New Office 365 app launcher and Office.com help you be more productive on the web

Introducing a redesigned Office.com, Office 365 app launcher, and new Office 365 gallery to bring you more personalized experiences on the web.

Read more: New Office 365 app launcher and Office.com help you be more productive on the web

 

Advertisements

Microsoft and Adobe announce expanded partnership – Office Blogs

Microsoft and Adobe announced new joint offerings to increase workforce productivity and drive more efficient business processes.

“Together, we will develop integrated cloud services with best-in-class solutions like Adobe Sign and Office 365 that help businesses digitally transform while delivering great experiences to their customers.”

The big points here are:

  • Integration between Microsoft Office 365 and Adobe Sign will deliver fast, secure electronic signing across Office 365, including Microsoft Word, Microsoft PowerPoint and Microsoft Outlook, so that signing documents electronically, on any device, can become an everyday experience.
  • Adobe Creative Cloud and Adobe Stock integration with Microsoft Teams will give Adobe’s creative customers access to a world-class collaboration workspace that speeds up creative feedback, iteration and decision-making. Microsoft Teams integration will expand to Adobe Experience Cloud in the future.
  • Adobe Sign integration with Microsoft Teams will accelerate electronic agreement creation, approval and signature processes across teams. The Adobe Sign app in Microsoft Teams includes a tab to send documents for signature and a bot that allows team members to manage and track documents.
  • Adobe Sign integration with Microsoft Flow will allow users to build end-to-end digital workflows by adding Adobe Sign to any Microsoft Flow process. In the coming months, organizations will benefit from Flow integration with other Microsoft applications such as SharePoint, Dynamics and OneDrive.

Source: Microsoft and Adobe announce expanded partnership – Office Blogs

Moving SharePoint Library Files FAST

So, this little hack is not endorsed by Microsoft but for those of you who want to make the move from an on-premise file server to SharePoint Online or from a SharePoint Online Team Site Document Library to an Office 365 Group Library and have thousands of files and gigabytes of data, this little tip is for you!

Well, what’s the tip?

Use SPFileZilla! Wait what? Is that it? Yup, that’s it. I have worked with this software for several years now and it has never failed me. Now there are some reported issues with very complex environments who use Active Directory Federation Services and you can’t migrate all the complicated permissions you had setup on your local file share.

But for pure data migration from one place to another, this utility will save you hours of complex PowerShell scripting or Azure Blog creation, etc….

Click this link to download SPFileZilla.

You’re welcome! Let me know your thoughts in the comments below.

Modern Authentication for Office 365

By default Modern Authentication or Multifactor Authentication is disabled for new users of Office 365. It’s very easy to enable the service on a user by user basis which allows them to begin using a secondary method of authentication whenever they want to use Office 365.

What is Modern Authentication?

Modern Authentication is really another way to say, Multi-Factor Authentication or Two-Way Authentication. It means that in order to login to a service or account, you will need to enter two different passcodes. The first is your own password that you create, and the second passcode is a randomly generated code or pin that is sent to you through a text message or authenticator application. This method of authentication is very, very secure and should be used as much as possible. You can read more about multi-factor authentication using this link: https://en.wikipedia.org/wiki/Multi-factor_authentication.

Enable Modern Authentication in Office 365

To enable Modern Authentication in Office 365 is a simple process for a Global Administrator to do. Follow the steps below.

  1. Login to https://portal.office.com.
  2. Select the Admin Center app.
  3. Select Users > Active Users.MFA1
  4. In the Office 365 admin center, click More > Setup azure multi-factor auth.
  5. Select the users you want to enable Modern Authentication on.MFA2
  6. On the right user info pane, under quick steps you’ll see Enable and Manage user settings. Choose Enable.
  7. In the dialog box that opens, click enable multi-factor auth.

Exchange and Skype Online

Now that MFA has been enabled for these users, they can use Office 365 with modern authentication enabled but Outlook and Skype for Business but will need an App Password.

Wait a minute, didn’t you say they can use Modern Authentication with Office 365 applications and services? Yes, I did. But first we have to enable Modern Authentication on those Exchange Online and Skype for Business. Follow these steps.

  1. Open PowerShell as an Administrator.
  2. Run this set of commands to connect to Exchange Online:
    • Set-ExecutionPolicy RemoteSigned (say Yes)
    • $UserCredential = Get-Credential (use your admin credentials)
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session
  3. Now run this command to enable Modern Authentication for Exchange Online.
    • Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  4. Now verify the change was successful by running this command:
    • Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
  5. Now we need to enable Skype for Business Modern Authentication and in order to do so we need to install a few items.
  6. Download and install the Skype for Business Online, Windows PowerShell Module using this link.
  7. After it is installed, continue in PowerShell and run the following commands.
    • $credential = Get-Credential (use your admin credentials)
    • $session = New-CsOnlineSession -Credential $credential -Verbose
    • Import-PSSession $session
  8. Now run this command to enable Modern Authentication for Skype for Business.
    • Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
  9. Now verify the change was successful by running this command:
    • Get-CsOAuthConfiguration

Congratulations! Now your organization can use Modern Authentication on all applications, including Outlook and Skype for Business. There is no need for an app password.

Let me know how this is working for your organization in the comments section.

PowerShell

Setup Email Encryption in Office 365

So this is really going to be easy. You will enjoy paying just $2 a month for your entire company to have hosted email encryption. NOTE: Commands are italicized.

Here is a summary of what we are going to do. (assuming you use Office 365 already)

  1. Purchase Azure Information Protection and assign the license to any user.
  2. Connect to Exchange Online via PowerShell.
  3. Run a few commands in PowerShell.
  4. Create a Rule inside of Office 365 to encrypt messages.

Step 1 | Purchase Azure Information Protection

To purchase a new subscription in Office 365, login to https://portal.office.com, go to the App Chooser in the top left hand corner and select Admin.

AdminCtrO365

Next, go to the Billing section and select Purchase services. There you can find and subscribe to the Azure Information Protection Plan 1 for $2.00 per user per month. NOTE: You only need 1 subscription for message encryption.

AIPO365Step 2 | Connect to Exchange Online via PowerShell

If you have Windows 10, then you already have the necessary software. Simply go to your Start menu > Type PowerShell > Right click on it and Run As Administrator.

In PowerShell run the following commands:

  • Set-ExecutionPolicy RemoteSigned
    • Respond with “A” for all or “Y” for yes.
  • $UserCredential = Get-Credential
    • Login with your Office 365 admin credentials.
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Import-PSSession $Session

Now we are connected to Exchange Online. Don’t close PowerShell just yet.

Step 3 | Run Some PowerShell Commands

Now that we are connected to Exchange Online with a PowerShell session. Let’s enable the Azure Rights Management service to allow for us to send encrypted emails.

In PowerShell run the following commands:

  • Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”
    • Please note this command is for US only.
  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
    • This imports the Trusted Publishing Domain from RMS Online.
  • Test-IRMConfiguration -RMSOnline
    • This just tests that you have successfully configured IRM in Exchange Online to use the Azure Rights Management service.
  • Set-IRMConfiguration – ClientAccessServerEnabled $false
    • This disables IRM templates in OWA and Outlook.
  • Set-IRMConfiguration -InternalLicensingEnabled $true
    • This enables IRM for Office 365 Message Encryption.
  • Test-IRMConfiguration -Sender user@yourdomain.com
    • This verifies that you successfully imported the TPD and enabled IRM.

We have successfully enabled Information Rights Management in your Office 365 tenant. Now all that is left to do is create a Transport Rule that tells the server to encrypt the message.

Step 4 | Create a Rule to Encrypt Email

So now we are done with PowerShell, you can close it or run Remove-PSSession $Session and then close it. Now we just need to create a Transport Rule in Exchange Online to tell the server when a message meets a set of criteria, encrypt it before sending.

Now technically, encrypted emails never leave the mail server. They simply send a message to the recipient saying, “You’ve received an encrypted message from…” So, the recipient can either use a Microsoft Account or a one-time passcode to view the message. See image below for an example of what the recipient sees.

EncryptMessO365

So to setup this rule, go back to https://portal.office.com and login and go to the Admin Center. Down in the bottom left you will see Admin Centers > Exchange.

EACO365

Then in the Exchange Admin Center, select Mail Flow > Rules. Here you will create a new Rule and Apply this rule if…

  • The subject or body includes…
    • I would use a word in brackets like [ENCRYPT].
  • and… The recipient is located…
    • Outside the Organization (within the org the messages are encrypted)
  • Then, do the following…
    • Modify the message security and Encrypt the message with Office 365 Message Encryption.

RuleO365

 

Make sure to enable Enforce this rule. Lastly, you will need to test this out but after a few hours. Technically all these changes take an hour or two to apply.

So that’s it! Whenever someone within your organization sends an email to someone outside the organization, with the subject that includes [ENCRYPT], the message with be encrypted. Take it for a spin and let me know what you think.