Office 365 ProPlus has adopted a servicing model for client updates, allowing new features, non-security updates, and security updates to be released on a regular basis, ensuring your users are always up to date with the latest functionality and improvements.
The client servicing model for Office 365 ProPlus provides options that allow organizations to manage the frequency at which features and updates are deployed using multiple release channels which can be configured for all users or a specific set of users within the organization allowing IT to manage update deployment.
Monthly Channel
The Monthly Channel is made available every month and is targetted to users that want the latest features and updates as soon as they are available.
The Semi-Annual Channel
The Semi-Annual Channel is made available every 6 months, in January/July and is best for organizations that don’t want to deploy the latest features of Office right away or that have a significant number of LOB applications, add-ins, or macros that need to be tested prior to broad deployment. This approach helps to avoid compatibility issues that can potentially stall deployments.
This channel has 18 months of support before the version will need to upgrade to the latest release of ProPlus.
The Semi-Annual Channel (Targeted)
The Semi-Annual Channel (Targeted) enables a group of early adopters who get the latest and greatest features four months in advance of a Semi-Annual release, allowing time for organizations to test the new features and updates. This is available every 6 months, in March and September.
This channel has 14 months of support before the version will need to upgrade to the latest release of ProPlus.
Below is a diagram about how the “Update Model” works.
Check out my Office Pro Plus Tool Kit script designed to assist with testing and deployments.
The ORCA module is your friend when it comes to reporting on the configuration of ATP. This module makes recommendations on where improvements can be made. So how does it work?
Well I have made this process as simple as it gets
– Download PowerShell Script – Run PowerShell Script – Open HTML page
Done
I have made the script intelligent to check for module updates to ensure you are running the latest and greatest.
Head over to my GitHub repo to download the script today 🙂
The following post contains the new features and updated features from October 2019. This post enables you to quickly glance at the Microsoft Teams Roadmap based on the latest information provided by Microsoft.
One thing I have included in this month’s round-up is Microsoft Bookings as it now integrates with Skype and Teams.
The following post contains the new features and updated features from October 2019. This post enables you to quickly glance at the Office 365 Roadmap that directly targets Microsoft Intune based on the latest information provided from Microsoft.
I have been recently investigating Cloud App Security how it can benefit organizations already paying for this functionality without even knowing. Do you already pay for the following Microsoft licenses?
Starting with Cloud App SecurityCloud App Security – DashboardGetting started with Cloud App Security
Log process flow: From raw data to risk assessment
The process of generating understanding the risk within your organisation from a Cloud Securtity starts here with the following. You can upload data to Cloud App Security and the process takes between a few minutes to several hours depending on the amount of data processed.
Upload – Web traffic logs from your network are uploaded to the portal.
Parse – Cloud App Security parses and extracts traffic data from the traffic logs with a dedicated parser for each data source.
Analyze – Traffic data is analyzed against the
Cloud App Catalog to identify more than 16,000 cloud apps and to assess
their risk score. Active users and IP addresses are also identified as
part of the analysis.
Generate report – A risk assessment report of the data extracted from log files is generated.
Note
Continuous report data is analyzed twice a day.
Supported firewalls and proxies
Cloud App Security support data uploads from the following Firewalls and Proxies.
Barracuda – Web App Firewall (W3C)
Blue Coat Proxy SG – Access log (W3C)
Check Point
Cisco ASA with FirePOWER
Cisco ASA Firewall (For Cisco ASA firewalls, it’s necessary to set the information level to 6)
Cisco Cloud Web Security
Cisco FWSM
Cisco IronPort WSA
Cisco Meraki – URLs log
Clavister NGFW (Syslog)
Digital Arts i-FILTER
Forcepoint
Fortinet Fortigate
iboss Secure Cloud Gateway
Juniper SRX
Juniper SSG
McAfee Secure Web Gateway
Microsoft Forefront Threat Management Gateway (W3C)
Palo Alto series Firewall
Sonicwall (formerly Dell)
Sophos SG
Sophos XG
Sophos Cyberoam
Squid (Common)
Squid (Native)
Stormshield
Websense – Web Security Solutions – Investigative detail report (CSV)
Websense – Web Security Solutions – Internet activity log (CEF)
Cloud App Security also enables organizations to automatically discovery the Cloud Apps in use via actives on your firewall logs. This is done via Log Collectors that allows organizations upload logs to Cloud App Security. Every single long is automatically transfers to the portal, there is 2 different behaviours if you are using FTP or Syslog
FTP Uploads
FTP logs are uploaded to Microsoft Cloud App Security after the file finished the FTP transfer to the Log Collector
SysLog Uploads
The Log Collector writes the received logs to the disk. Then the collector uploads the file to Cloud App Security when the file size is larger than 40 KB
App connectors use APIs from cloud app providers to integrate the
Cloud App Security cloud with other cloud apps. App connectors extend
control and protection. They also give you access to information
directly from cloud apps, for Cloud App Security analysis.
To connect an app and extend protection, the app administrator
authorizes Cloud App Security to access the app. Then, Cloud App
Security queries the app for activity logs, and it scans data, accounts,
and cloud content. Cloud App Security can enforce policies, detects
threats, and provides governance actions for resolving issues.
So how does the look from the portal?
List of Connected Apps available today
Lets connect Office 365 for the purpose of this post.
Connect Office 365Select the components you would like to monitor and connect the appSuccess
Conditional Access App Control protection
Microsoft Cloud App Security Conditional Access App Control uses reverse proxy architecture to give you the tools you need to have real-time visibility and control over access to and activities performed within your cloud environment. With Conditional Access App Control, you can protect your organization:
Avoid data leaks by blocking downloads before they happen
Set rules that force data stored in and downloaded from the cloud to be protected with encryption
Gain visibility into unprotected endpoints so you can monitor what’s being done on unmanaged devices
Control access from non-corporate networks or risky IP addresses
Conditional Access App Control protection
With Conditional Access App Control protection you can define you want to Monitor what is being accessed or block.
Conditional Access Policies
When configured you will notice the below appear for all access control applications
Policies
Once you have configured the basics above the next steps is to enable policies you would like run within your environment. Out of the box you will receive a number policies deemed appropriate from Microsoft but there may be additions ones you would like for example;
In my environment I have created a policy that check for OneDrive Documents shared outside my business to specific domains
This policy also has the power to remove the external user to prevent access and this is where Cloud App Security really comes into its own. As it allows organisations and IT Administrators to the power to real take control of corporate data.
Microsoft Bookings has recently come to my attention as Bookings will integrate with Teams and Skype meeting capabilities. This will enable businesses to set up services with online Skype/Teams meeting enabled. A meeting link will be added to the booking invite which customers can use to join the appointment.
This feature is being rolled out Worldwide (Standard Multi-Tenant), Online, Exchange, Education tenants.
What is Microsoft Bookings?
Microsoft Bookings is an online and mobile app for small businesses who provide services to customers on an appointment basis. Examples of businesses include hair salons, dental offices, spas, law firms, financial services providers, consultants, and auto shops.
Bookings has three primary components:
A booking page where your customers can schedule appointments with the staff member who should provide the service. You can show this page on Facebook, where your customers can schedule appointments, or your own web site.
A set of web-based, business-facing pages where business owners can record customer preferences, manage staff lists and schedules, define services and pricing, set business hours, and customize how services and staff are scheduled
A business-facing mobile app where business owners can see all of their bookings, access customer lists and contact information, and make manual bookings
Is Booking enabled for subscription?
Bookings are turned on by default for customers who have the Office 365 Business Premium, or Office 365 A3 and Office 365 A5 subscriptions. Bookings is also available to customers who have Office 365 Enterprise E3 and E5, but it is turned off by default.
Enabling Booking
Get the free Microsoft Bookings add-on for Enterprise subscriptions
If you subscription is Office 365 for Business, Office 365 Enterprise E3 or E5, the Microsoft Bookings app offered through the Business Apps (free) add-on is off by default. Follow these steps to get licenses and assign to your users.
Turn Bookings off for your entire organization using Exchange Online PowerShell
If
you don’t have access to the Bookings setting in Microsoft 365 admin
center, you can turn off Bookings by running the following command in
PowerShell.
The following post contains the new features and updated features from July 2019. This post enables you to quickly glance at the Microsoft Teams Roadmap based on the latest information provided from Microsoft.
Do you find it hard to keep up to date with all the latest Office 365 Roadmap news? Would you like an easier way to keep you and maybe your colleagues informed?
Then look no further, with power of Microsoft Teams you can now post the Roadmap updates directly into a Microsoft Teams Channel. By using the super powers of Microsoft Flow we can now publish the Office 365 Roadmap cleanly into a Microsoft Teams Channel and heres how we can do it.
Launch http://flow.microsoft.com
Creating the Microsoft Flow for RSS to Microsoft Teams Channel
Select My Flows Create New Automated – from Blank
Give you Microsoft Flow a name and choose the RSS trigger for “When a feed item is published” then click create 🙂
You must be signed into Flow with an account that has Microsoft Teams access.
Browse for Microsoft Teams and select Post a message (V3) (preview). The Microsoft Teams element in Flow are relatively new and all in public preview.
You will now need to specify your Team, Channel, Message and Subject. As you can see from below I am using Feed summary as the message and Feed title as the subject.
At the next trigger you will receive a message like below into your specified Microsoft Teams Channel.
As a big advocate for Office ProPlus I am delighted to now see that Microsoft Teams now apart of the ProPlus deliver mechanism. However, just like any Microsoft product, it does have its caveats.
Microsoft Teams will only be included with NEW installations of Office 365 ProPlus dependent on the channel you are using. The below shows the schedule of the introduction but this is subject to change.
Update channel
Version
Date
Monthly Channel
Version 1902
March 4, 2019
Semi-Annual Channel (Targeted)
Version 1902
March 12, 2019
Semi-Annual Channel
Version 1902
July 9, 2019
Important Note:
Teams are also included with the following new installations: Office 365 Business, starting with Version 1901, which was released on January 31, 2019. Office 365 Business is the version of Office that is included with certain business plans, such as the Microsoft 365 Business plan and the Office 365 Business Premium plan.
Office for Mac, starting with Version 16.21, which was released on January 16, 2019. Office for Mac comes with any plan that includes Office 365 Business or Office 365 ProPlus. For more information, see Microsoft Teams installations on a Mac.
Now Microsoft Teams is apart of the Office Deployment tool it is now subject to all the controls we are common use to so we exclude Teams if we really to 🙂 but why would we do that.
What about existing deployments of Office 365 ProPlus?
At the time of this post, it is not possible to get Microsoft Teams if you have an existing deployment of Office 365 ProPlus. Microsoft has announced that in Version 1906 Microsoft Teams will be shipped to existing deployment running this version. The table below gives an indication of when we can expect the rollout of Teams but if you are using Monthly Channel (Targeted) you should be seeing Microsoft appearing approximately on 25th June 2019.
Update channel
Version
Date
Monthly Channel
Version 1906
July 9, 2019
Semi-Annual Channel (Targeted)
To be determined
September 10, 2019
Semi-Annual Channel
To be determined
January 2020
If you don’t want Teams to be added to existing installations of Office 365 ProPlus when you update to a new version, you can use Group Policy or the Office Deployment Tool to exclude the installation.
Always keep up to date.
Make sure you’re using the most current version of the Office Deployment tool available on the Microsoft Download Center.
Temporarily, the name and help text for this policy setting is available only in English. The name and help text will be available in the usual set of languages by June 14, 2019.
Updating Microsoft Teams !! It doesnt follow the normal ProPlus cycles.
Once Microsoft Teams is installed, it automatically updates approximately every two weeks with new features and quality updates. This doesn‘t follow the normal update cycle for Office 365 ProPlus as other applications receive updates depending on which channel they’re on.
Baseline policy: Require MFA for Service Management (Preview)
Baseline policy: End user protection (Preview)
This policy protects users by requiring multi-factor authentication
(MFA) during risky sign-in attempts to all applications. Users with
leaked credentials are blocked from signing in until a password reset.
Once the policy is enabled, users are required to register for MFA within 14 days of their first login attempt. The default method of MFA registration is the Microsoft Authenticator App.
This policy is either On or Off and you can also exclude users from receiving this policy
This policy blocks all sign-ins using legacy authentication protocols
that don’t support multi-factor authentication (such as IMAP, POP,
SMTP).
The policy does not block Exchange ActiveSync.
Office 2013 (without registry keys)
Office 2010
Thunderbird client
Legacy Skype for Business
Native Android mail client
This policy is either On or Off and you can also exclude users from receiving this policy. This policy is great as I have configured a custom built policy for just this but my policy also includes Exchange Active Sync.
Baseline policy: Require MFA for Service Management (Preview)
This policy requires users logging into services that rely on the
Azure Resource Manager API to perform multi-factor authentication (MFA).
Services requiring MFA include:
Azure Portal
Azure Command Line Interface (CLI)
Azure PowerShell Module
This policy is either On or Off and you can also exclude users from receiving this policy
Its great to see some more brilliant developments in Conditional Access and really excited to see these go live with customers.
