Overview of Office 365 Security

I’ve just completed a roadshow focusing on the security options in Office 365. I certainly cover what is in all plans but I do focus on what is available, and should be implemented, in the advanced plans such as E3 and E5. I also cover how the security in Office 365 can be enhanced using things such as Azure AD Premium, Intune, Azure Rights Management, Enterprise Mobility Suite and more.

The presentation was given to SMB resellers so it also contains some insights from me on how IT resellers can generate revenue for their business while providing greater levels of security for their customers.

Here are the slides:

Office 365 Security—Robert Crane Docs.com

https://docs.com/d/embed/D25190796-8769-7753-8680-001215495959%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

or via:

https://doc.co/juEHXA

I’ve also added the session to my free:

Cloud Lecture Series

at the CIAOPS Academy

Accessing user mailboxes in Office 365

Following least privilege access, by default, even global administrators don’t have access to user mailboxes. This may prevent you from doing bulk administrative operations for your environment. To gain access to perform bulk administration tasks, such as using PowerShell scripts, you’ll need to assign the appropriate rights. This can be done in two places in the web interface.

If it is just mailbox access you require then the best place to assign these rights is in the Exchange admin center which you access from the Office 365 Admin center.

Select permissions on the left and then Discovery Management on the right. You then select the pen icon above the list of permissions to make changes.

At the bottom of the dialog that appears you can add new members to this role as well as view the included roles as shown above, one of which is Mailbox Search.

The description for the Discovery Management permission is:

Discovery Management

Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.

Note that it only provides permissions to mailboxes.

There is another way to provide rights to mailboxes BUT you’ll also be providing rights to files in SharePoint and OneDrive for Business. If you are following least privileged access best practices, which you should, you shouldn’t use this process if all you need is access to mailboxes.

Here you’ll need to navigate to the Security & Compliance center from the Admin center. You’ll then need to select Permissions on the left and the eDiscovery Manager on the right. You again select the pen icon to add the appropriate users to this role.

The description for this role is:

eDiscovery Manager

Perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations.

Note how this role provides permissions to mailboxes AND files as mentioned.

Once you have given a user permissions to mailboxes you may need to wait a little while (15 minutes typically) for them to fully flow through to all elements. Then you can start making the bulk changes you need.

Need to Know Podcast–Episode 135

More interviews with speakers at the upcoming Microoft Ignite Australia. This time we feature Gino Barletta and speak about his two sessions:

What you need to know about Windows Server 2016 Security

Windows Server 2016 introduces more security features than any previously released Microsoft server operating system. Making your organization more secure is one of the big benefits of Windows Server. In this demo heavy session you’ll learn about new features included Credential Guard, Device Guard, Privileged Access Management (Just in Time Administration), Just Enough Administration, DNS policies, Guarded Fabrics, Shielded VMs as well as the security benefits of Nano Server, Windows Server and Hyper-V Containers. You’ll also learn how you can integrate Advanced Threat Analytics into your on-premises Windows Server deployment.

and

Azure Financial Management, Reporting and Subscription Hygiene through Power BI

This session, helps you understand your current Azure subscription, resources, billing and spend. Controlling spend through analytics and leveraging Microsoft Power BI to visually see your spend / consumption via powerful GUI dashboards.

Don’t forget to send us your feedback at feedback@needtoknow.cloud

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-135-gino-barletta/

or on Soundcloud here:

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show. Resources

@ginobarletta

@marckean

@directorcia

gino.barletta@andeim.com.au

https://cpem.io/tJ01Hzu2k.js?w=640&h=360

Need to Know Podcast–Episode 132

Jeff Alexander from Microsoft joins Marc and I after our usual cloud updates to talk about his two sessions at the upcoming Microsoft Ignite Australia conference. These are:

Get ahead of Cyber attacks with Enterprise Mobility + Security

We are in the middle of as mobility and cloud transition which has made employee interactions with other users, devices, apps and data more and more complex. This has created blind spots for IT. At the same time attack vectors continue to get more sophisticated. Microsoft Enterprise Mobility + Security takes a holistic approach that is identity driven with a collection of innovative technologies to address these sophisticated challenges in the new attack landscape. In this session we will show you how our technologies help to protect at the “front door”, protect your data from user mistakes and detect attacks before they cause damage.

and

Discover & Control SaaS Application Usage with Microsoft Cloud App Security

In this increasingly cloud and mobile world, users are using more and more SaaS applications to remain productive at work. This has created a gap for IT in not having visibility and control over the use of these 3rd party applications. In this session we will cover how Microsoft Cloud App Security can give IT departments visibility and control of these applications while empowering their users to remain productive. We will cover an overview of what Cloud App Security is, the architecture, deployment recommendations and common blockers.

Don’t forget to send us your feedback at feedback@needtoknow.cloud

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-132-jeff-alexander/

or on Soundcloud here:

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

New SharePoint management shell

New Azure B2B options

Recent Office 365 updates

4K monitors and Surface PC’s

Microsoft Identity management

Need to Know podcast–Episode 126

For our continued focus on speakers at the upcoming Microsoft Ignite event on the Gold Coast we speak with Andrew McMurray from Microsoft about Azure Information Protection. Andrew’s presentation is:

Prevent unwanted and embarrassing leakage with Azure Information Protection

Microsoft Azure Information Protection helps you safeguard your data throughout the complete data lifecycle. Data is “born” protected and carries the protection wherever it travels. So you don’t need to worry where it’s stored or with whom it’s shared – you can rest assured it’s always protected. Join us to learn more about the technology and how it can solve your information protection challenges.

Marc and I also do our usual wrap up of the latest Microsoft cloud news.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-126-andrew-mcmurray/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

andrew.mcmurray@microsoft.com

@marckean

@directorcia

AIP Slides: https://aka.ms/IPdeck
AIP video of slides: https://aka.ms/IPvideo
News: https://aka.ms/aipnews
Blogs: https://aka.ms/aipblogs
Security Overview: https://aka.ms/rmssec
Web: https://aka.ms/aip
Overview: https://aka.ms/aipoverview
Forum: https://www.yammer.com/AskIPteam
AAD Sync: https://aka.ms/aipaadsync

Azure news from Marc

Azure AV2 machines now available

Microsoft Staffhub is here

Study says Teams to pass Slack

Need to Know podcast–Episode 125

We are back for 2017! Marc and I do our usual news and cloud updates followed by a returning guest, MVP Troy Hunt. Troy chats to us about his upcoming Microsoft Ignite Australia presentation – Applied Azure: Building a Large Scale Real World Application on a Coffee Budget, which makes for real interesting listening.

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-125-troy-hunt/

or on Soundcloud here:

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Azure updates from Marc

Updated SharePoint Team Sites move beyond first release

Microsoft Partner services being revamped

New unified DLP in Office 365

Microsoft Connect car platform

Replacement to Azure RemoteApp coming soon

Azure Backup protects against ransonware

Creating a new permission level in SharePoint Online

When users are given access to SharePoint Online they are typically given the ‘edit’ permission. The ‘edit’ permission allows users to not only create and edit documents but also to delete them. In some cases it may not be appropriate to do this. Luckily, with SharePoint you can easily create a new permission levels that is exactly like the edit permission, just without the ability to delete. Here’s how to do that.

Firstly, visit the location where you wish to create the new permission and select the COG icon in the top right hand corner of the screen.

From the menu that appears select Site settings. If you don’t see this option then you most likely don’t have the appropriate permissions to make these changes.

In the Site Settings page under the Users and Permissions section in the top left, select Site Permissions.

From the menu that appears across the top of the page select Permission Levels on the right.

You should now see a list of all the different existing permission levels available as shown above.

You could select the Add a Permission Level option from the menu across the top but that would require you customising a new permission from scratch. It is much easier to copy and then modify an existing permission to the level that you desire.

Since the Edit permission is the closest permissions level to the one we desire, select that to display its current settings as shown above.

If you now scroll to the bottom of this screen you will find an option to Copy Permission Level, which you should select.

This will now create a new permission level for you but copy over all the existing permissions as shown above. Enter a new name a description for this permission. In this case I will call call it Edit no Delete.

Make the desired changes to the permissions listed by simply checking or unchecking the individual permission. in this case I have unchecked the options to Delete Items and Delete Versions as shown above.

Scroll to the bottom of the page and Create the new settings.

You should now see the new permission level displayed in the permissions list as shown above, here Edit no Delete. If you need to edit this further, simply select the permission name.

Now, when you visit a location and want to set the permissions you will see your custom permission level as shown above that you can select and apply.

SharePoint gives you the ability to create as many custom permission levels as you desire. The trick is that it is easier to copy and modify an existing permission, rather than create a new from scratch. This article has shown you how to do just that.

Need to Know Podcast–Episode 121

After getting through all the cloud news, Marc and I have a chat to an old and frequent podcast guest, Technical Solution Specialist, Enterprise Mobility and Security, Jeff Alexander. We hope this will be the first in a series focused on the Enterprise Mobility and Security Suite from Microsoft. We kick off the discussions with Jeff telling us all about Azure AD and role that it plays both on premises and in the cloud. We dig deep in how Azure AD is being used to secure the growth of mobile devices and the demands of users to have full access to their information at all times.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-121-jeff-alexander/

or on Soundcloud here: