Enabling Customer Lockbox

Microsoft already has a very secure process about when and how support staff may access your Office 365 tenant data. Here’s a great video that explains this:

The recent addition of Customer Lockbox provides additional control for the customer.

Basically, once Customer Lockbox has been enabled the user has the final say over when and for how long Microsoft may access the tenant data to provide support.

To enable Customer Lockbox you’ll need to have the appropriate license (i.e. the new E5 SKU includes Customer Lockbox for example), then you’ll need to login as an administrator to the Office 365 admin center.

If you then locate and expand the Service Settings option on the left hand side of the screen, you should see the list shown above. In the list is the option Customer Lockbox, which you should select.

Now on the right you should see the above screen. To eanble Customer Lockbox simply change the switch to ON (i.e. move to right).

You’ll then receive the above warning. Select Yes to enable.

You should now see that Customer Lockbox is enabled as shown above.

To find out more about Customer Lockbox visit:

Office 365 Customer Lockbox Requests

and note once Customer Lockbox has been enabled:

If a content access request is denied or isn’t approved within 12 hours, the request expires. If this happens, you might continue to experience a specific service issue that could be resolved by allowing an engineer to access the content. We’ll (Microsoft) let you know if this happens.

So in summary, Customer Lockbox is a feature you can add on to Office 365 to prevent Microsoft accessing your data with out your specific permission once enabled.

Here is also an overview video from Microsoft:

How to present Office 365

I’m working on a new course for my online training academy that will give people a framework for successfully presenting Office 365 to prospects, clients and colleagues.

Having presented this material in face to face classroom sessions I was really looking to incorporate the “whiteboard” experience on screen. What I therefore decided to try was using the Windows 10 OneNote app on my Surface 3 along with the Surface pen to see how well it would work while obviusly recording the whole thing.

My trial attempt is shown above and I think it worked pretty well. Obviously, there will need to be some polishing done before I release the final version of the course material, which will also contain more tutorials on how to present each individual service such as Delve.

Have a look and let me know what you think at the rough draft of on screen “whiteboarding”. Also, if you have played with OneNote and a pen then I suggest you do as OneNote is a great hand notetaking tool as hopefully the video illustrates. Of course if you want to find out when the course on Presenting Office 365 becomes available then stay tuned here or sign up for free at my online academy:

www.ciaopsacademy.com

Need to Know podcast–Episode 94

I’m joined by a returning guest, Microsoft MVP Troy Hunt to discuss the Ashley Madison hack and the impact that it had on Troy’s site Have I been Pwned? You’ll not only get a fascinating look inside a high profile hack but you’ll also learn a lot about Azure and how Troy utilises it effectively to handle the scale required for just such an event.

As always, a big thank you to Marc Kean for producing this episode and doing the intro and outros.

You can listen to this episode at:

http://ciaops.podbean.com/e/episode-94-troy-hunt/

or subscribe to this and all episodes in iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show. I’m also on the hunt for some co-presenters so if you are interested on being a regular part of the show please contact me.

Resources

Troy Hunt

Have I Been Pwned

Office 365 E5 SKU

Power BI adds Bing content pack

OneDrive for Business shared link expiry now available

Azure Backup now does servers

Microsoft Findtime

Enterprise Mobility Suite

Azure Backup now does servers

Azure backup has allowed to backup up files and folders from servers and workstations to Azure very quickly, easily and cheaply. I have detailed this previously at;

Azure desktop backup

As announced here:

Announcing Microsoft Azure Backup Server

Azure backup now has the ability to backup server workloads like Exchange, SharePoint and SQL to both a local storage location as well as to Azure storage.This means that it can not only protect files and folders but all of the data on premises just as quickly and easily as it could for files and folder, however now there is also the added ability to have a local copy of the backup as well.

This now makes Azure backup a really compelling option for any business and provides the flexibility many demand.

To get started have a look at the above links or login to your Azure backup vault and download the Application Workload client to get started.

Enterprise Mobility Suite

Introduction to Microsoft Enterprise Mobility Suite—Robert Crane Docs.com

https://docs.com/d/embed/D25195311-0229-9411-3450-000996151277%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

I did a presentation recently on the Enterprise Mobility Suite for Microsoft and have uploaded the slides (Above) to my docs.com for you to download if you want. You’ll find the direct link at:

https://doc.co/j28JKd/qcihGm

The main benefits I see of using the product is the fact that you get Azure AD Premium which means added features like password write back and more functionality in the Azure Single Sign On Portal amongst other things. There is plenty to commend EMS to customers but the first start for resellers is to understand the product.

Here are some additional links that I found relevant but didn’t include during my research:

Supported SaaS apps – https://azure.microsoft.com/en-us/marketplace/active-directory/

Deploying the Azure RMS connector – https://technet.microsoft.com/en-us/library/dn375964.aspx

Advanced Threat Analytics – http://www.microsoft.com/en-au/server-cloud/products/advanced-threat-analytics/

Advanced Threat Analytics Installation – https://technet.microsoft.com/en-us/library/dn707704.aspx

Although I did include this link to a presentation on Advanced Threat Analytics from Microsoft Ignite in May I’ll repeat it here because I think that anyone interested in what this product can do should take a look. It is also really cool technology as well, so even if you don’t you’d deploy I’d still encourage you to take a look.

https://channel9.msdn.com/Events/Ignite/2015/BRK3870

Office 365 Service Trust Portal

Security is a journey not a destination and that’s what makes it so hard when dealing with technology. One of the things that I believe that makes Office 365 the best product on the market is Microsoft’s commitment to security and compliance. A great place to start if you aren’t already aware is the

Office 365 Trust center

which has a huge amount of information around security for products like Office 365. If you have a security question about Office 365, start there.

What you may not be aware of is that Microsoft has just made available a dedicated an Office 365 Service Trust Portal for each Office 365 tenant. Once you sign up, you’ll find a vast array of security and compliance information tailored specifically for your Office 365 tenant. Here’s how you sign up.

Start by visiting:

https://trustportal.office.com/

You’ll be presented with the page shown above which you’ll need to login as an Office 365 global administrator.

After successfully logging in you need to approve access from the Office 365 Service Trust Portal to your Office 365 tenant. Simply select the Accept button to proceed.

(now for some reason I’ve had to repeat the login and accept twice a couple of times for different tenants I enabled, so if it doesn’t work the first time, simply try again)

You’ll then be asked to enter you region and industries. Simply select from the pull down options.

When you have made your selections select the Save button to the right.

In a moment or two you’ll receive a message that your configuration has been save and the Trust Portal has been updated with relevant information.

You can now navigate to the menu options on the left of the page, like Compliance Reports which are shown above. Here you will see all the security and compliance information available to you as you can see. You can also use the options at the top of the page to easily search for specific information.

One of the first options I suggest you take a look at is the Office 365 Customer Security Considerations spreadsheet. You’ll find details of this here:

https://blogs.office.com/2015/11/23/announcing-office-365-customer-security-considerations-preview/

You’ll find it by selecting Trust Documents from the menu on the left,

From the options on the left locate Office 365 Customer Security Considerations Preview. Selecting this will download a spreadsheet which you can save locally.

When you open the spreadsheet you should see something like that shown above.

If you take a look at all the content in the spreadsheet you’ll find links, PowerShell commands, best practices and more. There is also an Office 365 Customer Security Considerations Preview Reference Guide available from the portal to help you use the spreadsheet.

Security is a very important aspect of cloud computing and given resources like the new Office 365 Service Trust Portal I am confident that Microsoft is making available the best information needed to help both customers and resellers understand and better secure their information in their commercial services like Office 365. This is yet another reason why Office 365, for me, stands out from the pack when it comes to being serious about business cloud computing.

Using Office 365 Rights Management with SharePoint Online

You can protect the documents you save into SharePoint Online so that they can’t be opened by people without the appropriate security. This prevents situations where a confidential file is downloaded from SharePoint Online and then forwarded to someone that it should be for example.

This document control is managed by Azure Rights Management which you can easily enable in your Office 365 tenant for both Exchange Online and SharePoint Online. I have detailed how to enable office 365 Rights Management and use it with Office 365 message encryption previously at:

Office 365 message encryption

So check out that post to find out how to enable right management in Office 365 and then return here to find out how to use it with SharePoint Online.

After rights management has been enable in Office 365 you’ll need to enable it also in SharePoint Online.

Go to the SharePoint admin center and select Settings from the menu on the left.

Scroll down the options on the right until you locate Information Rights Management (IRM). Select Use the IRM service specified in your configuration.

Scroll to the bottom of the page and select OK to save your configuration.

Navigate to the item you wish to protect in SharePoint Online, here a Document Library.

Select the Library tab at the top left of the page to reveal the Ribbon Menu as shown above.

On the very right of the Ribbon select the Library Settings icon.

From the column in the middle of the page with the heading Permissions and Management select the Information Rights Management option.

Ensure the Restrict permissions on this library on download is checked. Also give he policy a title and description.

If you select the Show Options link below these description fields you’ll see a number of different options you can use to customise how the rights will be applied to the documents.

When complete, select the OK button at the bottom of the page to save your configuration.

Basically now when a document is downloaded from that library and opened by someone without appropriate permissions they will see the above message preventing them from accessing the document.

There is whole lot more you can do with rights management in Office 365 but hopefully this post has given you enough to get started on the journey of securing your documents better.

If you found value from this post I’d recommend you take a look at my online training courses at:

http://www.ciaopsacademy.com

where you’ll find lots and lots of courses on Office 365, SharePoint, Azure and more. These courses help support the information I provide here for free and on my YouTube channel, podcast, etc. I appreciate everyone who has already signed up to one of my courses and keep your eyes peeled for more coming soon.

Microsoft Advanced Threat Analytics

If you are wondering what Microsoft Advanced Threat Analytics is then take a look at these two videos.

and

To learn about how the product works then have a look at:

Microsoft Advanced Threat Analytics coming next month

and

Microsoft Advanced Threat Analytics public preview now available

If you are looking to purchase the product today have a look at:

Microsoft Advanced Threat Analytics Pricing

For most most smaller customers the best way to get the product today is via the:

Enterprise Mobility Suite

However, it is also expected to be part of the new E5 Office 365 license that will be available shortly.

— Update —

I found today that if you go to the Add-ons for your Office 365 subscription you can purchase Exchange Online Threat Protection as a stand alone extra to your existing Exchange Online mailboxes. That make it easy to quickly and easily increase the security of your email protection with Office 365.

For more details see:

Exchange Online Advanced Threat Protection