presentation is:

Prevent unwanted and embarrassing leakage with Azure Information Protection

Microsoft Azure Information Protection helps you safeguard your data throughout the complete data lifecycle. Data is “born” protected and carries the protection wherever it travels. So you don’t need to worry where it’s stored or with whom it’s shared – you can rest assured it’s always protected. Join us to learn more about the technology and how it can solve your information protection challenges.

Marc and I also do our usual wrap up of the latest Microsoft cloud news.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-126-andrew-mcmurray/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

andrew.mcmurray@microsoft.com

@marckean

@directorcia

AIP Slides: https://aka.ms/IPdeck
AIP video of slides: https://aka.ms/IPvideo
News: https://aka.ms/aipnews
Blogs: https://aka.ms/aipblogs
Security Overview: https://aka.ms/rmssec
Web: https://aka.ms/aip
Overview: https://aka.ms/aipoverview
Forum: https://www.yammer.com/AskIPteam
AAD Sync: https://aka.ms/aipaadsync

Azure news from Marc

Azure AV2 machines now available

Microsoft Staffhub is here

Study says Teams to pass Slack

Need to Know podcast–Episode 125

We are back for 2017! Marc and I do our usual news and cloud updates followed by a returning guest, MVP Troy Hunt. Troy chats to us about his upcoming Microsoft Ignite Australia presentation – Applied Azure: Building a Large Scale Real World Application on a Coffee Budget, which makes for real interesting listening.

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-125-troy-hunt/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Azure updates from Marc

Updated SharePoint Team Sites move beyond first release

Microsoft Partner services being revamped

New unified DLP in Office 365

Microsoft Connect car platform

Replacement to Azure RemoteApp coming soon

Azure Backup protects against ransonware

Creating a new permission level in SharePoint Online

When users are given access to SharePoint Online they are typically given the ‘edit’ permission. The ‘edit’ permission allows users to not only create and edit documents but also to delete them. In some cases it may not be appropriate to do this. Luckily, with SharePoint you can easily create a new permission levels that is exactly like the edit permission, just without the ability to delete. Here’s how to do that.

Firstly, visit the location where you wish to create the new permission and select the COG icon in the top right hand corner of the screen.

From the menu that appears select Site settings. If you don’t see this option then you most likely don’t have the appropriate permissions to make these changes.

In the Site Settings page under the Users and Permissions section in the top left, select Site Permissions.

From the menu that appears across the top of the page select Permission Levels on the right.

You should now see a list of all the different existing permission levels available as shown above.

You could select the Add a Permission Level option from the menu across the top but that would require you customising a new permission from scratch. It is much easier to copy and then modify an existing permission to the level that you desire.

Since the Edit permission is the closest permissions level to the one we desire, select that to display its current settings as shown above.

If you now scroll to the bottom of this screen you will find an option to Copy Permission Level, which you should select.

This will now create a new permission level for you but copy over all the existing permissions as shown above. Enter a new name a description for this permission. In this case I will call call it Edit no Delete.

Make the desired changes to the permissions listed by simply checking or unchecking the individual permission. in this case I have unchecked the options to Delete Items and Delete Versions as shown above.

Scroll to the bottom of the page and Create the new settings.

You should now see the new permission level displayed in the permissions list as shown above, here Edit no Delete. If you need to edit this further, simply select the permission name.

Now, when you visit a location and want to set the permissions you will see your custom permission level as shown above that you can select and apply.

SharePoint gives you the ability to create as many custom permission levels as you desire. The trick is that it is easier to copy and modify an existing permission, rather than create a new from scratch. This article has shown you how to do just that.

Need to Know Podcast–Episode 121

After getting through all the cloud news, Marc and I have a chat to an old and frequent podcast guest, Technical Solution Specialist, Enterprise Mobility and Security, Jeff Alexander. We hope this will be the first in a series focused on the Enterprise Mobility and Security Suite from Microsoft. We kick off the discussions with Jeff telling us all about Azure AD and role that it plays both on premises and in the cloud. We dig deep in how Azure AD is being used to secure the growth of mobile devices and the demands of users to have full access to their information at all times.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-121-jeff-alexander/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

@jeffa36

Microsoft Enterprise Mobility and Security Suite

EMS blog

Start and Stop Azure VM’s using autmation

Announcing auto VM shutdown from the portal

Azure news from Marc

Office 365 group guest access available to all tenants

Azure Site Recovery is cool!

I’ve been working on a new course for the CIAOPS Academy around all things Azure Backup.

Now because I’m not really an on-prem kinda guy any more, and also because I don’t have the physical equipment to do this, I never spent much time with Azure Site Recovery (ASR), which uses Hyper V replica technology. However, thanks to creating this course and including an ASR module I gotta say this Hyper V replica stuff is really cool!

The great thing with Hyper V replica is that you can do it directly between machine or via a cloud service such as Azure. Once you get the two locations replicated and synced you can do all sorts of fail overs. That allows you to easily spin up replacement machines in the backup location (such as Azure) as well as recover from these locations.

What really blew me away was how easy this was all to set up with Azure. Much, much easier than I thought. There is a three step wizard you follow through to get everything connected up. Then from there you have lots of disaster recovery (DR) and even migration options.

Thus, you can fail over a local Hyper V guest to Azure and then use that as a migration process to get that machine into the cloud. That is a really nifty way of moving whole VMs to Azure!

Now of course there is some leg work and understanding you need around Azure Site Recovery and Hyper V Replicas, but like I said, it is surprising at how easy it is to actually implement. I’d therefore suggest that if you are looking to provide DR services for businesses with local Hyper V guests or looking to migrate existing Hyper V guests to Azure VMs then you should take a look at Azure Site Recovery.

Of course, I’d also recommend you sign up for my Azure Backup online course to give you a quick start on all the backup options with, including Site Recovery. I’ve also got an option where you can sign up for the complete catalogue of my courses annually. One fixed price for access to every online course I create now and into the future. To find out more visit:

http://www.ciaopsacademy.com

By purchasing my online courses you give me the resources to build more.

Answering common questions with Office 365 Part 2

This is the second article in a series of typical customers questions around Office 365. These questions were part of presentation I did with two other resellers at the Australian Microsoft Partner Conference in 2016. You’ll find the first part of the series here:

Answering common questions with Office 365 Part 1

The question for this article is:

Customer Question – There is a lot of talk about online privacy and governments spying on data. Although my business doesn’t have anything to hide how does Office 365 keep my data private and secure from unwanted ‘prying eyes’? I also have a legal responsibility to ensure my clients data remains secure and private. Can this be achieved with Office 365 to ensure I am compliant with any legislation?

In Australia, if you run up an Office 365 tenant today the data will be located in the Australian data centers. An administrator can easily see where their Office 365 data is located using this process:

Office 365 Data location

The E5 license provides functionality known as ‘Customer Lockbox’. This allows the customer to control who accesses their data by basically have requests for access come directly to the customer. I have written an article about this here:

Enabling Customer Lockbox

and you’ll also find some good information about Customer Lockbox in this video:

Information that is sent to and from Office 365 is encrypted:

Encryption in transit

Information saved in Office 365 is also encrypted at rest as detailed in this video:

Depending on the Office 365 license you have (typically E3 or above) you can enable and configure additional security measures to keep your data safe. One of these is Data Loss Prevention or DLP and I have previous detailed how to set this up for SharePoint:

Enabling DLP for SharePoint and OneDrive for Business

Office 365 also includes the ability to enable multi factor authentication. This means that not only do you need a login and password but you’ll also need something like a unique code sent via text message to login. You can read more about this here:

Set up multi factor authentication for Office 365

I’ve also previously covered how Office 365 includes basic Mobile Device Management (MDM) that allows you to protect which mobile devices connect to your environment as well as allowing you to set policies to ensure they are secure. You can read more about how to set that up here:

Office 365 Mobile Device Management

With plans from E5 and above you also get the ability to place information on ‘Legal Hold’ to preserve it for long periods of time. More information on those abilities is at:

Legal Hold

These plans also allow you to use advanced eDiscovery to search across all the data sources inside Office 365 for information that matches your pre-defined query. Here is an article I have written about eDiscovery with SharePoint Online:

SharePoint Online eDiscovery

here is a FAQ on eDiscovery:

eDiscovery FAQ

as well as as an overview article on eDiscovery in Office 365:

eDiscovery in Office 365

As I have written about previously, many users of E3 licenses and above don’t appreciate that they have the ability to use Rights Management to protect their documents no matter where they are located. My article explaining all this is here:

Office 365 E3 and above includes Rights Management

I also have an article on using Rights Management with SharePoint Online here:

Using Office 365 Rights Management with SharePoint Online

and here’s more information on Rights Management in Office 365:

Information Rights Management

and how you use email message encryption:

Office 365 message encryption

As I have said before, the security features of Office 365 are one of the real differentiation points when it comes to online services. There are lots and lots more features I could dig into here but I’ll point you to a presentation I gave a while back on Office 365 security which is a good overall summary of what’s available:

Office 365 security, privacy and compliance – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-5129-1561-2200-001922537313%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

The slides are also available here as well:

https://doc.co/uWMfkS/qcihGm

I’ll also point you to the article I wrote on the new Microsoft Secure Score service that allows you to rate how secure your tenant is and then take actions to improve that:

Office 365 Secure Score

You can rest assured that Microsoft takes security very seriously and as such, has many features available across all plans to ensure your data remains private and secure. You can increase that security by using the Enterprise Plans such as E3 and above to enable even more security. For what these advanced plans provide, their cost is cheap. Really cheap. So if you haven’t considered what additional security plans like E3 include then I’d strongly encourage you to check out the features.

Watch out for the answers to more common questions with Office 365 coming soon.

Answering common questions with Office 365 Part 1

I was recently lucky enough to present at the Australian Partner Conference 2016 with Microsoft and two other resellers. The focus of our presentation was around how to answer common user questions with Office 365 and the features that it includes.

What I thought I’d do is share these questions and answers over a few blog posts. So here is part one.

Customer question – I know a lot of businesses that are getting hit by this crypto locker malware where their documents are being encrypted and there are being asked to pay a ransom. I am really worried that one of my employees may inadvertently open an infected file and we’d be in the same boat as we get lots and lots of attachments every day. How can Office 365 protect me against that?

Office 365 already includes advanced malware protection in email by default. With the E5 license you also get:

Advanced Threat Protection

as well which includes the ability to open suspect attachments in a sandboxed environment to determine what happens and take the appropriate action. More details of these features can be found in this video:

By default, every time a document is updated in SharePoint Team Sites or OneDrive for Business the previous version is saved. Thus, if a file does become encrypted it can be quickly rolled back to a previous version.

At the moment, if multiple files do become encrypted and uploaded there is no single command sequence that would allow you roll back multiple files. Unfortunately, rolling back to a previous version has to be done one file at a time. However, as I understand it, Microsoft is working on a process to roll back multiple files via a single command. I also believe it is possible to do this using advanced scripting (aka PowerShell).

Exchange Online also allows you to create rules to automatically exclude certain attachments and quarantine them before they are delivered to end users. A good reference is:

Reducing malware threats through file attachment blocking

You can also use a third party mail cleansing service, such as Mailguard, in front of Exchange Online.

Of course, the best best protection that you can have is informed and paranoid users. Part of any security policy for a business needs to be education not abdication of this to technology. Technology is not 100% reliable, there is always the chance of some attack slipping through the protective technology security net that is erected around the business. On the odd occasion that this should transpire if it greeted with informed and paranoid users then the chance of the payload being delivered, and the business being interrupted, is much lower. You know, an ounce of prevention and all that.

Office 365 provides some excellent protection by default. The premium Office 365 licenses provide better protection. Appropriate configuration and user education provide even more protection. Finally, there is always the option to integrate third party solutions.

Office 365 Secure Score

One of the real differentiators that Office 365 provides I believe is security. A new initiative that Microsoft have announced is:

New security analytics service

You can try this out for yourself. Firstly, login to your Office 365 tenant as a global administrator. Then, in a new browser tab, navigate to:

https://securescore.office.com/

You’ll be asked to provide Secure Score permissions to your tenant as you see above. Simply select Accept to continue.

Your tenant will then be assesses and rated as you can see above (in this case on a demo tenant).

This site not only gives you a security rating for your own tenant but it also provides you with an Action list which you can undertake to make your tenant more secure.

As you slide the bar in the middle of the page you see your security score increase. However, when you do this, you also see the Actions in the queue increase. Basically, to make your tenant more secure you have to take more actions. Obvious!

You can drill into an Action item to get more details and you see above.

If you select the Learn More button you get an informational card appear on the right with a Launch Now link to take you straight to the location to make the change.

The most interesting item on this page is over on the right, under the Compare your score as shown above.

What I find interesting is that this demo E5 tenant, more or less out of the box, is over 4 times more secure than the average! Not sure how this average is arrived at, and maybe it currently doesn’t include every tenant, but WOW do a lot of people have a lot of work to do to secure their tenant!

You’ll find plenty of other great information on this page as well as ability to view your score over time, so it is worth spending time to explore.

In short, this is great tool from Microsoft. It is simple to use and understand as well as making improving your Office 365 security dead easy! If you have Office 365 then I’d suggest you go and check out your security score. After visiting, I reckon you’d be pretty much at least double your score following the recommendations the site makes.