Microsoft announced a new migration experience from Google G Suite yesterday, which is nice. Under the covers, the venerable Mailbox Migration Service (MRS) does the work to extract mailbox data from Gmail using IMAP4 and moves it to Exchange Online. But after the move is done, there’s still lots of work to do to help users make the cultural change to their new mailbox in the cloud.
The ThirdPartyFileProvidersEnabled setting in OWA mailbox policies controls if Exchange Online mailboxes can access services like Drop and Dropbox for attachments. Office 365 tenants need to decide if they want to allow this kind of access. There’s both good and bad in the feature, but it’s easily turned off if you feel the need.
Announced in January, paused in March – that’s the fate of the MailItemsAccessed audit record generated by Exchange Online for the Office 365 audit log. Microsoft found some problems that they are fixing, which is good (because you want audit data to be reliable). And when the fixes are available, the deployment of the new audit record will restart.
The Microsoft 365 Security and Microsoft 365 Compliance Centers are now generally available. The new consoles will eventually replace the Office 365 Security and Compliance Center (SCC) but some work is needed to fill out their functionality and make the switchover possible. In the meantime, the Office 365 for IT Pros eBook writing team will stay focused on the SCC. And when the time’s right, we’ll switchover.
The Office 365 Admin Center offers the option to bulk-create user accounts. Loading up a CSV file with details and having it processed is simple enough, but the resulting accounts need some work before they are fit for purpose and ready for people to use. Here’s how the bulk creation process works and why we think it has some flaws.
Helping Exchange Protect Users from Bad Email Given the amount of spam floating around today, it comes as no surprise that many organizations deploy an Exchange transport rule to mark inbound external email with a suitable warning. This is a straightforward rule to configure and it can help stop users being fooled by bad messages …
In a sign of how automation based on signals gathered by Office 365 will emerge to help administrators do a better job, the preview of the new Admin Center offered to create a DLP policy to protect some sensitive information that I had clearly overlooked. Well-intended as the portal was, its efforts to create the new policy failed. That’s not really important – it’s the glimpse into the future which is.
If you work with Office 365 through PowerShell, you probably have your own script to connect to the various services. If you don’t want to write your own script, you can download one from GitHub or the TechNet Gallery. This article covers two that you might like to try, including one with a GUI to choose which Office 365 services it should connect to.
PowerShell is hugely useful when the time comes to automate Office 365 processes. Other tools exist that can help, including Flow. Maybe it’s the right time to consider Flow, especially when it is highly capable of knitting together different Office 365 components to get work done.
In one of those interesting (but possibly worthless) facts discovered about Office 365, we find that audit records are captured for Teams compliance records written into Exchange Online group mailboxes. The Search-UnifiedAuditLog cmdlet reveals details that we can interpret using some techniques explained in Chapter 21 of the Office 365 for IT Pros eBook.
Security alerts from Office 365 Cloud App Security now flow into the Office 365 Audit Log, which means that you can run the Search-UnifiedAuditLog to find the alerts. Unhappily, more work than should be needed is necessary to extract the interesting information from the alert records.
Microsoft’s new Network Performance Tool is a proof of concept for Office 365 tenants to check network connections to Microsoft’s network and Office 365. The tool might help you understand more about your connection into Microsoft, but it won’t fix any last mile problems.
Rights management and encryption are likely to be a much more common Office 365 feature in the future. Sensitivity labels makes protection easy for users to apply through Office apps. The downside is that protection makes content harder to access for some Office 365 and ISV functionality.
Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.
Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.
Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?
Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.
Backup vendors say you should definitely use their products to protect your valuable Microsoft 365 data. Backup products can do a good job, but the nature of Microsoft 365 creates many challenges at a technical level. A lack of APIs is the most fundamental issue, but the connected nature of Microsoft 365 apps is another.
Do you need to remove some offensive or otherwise doubtful material from Teams? If the original author won’t do the right thing, the team owner or an Office 365 administrator might have to step in to do the right thing.
When you impose a block on certain domains, you’d like to think that applications like Teams will respect that block. As it turns out, if you have some lingering guests in your Azure Active Directory, the B2B collaboration policy might not be as effective as you’d hope.
Microsoft has released a preview of the cmdlet set to allow tenants to create and manage protocol authentication policies for Exchange Online. It’s a great chance to disable basic authentication and reduce the attack surface for password spraying.
Tony spoke about “Can Teams Replace Email” at the Modern Workplace Conference in Paris on October 17. Here’s a sketch note about what he said and a copy of the slides.
How many guest users does your Office 365 tenant have? And how many of those accounts are actually used? Given that many Office 365 applications now generate guest user accounts to facilitate external access to content, managing these accounts is a growing concern.
Microsoft would like Office 365 tenants to use the Click to Run (C2R) version of the Office desktop applications because C2R is automatically updated with new features. We like C2R, but we also like knowing what’s installed on user workstations. Here’s how to check the Click to Run configuration with PowerShell.
Teams supports the ability to create org-wide teams, but only if your tenant has fewer than 10,000 accounts. It’s a neat idea, if you can use it, but if your organization spans more than 10,000 accounts, there are other ways to foster company-wide communications.
Details of how Microsoft IT manages its deployment of Office 365 Groups were discussed at the recent Ignite 2018 conference. It’s a good idea to write down the basic framework of your Office 365 Groups deployment, if only to understand how all the different policies and features fit together.
The new Microsoft 365 roadmap features the ability to download items (filtered or the entire roadmap) to a CSV file. You can then open the file with Excel or pour its contents into Power BI to analyze the roadmap to your heart’s content. That seems like a good thing.
If you read yesterday’s article about the new team management functionality in the Teams and Skype for Business Online Admin Center, you might be interested to hear what Microsoft has to say on the topic. Head over to Ignite, in person or virtually, and you’ll find out.
As expected, Microsoft has announced the unified Microsoft 365 Roadmap that includes all the technologies that are part of Microsoft 365: Office 365, Enterprise Mobility + Security and Windows 10. The new roadmap comes also with a new web site and a new URL (Note: the Old Office 365 Roadmap Url is still live, but …
Microsoft has released four new administrative roles to help Office 365 tenants manage Teams. It’s a good thing and we were able to include the news in the September 20 update for Office 365 for IT Pros.
Help Quadrotech understand the life of an Office 365 Admin and receive a $100 Amazon gift card.
A demo to show how easy it is to use PowerShell to manage Office 365 Groups and Teams was progressing nicely at the UK Evolve conference when a problem happened with code that used to run perfectly. Sounds like a normal programming situation, but in this case, Microsoft had changed the format of Office 365 audit records for Azure Active Directory operations. That’s not so good. What’s worse is that some essential data is now missing from the audit records.
Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.
Office 365 tenant administrators can use different ways to access user data. Shouldn’t you have a policy to govern that access?
New German Office 365 datacenters are on their way and will replace the dedicated Black Forest region that’s been used by German tenants since 2015. The move is good for tenants because they’ll be able to access more functionality.
If you’re responsible for running the local network used by an Office 365 tenant to connect to Microsoft’s network, you need to know about the IP addresses and ranges used for Office 365 endpoints.