One of the big improvements with Exchange Online and the upgrade to Wave 15 is the integration of many of the protection features of email directly into the administration console. Previously, you actually had to ‘shell out’ to the Forefront protection console to work on much of this.

Now you simply login to the Office 365 console as an administrator.

From the Admin menu option in the top right select the Exchange from the pull down menu that appears.

Now select the protection option on the left hand side to display the screen shown above. Now across the top on the right you will see a number options, with malware filter being currently selected.

You can learn more details about Exchange Online anti malware here:

http://technet.microsoft.com/en-us/library/jj200669(EXCHG.150).aspx

If you edit the default policy (by selecting the pencil icon) and select settings on the left hand side you will see the above window.

In there you can set a number of different options for how messages containing malware are handled.

If you return to the previous screen you can now examine the anti-spam protection options. More details about these options can be found at:

http://technet.microsoft.com/en-us/library/jj200762(EXCHG.150).aspx

If you now examine the connection filtering policy you will see the above options that allow you to white and black list specific IP addresses.

If you return to the previous menu and edit the content filtering policy you will see the above listed.

In the advanced options you will find even more settings for how content in email is handled.

Finally if your return to the previous menu and select quarantine you will see any messages that are currently being held.

For more detailed information about quarantine have a look here:

 http://technet.microsoft.com/en-us/library/jj200776(EXCHG.150).aspx

The other area when it comes to protection is reports. This has again been significantly improved and integrated directly into the console. This allows you to display real time results as shown above.

So, if you job is to manage and monitor email protection, spend some time looking at the protection area inside Exchange Online administration.

One of the criticisms levelled at Office 365 is that it doesn’t easily support two factor authentication. Basically this means that when you log into a system with an id and password you require another form of identification to gain access. This second factor is normally provided by a token that generates a number you enter during login.
Two factor provides an much greater level of security because it means that anyone trying to access your system need more than just a password (which could be captured by a key logged on a PC you are using). A good example of this is the PayPal security key that I have blogged about previously.

When you access PayPal you are asked for the security key number that appears when you press the key. So without this physical key you can’t gain access to PayPal services.
Now this is all well and good if you always remember to have your security key with you. But what happens if you don’t and you need to access your system? The solution is to use a software token. That is a piece of software on a device you have with you (a tablet or mobile for example) that allows you to generate the required key. A great example of this is Google Authenticator which I use with all my Google accounts as well as Lastpass. If I need to access my Google information or retrieve a password from Lastpass I simply run the Google Authenticator program on my iPad and enter the number it provides (along with my password and id) to gain access.
Even something as simple as Google Authenticator can prove technically challenging for some, so a final option is to use an SMS text message to provide the required key. As I mentioned, Microsoft has been a little late to the game but that should all change now that they have acquired Phonefactor.

Hopefully we’ll soon be able to use two factor authentication with Office 365 to provide additional security and overcome the tendency for users to implement poor passwords. It also looks like you’ll be able to use these with on premise Microsoft software but I reckon it’ll come to the cloud first.
I’ll keep my eyes peeled for when it becomes available and let you know.

One of the most difficult things to implement for cloud based systems is the concept of federated identity and Single Sign On (SSO). This means that a user only needs one set of credentials to log into the cloud or the local network. It also means that when they log in somewhere they are seamlessly logged into everything else they need.
Many local network users have taken for granted the fact that when they log into their local network (say Small Business Server) they are logged into the local machine, given access to files on the server, allowed to browse the Internet and more, all from a a single login.
Now, when users information is relocated to other systems, like the cloud, single sign on becomes much more challenging because you now have two (or more) completely separate systems that must trust each other first before they can share credentials between them. In the Office 365 world this was handled by Active Directory Federated Services (ADFS). When configured, this basically allowed the local network to ‘trust’ the cloud so users information could be passed securely between them.
Problem is that ADFS is really not a small business solution. It requires additional on site hardware as well a involved configuration process which was generally beyond most SMB resellers. Don’t get me wrong, ADFS is not impossible to implement in SMB but it certainly wasn’t a few clicks of the wizard.
For that reason, we have generally not seen a lot of Single Sign On (SSO) in SMB, yet there has been growing demand for a simpler solution. Personally, I now think we are about cross the Rubicon where SSO is a requirement. In that respect I would be suggesting NOW is the time to start looking at how to implement federation and SSO with cloud based systems. Sure, there aren’t a lot of solutions out there and many are complex but I think this will all change rapidly very soon. Get in early I say to lead the pack going forward.
So, my advice to SMB resellers and IT Professionals is to put aside what you have heard about ADFS and SSO and start investigating what they can offer. Have a look at third party options and two factor authentication. Most importantly keep you ear to ground on what changes are happening in the industry and be especially watchful of what Microsoft will bring to the table in the near future to greatly ease the pain of SSO in SMB.