Message Encryption for the Office 365 Masses
Office 365 Message Encryption (OME) is the technology behind the ability of Exchange Online users to send encrypted messages sent to any recipient. Included in the Office 365 E3 and E5 plans (and equivalent education and government plans), OME is automatically enabled for tenants to allow people to use the Encrypt-Only feature supported by Outlook and OWA. Outlook mobile can read encrypted email inline but isn’t yet able to send encrypted messages. To support clients that don’t support encryption, OME also supports encryption through Exchange transport rules (aka mail flow rules). Continue reading
Teams is a nice place to discuss the issues of the day, but what happens if someone abuses the platform and sends some abusive or otherwise objectionable messages?
The simple answer is that team owners should keep an eye on discussions and remove anything that shouldn’t be there. That’s OK if team owners are omnipresent and have the time and energy to check every channel in every team they own. Not every owner does so.
Over the last few years, I’ve seen a significant increase in the number of businesses moving from on-premises Exchange environments to Office 365. That move makes absolute sense. When it comes to messaging, there’s hardly any difference (in terms of business value and competitiveness) whether you run it yourself or consume it a service.
But one area in particular does make a difference: backup and restore. Continue reading
In a surprise move because we expect Microsoft to keep all announcements until the Ignite conference rolls around next week, Microsoft released four new administrative roles to help Office 365 tenants to manage Teams more effectively, especially when the complexity of the Teams infrastructure for video and audio meetings and calling scales up.
Four New Roles
This move is to help organizations move from Skype for Business Online to Teams. Office 365 tenant administrators already have the necessary rights to manage Teams through the Teams and Skype for Business Admin Center or PowerShell. In small tenants, it’s likely that the tenant administrator will manage Teams along with all the other workloads. However, if you run a larger tenant, you can assign the new administrative roles to users to allow them to perform specific management actions for Teams. The new roles are: Continue reading
Administrators have always been able to access user content and don’t need eDiscovery functionality to do this. Administrators can log onto someone’s mailbox or give themselves permission to access a user’s OneDrive account, or use the Search-Mailbox cmdlet to copy messages from user mailboxes to another mailbox. And they can run content searches to scan mailboxes, SharePoint, OneDrive, Teams, Office 365 Groups, and public folders and export whatever they find to PST files, ZIP files, or individual files. In short, many ways are available to an Office 365 administrator to poke around in user content if they so wish. Continue reading
Earlier this month, Microsoft disclosed that Teams now boasts an official solution for archiving.
To archive a team, click Teams in the navigation bar in the desktop or browser client to expose the list of teams, then the Manage cogwheel icon under the list of teams. You see a list of teams that you belong to, divided into active teams and archived teams. You can only archive a team when you are an owner of that team. The choice to Archive team is in the ellipsis menu for the team. Continue reading
Microsoft’s announcement that the Exchange Hybrid Configuration Wizard (HCW) is now able to transfer some configuration settings from an Exchange on-premises organization to Exchange Online came as a disappointment. Not because of the functionality, which is welcome, but because it is limited and far too late. Continue reading
GDPR Data Subject Access Requests
With GDPR taking effect on May 25, any company operating in the European Union must be able to deal with Data Subject Access Requests (DSRs). Section 3 of Article 15 says that “The controller shall provide a copy of the personal data undergoing processing [to the data subject].”
In the context of Office 365, the controller is the administrator of an Office 365 tenant while the personal data is anything held in an Office 365 data store relating to the data subject (a person). An organization has up to 30 days to respond to a request, which might come from a current or former employee, or someone who does business with the organization. Here’s an interesting blog post describing the kind of request you might receive. Continue reading
Microsoft’s original vision for Office 365 Groups emphasized openness. Anyone could create a group and all groups were public. The aim was to foster collaboration and make sure that anyone could join in any group discussion as they liked.
Time passes by and software matures in the fierce heat of customer opinion. The original dedication to openness is less than it was. A group creation policy allows tenants to restrict the creation of new groups to a limit set of users. Teams hides groups that it creates from Exchange clients to avoid the chance of confusing users and Yammer-originated groups are invisible anywhere outside Yammer.
And now, Microsoft has decided to change the default access type for a group from public to private to satisfy the third-highest rated request for Groups on Uservoice, the place where customers voice their opinion about changes they’d like Microsoft to make.
Given the complex nature of cloud computing, Microsoft is mindful that it’s not a case of if things will go wrong, but rather when. Microsoft designed their cloud services to maximize reliability and minimize the negative effects on customers when things do go wrong. We have moved beyond the traditional strategy of relying on complex physical infrastructure, and Microsoft have built redundancy directly into the cloud services. They use a combination of less complex physical infrastructure and more intelligent
software that builds data resiliency into our services and delivers high availability to the customers.
This post describes data resiliency in Microsoft Office 365 from two perspectives:
1. How Microsoft prevents customer data from becoming lost or corrupt in Exchange Online,
SharePoint Online, and Skype for Business; and
2. How Exchange Online, SharePoint Online, and Skype for Business protect customer data
against malware and ransomware. Continue reading