New Office 365 Admin Center Offers to Create DLP Policy

In a sign of how automation based on signals gathered by Office 365 will emerge to help administrators do a better job, the preview of the new Admin Center offered to create a DLP policy to protect some sensitive information that I had clearly overlooked. Well-intended as the portal was, its efforts to create the new policy failed. That’s not really important – it’s the glimpse into the future which is.

Configuring PowerShell for Office 365

If you work with Office 365 through PowerShell, you probably have your own script to connect to the various services. If you don’t want to write your own script, you can download one from GitHub or the TechNet Gallery. This article covers two that you might like to try, including one with a GUI to choose which Office 365 services it should connect to.

Automating Office 365 with PowerShell and Flow

PowerShell is hugely useful when the time comes to automate Office 365 processes. Other tools exist that can help, including Flow. Maybe it’s the right time to consider Flow, especially when it is highly capable of knitting together different Office 365 components to get work done.

Office 365 Captures Audit Records for Teams Compliance Items

Office 365 Audit Log Search

In one of those interesting (but possibly worthless) facts discovered about Office 365, we find that audit records are captured for Teams compliance records written into Exchange Online group mailboxes. The Search-UnifiedAuditLog cmdlet reveals details that we can interpret using some techniques explained in Chapter 21 of the Office 365 for IT Pros eBook.

Cloud App Security Alerts Flow into Office 365 Audit Log

Security alerts from Office 365 Cloud App Security now flow into the Office 365 Audit Log, which means that you can run the Search-UnifiedAuditLog to find the alerts. Unhappily, more work than should be needed is necessary to extract the interesting information from the alert records.

Office 365 Network Performance (POC) Tool

Microsoft’s new Network Performance Tool is a proof of concept for Office 365 tenants to check network connections to Microsoft’s network and Office 365. The tool might help you understand more about your connection into Microsoft, but it won’t fix any last mile problems.

Office 365 Sensitivity Labels Bring Rights Management to the Masses

Azure Information Protection and Office 365

Rights management and encryption are likely to be a much more common Office 365 feature in the future. Sensitivity labels makes protection easy for users to apply through Office apps. The downside is that protection makes content harder to access for some Office 365 and ISV functionality.

Tip: Make Sure to Add Owners as Members When Creating New Teams

Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.

How to Restrict What Audit Data for User Office 365 Activities Flows to Microsoft

Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.

Office 365 Privileged Access Management: Too Flawed and Too Exchange?

Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?

How to Find Send As Records in the Office 365 Audit Log

Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.

The Vexed Question of Microsoft 365 Backups

Backup vendors say you should definitely use their products to protect your valuable Microsoft 365 data. Backup products can do a good job, but the nature of Microsoft 365 creates many challenges at a technical level. A lack of APIs is the most fundamental issue, but the connected nature of Microsoft 365 apps is another.

Existing Guest Accounts and the Azure B2B Collaboration Policy

When you impose a block on certain domains, you’d like to think that applications like Teams will respect that block. As it turns out, if you have some lingering guests in your Azure Active Directory, the B2B collaboration policy might not be as effective as you’d hope.

How to Disable Basic Authentication for Exchange Online Connection Protocols

Microsoft has released a preview of the cmdlet set to allow tenants to create and manage protocol authentication policies for Exchange Online. It’s a great chance to disable basic authentication and reduce the attack surface for password spraying.

Managing Guest Users in a Microsoft 365 Tenant

How many guest users does your Office 365 tenant have? And how many of those accounts are actually used? Given that many Office 365 applications now generate guest user accounts to facilitate external access to content, managing these accounts is a growing concern.

How to Find Click to Run Configuration in the System Registry

Microsoft would like Office 365 tenants to use the Click to Run (C2R) version of the Office desktop applications because C2R is automatically updated with new features. We like C2R, but we also like knowing what’s installed on user workstations. Here’s how to check the Click to Run configuration with PowerShell.

How to Create and Manage Org-Wide Teams in Microsoft Teams

The latest version of Teams supports the ability to create org-wide teams, but only if your tenant has fewer than 1,000 accounts. It’s a neat idea, if you can use it, but if you have more than 1,000 accounts, there are other ways to foster company-wide communications.

How Microsoft IT Manages Microsoft 365 Groups

Details of how Microsoft IT manages its deployment of Office 365 Groups were discussed at the recent Ignite 2018 conference. It’s a good idea to write down the basic framework of your Office 365 Groups deployment, if only to understand how all the different policies and features fit together.

How to Export Microsoft 365 Roadmap to a CSV File

The new Microsoft 365 roadmap features the ability to download items (filtered or the entire roadmap) to a CSV file. You can then open the file with Excel or pour its contents into Power BI to analyze the roadmap to your heart’s content. That seems like a good thing.

Managing Microsoft Teams Through the Teams Admin Center

If you read yesterday’s article about the new team management functionality in the Teams and Skype for Business Online Admin Center, you might be interested to hear what Microsoft has to say on the topic. Head over to Ignite, in person or virtually, and you’ll find out.

The unified Microsoft 365 Roadmap is here

As expected, Microsoft has announced the unified Microsoft 365 Roadmap that includes all the technologies that are part of Microsoft 365: Office 365, Enterprise Mobility + Security and Windows 10. The new roadmap comes also with a new web site and a new URL (Note: the Old Office 365 Roadmap Url is still live, but …

New Teams Administrative Roles Available in Azure AD

Microsoft has released four new administrative roles to help Office 365 tenants manage Teams. It’s a good thing and we were able to include the news in the September 20 update for Office 365 for IT Pros.

Office 365 Audit Records Truncated for Azure Active Directory Events

A demo to show how easy it is to use PowerShell to manage Office 365 Groups and Teams was progressing nicely at the UK Evolve conference when a problem happened with code that used to run perfectly. Sounds like a normal programming situation, but in this case, Microsoft had changed the format of Office 365 audit records for Azure Active Directory operations. That’s not so good. What’s worse is that some essential data is now missing from the audit records.

What that BOXServiceAccount Does in Office 365

Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.

New German Office 365 Datacenter Region to Replace Black Forest

New German Office 365 datacenters are on their way and will replace the dedicated Black Forest region that’s been used by German tenants since 2015. The move is good for tenants because they’ll be able to access more functionality.