tag:blogger.com,1999:blog-14093249274283776382024-03-28T23:29:30.311-04:00TrustSharePointWelcome - Sharing information with the community related to Microsoft SharePoint security, information protection and permissions. Topics will also cover identity federation, claims and software development. Articles will at times be technical and focussed at developers/architects. They will also be higher level and discuss concepts and customer use cases. Have a look around, share your thoughts and I do hope you find some helpful content.Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.comBlogger126125tag:blogger.com,1999:blog-1409324927428377638.post-25083345539139153612020-01-01T21:23:00.000-05:002020-01-26T21:37:13.236-05:00Introducing My New Blog: AntoniO365After 8 years of using this blogging platform (Blogger), I've decided to move my writings to a new platform with a new name.<br />
<br />
<h2 style="text-align: center;">
<a href="http://www.antonio365.com/" target="_blank">www.AntoniO365.com</a>! </h2>
<br />
At AntoniO365, I'll write about more than SharePoint security and identity. I'll touch on a lot of different aspects of Microsoft 365, including the different services available, how to manage your environment and how to architect solutions within the Microsoft Cloud platform. My work in recent years has focused heavily on cloud architecture, compliance, data governance, records management and information protection. I want to share information about all of those topics, and I felt that needed a new platform.<br />
<br />
I hope you have enjoyed <b>TrustSharePoint</b>! It has been a pleasure to write. I'll keep it live for a few more years so you can keep coming back to it if you need to.<br />
<br />
Please join me at <a href="http://www.antonio365.com/" target="_blank">www.AntoniO365.com </a>for new articles and information on these and other topics.<br />
<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com18tag:blogger.com,1999:blog-1409324927428377638.post-29399837040342352642019-04-22T10:33:00.001-04:002019-04-22T10:35:28.981-04:00SPSTC: An Introduction to Enterprise Mobility + Security[I posted this to the blog back on Apr 7, 2019, but just realized blogger had not actually published it]<br />
<div>
<br /></div>
<div>
Thanks to everyone that attended my session at SharePoint Saturday Twin Cities in Minneapolis on April 6/19! You can find my presentation slides below, and should be able to download them from SlideShare. This session had a lot of information to in it, walking through the various components that make up the Microsoft Enterprise Mobility + Security offering and the licensing options around those offerings.</div>
<br />
<center>
<div>
<iframe allowfullscreen="" frameborder="0" height="485" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/oMY6Abl65hQWhX" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="595"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/AntonioMaio2/introduction-to-microsoft-enterprise-mobility-security" target="_blank" title="Introduction to Microsoft Enterprise Mobility + Security">Introduction to Microsoft Enterprise Mobility + Security</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div>
</div>
<div>
</div>
</center>
<br />
<div>
The licensing in particular is complex, but ultimately your options for this offering are:<br />
<br />
<h3>
Enterprise Mobility + Security E3</h3>
This subscription includes:<br />
<br />
<ul>
<li>Azure Active Directory Premium P1</li>
<li>Microsoft Intune</li>
<li>Azure Information Protection P1</li>
<li>Microsoft Advanced Threat Analytics</li>
<li>Azure Rights Management (part of Azure Information Protection) and the Windows Server CAL rights.</li>
</ul>
<br />
<br />
<h3>
Enterprise Mobility + Security E5 </h3>
This subscription includes all the capabilities of Enterprise Mobility + Security E3 plus:<br />
<br />
<ul>
<li>Azure Active Directory Premium P2</li>
<li>Azure Active Directory Identity Protection (as a feature of AAD Premium P2)</li>
<li>Azure AD Privileged Identity Management (as a feature of AAD Premium P2)</li>
<li>Azure Information Protection P2</li>
<li>Microsoft Cloud App Security</li>
<li>Azure Advanced Threat Protection</li>
</ul>
<br />
You can find more information about Microsoft Enterprise Mobility + Security licensing here: <a href="https://www.microsoft.com/en-us/enterprise-mobility-security/compare-plans-and-pricing">https://www.microsoft.com/en-us/enterprise-mobility-security/compare-plans-and-pricing</a>. There are other licensing options as well, but these are the primary ones that organization consider when they look to increase the security and compliance features which their organization is leveraging.<br />
<br />
<h3>
Table of Enterprise Mobility + Security</h3>
You can learn a lot more about each feature included across all Microsoft Security and Compliance tools from our <b>Table of Enterprise Mobility + Security</b>. The features and tools are grouped together to identify the tools that help you to accomplish specific related tasks, and clicking on each tile in the table will take you to the Microsoft documentation which is specific to that service or feature.<br />
<br />
<h2 style="text-align: center;">
<a href="https://ems.jumpto365.com/">https://ems.jumpto365.com/</a></h2>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjORTM68w8YLLu9JTjKeLHPtjurvF1SXrPN0QXLj5rZwThoT0nyWB-ra888zVCx1BqzsJxvRbAkhqRHPkqWbV_JN48NXJDZoCTTI0sOceLpm8C7ObXiA-nGTeM6dBBFTiblhXb_wZV0GiI/s1600/2019_04_04_09_12_48_Periodic_Table_of_Office365-small.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="443" data-original-width="744" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjORTM68w8YLLu9JTjKeLHPtjurvF1SXrPN0QXLj5rZwThoT0nyWB-ra888zVCx1BqzsJxvRbAkhqRHPkqWbV_JN48NXJDZoCTTI0sOceLpm8C7ObXiA-nGTeM6dBBFTiblhXb_wZV0GiI/s320/2019_04_04_09_12_48_Periodic_Table_of_Office365-small.png" width="320" /></a></div>
<br />
<br />
Enjoy.<br />
-Antonio</div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com59tag:blogger.com,1999:blog-1409324927428377638.post-85040128498218831322019-04-04T12:01:00.000-04:002019-04-04T12:01:15.446-04:00The Table of Microsoft Enterprise Mobility & Security!<div class="graf graf--p">
I'm very happy to announce that I’ve teamed up with jumpto365’s Matt Wade and Niels Gregers Johansen to publish The Table of Microsoft Enterprise Mobility & Security, which is a new addition to the Microsoft Periodic Table series!</div>
<div class="graf graf--p">
<br /></div>
<div class="graf graf--p">
Niels, Matt, and I decided at Microsoft Ignite 2018 to work together on a tool that’s been one of the top requested additions to the Periodic Table of Office 365. That is overview for Microsoft’s Cloud capabilities related to security, compliance and information protection. Similar to the Office 365 periodic table, the Table of EM&S categorizes similar services together to make the overall offering easier to navigate, and easier to determine which tools are available to you.</div>
<div class="graf graf--p">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://ems.jumpto365.com/" target="_blank"><img alt=" Table of Enterprise Mobility & Security" border="0" data-original-height="392" data-original-width="687" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhASyFL29axOtthAC17PpViXQy59fliJ-KYCesIRLIbpF6ZgbhkwDyTZkbosroZXu0erzpayln-I-IQaPsyqDR9uOy-2pCeD72sOeqph9rWKbdP5t93NfEgAQuLeImNp-YMvZ3Tuak9dg0/s640/table-ems-title.png" width="640" /></a></div>
<div class="graf graf--p">
<br /></div>
<div class="graf graf--p" name="6376">
Considering the breadth of tools available with the EM&S offering, which is maintained by many teams across Microsoft, it can be hard to find central resources providing an overview of the entire suite, which group and describes the tools with respect to each other. This work aims to bring everything together in one spot and make jumpto365 your entry point to understanding the Microsoft Cloud tools that are available to you.</div>
<div class="graf graf--p" name="8f77">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://ems.jumpto365.com/" target="_blank"><img alt=" Table of Enterprise Mobility & Security" border="0" data-original-height="443" data-original-width="744" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA4k1FCgaZ1_NfTd_xoham8lyVG_RzC3Hm8fOcnvZ5UKO11urQ3Srii4_RxFyOslrUV2DZjJUK4VOJPF78Q1AkAmpt8RUhX15E5NUbnmkGzTyV3Wx-7VRwgaEMaPZ9oseKlZjdLsEFgQc/s320/2019_04_04_09_12_48_Periodic_Table_of_Office365-small.png" width="320" /></a></div>
<div class="graf graf--p">
<br /></div>
<div class="graf graf--p" name="a2b5">
Each tile represents a Microsoft service, feature or tool which is related to information protection, security, compliance, and enterprise mobility. Some features are provided as part of the Microsoft Enterprise Mobility + Security offering. Some come with Office 365 enterprise licenses, some are just built in protections that are critical for people to understand, and some go beyond the Microsoft Enterprise Mobility + Security offering, helping you to understand some of the <b>Advanced Options</b> available for security and compliance</div>
<div class="graf graf--p" name="a2b5">
<br /></div>
<div class="graf graf--p" name="a2b5">
We're highlighting the features and capabilities that are important when considering the security of your Microsoft 365 environment and the tools available to you to help with regulatory compliance.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://ems.jumpto365.com/" target="_blank"><img alt=" Table of Enterprise Mobility & Security" border="0" data-original-height="198" data-original-width="778" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFInPppYqeRnXWOOmmvk5ley5kCcbHUiA0a_5Xx5_O2K1ugVn2wuLCnszbWoTPMZ3HVAyU5MtfScvzDh_BRu2mH6tW3kXyDKdH_YTwsZkwrpTxwxPSB5CCKil5DCav9bRjL5_5q-yFjns/s640/launch-ems-table.png" width="640" /></a></div>
<div>
<br /></div>
<div style="text-align: center;">
<a href="https://ems.jumpto365.com/"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">https://ems.jumpto365.com/</span></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
I've worked in the security and compliance space for a very long time, and there are many great solutions built into the Microsoft Cloud which help customers protect their information, secure their tenant, and comply with the regulations that are important to them. I truly love working with these tools! In working with many customers though, I find that they often don't know that these tools exist, and learning which one is best for which task is one of the hardest tasks in moving to a more secure and compliant state in Microsoft 365.</div>
<div>
<br /></div>
<div>
The security and compliance tool landscape is vast in Microsoft 365, with a lot of great services, features and tools! One thing that excites me most about this table is sharing that knowledge with people and giving them an easy way to explore the many security and compliance features available to them.</div>
<div>
<br /></div>
<div>
<h3 class="graf graf--h3" name="d518">
Links to Documentation and Product Pages</h3>
<div class="graf graf--p" name="2e60">
You can jump to the product pages and documentation for each tile in the Table for the particular service or feature, giving you both an overview and access to the in-depth details about how to make use of the service or feature. All of those product pages offer links to the technical documentation, pricing, getting started guides, and live demos. This lets you check if the service offers what you are looking for before spending money and time on the idea.</div>
<div class="graf graf--p" name="2e60">
<br /></div>
<h3 class="graf graf--h3" name="eb06">
Source</h3>
<div class="graf graf--p" name="91dc">
All information in the EM+S Table can be found across Microsoft’s Enterprise Mobility + Security service websites. If any changes are made by Microsoft to the EM+S services, we will update the Table as well, so that it stays up to date.</div>
<div class="graf graf--p" name="91dc">
<br /></div>
<h3 class="graf graf--h3" name="7ecc">
More to Come...</h3>
<div class="graf graf--p" name="b0e6">
This is the beginning of the Table of Microsoft EM&S. We will continuously update the Table with more features and functions to make it better over time. If you have anything you would want to see on the next version, please let me know in a comment below.</div>
<div class="graf graf--p" name="b0e6">
<br /></div>
<div class="graf graf--p" name="713d">
To learn more about my work and what I do, please visit <a class="markup--anchor markup--p-anchor" data-href="http://www.antonio365.com/" href="http://www.antonio365.com/" rel="noopener" target="_blank">my other blog www.antonio365.com</a> and <a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/AntonioMaio2" href="https://twitter.com/AntonioMaio2" rel="noopener" target="_blank">follow me on Twitter</a>.</div>
</div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com19tag:blogger.com,1999:blog-1409324927428377638.post-54000187858509445952019-01-25T23:54:00.000-05:002019-03-31T23:58:54.874-04:00A Practical Introduction to Microsoft Forms & Microsoft PowerApps<br />
<div class="MsoNormal">
As an enterprise architect, working primarily in the
Microsoft Cloud, I often get asked questions about which form solution a Client
should move forward with in their enterprise. It usually starts with one form
that a business stakeholder has requested or suggested, or with one team that
wishes to publish a few forms. The request and the questions quick spread to
multiple teams that want to do something similar in the spirit of "Going
Digital"! Do we continue to use InfoPath like we used to? Do we use SharePoint
Designer to create a list form? Are those things still supported, because we've
heard they're not? Do we create a custom form on a SharePoint site page with a
custom web part... maybe a full page web part? Do we use Microsoft PowerApps,
Microsoft Forms, or a third party solution?<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So, I thought I'd share my practical thoughts here to
hopefully benefit many people wondering about the same question. Microsoft has
a long history of form solutions which have come and gone, especially in the
case of SharePoint. The SharePoint and Microsoft technology stack for building
and hosting online forms has gone through significant flux in recent years. It
started with the announcement that Microsoft would discontinue InfoPath back in
January 2014 (anyone remember the InfoPath funeral at the SharePoint
conference). After several years of flux, we finally have a clear path forward
for online forms in SharePoint and in the Microsoft Cloud.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 107%; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Let's Be Clear on
InfoPath and SharePoint Designer<o:p></o:p></span></b></div>
<div class="MsoNormal">
First of all, let's be clear on InfoPath and SharePoint
Designer - Microsoft has clarified in recent years that InfoPath and SharePoint
Designer will in fact be supported in their last versions, InfoPath 2013 (the
client application, as a separate download, and not included with Office 2016
or later) and SharePoint Designer 2013, until July 2026. This means that
current and recently released versions of SharePoint, so SharePoint 2016 and
SharePoint 2019, will support artifacts created in InfoPath 2013 and SharePoint
Designer 2013. As will SharePoint Online, until further notice. However,
Microsoft has also been clear that no new work, not features, not updates, not
patches, will be put into InfoPath 2013 or SharePoint Designer 2013. Those are
the last versions of those applications.<o:p></o:p></div>
<div class="MsoNormal">
This effectively means that InfoPath and SharePoint Designer
are on life support, and are still supported for those on premise and online
solutions for Microsoft customers that have a large investment in using
InfoPath and SharePoint Designer and cannot yet move to the new modern
capabilities.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
This also means that new modern capabilities added to
SharePoint Online and the Microsoft Cloud will likely not work or integrate
with InfoPath or SharePoint Designer. Effectively, the real use cases in which
InfoPath and SharePoint Designer may be used in conjunction with SharePoint
Online sites to fulfill a business need will get more and more narrow, over a
long period of time, until 2026 in fact.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
What you've built in the past is still supported, and you
could still likely use the tools for something simple, but its highly recommend
that you don't look to these technologies to try to build anything modern, or
supported on mobile, or integrated across the Microsoft Cloud. You will have a
long up hill battle!<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 107%; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Microsoft's Go
Forward Online Form Solutions: PowerApps & Forms<o:p></o:p></span></b></div>
<div class="MsoNormal">
As many will tell you, Microsoft's go forward solutions for
Online Forms in the Cloud include both Microsoft PowerApps and Microsoft Forms.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;">Microsoft Forms </b>was
released to general availability on April 27, 2018, so its only a little over a
year old in general availability (it had a long preview program before that
which many of us participated in). The solution is still fairly young, but its
intended use cases and purposes are fairly narrow and focused, so it does what
it does very well.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;">Microsoft PowerApps</b>
was released to general availability on October 31, 2016. It is only a little
over 2 years old. Its important to keep that in mind, because it tells you the
technology is young and still evolving. That said, the technology has come a
long way in just 2 short years. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 107%; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Microsoft Forms<o:p></o:p></span></b></div>
<div class="MsoNormal">
Microsoft Forms is essentially a light weight, very basic
tool for creating surveys, quizzes and polls that are intended to quickly
collect information. Some general use cases in which we have seen Microsoft
Forms are:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo5; text-indent: -.25in;">
</div>
<ul>
<li>Surveys to collect end user feedback</li>
<li>Short forms asking users to register for an
event or to gauge interest in an event</li>
<li>Simple forms requesting contact information from
users</li>
<li>Polls to gather employee or customer satisfaction</li>
<li>Educational environments where teachers wish to
publish a quiz to students to measure information retention, or to test
knowledge of a topic and evaluate progress</li>
</ul>
<!--[if !supportLists]--><o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo5; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo5; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo5; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo5; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
With Microsoft Forms, you really can create a simple online
form in minutes which fulfills these use cases. Microsoft Forms does not
replace InfoPath or SharePoint Designer list forms, due to the simple nature of
forms it can create. But it does very quickly fill one particular need with
respect to Forms. It allows you to very quickly and easily:<o:p></o:p></div>
<div class="MsoNormal">
</div>
<ul>
<li>Create forms for surveys, polls or quizzes with a simple set
of varied controls, and using simple conditions</li>
<li>Publish those forms to the internet for users to fill out
anywhere, any time, on any device (desktop, laptop, tablet or mobile)</li>
<li>Collect submitted data in a central place, which can be
aggregated, summarized and analysed by other tools</li>
<li>Automatically trigger workflows created in Microsoft Flow
which can integrate the collected data from Microsoft Forms into other systems</li>
</ul>
<o:p></o:p><br />
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
One feature that Microsoft Forms has over PowerApps, is that
Forms can be optionally be published so that they can be accessed anonymously.
That's correct, if you need to publish a form to the internet that you want
people on the internet to access and fill out and not require them to login
(because maybe they don't have a user account in your Office 365 tenant) you
cannot do that with Microsoft PowerApps, but you can do that with Microsoft
Forms. This is not the default configuration, but when you publish a form in
Microsoft Forms you can choose to publish it anonymously and not require users
to login - when you do this, any person on the internet with a link to the form
can respond to it.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 107%; mso-bidi-font-size: 11.0pt;">Access to
Microsoft Forms<o:p></o:p></span></b></div>
<div class="MsoNormal">
Access is controlled through your Office 365 license, and
all Microsoft Office 365 enterprise licenses include one flavor or another of
the Microsoft Forms SKU, including Office 365 Enterprise E1, Enterprise E3 and
Enterprise E5.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
There are numerous flavors of the Microsoft Forms license
itself, including those focused on the enterprise (Microsoft Forms plan E1,
plan E3, plan E5), those focused on kiosks or unattended applications (plan K),
and those focused on Education (Plan 2 and Plan 3). You can control if a user
has access to Microsoft Forms for the purpose of creating a publishing a form
by turning ON or OFF the Microsoft Forms SKU in their Office 365 license.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
You can learn more about which licenses include Microsoft
Forms<span style="font-family: "Times New Roman",serif; font-size: 12.0pt; line-height: 107%; mso-fareast-font-family: "Times New Roman";"> <a href="https://support.office.com/en-us/article/office-licenses-that-include-microsoft-forms-efa14679-5d99-47c5-bdf1-2fc838767f7e?ui=en-US&rs=en-US&ad=US">here</a>.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "Times New Roman",serif; font-size: 12.0pt; line-height: 107%; mso-fareast-font-family: "Times New Roman";"><br /></span></div>
<div class="MsoNormal">
Microsoft Forms is also available for free to Hotmail and
Outlook/Live Microsoft accounts, with some limitations.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 107%; mso-bidi-font-size: 11.0pt;">Controls
Available in Microsoft Forms and Other Options<o:p></o:p></span></b></div>
<div class="MsoNormal">
There are many common control options available when you're
designing your forms, which are:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
</div>
<ul>
<li>Choice fields where you only select 1 answer
(radio buttons or dropdown)</li>
<li>Choice fields where you select multiple answers
(check boxes)</li>
<li>Text Fields</li>
<li>Ratings</li>
<li>Dates</li>
<li>Net Promoter Score Fields (announced at Ignite
2018; for example, "How likely are you to recommend this to a
friend?" with a choice from 1 to 10)</li>
</ul>
<!--[if !supportLists]--><o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l4 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
Other options include:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
</div>
<ul>
<li>Options to make fields required</li>
<li>Options to order fields as desired</li>
<li>Options to shuffle the options presented to
users</li>
<li>Options for titles and subtitles on form
questions</li>
<li>Branding options in the form title</li>
<li>Suggested questions based on how you start your
form</li>
<li>Creative ideas presented to you as you are
developing your form</li>
</ul>
<!--[if !supportLists]--><o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 107%; mso-bidi-font-size: 11.0pt;">Important
Technical Notes about Microsoft Forms<o:p></o:p></span></b></div>
<div class="MsoNormal">
The following are other important technical notes and
limitations related to Microsoft Forms:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l2 level1 lfo3; text-indent: -.25in;">
</div>
<ul>
<li>All data submitted through Microsoft Forms is
stored on servers in the United States or Europe (only if your Office 365
tenant is hosted in Europe). So, if your Office 365 tenant was created and is
hosted in a data center outside of the United States or Europe, your form, its
configuration and any data submitted through your form is stored and hosted in
servers within a US data center. This may or may not fit with your data
residency requirements, so please consider the use of Microsoft Forms carefully
with this in mind.</li>
<li><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->If a user who creates and publishes a form using
Microsoft Forms, leaves the organization and their account is disabled and/or
their Microsoft Forms license is removed, then all Microsoft Forms
configuration and data, including submitted form responses, will be deleted 30
days after their user account is deleted from your Azure AD instance.</li>
<li><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Conditional Access does integrate with Microsoft
Forms. You can select Microsoft Forms as a Cloud App in the Cloud Apps
assignment.</li>
</ul>
<!--[if !supportLists]--><br />
<div class="MsoListParagraphCxSpLast" style="mso-list: l2 level1 lfo3; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l2 level1 lfo3; text-indent: -.25in;">
<br /></div>
<div class="MsoNormal">
There are some limitations as to how many forms a user
account may create, and how many responses they can receive. Forms created
using an enterprise or commercial accounts:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l1 level1 lfo4; text-indent: -.25in;">
</div>
<ul>
<li>A single user account may create up to 200 forms</li>
<li>A single form may have up to 100 questions</li>
<li>A single form may receive up to 50,000 responses</li>
</ul>
<!--[if !supportLists]--><o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo4; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l1 level1 lfo4; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
Finally, surveys and quizzes allow you to collaborate with
others during the creation process by creating and sharing a link to the form
with other users. You can use this same method to save forms as templates and
reuse them over and over again.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 107%; mso-bidi-font-size: 11.0pt;">Microsoft
PowerApps<o:p></o:p></span></b></div>
<div class="MsoNormal">
Microsoft PowerApps is cloud based technology only available
in the Microsoft Cloud, which allows business analysts as well as software
developers to build custom business applications.<span style="mso-spacerun: yes;"> </span>It is Microsoft’s go-forward solution for online
forms, and is the intended replacement technology for InfoPath forms, as well
as all previous form technologies.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The solution is not only targeted at software
developers.<span style="mso-spacerun: yes;"> </span>The solution is targeted at
business analysts or technical specialists within a business function (as
opposed to business users) as some technical abilities are typically required
to build simple PowerApps solutions.<span style="mso-spacerun: yes;">
</span>Often business users can easily start a PowerApps solution, but very
quickly they find that some knowledge of JSON or expressions/formulas is
required to achieve the business functionality they wish.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Therefore, PowerApps is typically viewed by most enterprises
as a “low-code” and “rapid application development” solution for building
custom business applications in the Microsoft Cloud.<span style="mso-spacerun: yes;"> </span>When developing a PowerApps application,
there are two (2) types of applications that may be created:<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo6; text-indent: -.25in;">
</div>
<b style="text-indent: -0.25in;">Canvas
App</b><br />A canvas app allows the app developer to
layout supported controls wherever they wish on the page and construct
multi-page applications.<br /><!--[if !supportLists]--><br />
<div class="MsoListParagraphCxSpMiddle">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo6; text-indent: -.25in;">
</div>
<b style="text-indent: -0.25in;">Model
Driven App</b><br /><!--[if !supportLists]--><br />
<div class="MsoListParagraphCxSpLast">
A model driven app is created and designed for
the most part based on the data fields you select for the app.<span style="mso-spacerun: yes;"> </span>They are tightly integrated with the Common
Data Service (CDS) which is the common data model used within Dynamics
365.<span style="mso-spacerun: yes;"> </span>As you develop a model driven app,
you create entities and fields within the CDS, and the controls are automatically
laid out on your form to support reading and writing of data from and to those
data structures.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
All Office 365 enterprise licenses include a <b style="mso-bidi-font-weight: normal;">PowerApps for Office 365</b> license.<span style="mso-spacerun: yes;"> </span>This provides all Office 365 users with standard
PowerApps designer capabilities, in effect enabling all users to create their
own PowerApps. <span style="mso-spacerun: yes;"> The PowerApps for Office 365 license provides access to Canvas Apps, and it provides access to the Common Data Service (CDS), however only in the default environment.</span></div>
<div class="MsoNormal">
<br /></div>
Any user that will run a PowerApps, meaning if they will fill out an online form built on PowerApps, will run it under the context of their own user account and therefore requires a PowerApps license.<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The default PowerApps for Office 365 license has limitations
in the capabilities which are available to users.<span style="mso-spacerun: yes;"> </span>PowerApps also provides higher level
licenses, named Plan 1 and Plan 2:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo6; text-indent: -.25in;">
</div>
<ul>
<li>PowerApps Plan 1 provides access to the Common
Data Service for Apps to store and manage data in additional environments. Users can run canvas apps that
are built on the Common Data Service for Apps, use premium connectors, access
data in custom applications or on-premises data.</li>
<li>PowerApps Plan 2 allows users to run
model-driven apps with code plug-ins and real-time workflows.</li>
</ul>
<!--[if !supportLists]--><o:p></o:p><br />
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo6; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p> </o:p>For more information on PowerApps license plans please refer
to the Microsoft article <a href="https://powerapps.microsoft.com/en-us/pricing/#compare-plans" target="_blank">here</a>.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<br />Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com16tag:blogger.com,1999:blog-1409324927428377638.post-31682388482037830912018-12-28T23:32:00.000-05:002019-03-31T23:35:22.217-04:00SharePoint Conference North America 2019: Discover End to End Records Management<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;">I am very pleased to announce that I will be co-presenting at the </span><a href="https://sharepointna.com/" style="background-color: white; box-sizing: inherit; color: #007fac; font-size: 16px; outline: 0px; transition-duration: 0.05s; transition-property: border, background, color; transition-timing-function: ease-in-out; white-space: pre-wrap;">SharePoint Conference North America 2019</a><span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"> (May 21 to 23 in Las Vegas) with Erica Toelle. Our session is titled </span><span style="background-color: white; box-sizing: inherit; color: #191e23; font-size: 16px; font-weight: 600; white-space: pre-wrap;">Discover end-to-end records management in Microsoft 365</span><span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"> and we're very excited to share with you all that we know about records management in the Microsoft 365 platform. </span></span><br />
<span style="background-color: white; color: #191e23; font-family: "Noto Serif"; font-size: 16px; white-space: pre-wrap;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFJNiuMqDICeVZmooV2tA_F0RNE7GjOX5CXdQp-xj6-gBfujo-JEJ84XZQDeXpUJ2qiNiEHLn_dOinfOnCvNsCsK26N7AzzXT_3F9svIK9V6BToBjAGiGTkuLFX3dBeuqpOvacyITB6CU/s1600/Antonio+Maio-Maio+Social+Banner-234.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="512" data-original-width="1024" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFJNiuMqDICeVZmooV2tA_F0RNE7GjOX5CXdQp-xj6-gBfujo-JEJ84XZQDeXpUJ2qiNiEHLn_dOinfOnCvNsCsK26N7AzzXT_3F9svIK9V6BToBjAGiGTkuLFX3dBeuqpOvacyITB6CU/s640/Antonio+Maio-Maio+Social+Banner-234.jpg" width="640" /></a></div>
<span style="background-color: white; color: #191e23; font-family: "Noto Serif"; font-size: 16px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"><span style="font-family: inherit;">Erica and I have been friends for several years, and we often discuss how organizations are managing their records and we talk about the capabilities available from Microsoft in the cloud platform. These capabilities have evolved significantly over the last year, and we're really excited to share what's now available.</span></span><br />
<span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"><span style="font-family: inherit;">To give you a quick preview of our session, Erica and I will be covering the following topics...</span></span><br />
<span style="background-color: white; color: #191e23; font-size: 16px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; white-space: pre-wrap;"><span style="color: #191e23; font-family: inherit;"><b>Office 365 Labels and Label Policies</b>
</span></span><br />
<span style="background-color: white; white-space: pre-wrap;"><span style="color: #191e23; font-family: inherit;">At Ignite 2018 Microsoft announced Unified Labeling Management. With unified labels, you have a single place to manage sensitivity labels that help classify and protect your sensitive data, as well as manage retention labels that help govern the lifecycle of your data. This unification brings together Azure Information Protection (AIP) labels and Office 365 labels into one management interface and a set of functionalities that can be used to govern data.</span></span><br />
<span style="background-color: white; white-space: pre-wrap;"><span style="color: #191e23; font-family: inherit;">
<b>Advanced Data Governance for Automatic Labeling</b>
The Office 365 Advanced Data Governance (ADG) feature set works together with unified labels so you can automatically apply labels to content that meet certain criteria. This way end user does not have to manually label content, ensuring it is appropriately managed for compliance and protected from misuse.
<b>Protecting Sensitive Information</b>
In the Unified Labeling Management experience, Microsoft as integrated the management of Microsoft Information Protection (MIP) labels as well. So you can now configure and manage both labels for retention and levels for sensitivity. Sensitivity labels allow us to protect sensitive content based on a classification.
Data Loss Prevention (DLP) identifies sensitive information, such as social security numbers and bank account information, and adds additional policies and protections. DLP can govern sensitive information where it lives, when we route it, and when we share information.
<b>Retaining Information and Disposition</b>
Most important to Records Management is the ability to retain and delete information. We will look at how you build a file plan for Office 365 and use it to enforce retention to prevent content from being deleted. On the flip side, you can also use retention policies to delete content. For example, some organizations want to delete Microsoft Teams conversations after 30 days, similar to what was previously done with Skype conversations.
<b>Label Analytics and the Activity Explorer</b>
How can you tell if your label and records management strategy is working? That’s where the Label Activity Explorer can help. It provides analytics about the application of labels. You can look at what labels have been manually and automatically applied, where, and by whom in addition to other data.
<b>End User Experience in Microsoft 365</b>
What does records management look like to the end user? Is it intuitive? We will look at how an end user can manually apply a label to content in SharePoint and Exchange. We'll look at how you can avoid impacting end users but still enforce record management policies for your content. We will also demonstrate what the end user sees when a label is applied automatically.
<b>Real Life Stories Implementing Microsoft 365 Records Management</b>
Finally, we'll talk about some real-life case studies of how we use Microsoft 365 Records Management in the real world. This overview includes the deployment approach, tips and tricks, and best practices.
We hope to add a few more topics if Microsoft releases additional functionality before the conference in May.</span></span><br />
<span style="background-color: white; white-space: pre-wrap;"><span style="color: #191e23; font-family: inherit;">
We really hope you'll be able to join us for this session!
See you in Las Vegas this May...</span></span>Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com16tag:blogger.com,1999:blog-1409324927428377638.post-6189495070417989042018-02-07T10:39:00.002-05:002018-02-07T10:57:17.171-05:00Step by Step: How to Fine Tune Sensitive Data Types in Office 365Office 365 provides the Data Loss Prevention feature or DLP which allows you to automatically identify sensitive data across workloads in Office 365. This means that you can have 1 set of policies that all apply to SharePoint Online sites, OneDrive for Business sites and Exchange email, or you can have different policies that apply to each workload.<br />
<br />
The Office 365 DLP policies currently supports many sensitive data types which represent all types of information that an individual or business may want to product, information like US social security numbers, various European passport numbers or identity card numbers, credit card numbers and so on. At the time this post was written it support <b>82</b> sensitive types. These sensitive data types in many cases include a regular expression that is matched, an extensive list of keywords that are searched for within a proximity to the sensitive data, and in many cases a checksum that is calculated (for example, running the Luhn's algorithm on a suspected credit card number). An inventory of the sensitive data types supported along with exactly what each looks for can be found here: <a href="https://support.office.com/en-us/article/what-the-sensitive-information-types-look-for-fd505979-76be-4d9f-b459-abef3fc9e86b"></a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgefoxDrvTlq_0UyPEuktDYBfXAYeV8CbidbnvuILDODgpTKxZqqhrT5UMcX7vcDbPAtW_CXr0Um-NOGfWpmLeW1K4-cQVcRMF0Ne9Bqzs3quf_Ua2FPjR_avMbmlMHLcSlQXUyNzVUONE/s1600/existing-82-sensitive-data-types.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgefoxDrvTlq_0UyPEuktDYBfXAYeV8CbidbnvuILDODgpTKxZqqhrT5UMcX7vcDbPAtW_CXr0Um-NOGfWpmLeW1K4-cQVcRMF0Ne9Bqzs3quf_Ua2FPjR_avMbmlMHLcSlQXUyNzVUONE/s640/existing-82-sensitive-data-types.png" width="640" height="504" data-original-width="751" data-original-height="591" /></a></div><br />
You are also able to modify existing sensitive data types or create custom sensitive data types which not only get used by Office 365 DLP, but also by features like Office 365 Labels, and Office 365 Advanced Data Governance. You may want to create a custom sensitive data type if you have a custom piece of data within your organization that follows a particular well-defined pattern and that you need to look for within documents or emails. An example is if you have a custom format for an employee number. Another case is if you live in a country that has an identity card number format or driver's license format, for example, which is not represented by the built-in Office 365 sensitive data types.<br />
<br />
There are a few sites/articles out there that shares steps on how to do this, but I have found many of them to be incomplete. Recently we had to create some custom sensitive data types for a GDPR project and I wanted to share my experience at creating custom sensitive data types. <br />
<br />
In our walk-through, the example of a custom sensitive data type I'm going to use is EU Debit Card Number. We're going to envision a scenario where we're looking for this type of sensitive data as part of a GDPR project and we are getting enough false positives that we want to try to make looking for this type more accurate, by introducing new keywords, adjusting the proximity parameter and modifying the confidence level.<br />
<br />
<h3>Most Practical Approach</h3>The most practical approach when creating or customizing a sensitive data type is to create a new sensitive data type based on an existing one, giving it a unique name and identifiers. For example, if you wish to adjust the parameters of the “EU Debit Card Number” sensitive data type, you could name your copy of that rule “EU Debit Card Enhanced” to distinguish it from the original. In your new sensitive data type, simply modify the values you wish to change to improve its accuracy. Once complete, you will upload your new sensitive data type and create a new DLP rule (or modify an existing one) to use the new sensitive data type you just added. Modifying the accuracy of sensitive data types could require some trial and error, so maintaining a copy of the original type allows you to fall back to it if required in the future.<br />
<br />
<h3>Customize the Sensitive Data Type</h3>The following is the detailed step by step process that is necessary to create a custom sensitive data type or modify an existing one.<br />
<br />
<div style="margin-left: 40px;">1. Export the existing Rule Package of built in sensitive data types that are available in Office 365 </div><br />
<div style="margin-left: 60px;">a. At the PowerShell command prompt create a connection to Exchange Online:</div><div style="margin-left: 75px;"><pre class="prettyprint">$ UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
</pre><br />
<b>Note</b>: At the start of this example we have to use the Exchange Online PowerShell module and at the end of the example we're using the newer Security and Compliance Center PowerShell module. This is intentional.<br />
</div><br />
<div style="margin-left: 60px;">b. Export the current rule collection to an XML file:</div><div style="margin-left: 75px;"><pre class="prettyprint">$ruleCollection = Get-ClassificationRuleCollection
Set-Content -path "C:\exportedSensitiveTypes.xml" -Encoding Byte -Value $ruleCollection.SerializedClassificationRuleCollection
</pre></div><br />
<div style="margin-left: 60px;">c. Copy the XML file you just exported and give it a different file name – for example: MyNewDLPRule.xml. Keep the original exported rule xml file for reference while you’re constructing your new file.</div><br />
<div style="margin-left: 40px;">2. Open the XML file you just copied/renamed in your favorite XML editor</div><br />
<div style="margin-left: 40px;">3. You will need to generate 2 GUIDs and replace those in the sensitive data type that you are modifying. At the PowerShell command prompt, type the following and record your new GUID. Do this a second time and record that new GUID as well.</div><br />
<div style="margin-left: 60px;">New-Guid</div><br />
<div style="margin-left: 40px;">4. The XML file is large, so for simplicity we’re going to start with an existing sensitive data type and isolate it in our new rule xml file by removing all other sensitive data types. In this case, we’re going to modify the “EU Debit Card Number” sensitive data type. <br />
<br />
Note: the following details are important when modifying the rule’s XML structure.</div><br />
<div style="margin-left: 60px;">a. The <rulepack> element of the file contains information about the publisher, in this case Microsoft. It also contains localized versions of all the Publisher strings. The <rulepack> definition contains an id property which is the first place where you’ll need to replace the existing GUID with a new one you just generated.<br />
<br />
b. The <rules> element contains the definition of your sensitive data type.<br />
<br />
c. The <rules> element is made up of the <entity> element which defines the pattern to use, the <keyword> element which defines the list of keywords to match, a <regex> element which defines the regular expression that’s used in the pattern, and a <localizedstrings> element which defines the default and localized strings displayed in the DLP rule UI.<br />
<br />
d. The <entity> element contains an id property which is the second place where you’ll need to replace the existing GUID with a new one you just generated. This GUID is referenced further down within the <localizedstrings> element, as the id for a <resource> element. This <resource> element identifies both default and localized strings to use when displaying your sensitive data type in the DLP UI. If you are deleting <entity> and <resource> elements in order to simplify the XML file you are working with, ensure that you do not delete the <resource> element that is referenced using the GUID by your sensitive data type’s <entity> element.<br />
<br />
e. The <entity> element also contains several <match> elements, which identify the names of the keyword lists that are used by that sensitive data type. These appear as follows:<br />
<br />
<pre class="prettyprint"><any minmatches="1">
<match idref="Keyword_eu_debit_card">
<match idref="Keyword_card_terms_dict">
<match idref="Keyword_card_security_terms_dict">
<match idref="Keyword_card_expiration_terms_dict">
<match idref="Func_expiration_date">
</any>
</pre><br />
f. The keyword list named "Keyword_card_terms_dict" is defined further down in the XML file within a <keyword> element. In this case, the <keyword> element contains a <group> element and multiple <term> values, each of which define a keyword that is used by the Office 365 DLP to identify sensitive information. Keyword lists are often referred to as “corroborative evidence” when defining DLP rules. Keyword lists defined within the XML structure can be used by multiple sensitive data types – for example, the Credit Card Number and EU Debit Card Number sensitive data types share some of the same keyword lists. The same is true for <regex> definitions. Keyword lists defined in this file can be modified to add additional, more specific keywords or to remove keywords. Once again, if you are deleting <keyword> lists throughout the original XML file, ensure that you do not delete a <keyword> element that is referenced within your sensitive data types <entity> element.<br />
<br />
g. The <entity> element contains three elements which are used to define a pattern that the sensitive data type must match: IdMatch, Match, Any. In order to promote re-usability of definitions across multiple patterns, both the IdMatch and Match elements do not define the details of what content needs to be matched but instead reference it through the idRef attribute.<br />
</div><br />
<div style="margin-left: 40px;">5. Now that we have our sensitive data type XML file ready to edit, we’ll make some basic modifications in order to identify our sensitive data type as a new unique type when configuring a DLP rule. </div><br />
<div style="margin-left: 60px;">a. Modify the id property of the <RulePack> element. This id should be replaced with one of the new GUIDs we created.<br />
<pre class="prettyprint"><RulePack id="bd2568b4-b331-4387-b399-7e46065f6994">
</pre><br />
b. Within the <RulePack> element, find the <Publisher> element and replace its id property with the second of the new GUIDs we created.<br />
<pre class="prettyprint"><Publisher id="ac9a7b29-870f-4810-a96f-6b4080c67e5d" />
</pre><br />
c. Modify the id property of the <Entity> element which represents our sensitive data type. This id should be replaced with third of the new GUIDs we created.<br />
<pre class="prettyprint"><Entity id="48da7072-821e-4804-9fab-72ffb48f6f78" patternsProximity="300" recommendedConfidence="85">
</pre><br />
d. Within the <RulePack><Details><LocalizeDetails> element, find the <PublisherName>, <Name> and <Description> elements. Modify the value of these elements to unique values.<br />
<pre class="prettyprint"><Details defaultLangCode="en">
<LocalizedDetails langcode="en">
<PublisherName>Contoso</PublisherName>
<Name>Contoso Rule Package</Name>
<Description>Defines the set of classification rules for Contoso</Description>
</LocalizedDetails>
</pre><br />
e. Within the <LocalizedStrings> element, find the <Resource> element which had the same id as our <Entity> element and modify its id to match the GUID that we assigned to the id of the <Entity> element.<br />
<br />
f. Within the <LocalizedStrings><Resource> element we just modified, find the <Name> and <Description> elements and modify their values so that our sensitive data type has a unique name and description. This will help us better select the correct sensitive data type when we configure a DLP rule.<br />
<pre class="prettyprint"><Resource idRef="48da7072-821e-4804-9fab-72ffb48f6f78">
<Name default="true" langcode="en-us">EU Debit Card Number Enhanced</Name>
<Description default="true" langcode="en-us">Detects European Union debit card number with enhanced accuracy.</Description>
</Resource>
</pre><br />
g. If you are going to start with an existing sensitive data type and that type contains existing keyword lists in the definition, it is important to note that some keyword lists are in use by Microsoft’s built in sensitive data types and names of those lists may not be reused in other sensitive data type definitions. In the case of the “EU Debit Card Number” example, it makes use the following Microsoft keyword lists:<br />
<pre class="prettyprint"><Keyword id="Keyword_card_expiration_terms_dict">
<Keyword id="Keyword_card_security_terms_dict">
<Keyword id="Keyword_card_terms_dict">
</pre><br />
Those lists are currently in use by multiple built in sensitive data types and we are not permitted to reuse those names. Therefore, we must modify those names in the <Keywords> element such that they are unique, as follows:<br />
<pre class="prettyprint"><Keyword id="Keyword_card_expiration_terms_dict_enhanced">
<Keyword id="Keyword_card_security_terms_dict_enhanced ">
<Keyword id="Keyword_card_terms_dict_enhanced ">
</pre><br />
Those names must also be modified within the <Entity> element where they are referenced:<br />
<pre class="prettyprint"><Entity id="48da7072-821e-4804-9fab-72ffb48f6f78" patternsProximity="150" recommendedConfidence="85">
<Pattern confidenceLevel="85">
…
<Any minMatches="1">
…
<Match idRef="Keyword_card_terms_dict_enhanced" />
<Match idRef="Keyword_card_security_terms_dict_enhanced" />
<Match idRef="Keyword_card_expiration_terms_dict_enhanced" />
…
</Any>
</Pattern>
</Entity>
</pre></div><br />
<h3>Fine Tune a Sensitive Data Type to Avoid False Positives or Look for Organization-Specific Information</h3><br />
Now we’ll make some modifications to our custom sensitive data type in an attempt to improve its accuracy. Improving the accuracy of DLP rules in any system requires testing against a sample data set, and may require fine tuning through repetitive modifications and tests. When searching for an EU Debit Card Number in our example, the definition of that number is strictly defined as 16 digits using a complex pattern, and being subject to the validation of a checksum. We cannot alter this pattern due to the string definition of this sensitive data type. However, we can make the following adjustments in order to improve the accuracy of how Office 365 DLP finds this sensitive data type in our content within Office 365:<br />
<br />
<div style="margin-left: 40px;">1. Proximity Modifications<br />
We can modify the character pattern proximity to expand or shrink the window in which keywords must be found around the sensitive data type. In our case we’ll shrink the window by modifying the patternProximity value in our <Entity> element from 300 to 150 characters. This means that our corroborative evidence, or our keywords, must be closer to our sensitive data type in order to signal a match on this rule.<br />
<pre class="prettyprint"><Entity id="48da7072-821e-4804-9fab-72ffb48f6f78" patternsProximity="150" recommendedConfidence="85">
</pre><br />
2. Keyword Modifications<br />
We can add keywords to one of our <Keywords> element in order to provide our sensitive data type more specific corroborative evidence to search for in order to signal a match on this rule. These keywords could be organization specific keywords, or language specific keywords. Alternatively, we might find that some keywords are causing false positives to occur and as a result we may want to remove keywords. Keywords are added by navigating to our <Keywords> element for one of the three keyword lists provided with the “EU Debit Card Number” definition and adding additional <Term> elements, with the keywords as values (one <Term> per additional keyword).<br />
<pre class="prettyprint"><Keyword id="Keyword_card_terms_dict">
<Group>
<Term>corporate card</Term>
<Term>organization card</Term>
<Term>acct nbr</Term>
<Term>acct num</Term>
<Term>acct no</Term>
…
</Group>
</Keyword>
</pre><br />
3. Confidence Modifications<br />
We can modify the confidence with which the sensitive data type must match the criteria specified in its definition before a match is signaled and reported. This is done by modifying the confidenceLevel property on the <Entity><Pattern> element. The more evidence that a pattern requires, the more confidence you have that an actual entity (such as employee ID) has been identified when the pattern is matched. If you remove keywords from the definition, you would typically want to adjust how confident you are that this sensitive data type was found by lowering it from its default level of 85 in the case of the EU Debit Card Number type.<br />
<pre class="prettyprint"><Entity id="48da7072-821e-4804-9fab-72ffb48f6f78" patternsProximity="150" recommendedConfidence="85">
<Pattern confidenceLevel="85">
…
</Pattern>
</Entity>
</pre></div><br />
The following is a screenshot of our final sensitive data type definition file (with some elements collapsed):<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLNlZTgz1m6kXJFJVHRwdG-ujKmJyzCFCi3PskTT2XJ0TFmDXAAffzNcOf-jR-LGDUU7H41qICJvTvUgX5Ea6nfOi-3kk4T5-MABvbl6XlHZf-VSl6b-84U86g1fwS2H3JvHinL3j_2dY/s1600/EUDebitCardNumberEnhanced-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLNlZTgz1m6kXJFJVHRwdG-ujKmJyzCFCi3PskTT2XJ0TFmDXAAffzNcOf-jR-LGDUU7H41qICJvTvUgX5Ea6nfOi-3kk4T5-MABvbl6XlHZf-VSl6b-84U86g1fwS2H3JvHinL3j_2dY/s640/EUDebitCardNumberEnhanced-screenshot.png" width="640" height="360" data-original-width="1187" data-original-height="667" /></a></div><br />
<h3>Upload a New Sensitive Data Type</h3>Now that we've defined our sensitive data type in the XML file structure, we are going to upload it to our Office 365 tenant.<br />
<br />
<div style="margin-left: 40px;">1. At the PowerShell command prompt create a connection to the Office 365 Security & Compliance Center:<br />
<pre class="prettyprint">$ UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
</pre><br />
<b>Note</b>: At the start of this example we have to use the Exchange Online PowerShell module and at the end of the example we're using the newer Security and Compliance Center PowerShell module. This is intentional.<br />
<br />
2. Create a new Classification Rule in Office 365 and upload your sensitive data type XML definition file:<br />
<pre class="prettyprint">New-DlpSensitiveInformationTypeRulePackage -FileData (Get-Content -Path "C:\EUDebitCardNumberEnhanced.xml" -Encoding Byte)
</pre><br />
When the upload has completed successfully, the following output will appear in the PowerShell console:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXFfRvQSO7SgfA2Fe6XnztrBvlno3XUF5Sh43AgOM-uApTWs1Laj99vhKg38JEyBSzkb8f5wwX7FL_5G9hKOcFKXxGyI67O4EZgEoV5vjaxrUB1hfP_nElWtsYNFw4tBd6-3_2ohUuqY/s1600/Successsful+upload+of+sensitive+data+type+via+PowerShell.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXFfRvQSO7SgfA2Fe6XnztrBvlno3XUF5Sh43AgOM-uApTWs1Laj99vhKg38JEyBSzkb8f5wwX7FL_5G9hKOcFKXxGyI67O4EZgEoV5vjaxrUB1hfP_nElWtsYNFw4tBd6-3_2ohUuqY/s640/Successsful+upload+of+sensitive+data+type+via+PowerShell.png" width="640" height="320" data-original-width="677" data-original-height="339" /></a></div><br />
3. Trigger a re-crawl of the content within the site collections potentially containing the new sensitive data type<br />
<br />
4. Login to Office 365 as an administrator, navigate to the Security & Compliance Center, create a new Data Loss Prevention policy and select the new sensitive data type you just created.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQpdBKfV8oCOtrNxzZYku99Zf3TdtM_7ja_y-6DNrWH2WALHCjx7Hlx1s-HclP9xVbRQBSnXEtTFKLlJCW5hHWrrzS99HLSbcHzLyblLJXBjT4A2jq8irs6uiufrUYG-XRA3cUE8UUqcs/s1600/DLP+Rule+Configuration+with+EU+Debit+Card+Number+Enhanced.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQpdBKfV8oCOtrNxzZYku99Zf3TdtM_7ja_y-6DNrWH2WALHCjx7Hlx1s-HclP9xVbRQBSnXEtTFKLlJCW5hHWrrzS99HLSbcHzLyblLJXBjT4A2jq8irs6uiufrUYG-XRA3cUE8UUqcs/s640/DLP+Rule+Configuration+with+EU+Debit+Card+Number+Enhanced.png" width="640" height="584" data-original-width="999" data-original-height="911" /></a></div></div><br />
<h3>Full Disclosure</h3>You may find that some of this information is reprinted from a Microsoft article titled <a href="https://docs.microsoft.com/en-us/office365/enterprise/office-365-information-protection-for-gdpr">Office 365 Information Protection for GDPR</a>. This is because I worked with Microsoft to help write and produce that content, and I wanted to re-use some of that material to highlight another scenario. Of course, please refer to both this article and the Microsoft content to get your custom sensitive data type working correctly.<br />
<br />
<h3>More Information</h3>For more information, refer to the following helpful articles:<br />
<ul><li><a href="https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30" target="_blank">Create a custom sensitive information type</a> </li>
<li><a href="https://technet.microsoft.com/en-us/library/jj674704%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396" target="_blank">Developing sensitive information rule packages</a> </li>
</ul><br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.comtag:blogger.com,1999:blog-1409324927428377638.post-63826638854354222592017-11-14T13:40:00.004-05:002017-11-14T13:40:58.648-05:00A Beginner's Guide to Administering Office 365 with PowerShellWith Office 365 PowerShell, you can manage Office 365 for your organization using commands and scripts that streamline your day to day work. Microsoft provides several easy to use admin centers to help manage Office 365. However, whether you’re an Office 365 administrator yourself or a service owner for Office 365 in your organization (working with other administrators), you’ll quickly find that you need to go beyond the capabilities that these admin centers provide. PowerShell can help you automate tasks so that they are easily repeatable, it can help you script management tasks so that they are automatically performed on a schedule and it can help you quickly output large amounts of data about your Office 365 environment. As well, some Office 365 settings are only manageable using PowerShell, with no UX provided. In this session, you’ll learn how to get started with Office 365 PowerShell and how to quickly become productive with it, making you more productive and empowered as you manage your Office 365 environment.<br />
<br />
Thank you to those that attended my session today on this topic at SPTechCon DC! You were a great crowd with lots of great questions.<br />
<br />
My updated slides can be found here:<br />
<iframe src="//www.slideshare.net/slideshow/embed_code/key/oe4sAyfXxCD2HN" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"><strong> <a href="//www.slideshare.net/secret/oe4sAyfXxCD2HN" title="A beginners guide to administering office 365 with power shell antonio maio" target="_blank">A beginners guide to administering office 365 with power shell antonio maio</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div><br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com8tag:blogger.com,1999:blog-1409324927428377638.post-38612495936123366602017-11-06T08:41:00.000-05:002017-11-09T16:18:24.100-05:00Set a SharePoint Online Managed Metadata (Taxonomy) Field Value on a Document or ItemJust last week I had an interesting little project I was helping a client with where we needed to use PowerShell to set 2 metadata field values for a document in a SharePoint Online Document Library. I've done this before many times. However, the challenge here was that the metadata fields were managed metadata fields, configured as part of a corporate taxonomy using the Managed Metadata Service. <br />
<br />
My preferred method to accomplish this would have been <b>SharePoint PnP PowerShell module</b> using <b>Set-PnPTaxonomyFieldValue</b> (reference: <a href="https://msdn.microsoft.com/en-us/pnp_powershell/setpnptaxonomyfieldvalue">https://msdn.microsoft.com/en-us/pnp_powershell/setpnptaxonomyfieldvalue</a>). Unfortunately, for various reasons that wasn't possible in my client's environment so we had to resort to writing the PowerShell script ourselves.<br />
<br />
As many of you know, you cannot set managed metadata field values the same way you would a regular metadata field. In searching the web for some guidance on which methods to use, I found that out of the blogs and documentation available, much of it was either incomplete or incorrect. So, with the help of a few kind folks on Twitter, namely <b>Erwin Van Hunen</b> (@erwinvanhunen) and <b>Chris Kent</b> (@thechriskent), I was able to work out a solution. I'd like to share here how that was accomplished so that others might benefit from Erwin's and Chris' assistance and from my experience. I'll try to be as complete as possible here, so that you have a full solution.<br />
<br />
An important step is to download and install the latest SharePoint Online Client Components SDK. At the time of publishing, Microsoft had recently released a new version for <b>September 2017</b>, which can be downloaded from here: <b><a href="https://www.microsoft.com/en-ca/download/details.aspx?id=42038">https://www.microsoft.com/en-ca/download/details.aspx?id=42038</a></b>. This must be installed on the computer that will be running this script. Now onto our PowerShell code:<br />
<br />
First, we'll set some basic variables:<br />
<pre class="prettyprint">$UserCredentials = Get-Credential
$webUrl = "https://mytenant.sharepoint.com/sites/mySiteCol/mySubsite/"
$listName = "MyList"
$itemToEdit = "/sites/mySiteCol/mySubsite/MyList/MyDocument.docx"
$termGroupName = "My Term Group"
$targetField1Name = "Field 1"
$targetField2Name = "Field 2"
$targetField1Value = "Value 1"
$targetField2Value = "Value 2"
</pre><br />
Now, we setup our paths to the SharePoint Online Client Components SDK. Specifically, notice that we are using Microsoft.SharePoint.Client.Taxonomy.dll. These are the default paths where these DLLs should be installed on your computer.<br />
<pre class="prettyprint">$sCSOMPath = "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI"
$sCSOMRuntimePath=$sCSOMPath + "\Microsoft.SharePoint.Client.Runtime.dll"
$sCSOMTaxonomyPath=$sCSOMPath + "\Microsoft.SharePoint.Client.Taxonomy.dll"
$sCSOMPath=$sCSOMPath + "\Microsoft.SharePoint.Client.dll"
Add-Type -Path $sCSOMPath
Add-Type -Path $sCSOMRuntimePath
Add-Type -Path $sCSOMTaxonomyPath
</pre><br />
Next, we create our context and authenticate:<br />
<pre class="prettyprint">$context = New-Object Microsoft.SharePoint.Client.ClientContext($WebUrl)
$context.AuthenticationMode = [Microsoft.SharePoint.Client.ClientAuthenticationMode]::Default
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserCredentials.UserName, $UserCredentials.Password)
$context.Credentials = $credentials
</pre><br />
Now, we retrieve our managed metadata fields from our Document Library and create our Taxonomy fields:<br />
<pre class="prettyprint">#get the collection of lists in our site and find our list by name
$lists = $context.web.Lists
$context.Load($lists)
$list = $lists.GetByTitle($listName)
#get our target field objects
$field1 = $list.Fields.GetByInternalNameOrTitle($targetField1Name)
$field2 = $list.Fields.GetByInternalNameOrTitle($targetField2Name)
$context.Load($field1)
$context.Load($field2)
$Context.ExecuteQuery()
$txField1 =[Microsoft.SharePoint.Client.ClientContext].GetMethod("CastTo").MakeGenericMethod([Microsoft.SharePoint.Client.Taxonomy.TaxonomyField]).Invoke($Context, $field1)
$txField2 = [Microsoft.SharePoint.Client.ClientContext].GetMethod("CastTo").MakeGenericMethod([Microsoft.SharePoint.Client.Taxonomy.TaxonomyField]).Invoke($Context, $field2)
</pre><br />
Next, we create a session with the Managed Metadata Service and retrieve the terms we wish to set. This allows us to validate that the term values we're trying to set actually do exist in the term store.<br />
<pre class="prettyprint">$session = $spTaxSession = [Microsoft.SharePoint.Client.Taxonomy.TaxonomySession]::GetTaxonomySession($context)
$session.UpdateCache();
$context.Load($session)
$termStores = $session.TermStores
$context.Load($termStores)
$Context.ExecuteQuery()
$termStore = $TermStores[0]
$context.Load($termStore)
$Context.ExecuteQuery()
$groups = $termStore.Groups
$context.Load($groups)
$Context.ExecuteQuery()
$groupReports = $groups.GetByName($termGroupName)
$context.Load($groupReports)
$context.ExecuteQuery()
$termSetField1 = $groupReports.TermSets.GetByName($targetField1Name)
$termSetField2 = $groupReports.TermSets.GetByName($targetField2Name)
$context.Load($termSetField1)
$context.Load($termSetField2)
$context.ExecuteQuery()
$termsField1 = $termSetField1.GetAllTerms()
$termsField2 = $termSetField2.GetAllTerms()
$context.Load($termsField1)
$context.Load($termsField2)
$context.ExecuteQuery()
foreach($term1 in $termsField1)
{
if($term1.Name -eq $targetField1Value)
{
Write-Host "Found our term in the termset: $($term1.Name) with id: $($term1.id)"
break
}
}
foreach($term2 in $termsField2)
{
if($term2.Name -eq $targetField2Value)
{
Write-Host "Found our term in the termset: $($term2.Name) with id: $($term2.id)"
break
}
}
if(($term1.Name -ne $targetField1Value) -or ($term2.Name -ne $targetField2Value))
{
Write-Host "Missing term set values. Double check that the values you are trying to set exit in the termstore. Exiting."
exit
}
</pre><br />
Finally, find the item we want to edit, check it out (if file checkout is required), update the taxonomy metadata fields and check the document back in:<br />
<br />
<pre class="prettyprint">#get all items in our list
$listItems = $list.GetItems([Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery())
$context.Load($listitems)
$context.ExecuteQuery()
$itemFound = $false
foreach($item in $listItems)
{
If($($item["FileRef"]) -eq $ItemToEdit)
{
Write-Host "Found our item..."
$itemFound = $true
$context.Load($item.File)
$context.ExecuteQuery();
#Checkout the item and assign the content type to the document
if($item.File.CheckOutType -eq "None")
{
$item.File.CheckOut();
Write-Host "Item has been checked out"
}
#create a brand new field and set our Year managed metadata field
#you cannot simply reuse the term object you found above in the term store
$txField1value = New-Object Microsoft.SharePoint.Client.Taxonomy.TaxonomyFieldValue
$txField1value.Label = $term1.Name # the label of your term
$txField1value.TermGuid = $term1.Id # the guid of your term
$txField1value.WssId = -1 # the default value
$txField1.SetFieldValueByValue($item,$txField1value)
#create a brand new field and set our Period managed metadata field
#you cannot simply reuse the term object you found above in the term store
$txField2value = New-Object Microsoft.SharePoint.Client.Taxonomy.TaxonomyFieldValue
$txField2value.Label = $term2.Name # the label of your term
$txField2value.TermGuid = $term2.Id # the guid of your term
$txField2value.WssId = -1 # the default value
$txField2.SetFieldValueByValue($item,$txField2value)
#update the item with all changes
$item.Update()
$item.File.CheckIn("Item metadata values have been updated", 1)
Write-Host "Item has been checked in with updated metadata values"
$context.ExecuteQuery();
break;
}
}
if($itemFound)
{
Write-Host "Updating the item's metadata is complete."
}
else
{
Write-Host "Item not found: $itemToEdit"
}
</pre><br />
I'm sure there are ways to make some of this more efficient, and of course the most efficient method of all would be to use the <b>SharePoint PnP PowerShell module</b> using <b>Set-PnPTaxonomyFieldValue</b> (reference: <a href="https://msdn.microsoft.com/en-us/pnp_powershell/setpnptaxonomyfieldvalue">https://msdn.microsoft.com/en-us/pnp_powershell/setpnptaxonomyfieldvalue</a>) if you're environment allows it at the time. However, I wanted to paint a complete picture of what's involved in building such a script if you have to create it from scratch in PowerShell yourself.<br />
<br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com27tag:blogger.com,1999:blog-1409324927428377638.post-74553712561663375392017-08-14T11:05:00.001-04:002017-08-14T11:05:12.351-04:00Raise Your Office 365 Secure ScoreThanks to everyone that attended our webinar last week on Office 365 Secure Score.<br />
<br />
For many organizations moving to Office 365 or other Cloud services, the concepts of security, compliance and risk are complex. They require learning about how these security concepts have changed and how they’re now implemented in a Cloud first, Mobile friendly world. They often require working with security experts to evaluate the current state of the security for the Cloud application that you’re concerned about… and determining which security capabilities and features you are and are not yet making use of.<br />
<br />
When we worked in on premise server environments, things seemed almost easier in some ways because our server farms which hosted Exchange, SharePoint, Skype for Business and so on were all within our corporate networks. They were more under our control, and we felt some level of comfort from being able to stop internet traffic at the network boundary, usually through our firewalls or gateways. <br />
Regardless of how truly secure our not our networks and applications in fact were, we often gained some comfort from this boundary.<br />
<br />
With the advent of Cloud computing, with the desire to do work on a whole range of Mobile devices, even our own personal devices, and with the desire to access our services for work from anywhere in the world, moving to services which are hosted on servers and in data centers that are not under our control often feels like we’ve lost that comfort… that assurance that we’re controlling the security of our critical IT services, or it feels that we’ve given the management of our security over to someone else (that we can’t see, that we can’t talk to and that we don’t know). <br />
<br />
When, in actuality, often services like Office 365 are more secure than we could have ever hoped to deploy in our own environments… often we have more control over how our services are secured than we’ve ever had. We often just aren’t aware yet of the security benefits that come out of box with Office 365, and we’re not aware of the security capabilities that are available for us to use.<br />
<br />
<b>Office 365 Secure Score is a security analytics tool from Microsoft that comes with your Office 365 subscription. Its built to help us understand and navigate all of the security options that are available to us in Office 365. </b><br />
<br />
It’s a relatively new feature from Microsoft, released early this year. Its purpose is really to:<br />
<ul><li>Help us understand our current security posture</li>
<li>Help us understand which security features we are using and not yet using</li>
<li>Help us understand the impact of rolling out new security features to our end users and administrators, and what the security benefits are to us</li>
<li>Help us understand how we can improve our security posture, and it even tracks our progress over time</li>
</ul><br />
My presentation slides are available here:<br />
<br />
<iframe src="//www.slideshare.net/slideshow/embed_code/key/qeDDtzSQMRp4DC" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"><strong> <a href="//www.slideshare.net/AntonioMaio2/raise-your-office-365-secure-score-antonio-maio" title="Raise Your Office 365 Secure Score - Antonio Maio" target="_blank">Raise Your Office 365 Secure Score - Antonio Maio</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div><br />
Please reach out and let me know if you have any questions.<br />
<br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.comtag:blogger.com,1999:blog-1409324927428377638.post-58370194564791240192017-07-31T11:51:00.002-04:002017-07-31T11:51:47.201-04:00SPSNYC: Office 365 Security - MacGyver, Ninja or SWAT TeamThanks to everyone that attended my session at SharePoint Saturday NYC this past weekend. We had a great group in the room and some really good questions.<br />
<br />
This presentation was designed to address 3 different roles that may be charged with the responsibility of managing and securing their organization's Office 365 environment:<br />
<ul><li>MacGyver - or the IT Team Member that's self-trained, has been handed Office 365 and told to manage and secure it for the organization</li>
<li>Ninja - or the Security Expert who is formally trained, knows their stuff when it comes to information security and was given responsibility for securing their organization's Office 365 environment</li>
<li>SWAT Team - or the Information Security Team comprised of multiple security experts, with distributed roles and responsibilities</li>
</ul><br />
You can find the slides from my presentation here:<br />
<iframe src="//www.slideshare.net/slideshow/embed_code/key/nm2yCoRYxhU239" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"><strong> <a href="//www.slideshare.net/AntonioMaio2/office-365-security-macgyver-ninja-or-swat-team" title="Office 365 Security - MacGyver, Ninja or Swat team" target="_blank">Office 365 Security - MacGyver, Ninja or Swat team</a> </strong> from <strong><a target="_blank" href="https://www.slideshare.net/AntonioMaio2">AntonioMaio2</a></strong> </div><br />
Please feel free to reach out to me if you have any questions at all.<br />
<br />
Enjoy.<br />
-Antonio<br />
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com39tag:blogger.com,1999:blog-1409324927428377638.post-3108676693870174812017-05-16T13:21:00.000-04:002017-05-16T14:33:09.911-04:00SharePoint Virtual Summit 2017 - Share with Confidence! #SPSummit<table><tr> <td valign="top"><br />
Today Microsoft hosted one of the most highly anticipated SharePoint events:<br />
<b>SharePoint Virtual Summit</b>!<br />
<br />
Many of us have been looking forward to this event for weeks and today's event did not disappoint. I tend to focus on the security and governance capabilities when it comes to SharePoint and Office 365, and one of the lines in today's <b>#SPSummit</b> that struck me most was the phrase <b>'Share with Confidence'</b>! Those of us that work with information every day, even those whose job it is to secure information or oversee the security of information systems, we want to share information with others. Information sharing is a key principle of any collaboration solutions like SharePoint Online. However, we want to be confident that we're sharing with the right people, under the right conditions, and that the information we share is still being protected. Some of today's SharePoint Online announcements really do help improve the Sharing experience in Office 365 so that we can <b>Share with Confidence</b>! <br />
</td> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUBsm6uJSc_H740Sk2e90FVd0LEaPE2chBVvnRIKyBKS4VgU7cUQQ7Wm9Wqj2LAuRT8fmYI4jZSHsJ1yxOysjFOu_DLe8bpAyGpVxlFdlgXW9XPCEyjuWF5jPgvgHYeN7Af9JKh4W90As/s1600/sp+summit+-+share+with+confidence.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUBsm6uJSc_H740Sk2e90FVd0LEaPE2chBVvnRIKyBKS4VgU7cUQQ7Wm9Wqj2LAuRT8fmYI4jZSHsJ1yxOysjFOu_DLe8bpAyGpVxlFdlgXW9XPCEyjuWF5jPgvgHYeN7Af9JKh4W90As/s400/sp+summit+-+share+with+confidence.jpg" width="400" height="231" /></a></div></td> </tr>
</table><br />
Here are some of my favorite announcements from today that I believe help us better secure our content and share it confidently with others...<br />
<a name='more'></a><br />
<ul><il><b>OneDrive for Business On-Demand Files in Windows File Explorer and Mac Finder</b><br>
Its really important to note that this was demo'ed in the Windows File Explorer on the desktop, not in the web browser! This was actually announced last week at Microsoft Build 2017 but I think showing it in the context of SharePoint Online is also really important. OneDrive for Business is <u>my place</u>, as a user, to store and manage files that I'm working on and might not be ready or appropriate to share with a team. However, OneDrive for Business plays a very important sharing role in my organization in that it also allows me to share my files with anyone. Having better tools to manage what is and is not in OneDrive for Business and allow me to share directly from my desktop, allows me to view and manage my content more easily, allows me to share with others more directly, and therefore allows me to better manage what I have and have not shared. The sharing experience has been simplified, so you can share a file or folder with specific people or send a link that enables anyone who needs access, inside or outside your organization. In addition, you can now control how long a link provides access, and you can easily view and modify the permissions you have granted. The new sharing experience is the same, whether you share on the web, in Explorer on Windows 10 and Windows 7, or in Finder on Mac. </il> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVx3_itnPt-orq_9r_u9l2u7jEzO16fyGlW4wYytsuyrh4-yh87yZtk5pDBH_df-gqa1sDZCU_VcL2xNt2K4Hn4dyEI7oITg4BumTtxObQYdsaiVZ_GBxrhlTK9SvonGB6yX79a9p1DIU/s1600/spsummit+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVx3_itnPt-orq_9r_u9l2u7jEzO16fyGlW4wYytsuyrh4-yh87yZtk5pDBH_df-gqa1sDZCU_VcL2xNt2K4Hn4dyEI7oITg4BumTtxObQYdsaiVZ_GBxrhlTK9SvonGB6yX79a9p1DIU/s640/spsummit+1.png" width="640" height="389" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsbGGBiSGX_H5l_JTf9baUNOs5fJuRB4E16PZ0CcJ2ajtY0u4_PLwKTckSqQD3vfwl4xhOW6MLvrOAWdcTO1Sd6zVOFPp14tVtQDZjPgkqc_UBzg0VIvG7dJJoxHhyPX20nA9yMmddH3w/s1600/spsummit+2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsbGGBiSGX_H5l_JTf9baUNOs5fJuRB4E16PZ0CcJ2ajtY0u4_PLwKTckSqQD3vfwl4xhOW6MLvrOAWdcTO1Sd6zVOFPp14tVtQDZjPgkqc_UBzg0VIvG7dJJoxHhyPX20nA9yMmddH3w/s400/spsummit+2.jpg" width="400" height="299" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRXhwZHvhAVBsgp7KaAonyWuEW5VOGTI88HSLGSN9C__7h8X_fGPSp-CWs5P8PNKNi0WirapsVblcsleeAV9GDxnoB6TTwXnynfzSRLud-uZsx7VtvE_4UdoPwz5rw023LWOmsco4HJ-4/s1600/spsummit+6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRXhwZHvhAVBsgp7KaAonyWuEW5VOGTI88HSLGSN9C__7h8X_fGPSp-CWs5P8PNKNi0WirapsVblcsleeAV9GDxnoB6TTwXnynfzSRLud-uZsx7VtvE_4UdoPwz5rw023LWOmsco4HJ-4/s640/spsummit+6.png" width="640" height="359" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivD2dJbp7E3JUs4-kCL3L3eAemNb8rcSjs03ox9VREd38YN3An5140OZQlGP0Ff2jIJgTbnnIMVOU0n09scD6CaHr16yOLFTAss__4ny8jEQ42jWtbYE6Oyj36DzvsjPi6Dr86ysZvC5w/s1600/spsummit+7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivD2dJbp7E3JUs4-kCL3L3eAemNb8rcSjs03ox9VREd38YN3An5140OZQlGP0Ff2jIJgTbnnIMVOU0n09scD6CaHr16yOLFTAss__4ny8jEQ42jWtbYE6Oyj36DzvsjPi6Dr86ysZvC5w/s400/spsummit+7.png" width="400" height="340" /></a></div><br>
<il><b>New SharePoint Online Admin Center</b><br>
So this feature truly is one of my favorites for today's summit! I'm almost inclined to say 'It's about time!', but I won't go that far! :-) Microsoft announced the new SharePoint Admin Center, which will begin rolling out in the 4th quarter of 2017. From the homepage, you can see how much more interactive and useful it is, with a Service Health dashboard designed specifically for the needs of SharePoint administrators, interactive usage reports and message center posts. You can easily work with the many SharePoint settings that are available to configure sharing, access and the service generally. the new dynamic site management page lets you view, filter and edit the configuration of all of your SharePoint sites, including those connected to Office 365 Groups (finally!!). </il> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgBqp1rqfHhUNskd_WqIJSA9pQoZLTZDSBqlNnpz810uhEgNVu177Cn3J0BCLQkyye3qhsBz4sPEDn3uDlccuA35piccyFxZcNJOosy0MGSl9pRLhRrx8A5l0FZNSkd7OW0GjdKdPtRcY/s1600/spsummit+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgBqp1rqfHhUNskd_WqIJSA9pQoZLTZDSBqlNnpz810uhEgNVu177Cn3J0BCLQkyye3qhsBz4sPEDn3uDlccuA35piccyFxZcNJOosy0MGSl9pRLhRrx8A5l0FZNSkd7OW0GjdKdPtRcY/s640/spsummit+3.png" width="640" height="426" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRs5SzaL49pAorVGHkFYZY6X8_fLCIyGxQmaP1tEkXRaTedUKkjuRbD82eLDVFznMtVlLTFQgWnuvVKMqnssdsXcrsoxOFtrkRUg6Kk3os6UmkdbGlkm5Qadka3V7TtTEfEJvMGhuxAuE/s1600/spsummit+4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRs5SzaL49pAorVGHkFYZY6X8_fLCIyGxQmaP1tEkXRaTedUKkjuRbD82eLDVFznMtVlLTFQgWnuvVKMqnssdsXcrsoxOFtrkRUg6Kk3os6UmkdbGlkm5Qadka3V7TtTEfEJvMGhuxAuE/s640/spsummit+4.png" width="640" height="427" /></a></div><br>
I cannot wait to start using this new SharePoint Admin Center!!!
<br>
<br>
<il><b>Conditional Access Configuration by Site Collection</b><br>
Over this last year, Microsoft has provided some great new capabilities to configure access controls for how SharePoint Online sites are shared. These options allow us to control access based on network location (by specifying IP address ranges), domains (either block or allow), use of modern authentication, forcing a user to accept a sharing invitation from the same address it was sent to, permissions allowed on files and folders, types of links, expiry of links and whether devices are domain joined or not (with the help of InTune). These have been very helpful, but they have been primarily configured from 1 admin console page and apply to all SharePoint sites. Today's feature announcements will allow us to configure these settings different for each site. This allows us to get more specific about how sharing is permitted for each individual site, which is a very welcome improvement! We often have different sites created for different purposes or audiences, which require different sharing settings or access controls.</il> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUz0Icojhzt8EzhygA8Adkmg2h1-sgAdA6vg1JN0U_UxZBhvgQ59xySiorUEy71xGAoWFC4mEOX18IAbmHU9fRmGDrPnRYY3V55dAWsxg6qiEIn4PaBBJmqOLHTX-3jrQX8gYC-xmdBmw/s1600/spsummit+5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUz0Icojhzt8EzhygA8Adkmg2h1-sgAdA6vg1JN0U_UxZBhvgQ59xySiorUEy71xGAoWFC4mEOX18IAbmHU9fRmGDrPnRYY3V55dAWsxg6qiEIn4PaBBJmqOLHTX-3jrQX8gYC-xmdBmw/s640/spsummit+5.png" width="640" height="400" /></a></div></ul><br />
Check out the SharePoint Team's blog with the full set of announcements here: <a href="https://blogs.office.com/2017/05/16/new-sharepoint-and-onedrive-capabilities-accelerate-your-digital-transformation/">https://blogs.office.com/2017/05/16/new-sharepoint-and-onedrive-capabilities-accelerate-your-digital-transformation/</a>.<br />
<br />
This is a truly great event with so much useful information shared! <br />
I am so very impressed at how Microsoft continues to innovate in this space to continually bring us new features and value to help us improve the security of our Office 365 and SharePoint Online environments!<br />
<br />
Enjoy!<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com18tag:blogger.com,1999:blog-1409324927428377638.post-26574058727726312592017-04-10T10:25:00.000-04:002017-04-10T10:25:22.234-04:00Office 365 Audit Log Data - How long are my logs retained for?I'm a big fan of the Unified Audit Log in Office 365. Its a fantastic tool for monitoring user activity for suspicious behavior, getting automated alerts when particular activities occur and investigating data breaches. I'm talking about the central logging facility within Office 365 that collects log data from many Office 365 workloads, and can be searched in the Office 365 Security and Compliance Center: Go to <a href="https://protection.office.com">https://protection.office.com</a> > Click Search & Investigate > Click Audit Log Search.<br />
<br />
I often get asked the question, how long are Office 365 log entries stored or retained for? There are several answers...<br />
<a name='more'></a><br />
<br />
<h3>Office 365 Unified Audit Log</h3>Microsoft has stated that audit log entries in the Unified Audit Log are stored for <b>90 days</b>. <br />
<table><tr> <td valign="top"><br />
As an admin, you <u>cannot</u> modify this retention period. Once the age of any log entry passes 90 days, it's supposed to be purged from the log. However, I've tested this on several occasions and found that log entries can still be found in the system after the 90 day mark, as in the following example to the right.<br />
<br />
Notice in the screenshot, the current date is April 8, 2017 but there are log entries showing up from the week of Dec 5, 2016.<br />
</td> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvjRt2S_7Z1VS-qWbM13EwjC4N4uduhvo-0P4VV1hF37wxK6_u-PnhH6FTa05LKJaCV3CfPzK_s0bG46yCGZA_YiihkrZwcBusOhzqmtlTMcXlWkDCJdeIQRyb-FV2IhPR6Tl-c9YbZxU/s1600/2017_04_08_11_36_56_.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvjRt2S_7Z1VS-qWbM13EwjC4N4uduhvo-0P4VV1hF37wxK6_u-PnhH6FTa05LKJaCV3CfPzK_s0bG46yCGZA_YiihkrZwcBusOhzqmtlTMcXlWkDCJdeIQRyb-FV2IhPR6Tl-c9YbZxU/s400/2017_04_08_11_36_56_.png" width="400" height="199" /></a></div></td> </tr>
</table><br />
<h3>Exchange Online Mailbox Audit Entries</h3>The Unified Audit Log does not include Exchange mailbox data unless you enable Exchange Mailbox Auditing for each mailbox in your tenant. This can only be done through PowerShell. Here is an example of a simple script that you can use to enable mailbox auditing on all mailboxes in your tenant and configure a few useful settings:<br />
<br />
<div style="margin-left: 3em;">#retrieve mailboxes for all users<br />
$mailboxes = get-mailbox<br />
<br />
foreach($mailbox in $mailboxes)<br />
{<br />
<div style="margin-left: 3em;">if($mailbox.AuditEnabled -eq $false)<br />
{<br />
<div style="margin-left: 3em;">Set-Mailbox -identity $mailbox.UserPrincipalName -AuditEnabled $true -AuditLogAgeLimit 90 <br />
Set-Mailbox -identity $mailbox.UserPrincipalName -AuditOwner Create,HardDelete,MailboxLogin,Move,MoveToDeletedItems,SoftDelete,Update <br />
Set-Mailbox -identity $mailbox.UserPrincipalName -AuditAdmin Copy,Create,FolderBind,HardDelete,MessageBind,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update<br />
Set-Mailbox -identity $mailbox.UserPrincipalName -AuditDelegate Create,FolderBind,HardDelete,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update<br />
</div>}<br />
</div>}<br />
</div><br />
Once enabled, Exchange Online mailbox audit data is retained by default for <b>90 days</b>.<br />
<br />
Notice the parameter used in the 7th line of my script: -AuditLogAgeLimit. This parameter is the number of days that Exchange mailbox audit data is retained for. The way Exchange mailbox auditing works is that Exchange Online actually stores audit log data for a particular mailbox within the mailbox itself, in a hidden folder. There is a background synchronization process which transfers this log data multiple times per day from Exchange Online to the Office 365 Unified Audit Log - mailbox audit events are transferred to the unified audit log <b>every 30 minutes</b>. In this PowerShell example, I'm setting that parameter to 90 days, which is the default setting. However, you can set it higher - to 180 days for example. Although the Unified Audit Log is supposed to purge data after 90 days, audit data in Exchange Online mailboxes will be retained longer if you set this parameter higher.<br />
<br />
You can search mailbox audit data through the Office 365 Unified Audit Log, but you can also search mailbox audit data specifically using the following PowerShell: <br />
<br />
<center>Search-MailboxAuditLog</center><br />
<h3>Advanced Security Management (ASM)</h3>If you have an E5 license or you have the Advanced Security Management license add-on, then ASM will subscribe to the unified audit log and transfer audit log data from Office 365 to its associated Azure instance. You cannot access this Azure instance because its used internally by ASM, however you can search audit log entries in ASM by using its audit log UX. To start this audit log transfer process, the first time you access ASM you'll be asked to select a checkbox labeled "Turn on Advanced Security Management in Office 365" and click the "Go to Advanced Security Management" button.<br />
<br />
The audit log entries within ASM start with log data transferred from the Office 365 unified audit log. However, they are enhanced with heuristics, with data from the Microsoft Intelligent Security Graph, with IP address ranges and user groups that you identify in ASM, and finally with data that's collected as you manage ASM Alerts.<br />
<br />
Advanced Security Management will retain this audit log data for <b>6 months</b>. <br />
<br />
<h3>Other Options</h3>If you need to retain audit log data for longer periods of time, there are other options available: <br />
<ul><li>You can download log data from the Unified Audit Log using PowerShell: <b>Search-UnifiedAuditLog</b>. You can run a script calling this command for the current day, on a daily basis scheduled using a Windows scheduled task, and store the resulting log file on premise for as long as you want.</li>
<li>You can use the PowerShell cmdlet mentioned to download audit log data daily and integrated it into an on premise SEIM solution.</li>
<li>You can subscribe to one of several hosted solutions which integrate with the Office 365 Unified Audit Log and store audit log entries longer term. An example of one of these solutions is <b>Microsoft Operations Management Suite</b>. This solution will subscribe to the Unified Audit Log in your tenant using the Management Activity API and it will store entries for as long as you wish. You can get more information on this integration here: <a href="https://blogs.technet.microsoft.com/msoms/2016/05/13/oms-office-365-management-solution-now-in-public-preview/">Microsoft Operations Management Suite with Office 365</a>.</li>
</ul><br />
<h3>More Information...</h3>Microsoft documentation on searching the Office 365 Unified Audit Log can be found here: <a href="https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US#ID0EABAAA=Intro">Search the audit log in the Office 365 Security & Compliance Center</a>.<br />
<br />
You can find more information on Advanced Security Management on this blog at this series of articles:<br />
<ul><li><a href="http://www.trustsharepoint.com/2016/12/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 1: Introduction & Audit Logs</a></li>
<li><a href="http://www.trustsharepoint.com/2017/01/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 2: Productivity App Discovery Dashboard</a></li>
<li><a href="http://www.trustsharepoint.com/2017/02/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 3: Security Policies</a></li>
</ul><br />
Enjoy.<br />
-Antonio<br />
<br />
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com54tag:blogger.com,1999:blog-1409324927428377638.post-60412935382664955922017-04-03T17:18:00.000-04:002017-04-03T17:38:10.583-04:00Security Controls in the OneDrive for Business Admin Center <table><tr> <td valign="top">Microsoft recently added a new and extremely helpful Admin Center to Office 365 specifically for OneDrive for Business. <br />
<br />
In terms of additional security controls this is a great addition because it allows us to more easily control access and sharing specifically in OneDrive for Business, and not just SharePoint Online. Many of the external sharing settings overlap with those already available for SharePoint Online sites. However, this is a very good start and we look forward to seeing more capabilities added over time to help us control and manage how our users share content with those outside of our organizations.<br />
<br />
For now, let's take a closer look at the security controls now available for OneDrive for Business..<br />
</td> <td><div class="separator" style="clear: both; text-align: center;"><a href="http://www.trustsharepoint.com/2017/04/security-controls-in-onedrive-for.html#more" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihGTNqZ2kpnbaF-FE6T7vtE8xYJxbzZmDhV7dICX8w0PD5kEvFFee9snUoAHHhh9iRKmm3PyxoxntUISFLORS7Ye02RTR571vTKfCYdMpWyxBdfGEBRiw2arO6ViXx3ua7rkNWVvt2xio/s400/onedrive+for+business+admin+console.png" width="400" height="264" /></a></div></td> </tr>
</table><a name='more'></a><br />
<br />
<br />
The first option available on the left side is the Sharing page. This provides the following security controls to allow us to better administer sharing with external users.<br />
<br />
<h3>Enabling and Disabling External Sharing</h3><table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEkLaPxSDXGdDVKcQuRZmtdBhCMwdoweAABAbYwBr25vT1loH5mSgELDwmhlEplPZIDSf3JkwiOx_4iulMAcH9W_cexpbwWsKUR8neUZFO7QeA2RIxVF2RZy1Z2gx9Vpf7txJ74AP85Mo/s1600/onedrive+for+business+admin+console+6-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEkLaPxSDXGdDVKcQuRZmtdBhCMwdoweAABAbYwBr25vT1loH5mSgELDwmhlEplPZIDSf3JkwiOx_4iulMAcH9W_cexpbwWsKUR8neUZFO7QeA2RIxVF2RZy1Z2gx9Vpf7txJ74AP85Mo/s640/onedrive+for+business+admin+console+6-2.png" width="557" height="640" /></a></div></td> <td><br />
<ul><li>The first thing we notice is there is a switch for <b>Let users share <u>SharePoint</u> content with external users</b>. This will actually disable or enable external sharing for all SharePoint site collections. Once enabled you can select the type of external sharing permitted as well: <br />
<ul><li>only existing external users (sign-in required)</li>
<li>new and existing external users (sign-in required)</li>
<li>anyone including anonymous users.</li>
</ul>This control performs the same function as the switch found in Office 365 Admin Center > Settings > Services & Add-Ins > Sites. <br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWRcoQd0-BUZrKoUy9DDOfzLWDC2T4_poFfTOo6Y7sLCiBTNWaxidPrTOwRdE0oidMJ27Jnwd97et06UP95JCMgpl9LQju6Y4ma0m4bwqB5CwNWRyLYR5_pzBXML4v9QTxxlBTZ-wHNyI/s1600/external+sharing+control+in+admin+center+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWRcoQd0-BUZrKoUy9DDOfzLWDC2T4_poFfTOo6Y7sLCiBTNWaxidPrTOwRdE0oidMJ27Jnwd97et06UP95JCMgpl9LQju6Y4ma0m4bwqB5CwNWRyLYR5_pzBXML4v9QTxxlBTZ-wHNyI/s320/external+sharing+control+in+admin+center+2.png" width="320" height="154" /></a></div><br />
This control also performs the same function as the switch found in SharePoint Admin Center > Sharing.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGIq7gj6cH5H4mmC4hylSpwFGIUyfvC_22WgIXx3jFvcLklU5df3fYMnlhpcqCdQ738V5GJOF7jxhdohzmmM9-i0HXynHoWtJmds1YD5Icv570vaxqX5B0iWBQ-2nNJZu8fHi6i2MmLno/s1600/sharepoint+admin+center+controls+for+external+sharing+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGIq7gj6cH5H4mmC4hylSpwFGIUyfvC_22WgIXx3jFvcLklU5df3fYMnlhpcqCdQ738V5GJOF7jxhdohzmmM9-i0HXynHoWtJmds1YD5Icv570vaxqX5B0iWBQ-2nNJZu8fHi6i2MmLno/s320/sharepoint+admin+center+controls+for+external+sharing+2.png" width="320" height="178" /></a></div>If you turn external sharing OFF in any of these 3 locations, you turn it off for all SharePoint Online site collections in the tenant. If you modify sharing settings in any of these consoles, you modify them in all 3 consoles at once and you ultimately affect all SharePoint site collections.<br />
<br />
A reason that this control is replicated in a few locations is that it allows administrators with different roles to have top-level control over external sharing. You can have a global administrator turn it off or modify what is permitted at the tenant level, or you can have a SharePoint Online administrator (who may not have Office 365 Admin Center access) turn it off for all site collections.<br />
<br />
</li>
<li>Next we have a switch for <b>Let users share <u>OneDrive</u> content with external users</b>. This will specifically disable or enable external sharing for OneDrive for Business site collections. It will not alter external sharing settings for SharePoint sites.<br />
<br />
You may also control the type of external sharing permitted specifically for OneDrive for Business sites, with the same settings that are available for SharePoint sites. SharePoint and OneDrive external sharing may have differing settings, so that one is more restrictive than the other. Its important to note that this setting must be <b>at least</b> as restrictive as the SharePoint external sharing settings:<br />
<ul><li>If SharePoint external sharing is set to 'Only existing external users', then OneDrive may only have this setting</li>
<li>If SharePoint is set to 'New and existing external users', then OneDrive may have either 'Only existing external users' or 'New and existing external users'</li>
<li>If SharePoint is set to 'Anyone, including anonymous users', then OneDrive may have any of the 3 settings</li>
</ul>When you modify these settings, you are in effect modifying the sharing settings for your MySite host site collection: https://<tenant name>-my.sharepoint.com. You can modify the settings in the OneDrive for Business admin center, and then check the sharing settings in the SharePoint admin center for the MySite site collection and see the changes reflected there. However, if you do this make sure that when you switch to the SharePoint Online admin center, that you refresh your browser so that the new sharing settings are retrieved for your site collection.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijZoXZ0LWxx4sYWqyOe4JfS1zqpFZjdh35Q3YK1D4i5tLd-o2MSa05z2vGGuI3zhnFDvTBdzNX_IIYD0eU9cyQ2THnaO4ZIuGrQHZygK5Kl3d45iPAWfInpwFgWcQcHF-WmTzpjrUCCGk/s1600/onedrive+for+business+admin+console+8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijZoXZ0LWxx4sYWqyOe4JfS1zqpFZjdh35Q3YK1D4i5tLd-o2MSa05z2vGGuI3zhnFDvTBdzNX_IIYD0eU9cyQ2THnaO4ZIuGrQHZygK5Kl3d45iPAWfInpwFgWcQcHF-WmTzpjrUCCGk/s320/onedrive+for+business+admin+console+8.png" width="320" height="201" /></a></div><br />
Its also important to note that for OneDrive for Business external sharing in this admin console, you are select these settings for <b>all</b> OneDrive sites. You cannot change these settings on a site by site basis for OneDrive, like you can for SharePoint sites, unless you use PowerShell (see PowerShell capabilities described below).<br />
</li>
</ul></td> </tr>
</table><br />
The other controls available in the OneDrive admin center are similar to the features we've seen added to the SharePoint Online sharing page.<br />
<br />
<h3>Default Links and Anonymous Links</h3><table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNPMzc2eUlFUlWTf5exEldhvhS368kH17mSA-HyJ1Czq9avfqEfDsGSdb-MbCL8h7tputghj24XRL8ZzBGoenv8p66Tc820HqYBemU7hW2HvmKgFrA5SJV3NFTk5jiqYl_xwhx626rEy4/s1600/onedrive+for+business+admin+console+1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNPMzc2eUlFUlWTf5exEldhvhS368kH17mSA-HyJ1Czq9avfqEfDsGSdb-MbCL8h7tputghj24XRL8ZzBGoenv8p66Tc820HqYBemU7hW2HvmKgFrA5SJV3NFTk5jiqYl_xwhx626rEy4/s400/onedrive+for+business+admin+console+1.png" width="400" height="247" /></a></div></td> <td valign="top"><br />
<ul><li>Next we select the default link type. This defines the type of link which is created when a user selects <b>Get a Link</b> when they share a file or folders. You can select:<br />
<ul><li>Direct Links, which are accessible only by users who already have permissions to access the item.</li>
<li>Internal Links, which are accessible by anyone within your organization.</li>
<li>Anonymous Links, which are accessible by anyone that has the link. You can forward the link to other users, either within or outside your organization and they'll be able to access the item.</li>
</ul><br />
Remember, this only sets the <u>default</u>. You may set the default here to Direct Links so that when a user clicks Get a Link they get a Direct Link by default. But users can select Anonymous Links as an option if the dropdown list below 'Let users share OneDrive content with external users' is set to 'Anyone, including anonymous users'.</li>
<li>If we have enabled anonymous links, we can select some controls for those anonymous links, such as:<br />
<ul><li>An expiration period for anonymous links (in days), which I highly recommend if you're going to enable anonymous links.</li>
<li>The file permissions available to an anonymous user accessing a file, like View or View and Edit.</li>
<li>The folder permissions available to an anonymous user accessing a folder, like View or View, Edit and Upload.</li>
</ul></li>
<li>Its important to note that these settings affect both SharePoint Online and OneDrive for Business external sharing. If you modify these settings, the corresponding settings in the SharePoint Online admin center's Sharing page will also be modified to match:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYNGULEnxmQRi1zu0vFwnrB69j2wuS4iOUNGjSAfpL1NQJ0Ck38VU5kwfNEhLqIfZB9FD-VbigqgvifehLZQxtSCsLmeklHF7Udl9Nt14PNHfX2-C54ur7XBgP3zGz_YodbrVRkphKm24/s1600/external+sharing+control+8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYNGULEnxmQRi1zu0vFwnrB69j2wuS4iOUNGjSAfpL1NQJ0Ck38VU5kwfNEhLqIfZB9FD-VbigqgvifehLZQxtSCsLmeklHF7Udl9Nt14PNHfX2-C54ur7XBgP3zGz_YodbrVRkphKm24/s320/external+sharing+control+8.png" width="320" height="220" /></a></div></li>
</ul></td> </tr>
</table><h3>Control External Sharing Domains and What External Users Can Do</h3><table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhplR2j0aOwkBfH_V-Pljf3y2vpaRQKdgoAbtazfs-oF9cjsg2UbzwJc_nMEE6xPQzIKrEG2pUUnGkYBhyoKRpRXxHBbI_xGIvY_hAbNS2mNGbEI9THCL-y37vkQOyhqkrocZNDjtp5hNs/s1600/onedrive+for+business+admin+console+-+domains+and+actions.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhplR2j0aOwkBfH_V-Pljf3y2vpaRQKdgoAbtazfs-oF9cjsg2UbzwJc_nMEE6xPQzIKrEG2pUUnGkYBhyoKRpRXxHBbI_xGIvY_hAbNS2mNGbEI9THCL-y37vkQOyhqkrocZNDjtp5hNs/s400/onedrive+for+business+admin+console+-+domains+and+actions.png" width="400" height="158" /></a></div></td> <td valign="top"><br />
<ul><li>You may wish to prevent users in your organization from sharing externally with specific domains. Alternatively, you might decide that you wish to permit external sharing, but to only specific domains. This can be controlled by creating either an Allow List or a Deny List in which you specify the domains. You first select the 'Allow or block sharing with people on selected domains' checkbox, then you click Add Domains, then you select Allow or Deny from the dropdown list and finally you specify one or more domains (separated by spaces). You can only have an allow list <u>or</u> a deny list - you cannot have both at the same time.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhineeDfWVCveQ_mN-stYuScE5frGDm5Tnkdoei6SmHGjwxmO8k62Jx2EnsC29eB9T4UjteTAjFM7saHCqL78nt1NtLLrJtmXO_FGNSX5wUzpU1vGXpiqsIUb56wPBE1St-Hs9huOu45FI/s1600/onedrive+for+business+admin+console+-+domains+and+actions+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhineeDfWVCveQ_mN-stYuScE5frGDm5Tnkdoei6SmHGjwxmO8k62Jx2EnsC29eB9T4UjteTAjFM7saHCqL78nt1NtLLrJtmXO_FGNSX5wUzpU1vGXpiqsIUb56wPBE1St-Hs9huOu45FI/s320/onedrive+for+business+admin+console+-+domains+and+actions+2.png" width="320" height="251" /></a></div><br />
The domain settings selected here are also the same as those selected for SharePoint Online. As with earlier settings, if you modify these settings, you will also modify those in the SharePoint Online admin center's Sharing page:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7OAah7zi8gDwrSRBLOiVn6EupwXgThMz0FGv6ydo3W7vY5jDdQqBASAjOFBoEPDDxLfq4ySmLbz9zOKndlAmjtzGv7tqJbE9-yZVviOplVKNGEIb0KnPGmeFE09gNXUlGzPo6bea9A4U/s1600/external+sharing+control+9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7OAah7zi8gDwrSRBLOiVn6EupwXgThMz0FGv6ydo3W7vY5jDdQqBASAjOFBoEPDDxLfq4ySmLbz9zOKndlAmjtzGv7tqJbE9-yZVviOplVKNGEIb0KnPGmeFE09gNXUlGzPo6bea9A4U/s320/external+sharing+control+9.png" width="320" height="167" /></a></div></li>
<li>You may select if external users must accept a sharing invitation (and authenticate to Office 365) using the same email account that the invitation was sent to. I highly recommend this setting be checked ON. Having this on prevents external users from forwarding a sharing invitation to other Microsoft accounts, like their own personal account and helps you better control who can access content that's shared externally.<br />
<br />
As with other settings, changing this setting here affects the same setting for SharePoint Online site collections. The same setting is available on the SharePoint Online admin center's Sharing page.</li>
<li>You may select if external users can share items that they don't own with others. This setting is specific to OneDrive for Business sites - modifying this setting here does <u>not</u> change a similar setting for SharePoint Online</li>
</ul></td> </tr>
</table><br />
<br />
Once all settings have been configured, you click Save and the changes take effect immediately. If sites were previously externally shared, and external sharing is turned off on this page then external sharing will immediately stop being permitted for those sites. If it is subsequently turned on, then all previous external sharing settings that were previously set will be immediately re-enabled.<br />
<br />
<h3>Sync Settings</h3>If we move onto the 3rd page in the OneDrive for Business admin center, we're provided with controls that allow us to control how files are sync'ed to OneDrive and SharePoint.<br />
<table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_adaDcpPKvtwEaT9daa9JeDH22Ki1I7Ra1QG5xOqa6-aoS4_6U0tv1tWUKEZlN8JurihS5p4hIz6aoc2Fr4moDxOOoQEPf9iVIHByIwBfZzhERtcO9f5owb2CivI7VkVmuH6LKgGZAsk/s1600/onedrive+for+business+admin+console+2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_adaDcpPKvtwEaT9daa9JeDH22Ki1I7Ra1QG5xOqa6-aoS4_6U0tv1tWUKEZlN8JurihS5p4hIz6aoc2Fr4moDxOOoQEPf9iVIHByIwBfZzhERtcO9f5owb2CivI7VkVmuH6LKgGZAsk/s400/onedrive+for+business+admin+console+2.png" width="400" height="279" /></a></div></td> <td valign="top"><br />
<ul><li>The first option is pretty simple - determining if the Sync button is availalbe on the OneDrive web interface</li>
<li>Next we determine if syncing is only permitted from PCs that are domain joined. This is useful if you want to ensure that only corporate managed PCs are syncing content to OneDrive for Business in your tenant. <br />
<br />
If you select this option you must specify the allowed domains, and you specify them by their GUID. You can find more information on how to do this using the Active Directory module for PowerShell here: <a href="https://technet.microsoft.com/library/dn938435.aspx"></a>. You can also select if you wish to block syncing from Mac OS.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKP04zcxQZ_EhZ82f0f_k-OJ1UED-n34GdrU_nAuvFKWkaZo3OHFVWsdePgCqc9K8k_kZvj_zXRjsOahpNoupPGPIJIbs9is_MVmHCrmh_m7-18zcBMhxJHjGkSxhmdBO63n0bxbShmEs/s1600/onedrive+for+business+admin+console+9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKP04zcxQZ_EhZ82f0f_k-OJ1UED-n34GdrU_nAuvFKWkaZo3OHFVWsdePgCqc9K8k_kZvj_zXRjsOahpNoupPGPIJIbs9is_MVmHCrmh_m7-18zcBMhxJHjGkSxhmdBO63n0bxbShmEs/s320/onedrive+for+business+admin+console+9.png" width="320" height="130" /></a></div></li>
<li>Finally we can block specific file types from syncing to OneDrive by selecting the 3rd option, and specifying the file types you wish to block (one per line).</li>
</ul></td> </tr>
</table>Another interesting security related scenario is the one in which we wish to prevent users from syncing content from a corporate computer to a personal OneDrive for Business site. This can be done by configuring a specific registry setting on each user's PC, and pushing that out to all computers using Group Policy (GPO). More information on how to configure this scenario can be found here: <a href="https://support.office.com/en-us/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0ecb2cf5-8882-42b3-a6e9-be6bda30899c?ui=en-US&rs=en-US&ad=US#disablepersonalsync">Prevent Users from Synchronizing Personal OneDrive Accounts</a>.<br />
<br />
<h3>Notifications</h3>Lets jump ahead to the final administration page on this console and review the options for notifications that can be sent to OneDrive for Business users and site owners. We highly recommend that external sharing notifications be enabled here so that owners can monitor and control the external users that have access to their files and folders.<br />
<table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr7cWF_9MWP7yuIbc9I8FgHh98aexS5Xs6fjWu9CA5MLcLbGHkc2NDO5WO8R2SO-vT5QYP9eKXRVvoDq-WtNgTpLO3CIY7N8lyIamDa62I1NPppJJzB95Xf-_uOpTVRozAmYR2j7iQYRw/s1600/onedrive+for+business+admin+console+5.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr7cWF_9MWP7yuIbc9I8FgHh98aexS5Xs6fjWu9CA5MLcLbGHkc2NDO5WO8R2SO-vT5QYP9eKXRVvoDq-WtNgTpLO3CIY7N8lyIamDa62I1NPppJJzB95Xf-_uOpTVRozAmYR2j7iQYRw/s400/onedrive+for+business+admin+console+5.png" width="400" height="224" /></a></div></td> <td valign="top"><br />
<ul><li>The 1st large switch determines if device notifications are displayed to users when OneDrive files are shared with them. This option is pretty self-explanatory and refers to the alerts, sounds and banners that can be displayed on our mobile devices. </li>
<li>The next options refer specifically to how owners are notified by email when other external users access or share their files:<br />
<ul><li>Other users invite additional external users to shared files - When you share files from OneDrive with users, either internal or external to your organization, depending on they configuration they may in turn share those files with other users, again either internal or external to your organization. Receiving negotiations when this occurs allows the owner of a OneDrive for Business site to take appropriate action if a file is shared with people outside of the intended audience.</li>
<li>External users accept invitations to access files - Although files and folders may be shared externally as we've discussed, its really the date and time that they accept that sharing invitation that they'll in fact start to access those files/folders. If files were shared at one point in time, but an external user doesn't access them for several months, having a notification sent to the owner at that time allows them to monitor access and can also alert them if action is necessary to remove a particular users access at that time.</li>
<li>An anonymous access link is created or changed - This option allows an owner to further monitor if additional users are invited to access content that they've previously shared with a particular audience, and take action if those additional users are not part of the intended audience.</li>
</ul>Its important to note that these settings are specific to OneDrive for Business, but they are the same settings that we see in the SharePoint Online admin center's Sharing page. Changing this setting in one console will also modify it in the other.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCiYNrvgud-PnIhe0B6wCMLKUyx2iplFsWQWlWJslE3YnZkmg7hvZfGIxJzJ18t9MsbG3j4thRuo0dFzOOyH5NSNBKvI0abMZTJBUfcH8ysQ1wYPhri1lFGH4oekKOtWEdHCuQLwKX5Vs/s1600/external+sharing+control+10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCiYNrvgud-PnIhe0B6wCMLKUyx2iplFsWQWlWJslE3YnZkmg7hvZfGIxJzJ18t9MsbG3j4thRuo0dFzOOyH5NSNBKvI0abMZTJBUfcH8ysQ1wYPhri1lFGH4oekKOtWEdHCuQLwKX5Vs/s320/external+sharing+control+10.png" width="320" height="194" /></a></div></li>
</ul></td> </tr>
</table><br />
<h3>PowerShell for Sharing in SharePoint Online and OneDrive for Business</h3>When it comes to controlling external sharing on individual OneDrive for Business sites, we must still use PowerShell. First a few basics and we'll build upon that to get to the cmdlets we want:<br />
<ul><li>Once you've connected to your SharePoint Online tenant using Connect-SPOService, the following cmdlet will return a list of all SharePoint site collections: <br />
<br />
<center>Get-SPOSite</center><br />
</li>
<li>I like to include | select-object url at the end of that cmdlet so I only get back a list of URLs for the sites I'm looking for. So our cmdlet becomes:<br />
<br />
<center>Get-SPOSite | select-object url</center><br />
</li>
<li>However, the list returned does not include OneDrive for Business sites by default. To also include those we need to use the additional parameter -IncludePersonalSite. So, our PowerShell cmdlet is now:<br />
<br />
<center>Get-SPOSite -IncludePersonalSite:$true | select-object url</center><br />
</li>
<li>This provides us a list of URLs for all SharePoint Online site collections, both those that are typical sites and those that are OneDrive for Business sites. If we want a list of only OneDrive for Business sites we need to modify our cmdlet a little more to include a filter to look only for URLs containing 'my.sharepoint.com':<br />
<br />
<center>Get-SPOSite -IncludePersonalSite:$true -filter{url -like "my.sharepoint.com"} | select-object url</center><br />
Now we have a list of all OneDrive for Business site collections in our tenant:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixMs5FyzAyPnXSiHz2cFzyyli_-VCszq0pOye8mTINa4F44eHowDx18ErsUQ-XFiBvM08_B7RFvRLyuHj0JvYIwbeevd-92TugJVFAV6yDQxF_Y-EHm4R4Y-G3RCHEl6tpuKkJ7rV0zzc/s1600/od4b+sites+powershell+output.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixMs5FyzAyPnXSiHz2cFzyyli_-VCszq0pOye8mTINa4F44eHowDx18ErsUQ-XFiBvM08_B7RFvRLyuHj0JvYIwbeevd-92TugJVFAV6yDQxF_Y-EHm4R4Y-G3RCHEl6tpuKkJ7rV0zzc/s400/od4b+sites+powershell+output.png" width="400" height="193" /></a></div><br />
</li>
<li>You'll notice that the URL for OneDrive sites is formatted with _ in place of spaces and the tenant name at the end of the URL. We have URLs ending like this automatically created when a OneDrive site is provisioned: frodo_baggins_maiolabs_com. We'll need to use these URLs when referring to OneDrive for Business sites.<br />
<br />
</li>
<li>To change the external sharing settings on individual sites we'll need to use the Set-SPOSite cmdlet along with the -SharingCapability parameter. The Sharing capability parameter has the following possible values:<br />
<ul><li>Disabled – external user sharing and guest link sharing are both disabled</li>
<li>ExistingExternalUserSharingOnly - external user sharing is only enabled for external users that already exist in the organization, but guest link sharing is disabled</li>
<li>ExternalUserSharingOnly – external user sharing is enabled for new and existing external users, but guest link sharing is disabled</li>
<li>ExternalUserAndGuestSharing - external user sharing and guest link sharing are both enabled</li>
</ul><br />
</li>
<li>We can now disable external sharing on a specific OneDrive for Business site using the following:<br />
<br />
<center>Set-SPOSite https://maiolabs-my.sharepoint.com/personal/frodo_baggins_maiolabs_com -SharingCapability Disabled</center><br />
</li>
<li>Alternatively, we can enable a particular type of external sharing for a specific OneDrive for Business site using the following:<br />
<br />
<center>Set-SPOSite https://maiolabs-my.sharepoint.com/personal/balin_dwarf_maiolabs_com -SharingCapability ExternalUserSharingOnly</center><br />
</li>
<li>Now you can go OneDrive site by OneDrive site enabling and disabling different external sharing settings as needed. You can also loop through these cmdlets for all OneDrive sites to modify your settings. However, if you return to the OneDrive for Business admin center and modify sharing settings there, they will <u>not</u> affect your existing OneDrive sites unless you completely disable external sharing for OneDrive. Once you start modifying sharing settings using PowerShell, it can become difficult to keep track of who was which settings because its not visible in the admin center on a user by user basis. So, before you start using PowerShell to modify these settings, ensure that you have a well-defined plan or governance model for how your organization will managed external sharing for OneDrive for Business sites.<br />
<br />
You can view the current external sharing settings for all OneDrive for Business sites using the following:<br />
<br />
<center>Get-SPOSite -IncludePersonalSite:$true -filter{url -like "my.sharepoint.com"} | select-object url, sharingcapability | fl</center><br />
This will produce a list like the following, where we can see the URL of the site and the current sharing configuration:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyiGkntNpYEh5j6af8A0Dhtwvu5rl5kiC8lIyEprDB2quPdkog7ZYeiblBedFQc_11WsGu7jGhrWq2LBB8O5PhSPIpY7kKP9umtZxzroqh9hHaySl4jQ4rh_p30q4uB-xYHKHi4uvIdgk/s1600/od4b+sites+powershell+output+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyiGkntNpYEh5j6af8A0Dhtwvu5rl5kiC8lIyEprDB2quPdkog7ZYeiblBedFQc_11WsGu7jGhrWq2LBB8O5PhSPIpY7kKP9umtZxzroqh9hHaySl4jQ4rh_p30q4uB-xYHKHi4uvIdgk/s400/od4b+sites+powershell+output+2.png" width="400" height="285" /></a></div><br />
</li>
<li>Finally, there are other PowerShell parameters related to external sharing which you can use with Set-SPOSite. They are: SharingAllowedDomainList, SharingBlockedDomainList and SharingDomainRestrictionMode. You can learn more about how to use these at the TechNet article: <a href="https://technet.microsoft.com/en-us/library/fp161394.aspx">Set-SPOSite</a>.<br />
<br />
</li>
</ul><br />
There are several other controls built into the OneDrive for Business admin center related to data retention, controlling device access and compliance. You can easily explore them by trying out the new admin center.<br />
<br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com18tag:blogger.com,1999:blog-1409324927428377638.post-914272534399700002017-02-10T11:09:00.000-05:002017-02-15T16:25:51.481-05:00A Practical Overview of Office 365 Advanced Security Management - Part 3Security Policies<table><tr> <td valign="top">Microsoft <b>Office 365 Advanced Security Management</b> is a capability within the Office 365 platform that allows organizations to go above and beyond the typical security management features, helping them to better secure users, permissions, content and apps. This multi-part blog series will look at how to use the features that make up Advanced Security Management (ASM) and share technical details that will help you to understand the benefits of these robust tools.<br />
<br />
In part 1, we provided an <b>Introduction</b> to Advanced Security Management and shared technical information about how it works with the <b>Office 365 Unified Audit Log</b>: <a href="http://www.trustsharepoint.com/2016/12/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 1.</a><br />
<br />
In part 2, we reviewed ASM's <b>Productivity App Discovery Dashboard</b> in depth to see how log files can be imported, how to create reports & interpret the analysis results and how you can try it with built-in sample logs: <a href="http://www.trustsharepoint.com/2017/01/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 2.</a><br />
<br />
In part 3, we review the <b>Security Policies</b> that may be configured to control, monitor and alert on specific user behaviors.<br />
</td> <td valign="top"><div class="separator" style="clear: both; text-align: center;"><a href="http://www.trustsharepoint.com/2017/02/a-practical-overview-of-office-365.html" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimisHz37W9S7Vb2aAoNjEoeuyDD8aWPTVSPFJxFANlUpTU3DF8z9MGpuooHOczF20rK5zgN10vNyRzaQ5-WGThy2P4wIoKMlGoQu0IcgwzVFNqlK1oFNM1_vcoUDGVvqpfxUnLNOrOTXI/s320/asm+policies+4.png" width="320" height="310" /></a></div></td> </tr>
</table><a name='more'></a><br />
<h3>Security Policy Configuration & Management</h3>When configuring security policies its important to remember that policy configuration is never a <b>"set it and forget it"</b> activity. Security policies are almost always based on specific conditions and assumptions that are made at the time in which they are defined. Those conditions or the scenarios under which users work invariably change as our businesses, our roles and our work evolves. As well, the assumptions under which policies are defined can also change, or can be proven to be invalid over time. <br />
<ul><li>For example, a business may define a security policy which assumes that the company will never do work outside of a specific part of the world. That policy may state that any logins from outside a specific country will not be accepted and a security team will be automatically alerted if such logins occur. Over time our businesses can expand and open new offices in locations which we didn't anticipate. As a result, this might require us to redefine those policies and therefore modify any configured security policies which are based on this condition.</li>
</ul><ul><li>Another example might be that certain internal user groups are not permitted to perform certain activities in the system because there is an assumption that those actions are not necessary for them to fulfill their job function. As a result, a security policy might be configured such that their user accounts are automatically disabled if those users activities are detected. Over time we may find specific work scenarios require users to perform those activities, or a subset of those activities, and that assumption can be proven to be incorrect. As a result, this may require us to reconfigure those security policies so that users are not inadvertently locked out.</li>
</ul><br />
These are some simple examples, but they illustrate that managing and modifying security policies that are automatically enforced in our organizations is an ongoing activity. Having a robust and easy to use security policy management console is an important requirement so that we can work with policies accurately and efficiently.<br />
<br />
To access the security policy configuration page, we first click Control in the ASM menu and then select Policies:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBN70TGn2G-O96JMmyRmw969oDhWqI4fkhFmTGuhIFw1s_Yt4CX8MdiaX-q_u9OY0BY3C7DYJOYfSAhJypq6gxrqsYyr3NTIcmQ9Fm8HzXtrP909BVZZk_1j747HNp_bqRQUl1_nBdm4/s1600/asm+policies+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBN70TGn2G-O96JMmyRmw969oDhWqI4fkhFmTGuhIFw1s_Yt4CX8MdiaX-q_u9OY0BY3C7DYJOYfSAhJypq6gxrqsYyr3NTIcmQ9Fm8HzXtrP909BVZZk_1j747HNp_bqRQUl1_nBdm4/s400/asm+policies+2.png" width="400" height="74" /></a></div><br />
This takes us to the ASM <b>Policies</b> page where we can create and manage security policies, and where you'll notice that we have 1 policy already configured by default:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1-mkyMBn-t2J5F_7FzKbEDz1yL6sZD_FNyWMwVwX0Yin5Uk718w2DMmg_R2YBVlFRuzfPfuOYnL1yFLuUx2R5LSmQuGnOYV7hpOVfIBix2hvd76CLVoFE8WsUIvw6OCd6iIn1XyiuS9k/s1600/asm+policies+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1-mkyMBn-t2J5F_7FzKbEDz1yL6sZD_FNyWMwVwX0Yin5Uk718w2DMmg_R2YBVlFRuzfPfuOYnL1yFLuUx2R5LSmQuGnOYV7hpOVfIBix2hvd76CLVoFE8WsUIvw6OCd6iIn1XyiuS9k/s400/asm+policies+3.png" width="400" height="277" /></a></div><br />
The <b>Templates</b> menu item provides us with a slightly different interface for doing much the same thing: creating new policies. It allows us to first select the Policy Template we wish to base our policy on, and from that template create a new policy. We cannot add new policy templates, nor can we change the default settings for these templates. This menu brings us to the following page:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqOwLLaeA7sm37HISBKlUHM3Bk8ypPGaN51LtnljfNdPgL0yu3q3QXjQcP_hEBSfL-k0ejiNHLjo1Jshw7wLHMIHAsQiBIR0hZvBj96k3uWjRMZGtqkdTPb7nnI1yxen9KuY6V3PAfTfs/s1600/asm+policies+5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqOwLLaeA7sm37HISBKlUHM3Bk8ypPGaN51LtnljfNdPgL0yu3q3QXjQcP_hEBSfL-k0ejiNHLjo1Jshw7wLHMIHAsQiBIR0hZvBj96k3uWjRMZGtqkdTPb7nnI1yxen9KuY6V3PAfTfs/s400/asm+policies+5.png" width="400" height="307" /></a></div><br />
Once you have one or more security policies, the policy table on this page allows you to quickly review various important properties about those policies:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiccKvFI7N9MUYQAFau9vVSC0uI_PdITnVJHNT4mjpfjq5V9H1p5jTdoGCCO8wmXvJkMWiR_m_aYC_tYNC9ZLcTGUQReWOJrdmHNUOp046nogUT-JqY-aiyJUOYnIb0GR8MferZnE-ZaKI/s1600/asm+policies+9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiccKvFI7N9MUYQAFau9vVSC0uI_PdITnVJHNT4mjpfjq5V9H1p5jTdoGCCO8wmXvJkMWiR_m_aYC_tYNC9ZLcTGUQReWOJrdmHNUOp046nogUT-JqY-aiyJUOYnIb0GR8MferZnE-ZaKI/s640/asm+policies+9.png" width="640" height="119" /></a></div><ul><li>Policy name and description</li>
<li>The count of how many open alerts have been triggered based on that policy</li>
<li>The severity that has been configured for that policy - you can select a severity of Low, Medium or High when creating a policy</li>
<li>The category of the policy, which is selected from a list of 7 options when defining a policy - the options are:</li>
<ul><li>Threat detection</li>
<li>Privileged accounts</li>
<li>Compliance</li>
<li>Cloud Discovery</li>
<li>Sharing control</li>
<li>Access control</li>
<li>Configuration control</li>
</ul><li>The action which is applied to a user account if that policy is triggered - the options are:</li>
<ul><li>Send an alert (bell icon)</li>
<li>Suspend the user account (lightning bolt icon)</li>
</ul><li>Date the policy was last modified</li>
<li>Gear icon for modifying the policy settings</li>
<li>Ellipsis icon (...) for other options like disabling or deleting the policy</li>
</ul><br />
<h3>Filtering Policies</h3>The Policies page also allows you to filter the policy list based on several different criteria. You can switch between <b>Basic </b>and <b>Advanced </b>filter controls by clicking the Advanced or Basic button in the top right corner of the filter banner:<br />
<ul><li>The Basic filter controls allow you to filter your policy list based on Policy Type, Severity, Policy Name and Category. You simply select the values you want to use to filter your policy list from the dropdowns and controls presented.</li>
</ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3xJHMrHqRorhK-RjKLdBYtN9bzaRb6TVSVdnLVQwMX37acAPJcISorhLrXylhWEz7BJLal4gUCjaTcz-HOwRBKk0lGua7lluWhZnm4M58R7hzoA63f-R7x06Hi8soeCuTw2sl6z8xytw/s1600/asm+policies+10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3xJHMrHqRorhK-RjKLdBYtN9bzaRb6TVSVdnLVQwMX37acAPJcISorhLrXylhWEz7BJLal4gUCjaTcz-HOwRBKk0lGua7lluWhZnm4M58R7hzoA63f-R7x06Hi8soeCuTw2sl6z8xytw/s640/asm+policies+10.png" width="640" height="36" /></a></div><ul><li>The Advanced filter controls allow you to build multiple filters on top of one another to control at a very fine grained level which policies are displayed. You simply click the + button below the last filter when you want to add a new filter, and you then configure it. Or you can click the X button beside a filter to remove it. The policy view is automatically updated as each filter is configured.</li>
</ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi34zjIovbL3__Kkq1bXgHtoPCQxPtL7qm9Ed1AT7Qnrb9SdQAs1hMpwQEdOwMZ6BtITCycQrTSnbMoRhZ1yXh-_Hjv5WVgzmg6vLmNV3S6S_U1y4K7ndf-92Xysz6n4oopYdzOIw46bQM/s1600/asm+policies+11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi34zjIovbL3__Kkq1bXgHtoPCQxPtL7qm9Ed1AT7Qnrb9SdQAs1hMpwQEdOwMZ6BtITCycQrTSnbMoRhZ1yXh-_Hjv5WVgzmg6vLmNV3S6S_U1y4K7ndf-92Xysz6n4oopYdzOIw46bQM/s640/asm+policies+11.png" width="640" height="101" /></a></div><br />
These filtering controls are most useful when you have a large number of policies and your looking for a very particular policy within your list.<br />
<br />
<h3>Default 'General Anomaly Detection' Policy</h3>As mentioned, when you first enable ASM you already have 1 security policy configured by default. This is the <b>General Anomaly Detection</b> policy. This policy is pre-configured for you and designed to monitor and analyse all activity in your tenant to provide protection from suspicious logins or suspicious activities by user accounts. <br />
<br />
The default General Anomaly Detection policy can be modified from its default configuration, or it can be disabled. However, it is strongly recommended that this policy remain enabled and remained configured with its default settings for risks that it monitors. The default settings include the following risk factors:<br />
<table><tr><td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLlr_T_lD5LTq9AoUko6m0yHP0NM1hnmdi0TbDCpJfalWXQGwBeF01wPecbTMFx464mdpaUCaAYCJWUUkabfIXCRAFExnNROMJmzND8MxZtdKMlyhLh0CAgFJdA1OkPBBRPnYjaCEZPPU/s1600/asm+policies+4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLlr_T_lD5LTq9AoUko6m0yHP0NM1hnmdi0TbDCpJfalWXQGwBeF01wPecbTMFx464mdpaUCaAYCJWUUkabfIXCRAFExnNROMJmzND8MxZtdKMlyhLh0CAgFJdA1OkPBBRPnYjaCEZPPU/s400/asm+policies+4.png" width="400" height="387" /></a></div></td> <td valign="top"><br />
<ul><li>Notice above, you can enable or disable each risk factor. Again, it is recommended that each remain enabled for this particular policy.</li>
<li>More importantly, you can configure each risk factor to only apply to specific user activities. This is useful if you want to focus this policy on just specific activities that are considered risky or suspicious, like external sharing for example.</li>
</ul><br />
<br />
This policy and other 'Anomaly Detection Policies' are useful for issuing automated alerts in many scenarios such as:<br />
<ul><li>If a user fails to log in too many times using the same credentials. This may be a sign that an attacker is trying to compromise an account with multiple password guesses.</li>
<li>If administrative account suddenly performs an activity that is uncharacteristic for that particular administrator. For example, if an administrator who in the past has never deleted or changed passwords on user accounts suddenly starts to perform several of those actions on multiple accounts within a short period of time. This may be a sign that an attacker has compromised an administrator account, or that a normally trusted administrator has started to perform malicious activity.</li>
<li>If an account that has been inactive for some period of time suddenly becomes active. This may be a sign that a user account belonging to an employee that has been away from work has been compromised by an attacker.</li>
<li>If a user account is logging in from a location, country or IP address that is considered risky. In this scenario ASM takes input from the Microsoft Security Graph which tracks suspicious or malicious internet activity based on IP address around the world. Using an Activity Policy (described below) you can actually customize this particular risk factor to either look at all locations or IPs that are considered 'risky', to look at activity coming from specific countries which you may know your users should not be working from or to look at activity from specific IP addresses.</li>
<li>If user logins occur from multiple locations within a short period of time, where we know that travelling between those locations in that short a time is impossible. For example, if a user logs in from New York now and 3 minutes later logs in from Europe and 3 minutes later logs in from Asia, and so on.</li>
<li>If a user logs in from a device type or web browser which that particular user has never accessed before. We have started to see these types of warnings from our online banks, where the first time that I use a new computer or web browser to access my bank account, that online service requires me to verify that it is in fact me. Automatically triggering that additional verification step by the end user is not yet built into ASM or Office 365, but automated alerts can be generated and issued based on this risk factor.</li>
<li>If a high rate of activity suddenly occurs from a particular user account which does not look like normal behavior for that user. For example, if a user who normally downloads less than 5 documents per month suddenly downloads 30 documents in 1 hour then this alert may be triggered.</li>
</ul></td>
<tr></table><br />
You can and should modify the following settings for this policy so that the appropriate teams are alerted when suspicious behavior is observed:<br />
<br />
<table><tr><td valign="top"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaHaL1xNpgEOig32_NKDZ68mMgnVT9zQd5tceXABITTTuWWAKa077VADUzkj5XDftBNtOkw8Yg7iqxvE7EK-yXbDbRs-zsM8du7zEY4WKLNb9URNLOnUt532UZthktTXN_TD2Ai1gedh4/s1600/asm+policies+12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaHaL1xNpgEOig32_NKDZ68mMgnVT9zQd5tceXABITTTuWWAKa077VADUzkj5XDftBNtOkw8Yg7iqxvE7EK-yXbDbRs-zsM8du7zEY4WKLNb9URNLOnUt532UZthktTXN_TD2Ai1gedh4/s400/asm+policies+12.png" width="400" height="195" /></a></div></td> <td valign="top"><br />
<ul><li>You can determine how many alerts are sent per day, and you can specify which email addresses and/or mobile phone numbers are alerted. Multiple emails or phone numbers can be separated by commas.</li>
</ul></td>
<tr></table><br />
<br />
As we've mentioned in other posts in this series, when ASM is enabled it creates a baseline profile for every user in your tenant tracking the activities that they perform on a day to day basis. This profile is created over a 1 week period. This gives ASM a data against which to compare future user behavior and therefore take note of behavior that's outside a user's typical pattern. The General Anomaly Detection policy is the security policy that uses those baseline profiles. If you have multiple General Anomaly Detection policies, each policy of this type will result in ASM calculating user profiles for each user that is affected by that policy.<br />
<br />
<br />
<h3>Creating and Editing Policies</h3>There are several ways to create new security policies. The primary methods are the following:<br />
<ul><li>On the Policies page, from the banner at the top of the page, click the <b>Create Policy</b> button and then select 1 of 2 policy types:</li>
</ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMJ4I2MCU3_aDVPkYljK_fBRdjQPr7v5l8Z_BOg26WWMd9ylyOIb9WZUXUI261ceH7isew5bFgIvzM40fYiYpcysxce_lqAjQYDb4f5bRCWq_dm8UKHDzypD1FviBO4yvRC9hGNEM9XRo/s1600/asm+policies+7r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMJ4I2MCU3_aDVPkYljK_fBRdjQPr7v5l8Z_BOg26WWMd9ylyOIb9WZUXUI261ceH7isew5bFgIvzM40fYiYpcysxce_lqAjQYDb4f5bRCWq_dm8UKHDzypD1FviBO4yvRC9hGNEM9XRo/s400/asm+policies+7r.png" width="400" height="184" /></a></div><br />
<ul><li>On the Policies page, at the top of the policy table, click the Create Policy button in the policy table and select 1 of 2 policy types:</li>
</ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwpWTtXi063wVqlvqsQg020C1GdNZvIvc8jSVzG2OWI6Sf4YBFfA1ACfpHDa4_r9UEmMKmwpkszEqfsLkJUWY_6z-5gjsRkxPR8kV6HRYpwUlG_8yweDUBtKPO_On0wiykwIgm6XX0U1g/s1600/asm+policies+6r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwpWTtXi063wVqlvqsQg020C1GdNZvIvc8jSVzG2OWI6Sf4YBFfA1ACfpHDa4_r9UEmMKmwpkszEqfsLkJUWY_6z-5gjsRkxPR8kV6HRYpwUlG_8yweDUBtKPO_On0wiykwIgm6XX0U1g/s400/asm+policies+6r.png" width="400" height="178" /></a></div><br />
<ul><li>From the Policy Templates page, click the + button beside any of the policy templates to create a new policy based on that template:</li>
</ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTUqDKuDxuhK0E1Qbv-4JfVg9RKH9d6T8lorlZSmV8bl-GN_-QNmLwt5-j0VSlNmD-E1p_LhJeF9f6Nzu0BmxRkYyGzM0Yqr4_I0tRzvw9iqUmV_4en5A9_SqHsZoTBx16Ml-aXulNWaY/s1600/asm+policies+8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTUqDKuDxuhK0E1Qbv-4JfVg9RKH9d6T8lorlZSmV8bl-GN_-QNmLwt5-j0VSlNmD-E1p_LhJeF9f6Nzu0BmxRkYyGzM0Yqr4_I0tRzvw9iqUmV_4en5A9_SqHsZoTBx16Ml-aXulNWaY/s400/asm+policies+8.png" width="400" height="178" /></a></div><br />
When you create a new policy using the first 2 examples above, you must first select whether it will be an 'Activity policy' or a 'Anomaly detection policy'. On the policy templates page, you're selecting this implicitly based on the template on which you click the + button - essentially, all policy templates are Activity policies, except for the 'General Anomaly Detection' template. Activity policies are similar in configuration to Anomaly detection policies, in that they all require a name, description, template, category, and you have the same options available for how alerts are sent. However, there are some key differences:<br />
<ul><li>Activity policy</li>
<ul><li>Policy evaluation is based on the user activities that are selected as part of the policy. The policy does not use any user profile/baseline data that is calculated by ASM to determine what is 'normal' behavior and what is not.</li>
<li>You may select a alert severity.</li>
<li>You may select if a policy is triggered based on a single instance of the activity, or repeated instances. You may also select how many repeated instances within a specific time frame are required, if instances only within a single app are required and if the policy should count unique target files/folders per user in order to trigger an alert based on this policy</li>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBi9xtIZveAxyariG17DPr8f1IDhJMbamjNRWHsidWFuTUfNhZZWeeBOL1dpBZvGlgDG3-JLObXDXPUEk1IhStwK-_9fyb0vGe2y10jYvi0Tv5iVxG1doEme0oqZjJERRR0cmNZmGmFjM/s1600/asm+policies+15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBi9xtIZveAxyariG17DPr8f1IDhJMbamjNRWHsidWFuTUfNhZZWeeBOL1dpBZvGlgDG3-JLObXDXPUEk1IhStwK-_9fyb0vGe2y10jYvi0Tv5iVxG1doEme0oqZjJERRR0cmNZmGmFjM/s400/asm+policies+15.png" width="400" height="161" /></a></div><li>You may select if a user's account should be suspended if they trigger an alert based on the policy.</li>
</ul><li>Anomaly detection policy</li>
<ul><li>In addition to activities selected when configuring the policy, the evaluation of alerts for this policy type is also based on the user profile/baseline data that is calculated for each user and normalized across the organization. This helps ASM to determine what is normal behavior for each user and what is not.</li>
<li>By default, this policy type looks at all monitored user activity, but this configuration can be modified to focus the policy on only specific user activities if needed.</li>
<li>The policy looks at specific risk factors as discussed above, such as: Logon Failures, Admin Activity, Inactive Accounts, Location, Impossible Travel, Device and User Agent and finally Activity Rate.</li>
<li>The alert's severity is determined for you based on the risk factors that are selected as part of the policy.</li>
<li>You may configure an alert threshold for each anomaly detection policy. You may leave the default risk score that ASM uses to determine if alerts should be triggered which is recommended, or you can adjust this threshold if you have a specific need like you're getting too many false positives. This threshold causes alerts to only be triggered if the risk score of a certain detected activity is over a certain number. This can be configured Low, Medium or High, or between 35 and 95 in increments of 5. Every alert will have a risk score that is calculated by ASM based on the severity of its activities. This is a great feature for adjust risks used to trigger alerts if you are finding that you get too many false positives.</li>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkFsmHcrYD3XDqkwFCewjl4S9a5KbdpKwx89tyLLJl_fTzyg_oioNbZDhDooFKu4kYz_rnzgDEmwaGPt2vEldi36dY1RLfq1GijgBbQrxi7sQtGKEcoZ-CTbZg5pAksgPClZrd1pgRyvU/s1600/asm+policies+14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkFsmHcrYD3XDqkwFCewjl4S9a5KbdpKwx89tyLLJl_fTzyg_oioNbZDhDooFKu4kYz_rnzgDEmwaGPt2vEldi36dY1RLfq1GijgBbQrxi7sQtGKEcoZ-CTbZg5pAksgPClZrd1pgRyvU/s640/asm+policies+14.png" width="640" height="131" /></a></div></ul></ul><br />
<b>Activity Policies</b><br />
When you create an Activity Policy, you will see the following page. Some of the steps in creating a policy are basic and have been described above like select a template, name, description, severity and category. <br />
<br />
The real core of an activity policy is in the activities that you select to monitor. ASM policies are made up of filters that are very flexible and allow administrators to choose exactly which user activities they would like to alert on based on attributes like user, location, device, IP address, activity type and more.<br />
<table><tr> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhus7Kjg4E-W_igkEZBFCkIQUAmIAnsIEAsCeauuMuViF1OZ2sikyT7kJcU1mmPTkRwUuQFqM5rk0P-o-PRzu5JkMg09CTQntPmZ94X5HN-k1TRWtNZLEZuFlh0mdbgYVJXwVD8iBIRcl8/s1600/asm+policies+16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhus7Kjg4E-W_igkEZBFCkIQUAmIAnsIEAsCeauuMuViF1OZ2sikyT7kJcU1mmPTkRwUuQFqM5rk0P-o-PRzu5JkMg09CTQntPmZ94X5HN-k1TRWtNZLEZuFlh0mdbgYVJXwVD8iBIRcl8/s640/asm+policies+16.png" width="419" height="640" /></a></div></td> <td valign="top"><br />
<ul><li>In the 'Select a filter' dropdown select 1 out of 17 filters. These include Activity ID, Activity objects, Activity type, Administrative activity, Alert ID, App, Date, Device type, Files and folders, IP address (raw IP, category, tag), Impersonated activity, Location, Matched policy, Registered ISP, User (name, from a domain, from a group), User agent string or User agent tag.</li>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNKGDD-YnTT-bcb8PtJxqv9Uu0fRyNpOSAJw-yL02wj7hil6ggMNu3fOgz3n7CZotWtKTRBAgpAfozNHRsWp0aE24M9IFUDyjeO_0Xc5H997nlXBoZOFa_H24ngauwFeRvBN4WHHl4LzQ/s1600/asm+policies+17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNKGDD-YnTT-bcb8PtJxqv9Uu0fRyNpOSAJw-yL02wj7hil6ggMNu3fOgz3n7CZotWtKTRBAgpAfozNHRsWp0aE24M9IFUDyjeO_0Xc5H997nlXBoZOFa_H24ngauwFeRvBN4WHHl4LzQ/s400/asm+policies+17.png" width="400" height="182" /></a></div><li>Each filter will then require slightly different settings. Generally, you'll then select a condition (equal, not equal) and then the value that you wish to monitor - in this example we're monitoring for a particular types of activities. Notice in this dropdown you can select multiple activities</li>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9JBq2TIumI6HY7SH5eJdpUk3r3nL2kHk4LnPbxWSf1PjkTsrs81EllqEZd9WJzXxc2kh79ndFjf2KCa2GbCLsQCZgFJIINEzEFKpV_Bxz2NDqmQqXUm2-gXdrqEXPMgH6HnF6jOP-IQM/s1600/asm+policies+18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9JBq2TIumI6HY7SH5eJdpUk3r3nL2kHk4LnPbxWSf1PjkTsrs81EllqEZd9WJzXxc2kh79ndFjf2KCa2GbCLsQCZgFJIINEzEFKpV_Bxz2NDqmQqXUm2-gXdrqEXPMgH6HnF6jOP-IQM/s400/asm+policies+18.png" width="400" height="182" /></a></div><li>Click the + button below your last filter in order to add additional filters. You can then select the filter type and properties for that filter, and continue to build up the conditions you wish to monitor with this policy.</li>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTXK5N0o5bJ96Zjqqovb61hCbxAmWkMaBCAHXOBOcj-ED5JFE8-YTP2STbuExdXHOgPYhO3LhdSG6Yd16E6qDYhEiVqfkHtNlppxaVL6hLc2pFFPe5tqPA3P19B4SauWT6xdPE2Chn36U/s1600/asm+policies+19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTXK5N0o5bJ96Zjqqovb61hCbxAmWkMaBCAHXOBOcj-ED5JFE8-YTP2STbuExdXHOgPYhO3LhdSG6Yd16E6qDYhEiVqfkHtNlppxaVL6hLc2pFFPe5tqPA3P19B4SauWT6xdPE2Chn36U/s400/asm+policies+19.png" width="400" height="118" /></a></div><li>Note: all activities and properties selected in a policy are AND'ed together and therefore all must be true for alerts to be triggered by that policy.<br />
</ul></td></tr>
</table><br>
Another nice feature is that you can even click the <b>Edit and Preview Results</b> button in the top-right corner of the section where you are configuring filters to get a quick preview of what the policy will find. This preview will be built based on searching your current audit log entries in ASM. <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiYV01FrLCxiyLm7OhUOBwCajx5yzhHDpGyCFJYnMj7CdOpJMs5J-AzzO5jU4J7csWVcGN4zui0hy47POTB9XEsCGLoT-2xmUbCRKE2qyMPNIE-0D2NN0sJizcgm8SNDKlhAlWG-kbdD0/s1600/asm+policies+20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiYV01FrLCxiyLm7OhUOBwCajx5yzhHDpGyCFJYnMj7CdOpJMs5J-AzzO5jU4J7csWVcGN4zui0hy47POTB9XEsCGLoT-2xmUbCRKE2qyMPNIE-0D2NN0sJizcgm8SNDKlhAlWG-kbdD0/s400/asm+policies+20.png" width="400" height="225" /></a></div><br>
There is some great additional documentation on Cloud App Security which is applicable also to ASM available here: <a href="https://docs.microsoft.com/en-us/cloud-app-security/user-activity-policies">Activity Policies</a>.<br><br>
<b>Anomaly Detection Policies</b><br>
When you create an Anomaly Detection Policy, you will see a page very similar to the above, but with the same configuration settings as the default general anomaly policy shown earlier. You can create multiple Anomaly Detection Policies, up to a maximum of 5. Each policy can have an impact on performance given the work it must do. However, you might create multiple if you want to focus it on certain user groups with different outcomes or alerting different teams if suspicious activity is observed. For example, if suspicious behavior is observed in the general user community, you may wish to alert the organization's information security team. However, if suspicious behavior is observed within the information security team, then perhaps you want to alert the organization's CISO or their team. You can do this by configuring 2 such policies. Its important to note that ASM will not only create that per-user profile of activity (per Anomaly Detection policy), but it will also keep a per-user risk score to identify how risky a user's sessions generally are. These scores are not available for us to use, but used by ASM internally. However, ASM will also internally baseline the risk scores across the entire organization, because what is risky to 1 organization may not be risky to another. This logic helps ASM to avoid triggering too many alerts or false positives. In addition, as alerts are resolved within ASM (in the Alerts page) that feedback is used by ASM to adjust the risk scores and user baselines, and again improve how it alerts on suspicious user behavior.<br><br>
<b>Policy Outcomes</b><br>
Finally, if a policy is triggered by a user, the outcome is a configurable combination of the following: <ul><li>Log an alert in the Advanced Security Management Alerts page (to be reviewed in a future post)</li>
<li>(Optionally) Send an alert to one or more users or groups, either by email and/or text message</li>
<li>(Optionally) Suspend the user account to prevent it from logging in and kill any current sessions (only for Activity Policies). When a user account is suspended based on a triggered alert, if you need to re-enable the user account an Office 365 administrator who has the user administration role (or global administrator role) will need to do that within the Office 365 Administration Console, in the user management pages.</li>
</ul><br>
We do hope that more policy outcome options will be added in the future.<br><br>
<b>Editing Policies</b><br>
In the table listing your policies, if you click anywhere on a policy like its name, description or some other property in the table you will be brought to the Alerts page and it will be filtered to show you alerts related to the policy you clicked on. To edit a policy you must click the <b>Gear</b> icon in the row for the policy you are configuring. You can also click the Ellipsis (...) to disable or delete a policy. <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4viqSQ98mDhcu4Crh_zI1h5NKDU1ZNBPGwVTTvoo5pNgcGtMYUviVXCi5fldMhvAPMj6J3kBRgJQ2ekjJ1nSRhdQ_zXXsYh5O-QsN64aMsURVNEivJrrrVu0UKnmbMG2ajckAgGSDniQ/s1600/asm+policies+13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4viqSQ98mDhcu4Crh_zI1h5NKDU1ZNBPGwVTTvoo5pNgcGtMYUviVXCi5fldMhvAPMj6J3kBRgJQ2ekjJ1nSRhdQ_zXXsYh5O-QsN64aMsURVNEivJrrrVu0UKnmbMG2ajckAgGSDniQ/s640/asm+policies+13.png" width="640" height="89" /></a></div>The pages to edit policies are the same as those used to create policies which are shown above.<br><br>
<h3>What's Next</h3><br>
This post gave a detailed review of how to configure and make effective use of Security Policies within Office 365 Advanced Security Management. Clearly there is a lot of security value to be gained from these capabilities, allowing you to automatically monitor, alert and react to suspicious activities. <br />
<br />
The next post will look at how to configure common use cases within the ASM management console, discussing scenarios in detail that are applicable to a wide range of organizations.<br />
<br />
Enjoy.<br />
-Antonio<br />
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com8tag:blogger.com,1999:blog-1409324927428377638.post-39498650231545829862017-01-25T02:27:00.002-05:002017-02-10T11:09:25.196-05:00A Practical Overview of Office 365 Advanced Security Management - Part 2Productivity App Discovery Dashboard<table><tr> <td valign="top">In the middle of 2016, Microsoft released the first version of <b>Office 365 Advanced Security Management</b>, a new capability within the Office 365 platform that allows organizations to go above and beyond the typical security management features, helping them to better secure users, permissions, content and apps. This multi-part blog series will look at how to use the features that make up Advanced Security Management (ASM) and share technical details that will help you to understand the benefits of these robust tools.<br />
<br />
In part 1, we introduced Advanced Security Management and shared technical information about how it works with the <b>Office 365 Unified Audit Log</b>: <br />
<a href="http://www.trustsharepoint.com/2016/12/a-practical-overview-of-office-365.html">A Practical Overview of Office 365 Advanced Security Management - Part 1.</a><br />
<br />
<br />
In part 2, we review the <b>Productivity App Discovery Dashboard</b> capability of ASM to see how log files are imported, how to create reports and review the results of ASM's analysis of those logs, and how you can try it out with some built-in sample logs.<br />
</td> <td valign="top"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.trustsharepoint.com/2017/01/a-practical-overview-of-office-365.html" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtCpwxg3sM6ji9fqcdb-29_TfiSzags8rsehtYQ1ptXlhqIOwKn2fywthm90QwGBF7rmJy8s0vuQT22Qo5rj8Ubx9g9VBDxjasO9-Uvef2dAZi8_4Jd2LOmtIfFhP64P8g00-EW3WaKgw/s400/asm+-+discovery+dashboard+-+montage.png" width="400" height="261" /></a></div></td> </tr>
</table><br />
<a name='more'></a><br />
<br />
Upon launching the Office 365 Advanced Security Management console, one of the new capabilities available is the <b>Productivity App Discovery Dashboard</b> page, which was added to ASM around October 2016. You can access it through the ASM menu by clicking Discover > Discovery Dashboard:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqPL2tlzKTsqey7s2WcjCjdxipUymGzj2_iqeJWC-rl7axdGrHPeOY8UsKKw_5Qy-SLI6m8YhA264A8sWYIMhP-d5dc56gxzmbZCcEKcMctlHGwe-LF7kK2DlPPgisDe9LV_gMYh7x_ME/s1600/asm_app_discovery_menu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqPL2tlzKTsqey7s2WcjCjdxipUymGzj2_iqeJWC-rl7axdGrHPeOY8UsKKw_5Qy-SLI6m8YhA264A8sWYIMhP-d5dc56gxzmbZCcEKcMctlHGwe-LF7kK2DlPPgisDe9LV_gMYh7x_ME/s400/asm_app_discovery_menu.png" width="400" height="86" /></a></div><br />
The dashboard allows you to quickly review security reports that ASM generates from log files that you upload to ASM from your firewalls, proxies and other network security devices. This capability is really targeted at analyzing logs from security appliances and perimeter devices or applications. Once you’ve uploaded at least one log file and generated a snapshot report, there is a lot of useful security data provided in an easy to view dashboard:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMesHGy-IVVowTYDJpuZg7M9OKN_jeitKQXPNWlikmNTbYZ7Q3FStaeV-ryFhMxo6hLdMDrZ9OgIwoXI_ED4nloyT_9KpjuI0EmyaZQNPOiql9KVU3UOaUYqZHUOAahyphenhyphenlMMOLc_lgKo_s/s1600/asm+-+discovery+dashboard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMesHGy-IVVowTYDJpuZg7M9OKN_jeitKQXPNWlikmNTbYZ7Q3FStaeV-ryFhMxo6hLdMDrZ9OgIwoXI_ED4nloyT_9KpjuI0EmyaZQNPOiql9KVU3UOaUYqZHUOAahyphenhyphenlMMOLc_lgKo_s/s400/asm+-+discovery+dashboard.png" width="400" height="211" /></a></div><br />
<h3>Creating a New Snapshot Report</h3>In order to upload a log file from one of your network security appliances you must use a manual process. You need to retrieve the log file from your appliance for some particular time period, log into the Office 365 Advanced Security Management console and then do the following:<br />
<ul><li>In the ASM menu shown above, click Discover</li>
<li>Click +Create New Report (see screenshot of the menu above)</li>
</ul><br />
The following page will appear:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2QLe26R6T5nVRM7TngejGMS1aTq7klmqonrZWzjEwpo08-2Ja0MUe1qK7_GhhBIZ-340XNmXxeVmAEHctb1EWs1rB9HkkG2HS29LyYKTyXIDF-jb9VQHY1Oy6TU17bRiJMowS9TW7Dno/s1600/asm+-+create+new+report+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2QLe26R6T5nVRM7TngejGMS1aTq7klmqonrZWzjEwpo08-2Ja0MUe1qK7_GhhBIZ-340XNmXxeVmAEHctb1EWs1rB9HkkG2HS29LyYKTyXIDF-jb9VQHY1Oy6TU17bRiJMowS9TW7Dno/s400/asm+-+create+new+report+1.png" width="400" height="225" /></a></div><br />
Now give your new report a Name and Description. Then select the data source, or the type of appliance from which the log file was retrieved:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdFxVXvkj-Z105-zfXN7JU-KttMGdKpr50Hz0jr__ar_hetUeCOY5BIY_sqWaxjvDtO69bLBLtVtJN0VRpF7H_HQnjA3ibpaJ0xuvVxhYYABeRH1xQYgagrTDiop2d6xm_rSdC53dJwAc/s1600/asm+-+create+new+report+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdFxVXvkj-Z105-zfXN7JU-KttMGdKpr50Hz0jr__ar_hetUeCOY5BIY_sqWaxjvDtO69bLBLtVtJN0VRpF7H_HQnjA3ibpaJ0xuvVxhYYABeRH1xQYgagrTDiop2d6xm_rSdC53dJwAc/s400/asm+-+create+new+report+2.png" width="400" height="231" /></a></div><br />
In this list there are in fact 20 network security solutions to choose from, from 13 vendors. Each solution vendor or device may have a different log file format which will dictate how the logs are analyzed. The vendors and appliances listed are:<br />
<ul><li>Blue Coat ProxySG - Access log W3C</li>
<li>CheckPoint</li>
<li>Cisco ASA Firewall</li>
<li>Cisco FWSM</li>
<li>Cisco IronPort WSA</li>
<li>Cisco ScanSafe</li>
<li>Cisco Meraki - URLs log</li>
<li>Dell SonicWALL</li>
<li>Fortinet FortiGate</li>
<li>Juniper SRX</li>
<li>McAfee Web Gateway</li>
<li>Microsoft ForeFront Threat Management Gateway (W3C)</li>
<li>Palo Alto PA Series Firewall</li>
<li>Sophos Cyberoam Web Filter and Firewall log</li>
<li>Sophos SG</li>
<li>Squid Common</li>
<li>Squid Native</li>
<li>Websense Web Security solutions - Internet Activity Log (CEF)</li>
<li>Websense Web Security Solutions - Investigate detail report (CSV)</li>
<li>Zscaler</li>
</ul>...and then there is an <b>Other (unsupported log format)</b> option as well, if you have some other solution in your network.<br />
<br />
<b>Report Processing</b><br />
Once you've selected your solution type, you click Browse, select your log file and upload it for processing. You may upload multiple log files at once. Once uploaded, ASM will process the file to analyse traffic going through your network security solution and produce the Discovery Dashboard. This process can take a few minutes, but it will let you know once that processing is complete. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4XsXRJ_6KZ_ovJTTJpwa3bHh075shrM8g7jAYTyutzu6GNM4hO1y2iZiDbJPNAVtSQ28up5mhJMTY68KrYWw_eCNC3FD6N06RIw91eTAALmCWv5rfsHKFsmkq_zlVH0v69pqY0Z0ong4/s1600/asm+-+report+upload+-+processing+3r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4XsXRJ_6KZ_ovJTTJpwa3bHh075shrM8g7jAYTyutzu6GNM4hO1y2iZiDbJPNAVtSQ28up5mhJMTY68KrYWw_eCNC3FD6N06RIw91eTAALmCWv5rfsHKFsmkq_zlVH0v69pqY0Z0ong4/s400/asm+-+report+upload+-+processing+3r.png" width="400" height="144" /></a></div><br />
<b>Report Ready</b><br />
Once complete, your report will show a status of <b>Ready</b> and you'll be able to view the analytics and insights provided by the dashboard.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiebNfIukNv8NBO7FJFTYUKsgUk6kZYT06aaUKO3wSqAV_COen86WyhaCNdqfKjki1YipXNbM6-9rcN7jZdYhFIoNCW75et1e2PF3JEmKKvQk7b4-SIO6DflYXWPsTd4Mx1IBpQqu6icQ/s1600/asm+-+report+upload+-+ready+r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiebNfIukNv8NBO7FJFTYUKsgUk6kZYT06aaUKO3wSqAV_COen86WyhaCNdqfKjki1YipXNbM6-9rcN7jZdYhFIoNCW75et1e2PF3JEmKKvQk7b4-SIO6DflYXWPsTd4Mx1IBpQqu6icQ/s400/asm+-+report+upload+-+ready+r.png" width="400" height="144" /></a></div><br />
<b>Limitations</b><br />
Note: There are some limits on the log files that ASM will process that are important to remember: <br />
<ul><li>Each log file may be up to 1 GB in size.</li>
<li>Uploading a log file is an entirely manual process. There is no PowerShell available at this time to start the upload, nor to access any ASM functions. So the log file upload process cannot be automated unfortunately.</li>
<li>You may only have 10 reports at a time. If you already have 10 and try to create an 11th, you will be told to first delete one of your existing reports.</li>
<li>As your report ages, any entries that are older than 90 days will be removed from the report and dashboard results. This time period cannot be adjusted at this time.</li>
<li>Entries in log files that are older than 90 days will be ignored. If your entire log file is older than 90 days, ASM will still attempt to process it upon upload but the result will be an <b>expired</b> report which you will not be able to view, as shown here:</li>
</ul><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjV4Fy3q-Wk3J-8VC5uSJJ_86GBdqzTzhXIrzEbeijWyXrQlAqcMAoF5t5VYMAkV-2KBWGS5mVVNakgYDpTNep0AvgF9hZ-xKq26kCE-k0tSsjmBnlOH9xbFnsMoO5Ycvdba2yYl87vyI/s1600/asm+-+report+upload+-+expired+r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjV4Fy3q-Wk3J-8VC5uSJJ_86GBdqzTzhXIrzEbeijWyXrQlAqcMAoF5t5VYMAkV-2KBWGS5mVVNakgYDpTNep0AvgF9hZ-xKq26kCE-k0tSsjmBnlOH9xbFnsMoO5Ycvdba2yYl87vyI/s400/asm+-+report+upload+-+expired+r.png" width="400" height="144" /></a></div><br />
<h3>Analysing and Categorizing Cloud Apps</h3>When log files are analyzed by ASM, the traffic is not only categorized by the type of cloud app (like cloud storage or social media), but ASM will recognize the individual cloud apps and let you know exactly which ones your end users are accessing. The larger Cloud App Security (CAS) solution has a catalog of almost <b>15,000</b> cloud apps that it will identify. However, a subset of those apps are recognized as 'productivity apps' and it is that subset of over 1,000 apps that ASM will identify. This list is actually a growing list, and Microsoft has a team of people working on increasing it through both manual and automatic methods. Microsoft is committed to support new apps in their catalog as soon as possible. <br />
<br />
If you have a cloud app that you know is in use and is not yet recognized by ASM, you can request that Microsoft investigate it and potentially add it to the catalog. This is typically done by opening a support request through the ASM portal (question mark on the top right of the page). When creating a service request, you'll need to select "Cloud App Security" under the Create a Service Request list.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqDXL6DQblJPbQIG5-xlqSxnggQ0HlNcTy5serO50QcgUvndnrK9xqhNFCpWgiYNgN0Nd3zqlilSy0FYw-GAxH_NFItFrdq9PLPAwLPx1f2ZmultQcp90tWXILf3hHOY_gQBXp5gXa-5k/s1600/create+a+support+request+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqDXL6DQblJPbQIG5-xlqSxnggQ0HlNcTy5serO50QcgUvndnrK9xqhNFCpWgiYNgN0Nd3zqlilSy0FYw-GAxH_NFItFrdq9PLPAwLPx1f2ZmultQcp90tWXILf3hHOY_gQBXp5gXa-5k/s320/create+a+support+request+1.png" width="320" height="63" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2b6foKDbjUnFVO9InH5kJnE1JMKtOcJfsG8sHSU_wlcYRLOqZ1wriJSkIaySzj5gOOISLoRvi9wVgURdieEquNLprmobK-dFVHButW5ToaiY2heYejS9zEV7BHyq1WUpPNXIZuvmjzL4/s1600/create+a+support+request+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2b6foKDbjUnFVO9InH5kJnE1JMKtOcJfsG8sHSU_wlcYRLOqZ1wriJSkIaySzj5gOOISLoRvi9wVgURdieEquNLprmobK-dFVHButW5ToaiY2heYejS9zEV7BHyq1WUpPNXIZuvmjzL4/s320/create+a+support+request+2.png" width="320" height="63" /></a></div><br />
Analyzing and providing a quick view into which cloud apps are in fact in use by end users can really help you to determine if <b>Shadow IT</b> is at play in your organization, and exactly how much data is moving to cloud hosted solutions which may not be IT approved. This can provide great visibility to IT and InfoSec teams, helping them to work with end users and business units to ensure they are using the corporate approved solutions and not exposing the organization to risk.<br />
<br />
<h3>Sample Log Files for Trialing the Discovery Dashboard</h3>Another great feature that's built into the Discovery Dashboard is that it provides sample log files for you to trial and learn about the insights this feature can provide. You can access the sample logs by following the process described above for creating a new snapshot report, and when you get to the page where you give your report a name and description, select the type of Data Source from the dropdown and then click the "View and verify..." link:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnRK3vQEg9q5ZZaofT30gm5W7GC52SAJhQbocMnt6GVdW5sccMT-zR8B0RKy-tNHrrGdzm3VElSqjmwIdw3PqZrrSvWJt-cLbbYQqbrh8DMq_Di3QawTbUNzwBrnzpzzkSlw-lUiiOZ5c/s1600/sample+log+files+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnRK3vQEg9q5ZZaofT30gm5W7GC52SAJhQbocMnt6GVdW5sccMT-zR8B0RKy-tNHrrGdzm3VElSqjmwIdw3PqZrrSvWJt-cLbbYQqbrh8DMq_Di3QawTbUNzwBrnzpzzkSlw-lUiiOZ5c/s400/sample+log+files+1.png" width="400" height="270" /></a></div><br />
You'll then see a page that describes the log format required by that solution in some detail. On that page, click the "Download sample log" button. You'll download a log file to your desktop, which you can then use to create a sample snapshot report. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSyWCuKI8-6Ez-_MdoFO3mRG7UCBXmzh2sDHRC8OHIB2ZFevqyvzTTaIhS-gte16lEVejsPvJ-sfNbUBek660bsKWR5y9D0nQvNMbw4gWOovT8ufdeI0cVD8l0kngyBUWDF3U4WTfFYNU/s1600/sample+log+files+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSyWCuKI8-6Ez-_MdoFO3mRG7UCBXmzh2sDHRC8OHIB2ZFevqyvzTTaIhS-gte16lEVejsPvJ-sfNbUBek660bsKWR5y9D0nQvNMbw4gWOovT8ufdeI0cVD8l0kngyBUWDF3U4WTfFYNU/s400/sample+log+files+2.png" width="400" height="270" /></a></div><br />
The log file will download as a ZIP file, which you'll have to save locally, unzip and then start the process once again to create a snapshot report. The log file downloaded will follow the proper format for the Data Source selected (the solution vendor and type). So follow the process outlined above to create a new snapshot report once again using the sample log and choose that same data source the next time through.<br />
<br />
These sample files are updated each week so that they stay fresh and do not result in expired reports (older than 90 days).<br />
<br />
<h3>A Tour of the Productivity App Discovery Dashboard</h3>Once you've created a snapshot report, as described above, you can access the Discovery Dashboard to get an overview of the analysis performed on our log files. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDnI42dOW6DaqDoEsbdfQ22yvC_efLZ9KdInE_VSq9zr8HPz317tKzokBBUfUJJVhLOq7PUzGxYan4pKt9Ry3VBUBORV9547XmiuU4YmwR4sYwI5IZ1SY-OGn7Y-jKHwAKiH0ZWNze3l8/s1600/asm+-+discovery+dashboard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDnI42dOW6DaqDoEsbdfQ22yvC_efLZ9KdInE_VSq9zr8HPz317tKzokBBUfUJJVhLOq7PUzGxYan4pKt9Ry3VBUBORV9547XmiuU4YmwR4sYwI5IZ1SY-OGn7Y-jKHwAKiH0ZWNze3l8/s640/asm+-+discovery+dashboard.png" width="640" height="337" /></a></div><br />
<b>Selecting a Report</b><br />
You can select which snapshot report you're viewing on the top right corner of the screen:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2DV4sHIFXPzsdRklHxJ4K9IYxUV_7HRl3U4fhY05ABrPo-TfEDIdaRykreg4rbNN7BMv5VbVMAbkYecHQmbNb-4gbaDu_f32vE4bkWork7v8ooJoF8SRDnfc1_3hLkc327C5K1Wt6dl8/s1600/discovery+dashboard+-+select+report.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2DV4sHIFXPzsdRklHxJ4K9IYxUV_7HRl3U4fhY05ABrPo-TfEDIdaRykreg4rbNN7BMv5VbVMAbkYecHQmbNb-4gbaDu_f32vE4bkWork7v8ooJoF8SRDnfc1_3hLkc327C5K1Wt6dl8/s400/discovery+dashboard+-+select+report.png" width="400" height="69" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_bouCzeeEMMkmtVm2IqfwZZXAGZcDkoA1DIBGmDWyk8stX0JBU4xmOG6R9dMQC1IOC1aDBInMpNAwLhMDPlvg5cNHcHhacJnQUI1Gy07sxMiePvNQwxe6HqxB-7pugro4H8XWIV3_Bcc/s1600/discovery+dashboard+-+select+report+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_bouCzeeEMMkmtVm2IqfwZZXAGZcDkoA1DIBGmDWyk8stX0JBU4xmOG6R9dMQC1IOC1aDBInMpNAwLhMDPlvg5cNHcHhacJnQUI1Gy07sxMiePvNQwxe6HqxB-7pugro4H8XWIV3_Bcc/s400/discovery+dashboard+-+select+report+2.png" width="400" height="68" /></a></div><br />
<b>Traffic Statistics</b><br />
On the top left of the Discovery Dashboard we're presented with statistics about:<br />
<ul><li>number of apps analyzed</li>
<li>number of users referenced within my network security solution's log file</li>
<li>number of IP addresses analyzed</li>
<li>amount of network traffic analyzed</li>
</ul>Remember, these statistics are only from log file entries that are not older than 90 days. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM2FMY1Zm5aR1_9oE-MS-d5zK3wk-szJjM_kviz2zpmhsvLduv8l09AYiwqHyNXdPAHoJ-LdT6Ry0MsAtghD4d6sRFVHReJomGzraj2gN3PU_NGUX2ouV3vaGFAjEKF_e82nYc5BBDaK0/s1600/asm+-+discovery+dashboard+-+traffic.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM2FMY1Zm5aR1_9oE-MS-d5zK3wk-szJjM_kviz2zpmhsvLduv8l09AYiwqHyNXdPAHoJ-LdT6Ry0MsAtghD4d6sRFVHReJomGzraj2gN3PU_NGUX2ouV3vaGFAjEKF_e82nYc5BBDaK0/s400/asm+-+discovery+dashboard+-+traffic.png" width="400" height="111" /></a></div><br />
As you can see, the amount of traffic that went through the network security solution is shown, and its broken up by the amount of traffic uploaded (red arrow) versus downloaded (black arrow).<br />
<br />
<b>Cloud Apps and Categories</b> <br />
Moving a little further down the page on the left side, we can see the categories of cloud apps and the apps that are themselves in use. In our top table on the left, ASM has categorized the cloud applications found in my log file into the categories shown here. This gives us a quick view into the type of cloud apps in use by users, or the capability which that cloud app offers to users. It also shows the total amount of data transmitted through that cloud app. For example, in this case we can see that 2.3 GB has been exchanged with cloud storage solutions (Box, Dropbox, etc.) and only 4 MB has been exchanged with social media cloud based apps (Twitter, Facebook, etc.).<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihi8NTxUcdVdviZLuJ1uRdzK620V0rkBbxGVwnZL0Edg-hd8RWXMCQtjYIit4masv9-k9jQ0cXOej_neyCC8uykqOzAGGi66j89wPsZ-fU_mFgRmZ5cNMickUexHK7etWS4yWTtZ-BbhI/s1600/asm+-+discovery+dashboard+-+categories+and+apps.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihi8NTxUcdVdviZLuJ1uRdzK620V0rkBbxGVwnZL0Edg-hd8RWXMCQtjYIit4masv9-k9jQ0cXOej_neyCC8uykqOzAGGi66j89wPsZ-fU_mFgRmZ5cNMickUexHK7etWS4yWTtZ-BbhI/s400/asm+-+discovery+dashboard+-+categories+and+apps.png" width="400" height="263" /></a></div><br />
On the bottom table on the left, we see the actual cloud apps that are most in use in my organization along with the amount of traffic generated for each (in this case OneDrive for Business, Box, Skype for Business, Office 365 and Exchange). However, I can see right beside the "Discovered apps" label that there were in fact 116 different cloud apps found going through my network device. I can use the dropdowns above that table to view the other categories of cloud apps as well. So if we select social networks from the list, I see the apps that found in my log which fall into that category, no matter how small the amount of data.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4DhnPVsaMNgAr-fwjxxV0p-n6Pp4uYewRGjrlFlxuTbjFr2glF9xHQiKhjTNj_67RJpUssLnXJa4ejpjFZJG_wEq1ViMZW2c-AqPfajASDWyTg5Ohxd8HkriP4T4K5fiNupItogWkmN8/s1600/asm+-+discovery+dashboard+-+categories+and+apps+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4DhnPVsaMNgAr-fwjxxV0p-n6Pp4uYewRGjrlFlxuTbjFr2glF9xHQiKhjTNj_67RJpUssLnXJa4ejpjFZJG_wEq1ViMZW2c-AqPfajASDWyTg5Ohxd8HkriP4T4K5fiNupItogWkmN8/s400/asm+-+discovery+dashboard+-+categories+and+apps+2.png" width="400" height="151" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdB4XVVT7z8uvi7bkfYod0fdIvqHtNW5eNerw1l1kSfXAbcMx7E1mDTCpjeH-30dCg8WAVFBlrRSUcjNZ5zxn6LmW91QDScsQ8GXNBCzf0-p9jNJ7Qh1rcVQKd6v5EAirYcas8mbYUP60/s1600/asm+-+discovery+dashboard+-+categories+and+apps+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdB4XVVT7z8uvi7bkfYod0fdIvqHtNW5eNerw1l1kSfXAbcMx7E1mDTCpjeH-30dCg8WAVFBlrRSUcjNZ5zxn6LmW91QDScsQ8GXNBCzf0-p9jNJ7Qh1rcVQKd6v5EAirYcas8mbYUP60/s400/asm+-+discovery+dashboard+-+categories+and+apps+3.png" width="400" height="152" /></a></div><br />
As well, you can easily include or exclude Office 365 traffic from these graphs by unchecking or deselecting "Office 365". So, if Office 365 is a corporate standard collaboration solution this allows you to easily focus on other cloud apps which may not be approved.<br />
<br />
<b>Risk Levels, Traffic Locations and Exporting Data</b><br />
Finally, in the diagrams on the right side of the page, ASM provides a risk score for the traffic analyzed and a map of where the traffic is originating. We can see in the following that after analyzing 2.7 GB in total that 4 KB is considered high risk traffic, 83 MB is considered medium risk and 2.6 GB is considered low risk. I can see these numbers by hovering over each slice of the pie. I can also see a world map in this section of the dashboard which gives me a quick view into where the traffic going through my network is originating from - the map is generated by the IP addresses found in my log file.<br />
<br />
<table><tr> <td><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1kGhfD_JPWIJKk8IKCnjdIdPoqII2nWvnqlAW0wKpe70EJwd4x3IMjaRs2osBCjX0VDzDKwrVsVQ-kIc6fEhEtKqSvzDMOGAWbe4FH5DciG47Np0bl-8_tes8BG5FgTZjpXTq5R-eB-M/s1600/asm+-+discovery+dashboard+-+risk+and+location.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1kGhfD_JPWIJKk8IKCnjdIdPoqII2nWvnqlAW0wKpe70EJwd4x3IMjaRs2osBCjX0VDzDKwrVsVQ-kIc6fEhEtKqSvzDMOGAWbe4FH5DciG47Np0bl-8_tes8BG5FgTZjpXTq5R-eB-M/s400/asm+-+discovery+dashboard+-+risk+and+location.png" width="400" height="355" /></a></div></td> <td valign="top"><br />
<br />
<br />
<br />
The risk level shown for the various types of traffic is based on intelligence and heuristics that ASM uses from the Microsoft Security Graph in its analysis to determine if risky IP addresses or non-reputable cloud apps are being accessed through your network. This integration of intelligence from the Microsoft Security Graph is one of the major benefits of ASM over the other built-in security tools in Office 365. <br />
<br />
You can learn more about Microsoft's intelligent security graph here: <a href="https://blogs.microsoft.com/microsoftsecure/2016/07/21/new-microsoft-azure-security-capabilities-now-available/">https://blogs.microsoft.com/microsoftsecure/2016/07/21/new-microsoft-azure-security-capabilities-now-available/</a>. <br />
</td> </tr>
</table><br />
If I want to review the specific risk details by clicking "View risk details" we are unfortunately told that I need the <b>Cloud App Security</b> solution to do that:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgC4NkVf7vkHBZuXMfoqthLFWfKr7LDsR85_9zC8eXaLczbg-fnf3HdZL2UzfQ3WcAkdYE7QLUW6P6_WvG27HLu7G1-tHrJVZv8xt_hxy_j4JLpZ_oLNscVOMmTBSr6FS-bT6ev3WeFsRs/s1600/tell+me+about+cloud+app+security.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgC4NkVf7vkHBZuXMfoqthLFWfKr7LDsR85_9zC8eXaLczbg-fnf3HdZL2UzfQ3WcAkdYE7QLUW6P6_WvG27HLu7G1-tHrJVZv8xt_hxy_j4JLpZ_oLNscVOMmTBSr6FS-bT6ev3WeFsRs/s400/tell+me+about+cloud+app+security.png" width="400" height="236" /></a></div><br />
I can adjust this graph through the dropdown to instead focus on apps, Apps, Users, IP Addresses, Upload Traffic and Transactions. On each graphic on the dashboard, I can also click the little grey downwards arrow to download a CSV file of the traffic details shown in the graph. The CSV file is relatively simple but can be useful when we need to generate reports for others in the organization.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4ySaZlnbTgcDmyuuYLzpzQd9v2F3DQ4DBGYP9jG7kb0zTwTomXC7S8EE7VykVK0H2CSYDVZWLMtMZ07uqwSN84RnB2Ua-hRQrLcCEJZowyk-pM_rPWKTRIueH3l_Y54j1-ywJbsIbLbM/s1600/asm+-+discovery+dashboard+-+risk+and+location+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4ySaZlnbTgcDmyuuYLzpzQd9v2F3DQ4DBGYP9jG7kb0zTwTomXC7S8EE7VykVK0H2CSYDVZWLMtMZ07uqwSN84RnB2Ua-hRQrLcCEJZowyk-pM_rPWKTRIueH3l_Y54j1-ywJbsIbLbM/s400/asm+-+discovery+dashboard+-+risk+and+location+2.png" width="400" height="210" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVkoT32M0aXn4XjEsjbK1mOTl4qCIWPnBHhQLgPeeC2wH8w26QwUvir6bU6IgFEVhBAY9S7Pi9jw8wHeqsLiu1rzxjcdqtAYxAeT5NZcIQIBQN_n0donZxF7DdllJa43lne-UHWiTlQfE/s1600/discovery+dashboard+output+as+csv.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVkoT32M0aXn4XjEsjbK1mOTl4qCIWPnBHhQLgPeeC2wH8w26QwUvir6bU6IgFEVhBAY9S7Pi9jw8wHeqsLiu1rzxjcdqtAYxAeT5NZcIQIBQN_n0donZxF7DdllJa43lne-UHWiTlQfE/s320/discovery+dashboard+output+as+csv.png" width="320" height="153" /></a></div><br />
<h3>Automatic Log File Upload and Cloud App Security</h3>The Productivity App Discovery Dashboard is a great solution for analyzing traffic going your network and understanding which cloud apps end users are making use of. It can provide IT and InfoSec teams with the information they need to determine if Shadow IT as at work in their organization, and give them intelligence they can use to work with end users and business groups to ensure they're following corporate policy for cloud based collaboration. <br />
<br />
As mentioned above, the upload of log files is a manual process and we're limited to having 10 reports in the dashboard at a time. I think this can still be a beneficial solution to enterprises in circumstances where you want to perform adhoc analysis a firewall or network security log, as part of a regular IT security audit or when investigating suspicious network activity. If you want to make ongoing use of this capability however and have log files uploaded automatically then for now you'll need to upgrade to the larger Cloud App Security solution from Microsoft. You can learn more about Cloud App Security here <b><a href="https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security">What Is Cloud App Security</a></b>, and I may also cover it more in a future post.<br />
<br />
<h3>What's Next</h3>This post was a fairly thorough review of the Productivity App Discovery Dashboard feature within Office 365 Advanced Security Management.<br />
<br />
The next post in this series will look at how security policies and alerts are in fact configured and how they work within ASM.<br />
<br />
Enjoy.<br />
-Antonio<br />
<br />
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com92tag:blogger.com,1999:blog-1409324927428377638.post-90722806914424295592016-12-19T23:52:00.002-05:002017-02-10T11:09:36.806-05:00A Practical Overview of Office 365 Advanced Security Management - Part 1Introduction & Audit Logs<table><tr> <td valign="top">In June 2016, Microsoft released its first iteration of <b>Office 365 Advanced Security Management</b>, a new capability within the Office 365 platform that allows organizations to go above and beyond the typical security management features that let them secure users, permissions, content and apps. In September the team added the Productivity App Discovery feature, and in October the solution continued to progress with additional capabilities to manage app permissions. <br />
<br />
This multi-part blog series will look at how to use the features that make up Advanced Security Management and share some technical details that you will hopefully find helpful.<br />
<br />
In part 1 of this series we introduce Advanced Security Management and share technical details about how it works with the <b>Office 365 Unified Audit Log</b>. <br />
<a href="http://www.trustsharepoint.com/2016/12/a-practical-overview-of-office-365.html">Let's jump in...</a></td> <td><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://www.trustsharepoint.com/2016/12/a-practical-overview-of-office-365.html" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbUZgzoXrI-WjoURAwnNOXRyeikOZ-a3kdHXowdopcJwnJHochegsue6v5fJSIEjgUsuwUZrz-Or3F-VK3_M111nurke-FHDGxO9D4tNKg8QIyGPSSgcAGsNnyxAkQ-DS58XvodNQ7_pg/s640/asm_intro.png" width="640" /></a></div></td> </tr>
</table><br />
<a name='more'></a><br />
<br />
<h3>Introduction to Advanced Security Management</h3>Advanced Security Management, or ASM, is a new set of security tools integrated into Office 365 that perform advanced threat detection and policy enforcement across your Office 365 workloads. It helps automatically identify high risk, suspicious activities and allows administrators to implement granular security policies. It also provides discovery and insight capabilities so that you can provide visibility on 'shadow IT' within your organization. ASM incorporates signals from several Office 365 services such as the Management Activity API and Microsoft Security Graph, and provides administrators with a dedicated management console for getting a dashboard overview, searching log data, configuring policies and reviewing alerts.<br />
<br />
There are a few important background details about Advanced Security Management that are important for Office 365 administrators to understand before enabling it:<br />
<br />
<ul><li>Office 365 Advanced Security Management (ASM) is a subset of the <b>Microsoft Cloud App Security</b> offering. Cloud App Security is a comprehensive service which provides security capabilities to a much broader set of applications beyond Office 365. It provides features like discovery of a very wide range of cloud applications operating in your network and on all devices going through your company firewalls or proxies. It currently supports approximately 14,000 cloud services in its catalog, and its important to emphasize that devices must go through organization's firewalls or proxies or Cloud App Security will not see the traffic. It also provides granular controls and policy enforcement for data shared through your cloud applications. And finally it provides threat protection to detect abnormal user behavior through your cloud applications and help prevent threats. Office 365 ASM integrates the broad capabilities of Cloud App Security directly with Office 365, making it fairly easy to implement across the Office 365 workloads. Learn more about the underlying technology here: <a href="https://www.microsoft.com/en-us/cloud-platform/cloud-app-security" target="_blank">Microsoft Cloud App Security</a>.</li>
<li>Office 365 ASM can be licensed in 1 of 2 ways: you may either license <u>all</u> of your Office 365 users with an E5 license (which gives you more than ASM), or you may specifically purchase the Office 365 ASM add-on license for all users (in addition to another Office 365 user license). Office 365 does not actually check if all users in fact have one of the required ASM licenses. So you can enable the feature for a subset of users initially, for evaluation, proof of concept and deployment planning. It is highly recommended that you license <u>all</u> of your users when running it in full production capacity, because you typically won't be able to predict who an attacker will target. However, it is possible to license it for just a portion of your organization if you have particular individuals that might be considered very high value or persistent targets (administrators, executives, etc.). </li>
<li>Office 365 ASM has a very strong connection and reliance on Microsoft Azure. Please continue reading to understand the capabilities usage of Azure.</li>
</ul><br />
<br />
<h3>Activating Advanced Security Management</h3><div>After adding an E5 license to your Office 365 tenant, you must specifically activate Advanced Security Management:</div><div><ul><li>Login to Office 365 as a Global Administrator</li>
<li>Click the Office 365 waffle icon and select Security and Compliance</li>
<li>In the left hand menu, click Alerts and Managed Advanced Alerts</li>
</ul></div><div><br />
</div><div>The first screen presented will ask you to select a checkbox to 'Turn on Advanced Security Management for Office 365':</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUEFIMdcNrMGmNf71TejAGUFmS1rWDnPg5PIB0BD_yNKB92A3pyns-M-wCQjI8CO64zKpownXteowpPL7aIa8v7mFqdaH9nUpo-U_n8WtH16YtvjRAX8Ua-chOCqUJlhyphenhyphen0Dhb65BixLFg/s1600/O365+ASM+-+initial+screen+to+enable+ASM+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="369" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUEFIMdcNrMGmNf71TejAGUFmS1rWDnPg5PIB0BD_yNKB92A3pyns-M-wCQjI8CO64zKpownXteowpPL7aIa8v7mFqdaH9nUpo-U_n8WtH16YtvjRAX8Ua-chOCqUJlhyphenhyphen0Dhb65BixLFg/s640/O365+ASM+-+initial+screen+to+enable+ASM+2.png" width="640" /></a></div><div><br />
</div><div><br />
</div><div>When the E5 or ASM license is added to the customer's Office 365 tenant, a new Azure tenant is automatically provisioned and associated with the customer's Office 365 tenant. Selecting the 'Turn on...' checkbox will activate ASM and kick off a number of activities behind the scenes:</div><div><ul><li>The Cloud App Security service within the new Azure tenant subscribes to the audit log data feed from the customer's Office 365 tenant. This is the same audit log data you can search within the Office 365 Security and Compliance Center by clicking Search & Investigation > Audit Log Search.</li>
<li>Audit log data begins synchronizing from the Office 365 tenant to the new Azure tenant. This data is not 'anonymized'. By activating ASM, you are authorizing the audit log data to be transferred from your Office 365 tenant to the associated Azure tenant.</li>
<li>ASM begins to build a baseline model which will ultimately use to detect suspicious user behavior and issue automated alerts. </li>
</ul><div><br />
</div>The baseline model is built for every user and updated periodically as additional data is received. It is based on both user logins and user activities like: </div><div><ul><li>Whether they access administrator activities or user activities</li>
<li>Frequency of activities</li>
<li>The device, browser and OS used to access Office 365 (through the user agent string)</li>
</ul>This process does not currently use InTune so it cannot recognize the device itself - it cannot distinguish specific devices, nor whether the device is company managed or domain-joined. This process also does not look at the amount of data downloaded by a user because the management activity API (audit log API) does not provide full metadata about files accessed. </div><div><br />
</div><div>Activation only needs to occur the first time you access ASM. The next time you login, you'll see the same screen without the checkbox. Just click <b>Go to Advanced Security Management</b> to access its management console.</div><br />
<br />
<h3>Audit Log Data Enrichment</h3><div>At the core of ASM is the audit log data and signals it receives from your Office 365 tenant and other sources (data logs that you upload, the Microsoft Security Graph, etc.).<br />
<br />
If you've ever searched or tried to work with audit log data provided within the built in Audit Log Search, you'll find that it is fairly extensive and very useful, but also quite raw. It is just that: audit log data. The interpretation is entirely up to you. There is no threat intelligence built into it; no correlation of IP addresses to known malicious addresses; no heuristics or correlation between multiple events for the same user or location. The work to understand and make use of that data is up to you. </div><div><br />
</div><div>With ASM, as audit log data is transmitted from your Office 365 tenant it is enriched with additional threat analytics, logic and heuristics - for example, ASM will:</div><div><ul><li>Standardize the incoming event: it is an admin activity, a user activity, an activity impersonated by another user, etc.</li>
<li>Is the IP address coming from a Microsoft Data Center</li>
<li>Incorporate Microsoft Security Graph data to determine if the IP address is from a known threat or risky location (ex. known TOR node or Botnet)</li>
<li>Interpret the user agent string to display the OS name/version, device type and browser type/version</li>
<li>Search for more user activities that are related to a specific activity (Ex. if a user uploaded and shared a file, quickly find out who accessed or downloaded the file)</li>
<li>An administrator can define known IP addresses for the organization which will then be incorporated into determining on which activities to raise alerts. For example, they could list their VPN subnet addresses as known addresses and thereby make their alerts smarter.</li>
</ul></div><div>We can easily compare audit log results from the 2 solutions by bringing them up side-by-side and immediately seeing some of the differences.</div><div><br />
</div><div>In the built-in Office 365 Audit Log Search function, here is an example of the results returned when we perform a search:</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggmn6Lt_HE2YvjCfFt7LA8A1PBCCiWiMBvmqPFTsDyp8QcHZ8yK-H-MH0nuSkiU-B89LAS3GRpt5tVuPCnO1qdbNX7G2mwTxkR7NesAac65vR-EwvPn3MDN2ETugKV0QtUtaqOrfAbLiM/s1600/O365+ASM+-+initial+screen+to+enable+ASM+4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggmn6Lt_HE2YvjCfFt7LA8A1PBCCiWiMBvmqPFTsDyp8QcHZ8yK-H-MH0nuSkiU-B89LAS3GRpt5tVuPCnO1qdbNX7G2mwTxkR7NesAac65vR-EwvPn3MDN2ETugKV0QtUtaqOrfAbLiM/s640/O365+ASM+-+initial+screen+to+enable+ASM+4.png" width="640" /></a></div><div></div><div>We get the date/time, originating IP address, username, activity name, item acted upon and a list of raw details. If we click on a line we're presented with a list of that raw detail:</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKZjPICWY8eWYfdYvZKyPPT3fWHORC0mUL6zChfDCpeGxw77G36FSoVtR0JJobgQ6CzfNGMbz3aajSKUDmPPaNFZ9XLTEaC3C7QMv5Ewpq09ye_MYBN_J8wPNlRmYNPIknSJFPwae2N84/s1600/O365+ASM+-+initial+screen+to+enable+ASM+5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKZjPICWY8eWYfdYvZKyPPT3fWHORC0mUL6zChfDCpeGxw77G36FSoVtR0JJobgQ6CzfNGMbz3aajSKUDmPPaNFZ9XLTEaC3C7QMv5Ewpq09ye_MYBN_J8wPNlRmYNPIknSJFPwae2N84/s400/O365+ASM+-+initial+screen+to+enable+ASM+5.png" width="235" /></a></div><div><br />
</div><div>Many of the details are listed in their full technical form. Again, this is all very useful data, but it is raw and requires your own interpretation and correlation with other events.</div><div><br />
</div><div>ASM allows us to perform simple or complex searches against the same data set. If we look at an example of the search results, we get similar data but with a view that is easier to read and some details summarized for us. We're presented with an activity name that is more meaningful, the user, the app from which the entry was reported, originating IP address, the physical location of that IP (country), the device type, OS version and browser type/version (seen by hovering over the icons), and the date/time.</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU7ntUf6ABHflznW-YjVFvz2ggR2W8nsmRXjjURbScgnVecdFMJcKlqkxrHg5zOuGJNO3HXyL9qg5BzfcupjUfe-RIsW5btA3V0htoitJg7IFS4ZA1th0kUy1kutMPETSEp41Mx4XAHvc/s1600/O365+ASM+-+initial+screen+to+enable+ASM+6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU7ntUf6ABHflznW-YjVFvz2ggR2W8nsmRXjjURbScgnVecdFMJcKlqkxrHg5zOuGJNO3HXyL9qg5BzfcupjUfe-RIsW5btA3V0htoitJg7IFS4ZA1th0kUy1kutMPETSEp41Mx4XAHvc/s640/O365+ASM+-+initial+screen+to+enable+ASM+6.png" width="640" /></a></div><div></div><div>If we click on a line in our search results, we're given a summarized view that may be much more meaningful depending on the event:</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEVq-P6xd0knsEldiSNl4p4Kq0Ig3GZwXCT5zOGufmm3kdfv6v_Q3LykALZq1Ov5roHDxcrTTT6c84sFN0cmehTkHVtigemCadiJY9ZVctyw8sD4M7rBl357CcymvbzGRSDCDBW-9thas/s1600/O365+ASM+-+initial+screen+to+enable+ASM+7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEVq-P6xd0knsEldiSNl4p4Kq0Ig3GZwXCT5zOGufmm3kdfv6v_Q3LykALZq1Ov5roHDxcrTTT6c84sFN0cmehTkHVtigemCadiJY9ZVctyw8sD4M7rBl357CcymvbzGRSDCDBW-9thas/s640/O365+ASM+-+initial+screen+to+enable+ASM+7.png" width="640" /></a></div><div><br />
</div><div>We get the city, state and country of the originating IP address. The ISP which that IP is assigned through. The full username and Azure AD groups which that user belongs to. If the entry matches any currently configured policies those will be listed as well under 'Matched Policies'. Here is another example of a file access entry:</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoVHcNiiA0Rz3fsgbTd4FMcTOKRNsEPI8qjwPhYgsYwcjHWxoA8eg7BGTeJgA8E7eqfy_j1kGUwqNNloCaq6i8geCoNtZ2AIl8UELqDhQALVKMAz7tHrc3rOqoa339rKAvre6DqBZUEso/s1600/O365+ASM+-+initial+screen+to+enable+ASM+8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoVHcNiiA0Rz3fsgbTd4FMcTOKRNsEPI8qjwPhYgsYwcjHWxoA8eg7BGTeJgA8E7eqfy_j1kGUwqNNloCaq6i8geCoNtZ2AIl8UELqDhQALVKMAz7tHrc3rOqoa339rKAvre6DqBZUEso/s640/O365+ASM+-+initial+screen+to+enable+ASM+8.png" width="640" /></a></div><div><br />
</div><div>In addition, we can easily determine if other there are other activities in the log which are related to this IP address, this user, this type of activity or this country/region by clicking the ... beside the entry and selecting one of the actions:</div><div><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcHZGoe9IdVFUqOclqq1IJ6gC4Ti6hjWzzIV3yfkwpw3Khkq5a8jWIOAEZkTLMpjIh10V23Q-FVWazwoyBn_vKFT2r0UnUJqJFC5hyphenhyphenOLMjyg8RAh_bDBImTUumIrNo5QHkILJ-VqfEgOg/s1600/O365+ASM+-+initial+screen+to+enable+ASM+9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcHZGoe9IdVFUqOclqq1IJ6gC4Ti6hjWzzIV3yfkwpw3Khkq5a8jWIOAEZkTLMpjIh10V23Q-FVWazwoyBn_vKFT2r0UnUJqJFC5hyphenhyphenOLMjyg8RAh_bDBImTUumIrNo5QHkILJ-VqfEgOg/s640/O365+ASM+-+initial+screen+to+enable+ASM+9.png" width="640" /></a></div><br />
<br />
Audit log data enrichment is a big part of the value which Advanced Security Management provides Office 365 customers. These are just some current, simple examples of logic and signals added to the management activity API feed as it comes into ASM. We do hope to see some additional intelligence added over time, given the breath of data available from Office 365 workloads - in particular more specific data about our users, about our files and about the SharePoint and Office 365 groups that our users belong to.<br />
<br />
<h3>Audit Log Data Retention</h3>Another important distinction between the Office 365 audit log data feature and ASM is that Office 365 retains audit log data for a maximum of 90 days. However, ASM retains audit log data for 6 months. This is important when corporate security policies or regulations require you to be able to investigate data breaches for longer periods of time after they have occurred. <br />
<br />
Often, data breaches are not discovered for several months after they have occurred and this data becomes critical to performing analysis to determine how a breach occurred and how to prevent it in the future. To be honest, even 6 months can seem a bit short. In several organizations where I've performed cybersecurity audits, they often have requirements to maintain audit log data for up to 1 year. If you're in that situation you may need to look for an additional solution to store such audit data longer term (for example, Microsoft Operations Management Suite).<br />
<br />
<h3>What's Next...</h3>This was just a quick introduction to the Office 365 Advanced Security Management solution, how to activate it and the data which is incorporated into policies and alerts. There is a lot more exciting security capabilities too look at!<br />
<br />
In part 2 and 3 of this series, we'll look at the Discovery Dashboard, how to bring in data from other internal systems and how to configure policies & alerts.<br />
<br />
Enjoy.<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com32tag:blogger.com,1999:blog-1409324927428377638.post-44982026135535809622016-12-19T01:46:00.000-05:002016-12-19T11:30:38.149-05:00SharePoint 2010 Security Patches - How Vulnerable Are You? UPDATED: December 2016<b>YES</b>, this blog post is about SharePoint 2010! <br />
<br />
<b>YES</b>, SharePoint 2010 is old, over 6 years old actually. <br />
<b>YES</b>, its no longer officially supported by Microsoft, without very specific Premiere Support that is.<br />
<b>YES</b>, we still see a lot of it out there! <br />
<b>YES</b>, if you're going to continue to stick with SharePoint 2010 for now, you must keep current with security patches!<br />
<br />
One of the most common security issues we see with SharePoint 2010 farms is that administrators have <b><u><i>not</i></u></b> kept up with security patches and updates. This not only makes it difficult to support and maintain the environment, but it also opens your farm up to security vulnerabilities - security vulnerabilities that have already been fixed! <br />
<br />
This article reviews all SharePoint 2010 security updates that have been released in the last 5+ years since Service Pack 1, and discusses the importance of keeping up to date with those patches.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.trustsharepoint.com/2016/11/sharepoint-2010-security-updates-how.html#more" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl6VXzYll_a3ZOWTdjPKy3cPQ23rLaYDHXrm_F3jCewPVk7owzHqgNqs2-uQt4VREKcYwuqjJIig6L-A1SyqTWQrwKvtuVSR1YpSIyp-0Q46eiQ7acDbsZJOs1LZMpBb9_52gteB9-EWA/s640/sp2010+patch+table.png" width="1000" height="200" /></a></div><a name='more'></a><h3>Why Keep Up to Date with SharePoint 2010 Security Patches?</h3>Its generally accepted that all (or most) corporate, government or enterprise SharePoint farms contain sensitive data of one form or another. As such, security threats to your SharePoint farm represent security threats to your sensitive data. The security threats can come from many sources, which are often referred to as 'attack vectors' by security geeks, including:<br />
<ul><li>These can be traditional external threat actors or people trying to hack into your network and then your SharePoint farm. </li>
<li>They can be internal threats, or your own employees, looking to steal information for either some form of sabotage, competitive advantage or a partisan/political cause that they believe in.</li>
<li>Or, and more commonly, they can be due to malware that is accidentally (or sometimes intentionally) brought into your enterprise environment.</li>
</ul><br />
This is a generalization, but... Internal threats will tend to rely on some form of social engineering to gain 'legitimate' access to the repository and therefore the data... <br />
<div style="text-align: center;"><i>"oh just give me Full Control so I can get access to the data I need to get my job done today"</i>. </div><br />
However, external attackers or malware will tend to exploit some security vulnerability in your server environment in order to access a repository that's storing sensitive data. It is these security vulnerabilities that the many security patches that have been released over the years have been specifically built to fix. Many SharePoint 2010 environments we've looked at are typically running without having been patched in years! We've assessed several over the last year and many SharePoint 2010 farms have in fact have only been patched to <b><i>SharePoint 2010 Service Pack 1</i></b>, which was released in June 2011. If you think about it, that's over 5 years worth of security updates that are missing from those farms, leaving it open to significant vulnerabilities and attacks!<br />
<br />
<h3>List of SharePoint 2010 Security Updates since Service Pack 1</h3>First of all, let me give a huge thank you to <b>Todd Klindt (@ToddKlindt)</b> who has maintained a list of SharePoint build versions and links to the cumulative updates for many years, which can be found <a href="http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224">here</a>. Much of my data starts with his table and then is correlated with Microsoft issued security bulletins each month. Thank you also to <b>Josh Jackson </b>for helping me put this list together!<br />
<br />
The following table builds on top of Todd's list to include the security updates that have been released with each update since Service Pack 1. All important or critical security updates are shown in <span style="color: red;">Red</span>. I'm including this here to help readers understand the importance of updating their farm and to help decide which security updates to deploy.<br />
<link rel=File-List
href="SharePoint%202010%20Security%20Updates%20-%20PUBLISHED_files/filelist.xml"><br />
<style id="SharePoint 2010 Security Updates - PUBLISHED_13503_Styles">
<!--table
{mso-displayed-decimal-separator:"\.";
mso-displayed-thousand-separator:"\,";}
.xl1513503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl6513503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl6613503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:windowtext;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl6713503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:blue;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:underline;
text-underline-style:single;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl6813503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl6913503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:windowtext;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl7013503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl7113503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl7213503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl7313503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
background:#DCE6F1;
mso-pattern:black none;
white-space:normal;}
.xl7413503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
background:#DCE6F1;
mso-pattern:black none;
white-space:normal;}
.xl7513503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
background:#DCE6F1;
mso-pattern:black none;
white-space:nowrap;}
.xl7613503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl7713503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl7813503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:black;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:bottom;
background:#DCE6F1;
mso-pattern:black none;
white-space:normal;}
.xl7913503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:windowtext;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl8013503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:windowtext;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:middle;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl8113503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:middle;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl8213503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:underline;
text-underline-style:single;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl8313503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:"\@";
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl8413503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:underline;
text-underline-style:single;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl8513503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:underline;
text-underline-style:single;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl8613503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:underline;
text-underline-style:single;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:left;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
.xl8713503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:red;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:"Segoe UI", sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:nowrap;}
.xl8813503
{padding-top:1px;
padding-right:1px;
padding-left:1px;
mso-ignore:padding;
color:windowtext;
font-size:11.0pt;
font-weight:400;
font-style:normal;
text-decoration:none;
font-family:Calibri, sans-serif;
mso-font-charset:0;
mso-number-format:General;
text-align:general;
vertical-align:bottom;
mso-background-source:auto;
mso-pattern:auto;
white-space:normal;}
-->
</style><br />
<div id="SharePoint 2010 Security Updates - PUBLISHED_13503" align=center
x:publishsource="Excel"><table border=0 cellpadding=7 cellspacing=0 width=700 style='border-collapse:
collapse;table-layout:fixed;width:700pt'><col width=101 style='mso-width-source:userset;mso-width-alt:4242;width:77pt'> <col class=xl6813503 width=100 style='mso-width-source:userset;mso-width-alt:
5376;width:100pt'> <col width=121 style='mso-width-source:userset;mso-width-alt:9764;width:121pt'> <col class=xl6513503 width=134 style='mso-width-source:userset;mso-width-alt:
4900;width:71pt'> <col class=xl6513503 width=84 style='mso-width-source:userset;mso-width-alt:
3072;width:63pt'> <col width=90 style='mso-width-source:userset;mso-width-alt:6473;width:61pt'> <col class=xl7013503 width=400 style='mso-width-source:userset;mso-width-alt:
39094;width:325pt'>
<tr class=xl7513503 height=20 style='height:15.0pt'> <td height=20 class=xl7413503 width=101 style='height:15.0pt;width:77pt'>Version</td> <td class=xl7813503 width=100 style='width:100pt' id="MSOZoneCell_WebPartWPQ2">Release</td> <td class=xl7413503 width=121 style='width:121pt'>Category</td> <td class=xl7313503 width=134 style='width:71pt'>Security<br />
Criticality</td> <td class=xl7413503 width=84 style='width:63pt'>KB Article</td> <td class=xl7413503 width=90 style='width:61pt'>Security<br />
Bulletin</td> <td class=xl7413503 width=400 style='width:325pt'>Security Related Notes</td> </tr>
<tr class=xl7113503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl7113503 style='height:15.0pt'>14.0.6029.1000</td> <td class=xl7713503>May 2011</td> <td class=xl7113503>Service Pack 1</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/2460045"><span
style='color:red'>KB2460045</span></a></td> <td class=xl7113503></td> <td class=xl7613503 width=400 style='width:325pt'>Required to maintain Microsoft support.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6106.5002</td> <td class=xl7913503>June 2011 - Mark 2</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="https://support.microsoft.com/en-us/kb/2536599">KB2536599</a></td> </div><td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6109.5002</td> <td class=xl7913503>August 2011</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="https://support.microsoft.com/en-us/kb/2553048">KB2553048</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Fix included for a minor security issue with the audience picker control.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6112.5000</td> <td class=xl7913503>October 2011</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2596505">KB2596505 </span></a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6114.5000<span
style='mso-spacerun:yes'> </span></td> <td class=xl7913503>December 2011</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2597014">KB2597014</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6117.5002 </td> <td class=xl7913503>February 2012</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="https://support.microsoft.com/en-us/kb/2597150">KB2597150</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6120.5000</td> <td class=xl8013503 width=100 style='width:100pt'>April 2012 - Mark1</td> <td class=xl6913503>(Removed)</td> <td class=xl6613503>NA</td> <td class=xl6613503></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6120.5006</td> <td class=xl8013503 width=100 style='width:100pt'>April 2012 - Mark 2</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2598151">KB2598151</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6123.5002</td> <td class=xl8013503 width=100 style='width:100pt'>June 2012</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2598354">KB2598354</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6126.5000</td> <td class=xl8013503 width=100 style='width:100pt'>August 2012</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2687353">KB2687353</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6129.5003</td> <td class=xl8013503 width=100 style='width:100pt'>October 2012</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2687564">KB2687564</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6131.5003</td> <td class=xl8013503 width=100 style='width:100pt'>December 2012</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2596955">KB2596955</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6134.5000</td> <td class=xl8013503 width=100 style='width:100pt'>February 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2767793">KB2767793</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>This update does contain a modified securitytoken.svc service, but the changes are not classified specifically as security fixes.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.6134.5003</td> <td class=xl8013503 width=100 style='width:100pt'>February 2013</td> <td class=xl6913503>Critical On Demand Fix</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://blogs.msdn.com/b/joerg_sinemus/archive/2013/02/12/february-2013-sharepoint-2010-hotfix.aspx">Article</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.6137.5000</td> <td class=xl8013503 width=100 style='width:100pt'>April 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2775353">KB2775353</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl7113503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl7113503 style='height:15.0pt'>14.0.7015.1000</td> <td class=xl8113503 width=100 style='width:100pt'>May 2013</td> <td class=xl8113503 width=121 style='width:121pt'>Service Pack 2</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="http://support.microsoft.com/kb/2687453"><span
style='color:red'>KB2687453</span></a></td> <td class=xl7113503></td> <td class=xl7613503 width=400 style='width:325pt'>Required to maintain Microsoft support.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7102.5000</td> <td class=xl8013503 width=100 style='width:100pt'>June 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2817363">KB2817363</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7102.5004</td> <td class=xl8013503 width=100 style='width:100pt'>July 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2817527">KB2817527</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7106.5000</td> <td class=xl8013503 width=100 style='width:100pt'>August 2013 - Mark 1</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2817570">KB2817570</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>There are updates to various security related components: selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx. Security related fixes included in this update pertain to an issue with alerts not sent to a claims based user that has not logged in for 24 hours, and size limitations on audit trail reports.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7106.5002</td> <td class=xl8013503 width=100 style='width:100pt'>August 2013 - Mark 2</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2825949">KB2825949</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>There are updates to various security related components: selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx. Security related fixes included I this update pertain to an issue with alerts not sent to a claims based user that has not logged in for 24 hours, and size limitations on audit trail reports.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7110.5000</td> <td class=xl8013503 width=100 style='width:100pt'>October 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2825786">KB2825786</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7113.5000</td> <td class=xl8013503 width=100 style='width:100pt'>December 2013</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2849971">KB2849971</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7116.5000</td> <td class=xl8013503 width=100 style='width:100pt'>February 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2863913">KB2863913<span
style='mso-spacerun:yes'> </span></a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7121.5004</td> <td class=xl7913503>April 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2878250/en-us">KB2878250</a></td> </div><td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl7113503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl7113503 style='height:15.0pt'>14.0.7123.5000</td> <td class=xl7713503>May 2014</td> <td class=xl7113503>Security Update</td> <td class=xl7213503>Critical</td> <td class=xl7213503>KB2952166</td> <td class=xl8213503><a
href="https://technet.microsoft.com/library/security/ms14-022"><span
style='color:red'>MS14-022</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability: could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint server.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7125.5000</td> <td class=xl8013503 width=100 style='width:100pt'>June 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2880972">KB2880972</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Office documents that are digitally signed and uploaded to a document library can have their signature invalidated when a new content type is added to a library.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7128.5001</td> <td class=xl8013503 width=100 style='width:100pt'>July 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2883005/en-us">KB2883005</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7130.5000</td> <td class=xl8013503 width=100 style='width:100pt'>August 2014</td> <td class=xl6913503>Hot Fix (Not Cumulative)</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/kb/2889831">KB2889831</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7132.5000</td> <td class=xl8013503 width=100 style='width:100pt'>September 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2883103">KB2883103</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, securitytoken.svc, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7134.5000</td> <td class=xl8013503 width=100 style='width:100pt'>October 2014</td> <td class=xl6913503>Hot Fix (Not Cumulative)</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="https://support.microsoft.com/en-us/kb/2899490">KB2899490<span
style='mso-spacerun:yes'> </span></a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7137.5000</td> <td class=xl8013503 width=100 style='width:100pt'>November 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2899478">KB2899478<span
style='mso-spacerun:yes'> </span></a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl6913503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl6913503 style='height:30.0pt'>14.0.7140.5000</td> <td class=xl8013503 width=100 style='width:100pt'>December 2014</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a
href="http://support2.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2899583">KB2899583</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'>Although there are updates to various security related components (selectsecurity.aspx, security.aspx, spsecuritysettings.aspx) the changes are not classified as security fixes.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7143.5001</td> <td class=xl8113503 width=100 style='width:100pt'>February 2015</td> <td class=xl7113503>Cumulative Update + <br />
<br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/2899558"><span
style='color:red'>KB2899558</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/2920810"><span
style='color:red'>MS15-012</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability: could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office. More details available at: <a href="https://technet.microsoft.com/library/security/ms15-012">https://technet.microsoft.com/library/security/ms15-012</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7145.5000</td> <td class=xl8113503 width=100 style='width:100pt'>March 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/2956201"><span
style='color:red'>KB2956201</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/2956208"><span
style='color:red'>MS15-022</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability: could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office. More details available at: <a href="https://technet.microsoft.com/library/security/ms15-022">https://technet.microsoft.com/library/security/ms15-022</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7100.5000</td> <td class=xl8113503 width=100 style='width:100pt'>April 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="http://support.microsoft.com/KB/2965294"><span
style='color:red'>KB2965294</span></a></td> <td class=xl8213503><a
href="https://technet.microsoft.com/library/security/ms15-033"><span
style='color:red'>MS15-033</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability: could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office. More details available at: <a href="https://technet.microsoft.com/library/security/ms15-033">https://technet.microsoft.com/library/security/ms15-033</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7149.5000</td> </div><td class=xl8313503 width=100 style='width:100pt'>May 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3015569"><span
style='color:red'>KB3015569</span></a></td> <td class=xl8413503 width=90 style='width:61pt'><a
href="https://support.microsoft.com/en-us/kb/2965233"><span style='color:
red'>MS15-046</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability: could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Office file in an affected version of Office. More details available at: <a href="https://technet.microsoft.com/library/security/ms15-046">https://technet.microsoft.com/library/security/ms15-046</a>.</td> </tr>
<tr class=xl7113503 height=60 style='height:45.0pt;border-bottom:1pt solid black'> <td height=60 class=xl7113503 style='height:45.0pt'></td> <td class=xl8313503 width=100 style='width:100pt'></td> <td class=xl7113503></td> <td class=xl7213503></td> <td class=xl7213503></td> <td class=xl8413503 width=90 style='width:61pt'><a
href="https://support.microsoft.com/en-us/kb/2956192"><span style='color:
red'>MS15-047</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability: could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-047">https://technet.microsoft.com/library/security/MS15-047</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7151.5001</td> <td class=xl8113503 width=100 style='width:100pt'>June 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="http://support.microsoft.com/KB/3054880"><span
style='color:red'>KB3054880</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3054833"><span
style='color:red'>MS15-046</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability: could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Office file in an affected version of Office. More details available at: <a href="https://technet.microsoft.com/library/security/ms15-046">https://technet.microsoft.com/library/security/ms15-046</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7153.5000</td> <td class=xl8113503 width=100 style='width:100pt'>July 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3054975"><span
style='color:red'>KB3054975</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3054968"><span
style='color:red'>MS15-070</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-070">https://technet.microsoft.com/library/security/MS15-070</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7155.5000</td> <td class=xl8113503 width=100 style='width:100pt'>August 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3055040"><span
style='color:red'>KB3055040</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3054960"><span
style='color:red'>MS15-081</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-081">https://technet.microsoft.com/library/security/MS15-081</a>.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7157.5001</td> <td class=xl8013503 width=100 style='width:100pt'>September 2015</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="http://support.microsoft.com/en-us/KB/3085521">KB3085521</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7160.5000</td> <td class=xl8113503 width=100 style='width:100pt'>October 2015 CU</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3085603"><span
style='color:red'>KB3085603</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3085596"><span
style='color:red'>MS15-110</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-110">https://technet.microsoft.com/library/security/MS15-110</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7162.5000</td> <td class=xl8313503 width=100 style='width:100pt'>November 2015</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="http://support.microsoft.com/en-us/KB/3101534"><span
style='color:red'>KB3101534</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3085511"><span
style='color:red'>MS15-116</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-116">https://technet.microsoft.com/library/security/MS15-116</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'></td> <td class=xl8313503 width=100 style='width:100pt'></td> <td class=xl7113503></td> <td class=xl7213503></td> <td class=xl7213503></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3101525"><span
style='color:red'>MS15-116</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS15-116">https://technet.microsoft.com/library/security/MS15-116</a>.</td> </tr>
<tr class=xl6913503 height=20 style='height:15.0pt;border-bottom:1pt solid black'> <td height=20 class=xl6913503 style='height:15.0pt'>14.0.7164.5000</td> <td class=xl8013503 width=100 style='width:100pt'>December 2015</td> <td class=xl6913503>Cumulative Update</td> <td class=xl6613503>Minor</td> <td class=xl6713503><a href="https://support.microsoft.com/en-us/kb/3114408">KB3114408</a></td> <td class=xl6913503></td> <td class=xl8813503 width=400 style='width:325pt'></td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7166.5000</td> <td class=xl8113503 width=100 style='width:100pt'>February 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3114558"><span
style='color:red'>KB3114558</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3114401"><span
style='color:red'>MS16-015</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-015">https://technet.microsoft.com/library/security/MS16-015</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7167.5000</td> <td class=xl8113503 width=100 style='width:100pt'>March 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3114882"><span
style='color:red'>KB3114882</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3114866"><span
style='color:red'>MS16-029</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-029">https://technet.microsoft.com/library/security/MS16-029</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7168.5000</td> <td class=xl8113503 width=100 style='width:100pt'>April 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8613503 width=84 style='width:63pt'><a
href="https://support.microsoft.com/en-us/kb/3114995"><span style='color:
red'>KB3114995</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3114988"><span
style='color:red'>MS16-042</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-042">https://technet.microsoft.com/library/security/MS16-042</a>.</td> </tr>
<tr class=xl7113503 height=41 style='height:30.75pt;border-bottom:1pt solid black'> <td height=41 class=xl8713503 style='height:30.75pt'>14.0.7169.5000</td> <td class=xl8113503 width=100 style='width:100pt'>May 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3115126"><span
style='color:red'>KB3115126</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3115117"><span
style='color:red'>MS16-054</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-054">https://technet.microsoft.com/library/security/MS16-054</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7170.5000</td> <td class=xl7713503>June 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3115245"><span
style='color:red'>KB3115245</span></a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3115196"><span
style='color:red'>MS16-070</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-070">https://technet.microsoft.com/library/security/MS16-070</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7171.5002</td> <td class=xl7713503>July 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3115319"><span
style='color:red'>KB3115319</a></td> <td class=xl8213503><a href="http://support.microsoft.com/kb/3115312"><span
style='color:red'>MS16-088</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-088">https://technet.microsoft.com/library/security/MS16-088</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7173.5000</td> <td class=xl7713503>September 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3115473"><span
style='color:red'>KB3115473</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3115119"><span
style='color:red'>MS16-107</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-107">https://technet.microsoft.com/library/security/MS16-107</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'></td> <td class=xl7713503></td> <td class=xl7113503></td> <td class=xl7213503></td> <td class=xl7213503></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3115466"><span
style='color:red'>MS16-107</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-107">https://technet.microsoft.com/library/security/MS16-107</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7174.5001</td> <td class=xl7713503>October 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Critical</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3118387"><span
style='color:red'>KB3118387</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3118377"><span
style='color:red'>MS16-121</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Critical vulnerability focused on Excel Services: could allow remote code execution if a user opens a specially crafted Microsoft Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-121">https://technet.microsoft.com/library/security/MS16-121</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7176.5000</td> <td class=xl7713503>November 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3127957"><span
style='color:red'>KB3127957</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3127950"><span
style='color:red'>MS16-133</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-133">https://technet.microsoft.com/library/security/MS16-133</a>.</td> </tr>
<tr class=xl7113503 height=40 style='height:30.0pt;border-bottom:1pt solid black'> <td height=40 class=xl7113503 style='height:30.0pt'>14.0.7177.5000</td> <td class=xl7713503>December 2016</td> <td class=xl7113503>Cumulative Update + <br />
Security Update</td> <td class=xl7213503>Important</td> <td class=xl8513503><a href="https://support.microsoft.com/en-us/kb/3128036"><span
style='color:red'>KB3128036</a></td> <td class=xl8213503><a href="https://support.microsoft.com/en-us/kb/3128026"><span
style='color:red'>MS16-148</span></a></td> <td class=xl7613503 width=400 style='width:325pt'>Important vulnerability focused on Excel and Word Automation Services: could allow remote code execution if a user opens a specially crafted Office file. More details available at: <a href="https://technet.microsoft.com/library/security/MS16-148">https://technet.microsoft.com/library/security/MS16-148</a>.</td> </tr>
</table></div><br />
*Note: This list does not contain patches specific to SharePoint 2010 Foundation, only SharePoint 2010 Server.<br />
<br />
<h3>Microsoft Service Packs, Cumulative Updates (CU) and Public Updates (PU) </h3>These are all different types of updates with specific characteristics. Service Packs are a tested, cumulative set of all hotfixes, security updates, critical updates, and updates up to a specific point in time. They often denote a support level for the general product, meaning you should be upgraded to the latest service pack in order to maintain your farm in a supported state. More information on the definitions can be found <a href="https://blogs.technet.microsoft.com/stefan_gossner/2013/03/21/common-question-what-is-the-difference-between-a-pu-a-cu-and-a-cod/">here</a>.<br />
<br />
As a standard practice, you must also make sure that you thoroughly test these updates on a pre-production environment before applying them to your production farms. <br />
<br />
Very obviously its important to keep your SharePoint farm, or any enterprise software, current by applying the latest hotfixes, updates, and service packs. These updates contain important security fixes, product enhancements and improvements. Deploying a security update usually requires some form of change management/approval process for the server farm, and that can sometimes have business implications due to downtime required to apply updates to SharePoint 2010. My hope is that this table and article can help IT administrators justify the time and change approval process required to patch their SharePoint 2010 farms and keep them current with the latest security updates available.<br />
<br />
Happy patching!<br />
-Antonio<br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br />
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com9tag:blogger.com,1999:blog-1409324927428377638.post-63307636593030829292016-12-04T22:08:00.002-05:002016-12-04T22:08:27.962-05:00SharePoint Saturday Ottawa: How Secure is My Data in Office 365? [Updated Slides]Thanks to everyone that attended my session in Ottawa this weekend. There were some good questions and I hope everyone found it helpful. Please let me know if you have any questions. For those folks who think that Office 365 is not secure, please read this previous post and my slides carefully and please reach out with questions!<br />
<div>
<br /></div>
You can also find another post of mine with some discussion about just how secure your data is in Office 365 here: <a href="http://www.trustsharepoint.com/2016/10/how-secure-is-my-data-in-office-365.html">http://www.trustsharepoint.com/2016/10/how-secure-is-my-data-in-office-365.html</a>.<br />
<br />
My most up to date slides, which I presented this past weekend, can be found here:<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="485" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/ypQGMuD2mweLw0" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="595"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/AntonioMaio2/sharepoint-saturday-ottawa-how-secure-is-my-data-in-office-365" target="_blank" title="SharePoint Saturday Ottawa - How secure is my data in office 365?">SharePoint Saturday Ottawa - How secure is my data in office 365?</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div>
<br />
Enjoy!<br />
-AntonioAntonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com9tag:blogger.com,1999:blog-1409324927428377638.post-51397516926358040782016-11-03T23:22:00.001-04:002016-11-04T11:01:54.577-04:00Office 365 SecurityNew Innovations Announced at Microsoft Ignite 2016I had the privilege of attending the Microsoft Ignite 2016 conference in Atlanta, GA this past September. It was of course full of great sessions, demos and announcements. I was impressed at how many of those sessions focused on the security capabilities of the Office 365 platform. I left with the feeling that, through these sessions, announcements, demos and innovations, that Microsoft is clearly demonstrating their commitment and continued investment in providing a secure environment for our corporate data in Office 365. They've robust feature set that enables both them as operators of the service, and us as customers and users of the service, to protect our sensitive data in Office 365.<br />
<br />
That said, the security of our data, even within the Microsoft cloud, is always a <b><i>shared responsibility</i></b>. Microsoft provides the most secure cloud platform available and with that robust feature set, they give customers the ability to control how information is secured, accessed, shared, governed and monitored. Its still up to us as customers to make efficient use of those controls in ways that protect our businesses and keep our users productive. <br />
<br />
As we saw at Ignite, Microsoft has continued to innovate providing us ever more robust security controls for Office 365. In this blog we're going to look at some of the great new security features that were demo'ed and revealed that Microsoft Ignite. At the end of this blog, I've also included the slides from today's webinar.<br />
<br />
<a name='more'></a><br />
<h3>
1. Site Classification</h3>
Originally announced at the May the 4th "Future of SharePoint" event, there several demos at Microsoft Ignite that included the upcoming Site Classification feature. This feature does not yet appear in public or First Release tenants, but we're told they're rolling out soon. We've seen many organizations build this feature themselves as part of a custom site creation workflow. This tends to actually be one of the most popular reasons for customizing the site creation process - in order to ask the site creator the question:<br />
<br />
<div style="text-align: center;">
<b><i>What is the sensitivity of the data that will be stored in this site?</i></b></div>
<br />
Just about all organizations have sensitive data, but a very common security challenge for them is identifying what data is sensitive or where sensitive data is stored. Sensitive data can't always be identified by DLP policies that automatically scan data looking for keywords, patterns or regular expressions. Sometimes it takes a person to identify that a document or piece of data is sensitive. <br />
<br />
Its nice to see this soon coming out as a standard feature for all to take advantage of!<br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br />
Site classification may seem like a small feature but its one that has huge benefits for helping clients identify what data is sensitive, where it may live, and where it may not live. <br />
<ul>
<li>At the time of site creation, it allows people to identify which sites may and which sites may not contain sensitive information.</li>
<li>It also educates users visiting a site, letting them know the sensitivity of the information contained within. This can help users know that they cannot upload a 'confidential' document to a site classified as 'public' or 'general purpose'.</li>
</ul>
<br />
Essentially, the way the feature works is upon creating a site the creator is asked to select the classification of the site from a drop down of options. The goal here is to have the site creator think about the type of information that will be stored within the site, its sensitivity to the organization and who it may be shared with. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXFgG_1DnZplYFWSsPK3mfB4FxPgiT3qfMbjNRjPD4lni1XhSraZe675OQnsZdlcohsoIXQxRbhseWA-Ub9EX4wzQd_E_sAmaxPrnyALNsVgLhUD7Y4OK3uwdPDtFxcGIM7LnExxS5ZUk/s1600/office+365+security+-+site+classification.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXFgG_1DnZplYFWSsPK3mfB4FxPgiT3qfMbjNRjPD4lni1XhSraZe675OQnsZdlcohsoIXQxRbhseWA-Ub9EX4wzQd_E_sAmaxPrnyALNsVgLhUD7Y4OK3uwdPDtFxcGIM7LnExxS5ZUk/s400/office+365+security+-+site+classification.png" width="400" /></a></div>
<br />
We are told that the classification labels available in the dropdown (internal use, confidential, etc.) will be centrally configurable and may be customized, but we have not yet seen what this configuration looks like.<br />
<br />
Below the site classification dropdown we have a User Guidelines link that allows us to provide the site creator with some direction on what the classifications mean. We can provide a link to a custom page with these classification definitions, so that both site creators and end users visiting sites can better understand when to use each classification label.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2nhfUmnmZ4_TynMr9WKWjPOs0Sg_nMMIKC3MzdE7jyFtPPwdihhySIAcFSQuQ6Mly1lY_tOttX32PnFnc5InPvw37w4gYCk5wrpaXL5z4z2hjfPXP8NVtWh7oNVrOsPUJEf1SV-PNUcA/s1600/office+365+security+-+site+classification+2+-+Copy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2nhfUmnmZ4_TynMr9WKWjPOs0Sg_nMMIKC3MzdE7jyFtPPwdihhySIAcFSQuQ6Mly1lY_tOttX32PnFnc5InPvw37w4gYCk5wrpaXL5z4z2hjfPXP8NVtWh7oNVrOsPUJEf1SV-PNUcA/s320/office+365+security+-+site+classification+2+-+Copy.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFM78Z3FnN682XBZ8B-GJmBhDqpxAeUjZMo9fmfCGak_Z2_27UJwaleLjT8pqKinZewVX2gPr6ThrtGOuYXI-dKJ72JhlyEyH5cfNpir8XjDihYnRrVU422nM58j6cM8CebC4Tre_MKBc/s1600/office+365+security+-+site+classification+instructions.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFM78Z3FnN682XBZ8B-GJmBhDqpxAeUjZMo9fmfCGak_Z2_27UJwaleLjT8pqKinZewVX2gPr6ThrtGOuYXI-dKJ72JhlyEyH5cfNpir8XjDihYnRrVU422nM58j6cM8CebC4Tre_MKBc/s400/office+365+security+-+site+classification+instructions.png" width="400" /></a></div>
<br />
Then when a user visits a classified site they'll see the classification label in the site header, informing them of the type of information permitted to be uploaded or added to the site, as well as how they may handle information already within the site.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPrvBdrWlxIFGRKkqZHEkgAiHim2-MDmSeDRrRmbJHYiglDKu5XyHnKvaWNPq5HmJsnShCX4Sww8Upg4wJhKErx9OD_86AMU9aW8ymvbg9YrboPao3A-5uPZ-5qv9AoL-tlClhjA5YgfY/s1600/office+365+security+-+site+classification+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPrvBdrWlxIFGRKkqZHEkgAiHim2-MDmSeDRrRmbJHYiglDKu5XyHnKvaWNPq5HmJsnShCX4Sww8Upg4wJhKErx9OD_86AMU9aW8ymvbg9YrboPao3A-5uPZ-5qv9AoL-tlClhjA5YgfY/s400/office+365+security+-+site+classification+3.png" width="400" /></a></div>
<br />
Finally, we're also told that we'll have programmatic access to a site's classification, allowing us to enforce our own custom policies through custom code based on the sensitivity of data within the site. However, we haven't yet seen what this programmatic access will look like.<br />
<br />
<h3>
2. Conditional Access Policies</h3>
One of the most interesting announcements at Ignite was the introduction of Conditional Access Policies to SharePoint Online. This feature is currently in preview with specific Office 365 customers and is not yet generally available to the public.<br />
<br />
Conditional access policies can evaluate in real time the conditions under which a user is trying to access content on a SharePoint site. These policies allow you to control the level of access a user has from a non-domain joined or un-managed device. The conditions include the:<br />
<ul>
<li>Permit all access to content from domain joined and non-domain joined devices.</li>
<li>Prevent all access to content from non-domain joined devices</li>
<li>If we want to allow some collaboration from non-domain joined devices but also ensure that corporate data is not leaked to personal devices, we can disable operations that allow the user to change or make a copy of your data, like download, print or sync content. </li>
</ul>
<div>
In this last case a user can only use their device to read or view content. There is no way for them to edit, delete or save a copy of the data onto an unmanaged device. Enabling this policy also limits a user to using a web browser to access content. Even if you try to print a document from the web browser's print function, you'll be prevented if this policy is enabled.</div>
<ul></ul>
<ul>
<li>You can also specifically allow users to download files that cannot be viewed online (files that are not Microsoft Word, Excel, PowerPoint or OneNote files).</li>
</ul>
<br />
The configuration of Conditional Access Policies is performed by a SharePoint Online administrator in your tenant in the following page:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMvWRkMo7NuG0RBYwpWzlAEV-f0NiuB5wCpQ6Knl4uY44XSw9lb_Lm2YiPdUKTPRwxsygNY4RMHuFe4VMdMulRfKiByCWK0ssxEWeaUtycvgi9wzycBxlbZs_G1XOu70IitIb9SvynkIU/s1600/office+365+security+-+conditional+access+policies+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMvWRkMo7NuG0RBYwpWzlAEV-f0NiuB5wCpQ6Knl4uY44XSw9lb_Lm2YiPdUKTPRwxsygNY4RMHuFe4VMdMulRfKiByCWK0ssxEWeaUtycvgi9wzycBxlbZs_G1XOu70IitIb9SvynkIU/s400/office+365+security+-+conditional+access+policies+1.png" width="400" /></a></div>
<br />
Optionally, you can also use policies to control access based on a user's "location". In this case, "location" actually means the network that they are connected to. We simply need to enable the policy and then supply the IP address ranges that we wish to allow access.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcIcbMSCX4yJn6nfjkUvW-R4VxcreZzySEu11CLoXFuCV01X8Q8PpjmV2nGi0RiPU59dVQKXnQAtJC9-i4OduNfRdsXN2Lg5iSosvHjkVVzG7yjlnRENYmSePMwsmMUoiFLB_q1JlfuSc/s1600/office+365+security+-+conditional+access+policies+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcIcbMSCX4yJn6nfjkUvW-R4VxcreZzySEu11CLoXFuCV01X8Q8PpjmV2nGi0RiPU59dVQKXnQAtJC9-i4OduNfRdsXN2Lg5iSosvHjkVVzG7yjlnRENYmSePMwsmMUoiFLB_q1JlfuSc/s320/office+365+security+-+conditional+access+policies+2.png" width="320" /></a></div>
<br />
If a user is connecting to SharePoint Online from one of these IP address ranges, they will be permitted to access the SharePoint sites. If they are not connecting from a permitted IP address range, then they'll be denied access. You do need to be cautious when configuring this policy option because if you misconfigure the IP ranges, you can inadvertently lock yourself out of all your SharePoint site collections.<br />
<br />
When configured, conditional access policies apply to all site collections. There is no ability to configure these policies on a site-specific basis.<br />
<br />
There are additional conditional access policies that may be applied related to the compliance status of a device that is being used to access SharePoint sites. These policies require deployment of <i><b>Microsoft InTune</b> </i>to the organization. You can learn more about these policies here: <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-sharepoint-online-with-microsoft-intune">https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-sharepoint-online-with-microsoft-intune</a>.<br />
<br />
<h3>
3. Additional External Sharing Controls</h3>
We've had some helpful External Sharing controls for the SharePoint Online administrator within a tenant for some time. These primarily control the default sharing settings for all site collections, and External Sharing still needs to be enabled for each individual site collection, along with the type of sharing permitted.<br />
<br />
However, at Ignite we saw the addition of a few new controls. <span style="text-align: center;"> </span><br />
<span style="text-align: center;"><br />
</span> <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXNaJqKT6Ab6LugIqqBnRhifESNvDWgoFvCypLah_uG1UP_Pyh_ymBQegOH6ou3_s-dYbsGUKTAUZuR8hpcAURsyfbL3nBcuE9WOrrBM7TwvtebVK0mMXw2oIpq9riU-m627M4iCVCSVM/s1600/office+365+security+-+external+sharing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXNaJqKT6Ab6LugIqqBnRhifESNvDWgoFvCypLah_uG1UP_Pyh_ymBQegOH6ou3_s-dYbsGUKTAUZuR8hpcAURsyfbL3nBcuE9WOrrBM7TwvtebVK0mMXw2oIpq9riU-m627M4iCVCSVM/s320/office+365+security+-+external+sharing.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div>
As always, we can control the external sharing capabilities that are available for all site collections: </div>
<ul>
<li>whether to not allow external sharing at all</li>
<li>whether to permit sharing only with users that exist within the Azure AD directory - these are known users for which we have created accounts in our Office 365 tenant but not necessarily given them licenses</li>
<li>whether to permit external sharing and force users to authenticate - these are users with Microsoft accounts (hotmail.com, live.com, outlook.com, etc.) or other accounts federated with Office 365</li>
<li>whether to allow authenticated users and anonymous (guest) links</li>
</ul>
<div>
We've been able to control the length of time that anonymous (guest) links are valid for some time as well. </div>
<div>
<br /></div>
<div>
As many know, we can only share the following types of objects or containers external:</div>
<div>
<ul>
<li>Sites - only to authenticated users</li>
<li>Folders - to authenticated users and through anonymous (guest) links</li>
<li>Documents - to authenticated users and through anonymous (guest) links</li>
</ul>
</div>
<div>
<b><br />
</b></div>
<div>
<b>NEW</b>: One thing that is new and can be seen in the screenshot is the ability to control specifically the actions users can perform when accessing folders or files through anonymous (guest) links. </div>
<div>
<ul>
<li>Select whether users can only view files or can view & edit files </li>
<li>Select whether users can only view folders or can view, edit and upload to folders</li>
</ul>
</div>
<div>
Keep in mind, some of these controls are not live yet in all tenants or even First Release tenants, and were demo'ed by Microsoft at Ignite in their own internal TEST environments.</div>
<br />
You've also been able to select the type of guest links that are available when sharing, either direct for internal users that have already been given permissions, internal for people that are already part of the organization but have not been given permissions, or complete anonymous for users outside the organization.<br />
<br />
Some of the additional settings we've also had for a while are:<br />
<ul>
<li>Allowed Domains - permit sharing only to specific domains, by listing them (gmail.com, hotmail.com, customer domains, etc.)</li>
<li>denied domains - prevent sharing to specific domains, also by listing them</li>
<li>prevent external users from sharing files, folders or sites for which they are not the owner - this means that external users that you share content with will not themselves be able to share content with others that are external to the site, unless they are the owner</li>
<li>forcing external users to accept a sharing invitation from the email account it was sent to - this prevents external users from forwarding a sharing request to other users by forwarding the sharing email they received</li>
</ul>
<div>
Keep in mind that these additional settings do not apply to anonymous (guest) links because those users do not need to authenticate when accessing content shared with them.</div>
<div>
<br /></div>
<div>
Finally, there are some email notifications options for OneDrive for Business sites:</div>
<div>
<ul>
<li>the owner of a OneDrive for Business site may receive an automated email when users to which content is shared invite additional users to access shared files within the site</li>
<li>a OneDrive for Business site owner can receive an automated email whenever an external user accepts a sharing invitation to access their files</li>
</ul>
</div>
<br />
These notifications give OneDrive for Business site owners a lot more visibility and control around external sharing of their content.<br />
<br />
<h3>
4. Enhanced DLP Policy Management</h3>
At Ignite we saw that Microsoft has enhanced the process for creating DLP policies in Office 365. Not only do we have a new streamlined user experience for creating DLP policies, which makes it much clearer to understand what we need to specify when we want to protect our sensitive data, but we also have new features for preventing sharing of sensitive data at more granular levels. Office 365 has had Exchange DLP policies for quite some time, but now Microsoft is integrating Exchange DLP policies with SharePoint and OneDrive policies, so we can have a single set of policies which apply across all 3 workloads if we wish.<br />
<br />
Note: this user experience is not yet live in public or First Release tenants of Office 365.<br />
<br />
As usual, when we want to create a DLP policy we launch the Office 365 Security and Compliance center. We then click on Security Policies in the left hand menu and click +Create.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV7nBaWb083xeez_-9zIfdzjJVsIX8MZzGh05vwfrDbZR3aRWvPqMhfiWwZa0iIk38uMQ1bK0Fz93GgSqpm11jXQZ9paFp0dhc9xeZ8TXCiSHiyccc0Q1_jwKVSHB_8R8gBMlWu0I-QaQ/s1600/office+365+security+-+DLP+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV7nBaWb083xeez_-9zIfdzjJVsIX8MZzGh05vwfrDbZR3aRWvPqMhfiWwZa0iIk38uMQ1bK0Fz93GgSqpm11jXQZ9paFp0dhc9xeZ8TXCiSHiyccc0Q1_jwKVSHB_8R8gBMlWu0I-QaQ/s400/office+365+security+-+DLP+1.png" width="400" /></a></div>
<br />
We then select the type of policy we wish to create, and they can be Financial, Medical or Privacy. The types of polices relate to subsets of the 80 sensitive data types now available with Office 365 DLP (data types like social security numbers, credit card numbers, drivers license numbers, etc.). We can also create custom policies.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgazPTj5kSMnLQ6MejF00s1CuIpUIGNw8M930sHuBKuNlHP99situ8IJRwzOP7EWVPuXN-wDaYURi6Iqb7hSgSmBahZPEGfqZhwbboIRbEttbksu0JNz4f6VHOiLtl7XaYF6AysMAkblYM/s1600/office+365+security+-+DLP+2b.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgazPTj5kSMnLQ6MejF00s1CuIpUIGNw8M930sHuBKuNlHP99situ8IJRwzOP7EWVPuXN-wDaYURi6Iqb7hSgSmBahZPEGfqZhwbboIRbEttbksu0JNz4f6VHOiLtl7XaYF6AysMAkblYM/s400/office+365+security+-+DLP+2b.png" width="400" /></a></div>
<br />
Selecting a policy type will inform us of which sensitive data types are included in that policy template. In this case our financial data policy will look for credit card numbers, bank account numbers and ABA routing numbers.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSItb4JIZlmsvG1ZAcJ1bTzQl5JHgdPihUchi94354xrMIFxIQkJnBCd7BxKi88SMqVMby7nHFbXK40C2j-h5aite8GN2qoCvM7aJGwhEkgsYS7i1cr0YixgCkAiHqC_QwfrJxm0jQU5c/s1600/office+365+security+-+DLP+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSItb4JIZlmsvG1ZAcJ1bTzQl5JHgdPihUchi94354xrMIFxIQkJnBCd7BxKi88SMqVMby7nHFbXK40C2j-h5aite8GN2qoCvM7aJGwhEkgsYS7i1cr0YixgCkAiHqC_QwfrJxm0jQU5c/s400/office+365+security+-+DLP+3.png" width="400" /></a></div>
<br />
We give our policy a meaningful name and description.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRLd_uxB_5quCu6EiNKbAVjZqIsBE-OpdFiXrRmBaF2QuqPdqextzSCeilO6RkvG78qUlQYNnZ28MFeeeQuoROhFvUjAFtNdcCs04RNxwDpzyNW4Rs91QwAvzzf9BuCv7DQV03r7asJMI/s1600/office+365+security+-+DLP+4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRLd_uxB_5quCu6EiNKbAVjZqIsBE-OpdFiXrRmBaF2QuqPdqextzSCeilO6RkvG78qUlQYNnZ28MFeeeQuoROhFvUjAFtNdcCs04RNxwDpzyNW4Rs91QwAvzzf9BuCv7DQV03r7asJMI/s400/office+365+security+-+DLP+4.png" width="400" /></a></div>
<br />
We select where we want policies to be applied, either all locations/workloads or specific ones. If we select specific locations, now we can not only choose SharePoint and OneDrive for Business, but we can also choose Exchange Online. We can also optionally choose to include or exclude specific SharePoint sites.<br />
<br />
<b>NEW</b>: Exchange Online has had DLP built in for quite some time, but what's new here is that I can now select Exchange Online along with SharePoint and OneDrive for Business in the same DLP policy. I can now manage 1 set of policies that apply to my data across a wider set of workloads. I can also get very specific by either including or excluding specific SharePoint sites. Having more choice when configuring security policies is a fantastic advancement.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOny2TbSePPDzvl8iFI0ALouC2LTIyKFEY76MbXnGkTQlD9iRivAmPi_vMTe9HHloL_aIz1arVLmN70f_DyW_KTGj7DbkcwoVxiYf6lpsZYyfa1N-Bnw_khHrHhcsL1PNW959agug_uos/s1600/office+365+security+-+DLP+5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOny2TbSePPDzvl8iFI0ALouC2LTIyKFEY76MbXnGkTQlD9iRivAmPi_vMTe9HHloL_aIz1arVLmN70f_DyW_KTGj7DbkcwoVxiYf6lpsZYyfa1N-Bnw_khHrHhcsL1PNW959agug_uos/s400/office+365+security+-+DLP+5.png" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4epecAd4V374aPWbW0ZLkq67QxzeQLilqnZC2tZ8fNJ-1hTZaxnhrgCBBICVS_Y_PCj2Bey6RZy3Po6pt_0q1kdgKvzy3fXpylFukY-JxCy070apnMLdjKLLJcm-GMND6MRcpZPNH1DI/s1600/office+365+security+-+DLP+6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4epecAd4V374aPWbW0ZLkq67QxzeQLilqnZC2tZ8fNJ-1hTZaxnhrgCBBICVS_Y_PCj2Bey6RZy3Po6pt_0q1kdgKvzy3fXpylFukY-JxCy070apnMLdjKLLJcm-GMND6MRcpZPNH1DI/s400/office+365+security+-+DLP+6.png" width="400" /></a></div>
<br />
<br />
We then confirm the sensitive data types that were selected with our policy template (we selected Financial earlier), or we can select custom sensitive data types here. We also select under which conditions does this policy apply - either when sharing content inside my organization, or only when it is shared outside the organization.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKTey5Z-vvKiowu-u0g0KCHP0YsvDVXkuz3xNr3tflS3DpfAEC9AbFg50UIQt9C7gJ-eizNG4YF1w8W_Koc7y79DBVUKgJmq_x8IGHuRSBhn2lF7ziBch6tj4iXJ5ko_YfYxQrIYZASRI/s1600/office+365+security+-+DLP+7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKTey5Z-vvKiowu-u0g0KCHP0YsvDVXkuz3xNr3tflS3DpfAEC9AbFg50UIQt9C7gJ-eizNG4YF1w8W_Koc7y79DBVUKgJmq_x8IGHuRSBhn2lF7ziBch6tj4iXJ5ko_YfYxQrIYZASRI/s400/office+365+security+-+DLP+7.png" width="400" /></a></div>
<br />
Now we can choose additional settings that allow us to target very specific sharing scenarios in which we want our policy to apply. <br />
<br />
<ul>
<li>We can select to show a policy tip and if we want to customize the tip, as we previously could. </li>
<li>A new setting is the ability to detect the sharing of large quantities of sensitive data and specify what 'large' means - it could be 10 instances, 50, 100 or whatever your policy dictates. </li>
<li>You can select to issue an incident alert and specify various settings about that incident alert such as who it is sent to.</li>
<li>You can also specifically block people from sharing content which contains this type of sensitive data, determine if a user is permitted to override the policy, if they must provide a business justification (which is logged) to override and if users automatically override the rule for the particular document if they report the warning as a false positive. </li>
</ul>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXNiglk85gR59tnMVpzQ7qSkXVVHXUpbFp4MYB7DHoopSia2iCNsxDWG98TrIOLLhPIjztzPYhZ2biaqRb1MsSyPk-iteQiGKEF1VRtZx7Jl8HEEAR1XDV2VQF4RbSSjfPesKiF2MaWhM/s1600/office+365+security+-+DLP+9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXNiglk85gR59tnMVpzQ7qSkXVVHXUpbFp4MYB7DHoopSia2iCNsxDWG98TrIOLLhPIjztzPYhZ2biaqRb1MsSyPk-iteQiGKEF1VRtZx7Jl8HEEAR1XDV2VQF4RbSSjfPesKiF2MaWhM/s400/office+365+security+-+DLP+9.png" width="400" /></a></div>
<br />
You can select if you wish to enable the rule now, or if you want to only run it in Test mode, which is a always recommended practice before deploying DLP policies to your Production environment.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzKW5T3q9mudRAvftepvZlj7Q6On-mlJ1h6Mnej_AG3An-hSTiz-7df8gNEJ7zHOihMZAjXatEPkZjvwmVpjRgjuQuxZMEG9jqcb81iSnwKcyPDcudAchcEf1Ss7cTRS8B5NJBHMsYh9s/s1600/office+365+security+-+DLP+10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzKW5T3q9mudRAvftepvZlj7Q6On-mlJ1h6Mnej_AG3An-hSTiz-7df8gNEJ7zHOihMZAjXatEPkZjvwmVpjRgjuQuxZMEG9jqcb81iSnwKcyPDcudAchcEf1Ss7cTRS8B5NJBHMsYh9s/s400/office+365+security+-+DLP+10.png" width="400" /></a></div>
<br />
Finally, you can review or edit your policy settings one more time and create your policy.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNL3HD0yUhxy7j3DkYQ6ValKxvJLoz1-3JDkqhO5PFg21btHArUZkuVKfrNdHkL0VpvFPdZyNtE8HM81txYqblk4sjb8Znv5LrdEhbBDASEgMbtRMIsIjWSknV1HdTisVhDxf-Y5Po_Rw/s1600/office+365+security+-+DLP+11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNL3HD0yUhxy7j3DkYQ6ValKxvJLoz1-3JDkqhO5PFg21btHArUZkuVKfrNdHkL0VpvFPdZyNtE8HM81txYqblk4sjb8Znv5LrdEhbBDASEgMbtRMIsIjWSknV1HdTisVhDxf-Y5Po_Rw/s400/office+365+security+-+DLP+11.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1TyMvh3onQmwNfpUL8YcHa6yFryeQDkssUfRZtA58Eie7lZlAsxnYhiDl-ZpY5eYrOCEQqCiKqK53rNPoow7dA3O10XFmStBJ7kc9Cvb5jJAE4VxQypQAxmtJSC_re8SAvaQ-_Jw0mBY/s1600/office+365+security+-+DLP+12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1TyMvh3onQmwNfpUL8YcHa6yFryeQDkssUfRZtA58Eie7lZlAsxnYhiDl-ZpY5eYrOCEQqCiKqK53rNPoow7dA3O10XFmStBJ7kc9Cvb5jJAE4VxQypQAxmtJSC_re8SAvaQ-_Jw0mBY/s400/office+365+security+-+DLP+12.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
In terms of user experience, policies are enforced in the user experience largely as they previously were, with icons for documents containing sensitive data to show if a policy tip will appear to either warn the user or block the user from accessing the content. Clicking the icons will display the policy tips, but they are now displayed in a side panel in the new library user experience.<br />
<br />
An important limitation that is still there with DLP policies is that they are only applied to documents, and not yet applied on list items.<br />
<br />
<h3>
5. Hybrid Audit Logs & Insights</h3>
Early this year Microsoft introduced Activity Monitoring or what is sometimes called the Audit Logs into Office 365. This is a feature where various workloads in Office 365, like SharePoint, Exchange, OneDrive for Business and Administration will log all activities performed by both end users and administrators to a central 'audit log'. As well, that log is searchable from the Security and Compliance Center, through PowerShell, or through the Activity Management API. <br />
<br />
Well, at Microsoft Ignite they announced that they will be shipping Hybrid Audit Logs and Insights with SharePoint 2016 Feature Pack 1, which is now due out in November (this month)! This is great news!<br />
<br />
<ul>
<li>It means that on premise SharePoint 2016 farms will be able to centrally configure audit logging so that logs are automatically shipped to an Office 365 tenant. </li>
<li>Security teams and administrators will be able to centrally search all audit log entries from one interface, regardless of if the log entries are from an on premise environment, the online environment or both. </li>
<li>Automated email alerts on suspicious activities may not be configured for both online activities and on premise activities from one interface. </li>
</ul>
<br />
Hybrid Auditing is configured through the SharePoint 2016 (with Feature Pack 1) Hybrid Picker.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2wHlS6zqzNfrNqhusTmK6oFPhYaCHSn9rBpLnaArpQrpANYmj73r61R89dN-3-VJyXBwernxUKaRVZrrV3G9E0DTMVZtusWvGEcpehzDWnCntGuheFTv_46uiH6zC63eQeMAULa5FJ_g/s1600/hybrid+audit+configuration+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2wHlS6zqzNfrNqhusTmK6oFPhYaCHSn9rBpLnaArpQrpANYmj73r61R89dN-3-VJyXBwernxUKaRVZrrV3G9E0DTMVZtusWvGEcpehzDWnCntGuheFTv_46uiH6zC63eQeMAULa5FJ_g/s400/hybrid+audit+configuration+2.png" width="400" /></a></div>
<br />
Accessing logs from the on premise SharePoint 2016 farm is then done through the same <b>Audit Log Search</b> interface currently used in Office 365. You can search the audit log with that GUI based on date range, user, IP address, activity, document or item, or other details, and entries for both on premise and online environments will be included in your results. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTmVZb5o3x7CBBQrkn75FdGQnuBEF0IbVKsGD3v5Vfk1uMc0ypFm-J_U9YQAm3FrjyVsdnFDEMHz3PxS3r9IPkSgXOCJilhGPptoMNcD50StZ0FNT6CnKxZ4QVb03okbr0i2q1p4KqvMY/s1600/auditing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTmVZb5o3x7CBBQrkn75FdGQnuBEF0IbVKsGD3v5Vfk1uMc0ypFm-J_U9YQAm3FrjyVsdnFDEMHz3PxS3r9IPkSgXOCJilhGPptoMNcD50StZ0FNT6CnKxZ4QVb03okbr0i2q1p4KqvMY/s400/auditing.png" width="400" /></a></div>
<br />
Ultimately, this means that security teams will be able to work with 1 set of logs and alerts for both on premise and online environments, more quickly identify suspicious or malicious behavior and more quickly react with appropriate action.<br />
<br />
<h3>
6. Manage User Sessions</h3>
Finally, whether it was introduced just before Microsoft Ignite or during the conference, there is another great new capability I want to highlight for securing access to your data. Let's say I'm monitoring activity logs or I'm receiving alerts about suspicious behavior in my tenant, like a user downloading or deleting large amounts of data from a SharePoint team site. If I trust the user, I may suspect that the user's account is currently being used by a malicious attacker. <br />
<br />
In this case I can easily take some immediate action through the user administration console to force the user to sign-out all sessions and have to re-authenticate to the service. <br />
<br />
In the user administration page, I can select a user and under their OneDrive Settings section there is a link to initiate a one-time event will force all of the user's current sessions to sign out and require that user to log in once again. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilwhkUEIKMev_EvN6X8u3bA_HsTpXRwtnRp6xRTRXKspt54UhCBVlL0m0hnb7kkF5XHMjMX241v7dn-0aIscVla9aSNbZ6iUE4B3XRF_tJYw8MJ2uga3KgyjHqB5OicZhA04nhdNuPL-o/s1600/office+365+security+-+force+sign+out+session+-+Copy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilwhkUEIKMev_EvN6X8u3bA_HsTpXRwtnRp6xRTRXKspt54UhCBVlL0m0hnb7kkF5XHMjMX241v7dn-0aIscVla9aSNbZ6iUE4B3XRF_tJYw8MJ2uga3KgyjHqB5OicZhA04nhdNuPL-o/s400/office+365+security+-+force+sign+out+session+-+Copy.png" width="400" /></a></div>
<br />
This is a great feature that gives admins and security teams a quick and easy method of forcing a user to re-authenticate and potentially stopping an attacker who has taken over the user's account. If you suspect that the user's credentials have been stolen you can also reset the user's password in the same user management console, and communicate that password to the user out of band.<br />
<br />
<h3>
Today's Webinar</h3>
Thanks to everyone that attended our webinar today on this topic. It was a really quick review of some of the security innovations Microsoft announced at Office 365. I hope this blog provides more detail on this feature set.<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="485" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/w8DTAwV5XgXEWv" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="595"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/AntonioMaio2/office-365-security-new-innovations-from-microsoft-ignite-antonio-maio" target="_blank" title="Office 365 security new innovations from microsoft ignite - antonio maio">Office 365 security new innovations from microsoft ignite - antonio maio</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div>
<br />
-Antonio<br />
<br />
<br />Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com13tag:blogger.com,1999:blog-1409324927428377638.post-43998428114353884762016-10-24T00:45:00.001-04:002016-10-24T00:45:24.304-04:00When to Use What in Office 365 + What Can We Share Externally in SharePoint Online?On October 4th I gave a presentation at the Microsoft Technology Center in Houston on When to Use What in Office 365. It was part of a free roundtable seminar series offered by Protiviti. We had a great turn out and a lot of really good questions. Thank you to everyone that came and my sincere apologies for the delay in posting this presentation. I wanted to share my slides with the attendees and anyone that reads my blog, and answer a particularly interesting question that came up during the presentation.<br />
<br />
<a name='more'></a><br />
You can find the slides I presented here:<br />
<iframe allowfullscreen="" frameborder="0" height="485" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/Ns1gEEH8ufmXK1" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="595"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/AntonioMaio2/when-to-use-what-in-office-365" target="_blank" title="When to use what in Office 365?">When to use what in Office 365?</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div>
<br />
Please let me know if you have any questions at all about the presentation.<br />
<br />
<h3>
A Question: What Can We Share Externally in SharePoint Online?</h3>
One of the topics we talked about during the presentation was External Sharing. We covered when to use external sharing and how to use it safely, so that you protect your data from being shared with the wrong people. <br />
<br />
A great question that came up was can you share libraries, lists or folders externally? Or is external sharing still limited to only sites and documents? I mentioned that only sites and documents could be shared externally, but I was challenged on that so I thought I would double check.<br />
<br />
The answer is you can also share <b><i>Folders</i></b> externally. Libraries and Lists still may not be shared externally.<br />
<br />
So, as we always have, we can share sites and documents through external sharing, which is only in the following scenarios: <br />
<ul>
<li>Sites can only be externally shared if you require users to authenticate with a Microsoft account or Office 365 account. This can apply to a site collection or subsite, so you can only share a subsite externally if you choose to.</li>
<li>Documents can also be shared externally and require external users to authenticate. </li>
<li>Documents can also be shared externally through guest links, which can be used anonymously. However, this option is only available if permitted by Global Admins and SharePoint Online Admins. There are controls both in the Office 365 tenant admin center, and in the SharePoint Online admin center which allow you to control the types of sharing permitted.</li>
</ul>
<div>
<br /></div>
<div>
So, you can share <b><i>Folders </i></b>externally as well. The same scenarios that are supported for Documents are also supported for Folders:</div>
<ul>
<li>Folders can also be shared externally and require external users to authenticate. </li>
<li>Folders can also be shared externally through guest links, which can be used anonymously. Again, this option is only available if permitted by Global Admins and SharePoint Online Admins.</li>
</ul>
<div>
This makes sense if you've ever looked at the PowerShell commands available for SharePoint on premise - folders are treated very much like documents in the cmdlets, as opposed to containers.</div>
<div>
<br /></div>
<div>
If we select a Folder in a library and click the ... to get its menu, we can see the Share and Get a Link options available:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheRMcaaK6K2f7eIa78qh-enpu4y0PD29O7gWoDnqYe7jXccfw-q-Zpazel_LIWbB1D0Vyx3pY5JcLqZ-A5kgryqZvBRNa1dDqsp0m5eSpw-Oll_7D9XdegMrpHNA-9hkiu5zOZuB1oALg/s1600/share+a+folder+1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheRMcaaK6K2f7eIa78qh-enpu4y0PD29O7gWoDnqYe7jXccfw-q-Zpazel_LIWbB1D0Vyx3pY5JcLqZ-A5kgryqZvBRNa1dDqsp0m5eSpw-Oll_7D9XdegMrpHNA-9hkiu5zOZuB1oALg/s320/share+a+folder+1.png" width="320" /></a></div>
<div>
<br /></div>
<div>
If we click Share, we then get the Share dialog and in the dialog's title we have Share and the name of the folder:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7arei6HbbyfsUAhsu1Cd_7HrErTiVf5R4E2ypsBXVwBr4134mkOJQqVeijVotlGntGtrNMJDCscLwd8XeLE3vd05xMp6vMJOsusLx8uzf-iCUNU8lAoddZFzPPaN60qqjHfPDNhpzfCQ/s1600/share+a+folder+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7arei6HbbyfsUAhsu1Cd_7HrErTiVf5R4E2ypsBXVwBr4134mkOJQqVeijVotlGntGtrNMJDCscLwd8XeLE3vd05xMp6vMJOsusLx8uzf-iCUNU8lAoddZFzPPaN60qqjHfPDNhpzfCQ/s320/share+a+folder+2.png" width="320" /></a></div>
<div>
<br /></div>
<div>
If we click the Get a Link option and hover over the link provided we see the name of the folder in the URL:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggU3zQz-2kH_lyRIFsa-esygqnmsKx2pqch4WLnBFJ-2XRW_fVRlly9WbzV-_JdxlWzqq_M88TfYYuuZmtoGK8WtYMfhLpwSoBvDtoGhOWdVq65XMsKIQ1P1JlalZcTgwRlRh_KGCW3aM/s1600/share+a+folder+3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggU3zQz-2kH_lyRIFsa-esygqnmsKx2pqch4WLnBFJ-2XRW_fVRlly9WbzV-_JdxlWzqq_M88TfYYuuZmtoGK8WtYMfhLpwSoBvDtoGhOWdVq65XMsKIQ1P1JlalZcTgwRlRh_KGCW3aM/s400/share+a+folder+3.png" width="400" /></a></div>
<div>
<br /></div>
<div>
However, you still cannot share a Library or List externally. If you navigate to a library or list, in the Settings page or the Advanced Permissions page for that container, there is no external sharing options available. If you navigate to a List or Library and click Share in the top right menu bar, you get a Sharing dialog but you are in fact sharing the Site - you can see this by the title of the dialog, and any external users that you share with from this point will get access to the entire site.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQAxvd6L0XskDadRfJj1_GuVAAS1ov01ZS_IMq_iG5P1gFLX-oaUpa9EFhoq4cCord1x9qmkYKuFwzAvofnAowFnFdYxhaU0v0B9RbgRDaipdV2lxraW0fidbthabHFNsq24SsOZch38E/s1600/share+a+folder+4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQAxvd6L0XskDadRfJj1_GuVAAS1ov01ZS_IMq_iG5P1gFLX-oaUpa9EFhoq4cCord1x9qmkYKuFwzAvofnAowFnFdYxhaU0v0B9RbgRDaipdV2lxraW0fidbthabHFNsq24SsOZch38E/s400/share+a+folder+4.png" width="400" /></a></div>
<div>
<br /></div>
<div>
Please let me know if you have any questions about the presentation.</div>
<div>
<br /></div>
<div>
Enjoy.</div>
<div>
-Antonio</div>
<div>
<br /></div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com4tag:blogger.com,1999:blog-1409324927428377638.post-10054468352945894272016-10-20T09:18:00.002-04:002016-10-22T09:51:30.333-04:00Synchronizing Custom AD Attributes to Office 365 - Part 3<span style="font-size: small; font-weight: normal;">This blog is the 3rd in a 3 part series on synchronizing and working with custom AD attributes in Office 365. In this post we continue with our final step, showing you how to customize the AD Connect synchronization rules. This will allow your custom AD attributes (customized by extending your AD schema) can be stored in extension attributes in Office 365, so that you can retrieve and work with them.</span><br />
<br />
<ul>
<li>Part 1 is here: <a href="http://www.trustsharepoint.com/2016/10/synchronizing-custom-ad-attributes-to.html">Step 1 - Configure AD Connect to Synchronize Custom Attributes</a>.</li>
<li><span style="font-size: small; font-weight: normal;">Part 2 is here: </span><a href="http://www.trustsharepoint.com/2016/10/synchronizing-custom-ad-attributes-to_20.html">Step 2 - Retrieve Attributes in Office 365 Using PowerShell</a>.</li>
</ul>
<br />
So, how do we get our custom on premise AD attributes into Office 365 extension attributes so that we can use the Windows Azure AD Module for PowerShell to actually read them?<br />
<br />
<a name='more'></a><br />
<br />
<h3>
Step 3 - Customize AD Connect Synchronization Rules</h3>
<div>
As mentioned previously, you can configure AD Connect to synchronize custom AD attributes to Office 365. When they are synchronized the attribute name in Azure AD will be <span style="text-align: center;">extension_<application GUID>_<custom attribute name>. </span><br />
<span style="text-align: center;"><br /></span>
<span style="text-align: center;">However, there are currently <span style="color: red;">NO</span> Office 365 workloads that will consume those attributes. This means that not even existing PowerShell cmdlets for Azure AD or Exchange Online will retrieve or be able to work with those attributes.</span><br />
<span style="text-align: center;"></span><br />
<span style="text-align: center;">Consider these possible scenarios:</span></div>
<div>
<ul>
<li>So, what if you need to work with those custom on premise AD attributes in Office 365, but you cannot integrate the Graph API yet? </li>
<li>Or what if you have a need to integrate those custom attributes into some existing PowerShell scripts that you already run against Office 365? </li>
<li>And, what if you don't really have an option to modify the on premise AD custom attributes to use the extension attributes because other line of business apps are already writing into those custom attributes?</li>
</ul>
</div>
<div>
<br />
Well, an option is to modify the synchronization rules on your AD Connect server so that AD Connect still reads the custom attributes from your on premise AD but writes them into the built in extension attributes in Azure AD (customAttribute1, customAttribute2 ...customAttribute15). This way your on premise line of business apps can continue to work as they currently do, with the custom AD attributes, but you can use the Exchange Online PowerShell cmdlets to retrieve and work with those custom attributes through the built in extension attributes.</div>
<div>
<br /></div>
<div>
Follow this procedure in order to accomplish exactly that:</div>
<div>
<br /></div>
<div>
1. On your AD Connect server, run the <b>Synchronization Rule Editor</b> by executing C:\Program Files\Microsoft Azure AD Sync\UIShell\SyncRulesEditor.exe. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDkfB2Khtb8bAFly9ZnvD9yCntV1prGNNJ0lf1LidHaYVkGZWsgVTiVcAyhkD-w1tmXgXARxlYerWHsgrLWM9UAveN7TmPpvK2l6p04wIrHTPG8LXeLq9BVmln1PGkbmWT9BISPmziA6w/s1600/sync+rule+editor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDkfB2Khtb8bAFly9ZnvD9yCntV1prGNNJ0lf1LidHaYVkGZWsgVTiVcAyhkD-w1tmXgXARxlYerWHsgrLWM9UAveN7TmPpvK2l6p04wIrHTPG8LXeLq9BVmln1PGkbmWT9BISPmziA6w/s320/sync+rule+editor.png" width="320" /></a></div>
<div>
<br /></div>
<div>
You'll notice at the top of the window is a dropdown for filtering the list to show either <b>Inbound</b> or <b>Outbound</b> rules.</div>
<div>
<ul>
<li>Inbound Rules - will read on premise AD attributes and write them to the sync Metaverse which managed by AD Connect.</li>
<li>Outbound Rules - will read attributes from the sync Metaverse and write them to Azure AD in Office 365.</li>
</ul>
</div>
<div>
The sync process is always a multi-step process that uses the Metaverse as an intermediary step in the process.</div>
<div>
<br /></div>
<div>
<span style="color: red;">Its extremely important to remember that you should NOT edit existing built in synchronization rules. These are rules that are created and managed by the AD Connection synchronization process. If you attempt to edit an existing rule you will be presented with the following warning, which we highly recommend that you follow!</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlQ1ATHTizFrjrQSYkkQTGhw1f-yry8HwHjXAOFHXCazE5SCziDZZHRsifRr5T28eYqnOo7HXVQSDOLxckrUrsuC3GbHhJ5A0nFnwocof6B47Gln4qubGzBHx1hFGCDmG_YbzRvLpGPIY/s1600/sync+rule+editor+-+edit+warning.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlQ1ATHTizFrjrQSYkkQTGhw1f-yry8HwHjXAOFHXCazE5SCziDZZHRsifRr5T28eYqnOo7HXVQSDOLxckrUrsuC3GbHhJ5A0nFnwocof6B47Gln4qubGzBHx1hFGCDmG_YbzRvLpGPIY/s320/sync+rule+editor+-+edit+warning.png" width="320" /></a></div>
<div>
<br /></div>
<div>
2. Select Outbound in the dropdown menu in the window to review the Outbound synchronization rules. Scroll down in the rule list and find a rule called "<b>Out to AAD - User DirectoryExtension</b>". This rule represents the action of reading the custom attributes you configured in AD Connect from on premise AD and writing their values to users in Azure AD. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc0IEWeyLr6cUfd8i_sFlNuvgzj8PkVGiHUny5AxFt6xWZqkvCAROjcCXH7Zzf91cQZ52rtD3PAHJ7v4ChLVNLBufUkilv5yeSCbUXEtbW-FEq0x-pFhXiXbAjwal9ZQDPQGs1k-1Moi8/s1600/sync+rule+editor+-+outbound+extension+rule.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc0IEWeyLr6cUfd8i_sFlNuvgzj8PkVGiHUny5AxFt6xWZqkvCAROjcCXH7Zzf91cQZ52rtD3PAHJ7v4ChLVNLBufUkilv5yeSCbUXEtbW-FEq0x-pFhXiXbAjwal9ZQDPQGs1k-1Moi8/s320/sync+rule+editor+-+outbound+extension+rule.png" width="320" /></a></div>
<div>
<br /></div>
<div>
3. Select the rule "<b>Out to AAD - User DirectoryExtension</b>" and click Edit. When the warning appears, click Yes to create an editable copy of the rule. </div>
<div>
<ul>
<li>The new rule will be named "<b>Out to AAD - User DirectoryExtension - Cloned - <date/time></b>".</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXC27yaTwpGbt-pCK1MkiYAVAmUE1Ea2cDGMwqFKbylm9oCzGh5A7XuzxozuJh2FGGlbcVhcZD0ymKBQfmu2Na1zUxUq5hVijblEJQj6wOUGQCjf7Byo0aNS-qpyDjhmBv1NaYhozMZQg/s1600/sync+rule+editor+-+outbound+extension+rule+cloned.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXC27yaTwpGbt-pCK1MkiYAVAmUE1Ea2cDGMwqFKbylm9oCzGh5A7XuzxozuJh2FGGlbcVhcZD0ymKBQfmu2Na1zUxUq5hVijblEJQj6wOUGQCjf7Byo0aNS-qpyDjhmBv1NaYhozMZQg/s320/sync+rule+editor+-+outbound+extension+rule+cloned.png" width="320" /></a></div>
<div>
<br /></div>
</div>
<div>
<ul>
<li>In the rule edit window, change the Precedence value of the rule from -1 to 1 more than the original rule. In my case, the original rule was set to a Precedence of 145 so I set the Precedence for the cloned rule to 146 so that the cloned rule executes right after the original.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDobFs8IUoXAxhCxLgf-c2YEV9Xu6k1QJjKEBWDp8WA1Hm74B4K4nc5lCZ5eA_KwjYDluy5UnIJF5RsDBDLj-_lq-BVwkohbCoG_OrhAjw3T1toAz4fwIcmZMdq4wTft0LgSeYMEasQgo/s1600/sync+rule+editor+-+outbound+extension+rule+cloned+-+precedence.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDobFs8IUoXAxhCxLgf-c2YEV9Xu6k1QJjKEBWDp8WA1Hm74B4K4nc5lCZ5eA_KwjYDluy5UnIJF5RsDBDLj-_lq-BVwkohbCoG_OrhAjw3T1toAz4fwIcmZMdq4wTft0LgSeYMEasQgo/s320/sync+rule+editor+-+outbound+extension+rule+cloned+-+precedence.png" width="320" /></a></div>
<div>
<br /></div>
</div>
<div>
<ul>
<li>Click <b>Transformations </b>in the left hand menu. All of the custom attributes that you selected in AD Connect to synchronize should be listed here. Notice that the <b>Target Attribute</b> column is the attribute name in Azure AD which the value will be synchronized to. Notice also that the target attribute name is as we described earlier: extension_<application GUID>_<custom attribute name>. The Source column is the attribute name within the sync process Metaverse - again, that intermediary location where sync data is stored prior to writing to Azure AD.</li>
</ul>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD3htK22f8Z2c5PDqAca1T8imPpn_XTvKHeVRL1EDnOhxTQcPQBgIBkz-_wiEkLrg87yXINM-tzOcGamjbWxP0wTxBg1Evg81ywvRXxtmfdK_eJhZqg5Be7P4pMD-dRSeLNtJYlijhieE/s1600/sync+rule+editor+-+outbound+extension+rule+cloned+-+transformations.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD3htK22f8Z2c5PDqAca1T8imPpn_XTvKHeVRL1EDnOhxTQcPQBgIBkz-_wiEkLrg87yXINM-tzOcGamjbWxP0wTxBg1Evg81ywvRXxtmfdK_eJhZqg5Be7P4pMD-dRSeLNtJYlijhieE/s320/sync+rule+editor+-+outbound+extension+rule+cloned+-+transformations.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
4. For each custom attribute, modify the <b>Target Attribute </b>column to be one of the extension attributes: extensionAttribute1, extensionAttribute2 ...extensionAttribute15. Ensure that you do not use an extension attribute more than once.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkmTzCI5VC3XLW6I6sN1I72W4G9ryPnCY5exlDWjU3cYqBVWUe3DvttlIvlhiGd95O0n0lvSD7e1kTaySgtSgFFuTVsB3ME0qJAf3QnqVODFJycPAmmrfVn14ZC5Ch2hmJJkD-KFpe-LI/s1600/sync+rule+editor+-+outbound+extension+rule+cloned+-+transformations+2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkmTzCI5VC3XLW6I6sN1I72W4G9ryPnCY5exlDWjU3cYqBVWUe3DvttlIvlhiGd95O0n0lvSD7e1kTaySgtSgFFuTVsB3ME0qJAf3QnqVODFJycPAmmrfVn14ZC5Ch2hmJJkD-KFpe-LI/s320/sync+rule+editor+-+outbound+extension+rule+cloned+-+transformations+2.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<b>This will now force AD connect to read your on premise custom AD attributes, where they are currently configured, and write them into the built in extension attributes in Azure AD in Office 365!</b></div>
<div>
<br /></div>
<div>
5. The original rule that you cloned has been disabled. If you wish, you can edit that rule again, this time click No on the warning telling you to create a copy, deselect the Disabled checkbox and click Save. This means your custom attribute will sync to the attribute in Azure AD it was originally destined for and to the extensionAttribute you just selected.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKR2nuSD9hsKWIrt123Ui_dQMso3ZJ-jCsPck7b9BtwOTYoA-mnc2QfObdEeTXoDYtLXI_HQTgwVULm6hjURo1j3AaVXbLw7m_3haRFpkz_K1tfTUc1kz-ycnC-V2zX8E0-heO4UQGuGA/s1600/sync+rule+editor+-+outbound+extension+rule+-+disabled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKR2nuSD9hsKWIrt123Ui_dQMso3ZJ-jCsPck7b9BtwOTYoA-mnc2QfObdEeTXoDYtLXI_HQTgwVULm6hjURo1j3AaVXbLw7m_3haRFpkz_K1tfTUc1kz-ycnC-V2zX8E0-heO4UQGuGA/s320/sync+rule+editor+-+outbound+extension+rule+-+disabled.png" width="320" /></a></div>
<div>
<br /></div>
<div>
6. Once all rule modifications are saved, close the Synchronization Rule Editor using the X in the top right corner. Run the AD Connect configuration wizard and force a fresh synchronization.</div>
<div>
<br /></div>
<div>
7. Now we test that our custom AD attributes were synchronized to the extension attributes in Azure AD. Use the Exchange Online PowerShell cmdlets to retrieve the extension attributes for a user that we know has values in those fields. Once you've connected to the Exchange Online PowerShell cmdlets, use one of the following:</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">get-mailbox <a user's email address> | select *</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">get-recipient <a user's email address> | select *</span></div>
<div>
<br /></div>
<div>
With either of these you will retrieve the Azure AD attributes customAttribute1, customAttribute2 ...customAttribute15 for the user. You should now see your custom attribute values coming back from Azure AD in Office 365:</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9opoA6_1fgAWHmuuN5XJYZvkzGxKJhWBPjJBJ4doRfG_hlokHG0KfzqqsbAxS0RY_kXry2075QfMLdDIy68w_qt8Izs1ifJDvwAXICoH33tK3gKvLOpzC8MYlkNXHtJp0ghsvKGWeXng/s1600/get-recipient+powershell+output.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9opoA6_1fgAWHmuuN5XJYZvkzGxKJhWBPjJBJ4doRfG_hlokHG0KfzqqsbAxS0RY_kXry2075QfMLdDIy68w_qt8Izs1ifJDvwAXICoH33tK3gKvLOpzC8MYlkNXHtJp0ghsvKGWeXng/s320/get-recipient+powershell+output.png" width="216" /></a></div>
</div>
<div>
<br /></div>
<div>
Remember: To use Exchange Online cmdlets for a user , that user <b><span style="color: red;">MUST</span></b> have an Exchange Online mailbox, which means they <span style="color: red;"><b>MUST</b></span> be licensed for Exchange Online. If a user is not licensed for Exchange Online, the sync process still synchronizes the attributes correctly for that user. However, you will not be able to call the Exchange Online cmdlets for that user to retrieve the attribute values.</div>
<div>
<br /></div>
<div>
Enjoy.</div>
<div>
-Antonio</div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com4tag:blogger.com,1999:blog-1409324927428377638.post-22162931236882595912016-10-20T09:18:00.001-04:002016-10-22T09:53:39.118-04:00Synchronizing Custom AD Attributes to Office 365 - Part 2This blog is the 2nd in a 3 part series on synchronizing and working with custom AD attributes in Office 365. In this post we continue with showing you how to retrieve attributes in Office 365 using PowerShell.<br />
<br />
<ul>
<li>Part 1 is here: <a href="http://www.trustsharepoint.com/2016/10/synchronizing-custom-ad-attributes-to.html">Step 1 - Configure AD Connect to Synchronize Custom Attributes</a>.</li>
</ul>
<br />
PowerShell can be used to both verify that your custom attributes have actually been synchronized to Office 365, and it can be used to actually accomplish things with those attributes, like having them sync'ed to your user profile in SharePoint Online (but that's for another article).<br />
<br />
<a name='more'></a><br />
<br />
<h3>
Step 2 - Retrieve Attributes in Office 365 Using PowerShell</h3>
<div>
Once we have custom attributes synchronizing to Office 365 using AD Connect, we would naturally want to use to verify that the attributes have successfully sync'ed. As well, we would naturally use <b>PowerShell</b> to do this. However, there are some important concepts that we first need to understand to do this.</div>
<div>
<br /></div>
<div>
1. To access user accounts in Azure AD within Office 365, we typically use the <b>Windows Azure Active Directory Module for Windows PowerShell</b>.<br />
<br />
<ul>
<li>Follow the instructions here to <a href="https://technet.microsoft.com/library/dn975125.aspx#Anchor_1">Install this Azure Active Directory PowerShell module</a>. </li>
<li>When running the PowerShell module, always right mouse click and select Run As Administrator.</li>
<li>The Azure AD cmdlets you would use to retrieve a user's attributes are;</li>
</ul>
</div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">connect-msolservice (provide your global administrator credentials when prompted)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">get-msoluser -userprincipalname <a user's UPN> | select *</span></div>
<div>
<br />
<ul>
<li>This will return a pre-defined set of 59 attributes for the user, however it will <span style="color: red;"><b>NOT </b></span>return all of the attributes associated with the user account. For example, it will <span style="color: red;"><b>NOT </b></span>return any of the extension attributes. You can see a list of the attributes that are retrieved here: <a href="https://msdn.microsoft.com/en-us/library/azure/dn194133(v=azure.98).aspx">get-msoluser</a>.</li>
</ul>
<br />
<div>
2. To retrieve additional attributes or the extension attributes associated with the user's Azure AD account, you must use the <b>Exchange Online PowerShell module</b>.</div>
<div>
<ul>
<li>To use Exchange Online cmdlets for a user account, that user account <b><span style="color: red;">MUST</span></b> have an Exchange Online mailbox, which means they <span style="color: red;"><b>MUST</b></span> be licensed for Exchange Online. If a user is not licensed for Exchange Online, the sync process still synchronizes the attributes correctly for that user. However, the limitation here is that you will not be able to call the Exchange Online cmdlets for that user - you can still call get-msoluser as described above to get that subset of attributes.</li>
<li>To connect to the Exchange Online PowerShell module, you can use the following:</li>
</ul>
</div>
<br />
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$sUserName = Read-Host "Enter an administrator username" </span></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$sPassword = Read-Host "Enter an administrator password" -AsSecureString</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$credential = New-Object System.Management.Automation.PsCredential($sUserName,$sPassword)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" –AllowRedirection</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Import-PSSession $exchangeSession</span></div>
</div>
<div>
<ul>
<li>In order to retrieve additional attributes about a user, and more specifically retrieve the extension attributes, you can call either get-mailbox or get-recipient as follows. </li>
</ul>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">get-mailbox <a user's email address> | select *</span></div>
</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">get-recipient <a user's email address> | select *</span></div>
<div>
<br /></div>
<div>
You can use either one of these cmdlets, and you can get more information about these here: <a href="https://technet.microsoft.com/en-us/library/bb123685(v=exchg.160).aspx">get-mailbox</a> and <a href="https://technet.microsoft.com/en-us/library/aa996921(v=exchg.160).aspx">get-recipient</a>.</div>
<div>
<ul>
<li>With either of these cmdlets you'll notice that you get a lot more attributes returned. In particular you get customAttribute1, customAttribute2 ...customAttribute15. These map directly to the following attributes in your on premise AD environment: extensionAttribute1, extensionAttribute2 ...extensionAttribute15. Their purpose is to provide some built in attributes with which clients can use custom attributes in on premise AD without editing the actual AD schema.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9opoA6_1fgAWHmuuN5XJYZvkzGxKJhWBPjJBJ4doRfG_hlokHG0KfzqqsbAxS0RY_kXry2075QfMLdDIy68w_qt8Izs1ifJDvwAXICoH33tK3gKvLOpzC8MYlkNXHtJp0ghsvKGWeXng/s1600/get-recipient+powershell+output.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9opoA6_1fgAWHmuuN5XJYZvkzGxKJhWBPjJBJ4doRfG_hlokHG0KfzqqsbAxS0RY_kXry2075QfMLdDIy68w_qt8Izs1ifJDvwAXICoH33tK3gKvLOpzC8MYlkNXHtJp0ghsvKGWeXng/s320/get-recipient+powershell+output.png" width="216" /></a></div>
<ul>
<li>As you can see, the name of an attribute in Azure AD is often slightly different from the corresponding name of the attribute in on premise AD.</li>
</ul>
</div>
<br />
<div>
3. When testing retrieval of extension attributes for a user, ensure that you're calling the cmdlets for a user account that has actually values in those extension attributes in your on premise AD. I know it sounds simple, but many times I've seen people say 'my attributes are not sync'ing' only to find out that the user they're testing didn't actually have values in those attributes in AD.</div>
<div>
<br /></div>
<div>
4. You'll notice that with any of the preceding PowerShell cmdlets shown, the custom AD attributes you've configured AD Connect to synchronize are not shown. We can see the built-in extension attributes, but not any custom attributes. </div>
<div>
<ul>
<li><span style="color: red;">Unfortunately, there currently is no Office 365 workload that will consume or work with these attributes. Not even the PowerShell cmdlets currently available will access or retrieve these custom attributes.</span></li>
<li>It is however possible to work with the Microsoft Graph API to retrieve these custom attribute values. Microsoft has published a <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-graph-api-quickstart/">Quick Start Guide for the Graph API</a> if you wish to use that.</li>
<li>The custom attribute from your on premise AD is actually published to Azure AD with a name that looks like the following:</li>
</ul>
<div style="text-align: center;">
extension_<application GUID>_<custom attribute name></div>
</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjriw7_T0Xm3yOv_dG8IPq9H8kCKiDJHy32UvGBDIgK-YmIhmX9xhbEji0mu3o1PCNiLGtEb9lGDVTdXzv3PChDgwvVA1vP3733ZY5W7lqnk5DRaAKA9pX2vQBTV_NHEY8DjyccBsSQ03A/s1600/custom+attrib+sync.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjriw7_T0Xm3yOv_dG8IPq9H8kCKiDJHy32UvGBDIgK-YmIhmX9xhbEji0mu3o1PCNiLGtEb9lGDVTdXzv3PChDgwvVA1vP3733ZY5W7lqnk5DRaAKA9pX2vQBTV_NHEY8DjyccBsSQ03A/s320/custom+attrib+sync.png" width="320" /></a></div>
<div>
<br /></div>
<div>
You can see the custom attribute name that is being synchronized to Office 365 for your custom attributes if you use the MIISCLIENT application (available at C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe on the AD Connect server) to watch the synchronization process and review the actual updates made. Remember, do not try to execute the sync or modify any sync settings through the MIISCLIENT application. Only use the AD Connect configuration wizard for any sync configuration.<br />
<br />
Part 3 in this series can be found here: <a href="http://www.trustsharepoint.com/2016/10/synchronizing-custom-ad-attributes-to_1.html">Step 3 - Customize AD Connect Synchronization Rules</a>.<br />
<br /></div>
<div>
</div>
</div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com23tag:blogger.com,1999:blog-1409324927428377638.post-75789062977179923052016-10-20T09:18:00.000-04:002016-10-20T09:28:58.507-04:00Synchronizing Custom AD Attributes to Office 365 - Part 1Synchronization of identities has come a long way since the early days of DirSync. We've now seen 2 major releases of the latest generation sync tool, Azure AD Connect, and it has introduced a long list of new features. End of support for DirSync and Azure AD Sync are scheduled for April 13, 2017 (<a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-dirsync-deprecated/">announcement</a>).<br />
<br />
If you're looking for a list of the benefits of upgrading to the latest version of AD Connect, please see my blog on that topic here: <a href="http://www.trustsharepoint.com/2016/07/why-upgrade-dirsync-to-azure-ad-connect.html">Why upgrade DirSync to Azure AD Connect</a>. One of those great new features is the ability to synchronize directory extension attributes or even custom attributes from an on premise Active Directory environment to Azure AD within Office 365. This post is about some of the limitations still in place around custom attributes, and some suggestions on how to deal with them once they've been synchronized.<br />
<br />
<a name='more'></a><br /><br />
We run across cases where clients have customized the on premise AD schema to introduce new custom attributes. This is often due to some specialized business process or line of business application that needs to populate data for each individual user. Perhaps you have an HR app needs to populate an employee ID or some level of manager needs to be stored for each user so that other apps can make use of it. Personally, I prefer to use the built in AD extension attributes (extensionAttribute1, extensionAttribute2, ...extensionAttribute15) for this purpose because that's what they're there for, but some environments choose to create custom attributes. In many cases, when a client chooses to migrate to Office 365, these custom attributes and business processes have been in place for years, and changing those internal processes to use different, built-in attributes simply isn't practical. In addition, often they want a workflow in SharePoint Online or an Office 365 workload to make use of them. <br />
<br />
There are 3 high-level steps we can use to accomplish this:<br />
<ol>
<li>Configure AD Connect to Synchronize Custom Attributes</li>
<li>Retrieve Attributes in Office 365 Using PowerShell</li>
<li>Customize AD Connect Synchronization Rules</li>
</ol>
<div>
This blog is the second in a 3 part series that will discuss each of these steps in detail.<br />
<br /></div>
<h3>
Step 1 - Configure AD Connect to Synchronize Custom Attributes</h3>
First, we need to upgrade to AD Connect and properly configure it to synchronize our custom attributes to Office 365. <br />
<br />
1. You start by launching the AD Connect configuration wizard on your synchronization server. There should be an icon on the desktop of the server where AD Connect was installed.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVTbbj_9eecwKUJPfVA6UQGVdgnhlmXqEL2NUwxlkyuhpco53QN39xDgkNNDzlUMt2k97yQhSJQnutVihCN2h5sID03vBRYJ61CWYyGadYIQDT3k-qNXJvQjlQn9af6RuJAwzwtsFpqdA/s1600/AD+Connect+icon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVTbbj_9eecwKUJPfVA6UQGVdgnhlmXqEL2NUwxlkyuhpco53QN39xDgkNNDzlUMt2k97yQhSJQnutVihCN2h5sID03vBRYJ61CWYyGadYIQDT3k-qNXJvQjlQn9af6RuJAwzwtsFpqdA/s1600/AD+Connect+icon.png" /></a></div>
2. If you installed AD Connect before you customized your AD schema, you'll need to refresh the AD Connect cache. AD Connect always uses a cache of the AD schema, which it created when it was first installed. You can refresh this cache by selecting the '<b>Refresh directory schema</b>' option when you run the AD Connect configuration wizard. Select this option and then click Next.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqh9iwndVITZPsV_9Cy0KizUUrzEpr1BxeQYq0PF90l4K5L1E9TbyHJ_C7Os-0P7jH932goBwMadLlcpaW5u8h9Hbju43yi061pBTBFEOLgTcv6Jpk9ybe5cTJECzRKYkOVhwMH5eSwQo/s1600/AD+Connect+-+refresh+dir+schema.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqh9iwndVITZPsV_9Cy0KizUUrzEpr1BxeQYq0PF90l4K5L1E9TbyHJ_C7Os-0P7jH932goBwMadLlcpaW5u8h9Hbju43yi061pBTBFEOLgTcv6Jpk9ybe5cTJECzRKYkOVhwMH5eSwQo/s320/AD+Connect+-+refresh+dir+schema.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
3. Enter your Azure AD credentials. This is your Office 365 global administrator username and password.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifRPG6cFWRLh4lUJm0cIiYOrT4uk_-KRkSUkwwyJJfbpn2pZvmgVqUR_I8CVh1DHNTE6Uo_BJGEVLsttFlk9-yXk7p3kHejTvSS48XjDrQIj9e6omSXIDcK7Rr_Spxxr7hmZk4e79jLKc/s1600/AD+Connect+-+azure+ad+creds.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifRPG6cFWRLh4lUJm0cIiYOrT4uk_-KRkSUkwwyJJfbpn2pZvmgVqUR_I8CVh1DHNTE6Uo_BJGEVLsttFlk9-yXk7p3kHejTvSS48XjDrQIj9e6omSXIDcK7Rr_Spxxr7hmZk4e79jLKc/s320/AD+Connect+-+azure+ad+creds.png" width="320" /></a></div>
<br />
4. Select the on premise domain for which you want to refresh the schema, and click Next.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhREGD4eDdGXJJUfX5_tBv8nn5L2whCC10-Qu6F9E46t6FjvoPvzcY3ks-KhIeCdY81h6fdPAbf-J-3gKYOpNZtEMQDXwV9TVZWGBf5keg9BiLZMNUZtItPRwUj3eUiUsnBkpul4Jrj9Ek/s1600/AD+Connect+-+select+domain+to+refresh+schema.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhREGD4eDdGXJJUfX5_tBv8nn5L2whCC10-Qu6F9E46t6FjvoPvzcY3ks-KhIeCdY81h6fdPAbf-J-3gKYOpNZtEMQDXwV9TVZWGBf5keg9BiLZMNUZtItPRwUj3eUiUsnBkpul4Jrj9Ek/s320/AD+Connect+-+select+domain+to+refresh+schema.png" width="320" /></a></div>
<br />
5. Click Configure to update the connector and cached schema which is responsible for synchronizing the selected on premise AD domain to Azure AD. If you wish to start a fresh sync once this process is done then leave the '<b>Start the synchronization process when the configuration completes</b>' checkbox checked. This may not be needed at this point since we're just refreshing the schema cache in our local AD connect so you can un-check the checkbox if you wish.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMxvzRkbkxQd4qfVJZJyKh64K4N9q39DL0B5ffU9155sCjI-BsVE5Fc30IPA3xB4HaT_O_Gfvw8eDYN-xEFHlCJZj0GmMDYaWsUlGprGGmcCIoNu4BeVJ2FH_Le01QI5xCrmdMt6jhK68/s1600/AD+Connect+-+refresh+dir+schema+-+ready+to+configure.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMxvzRkbkxQd4qfVJZJyKh64K4N9q39DL0B5ffU9155sCjI-BsVE5Fc30IPA3xB4HaT_O_Gfvw8eDYN-xEFHlCJZj0GmMDYaWsUlGprGGmcCIoNu4BeVJ2FH_Le01QI5xCrmdMt6jhK68/s320/AD+Connect+-+refresh+dir+schema+-+ready+to+configure.png" width="320" /></a></div>
<div>
<br /></div>
<div>
So far, all we've done is refresh the internal schema for AD Connect. The custom attributes are not yet synchronizing. </div>
<div>
<br /></div>
<div>
Next we need to configure AD Connect with the custom attributes we actually want to synchronize.</div>
<div>
<br /></div>
<div>
1. Now we re-launch the AD Connect wizard and select '<b>Customize Synchronization Options</b>'.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7EbCmMj7Q4IiRzooidSIp5Wn_0IpnfEOfSrSwGlG66S6s-GImA8OvObpjMIfV-g1oMlZSmyx10J-G69dB74AXzJURW_pWCUB-tzswZzIIpFqWXlhHJ4A2N6h-fO3XunbwACIEkiSkVkM/s1600/AD+Connect+-+customize+sync+options.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7EbCmMj7Q4IiRzooidSIp5Wn_0IpnfEOfSrSwGlG66S6s-GImA8OvObpjMIfV-g1oMlZSmyx10J-G69dB74AXzJURW_pWCUB-tzswZzIIpFqWXlhHJ4A2N6h-fO3XunbwACIEkiSkVkM/s320/AD+Connect+-+customize+sync+options.png" width="320" /></a></div>
<br /></div>
<div>
2. Enter your Azure AD credentials. This is your Office 365 global administrator username and password.</div>
<div>
<br /></div>
<div>
3. Enter your on premise AD credentials. This is the Domain Enterprise Administrator for the domains you wish to synchronize.</div>
<div>
<br /></div>
<div>
4. Select the domain(s) you wish to synchronize or any OU filtering you wish to implement. If you're happy with your existing configuration just click Next.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6W-2mS1-Yslk5uuGLf2OmQ1HtGDRo3LvYiwlGDck6QIC2JaoyHO5AGuMUHGBlPo8pgAvodc6DJWioJktNfxnNxYTEYlsEyCn8FOYb53tKN1UbzP-_QroqAeMgFNpVAKfLwoGd9A-sics/s1600/AD+Connect+-+domain+or+OU+filtering.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6W-2mS1-Yslk5uuGLf2OmQ1HtGDRo3LvYiwlGDck6QIC2JaoyHO5AGuMUHGBlPo8pgAvodc6DJWioJktNfxnNxYTEYlsEyCn8FOYb53tKN1UbzP-_QroqAeMgFNpVAKfLwoGd9A-sics/s320/AD+Connect+-+domain+or+OU+filtering.png" width="320" /></a></div>
<br /></div>
<div>
5. In the Optional Features window, ensure that '<b>Directory extension attribute sync</b>' is selected.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisfzvQBvPsjJnl-YY-kfYw5iPL8XIpXnkbNA-NUombX-9GlfeCIFDUzLVGXjTQsbTguBRFgx3tiTl2HGYfVp0u756XGB01FusmFMjUVb_oPoWT3il7CuW79-V2Fljbrg7R8fanSm5FTHw/s1600/AD+Connect+-optional+features.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisfzvQBvPsjJnl-YY-kfYw5iPL8XIpXnkbNA-NUombX-9GlfeCIFDUzLVGXjTQsbTguBRFgx3tiTl2HGYfVp0u756XGB01FusmFMjUVb_oPoWT3il7CuW79-V2Fljbrg7R8fanSm5FTHw/s320/AD+Connect+-optional+features.png" width="320" /></a></div>
<br /></div>
<div>
6. If the Azure AD Apps page appears, ensure that any previous settings you might have configured on this page are correct and click Next.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHGowmY38gFUbGdaLNN_nQL8_y4ve69Y3Tr-iIlR4NFQcCkKXod7t0XxAT4-OJbw1dfXLOH-SehiXNIUzaCsSgShZzBB868QdX_6shl-Qa6D7E09pf6lguYztNVFK-vebUL8gpt-pryUQ/s1600/AD+Connect+-+azure+ad+apps.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHGowmY38gFUbGdaLNN_nQL8_y4ve69Y3Tr-iIlR4NFQcCkKXod7t0XxAT4-OJbw1dfXLOH-SehiXNIUzaCsSgShZzBB868QdX_6shl-Qa6D7E09pf6lguYztNVFK-vebUL8gpt-pryUQ/s320/AD+Connect+-+azure+ad+apps.png" width="320" /></a></div>
<br /></div>
<div>
7. If the Azure AD Attributes page appears, ensure that any previous settings you might have configured on this page are correct and click Next.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO36HT1j5pv5HHWAuVCWjH2RY68Gpbz_i-8VCvK-IgpactLk-FqJgJJDPxlAYuiYKAPfJCC6LfDXkFRWScwpmxnlq8GYInWfQ-tCg_Llo6Q1aljPKCcZbxODzlMd-e1oi_B38nFBbd4J0/s1600/AD+Connect+-+azure+ad+attribute+filtering.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO36HT1j5pv5HHWAuVCWjH2RY68Gpbz_i-8VCvK-IgpactLk-FqJgJJDPxlAYuiYKAPfJCC6LfDXkFRWScwpmxnlq8GYInWfQ-tCg_Llo6Q1aljPKCcZbxODzlMd-e1oi_B38nFBbd4J0/s320/AD+Connect+-+azure+ad+attribute+filtering.png" width="320" /></a></div>
<br /></div>
<div>
8. When the Attribute Extensions page appears, find your custom attribute(s) in the <b>Available Attribute </b>list and click the right arrow to add them to the <b>Selected Attribute</b> list. The selected attributes list represents the custom attributes that will be synchronized to Azure AD within Office 365.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipCTOdgIvDH2_9iY6ne0I_7o_KKdz3q_8yNUSsvJVObGF7hW0itAQ4BScHhfxJW89v3aGy24Cn3RH_AE2-WoDhTUvbxfd9I52Jw710lngvrnQvfrb7nJkfimXFHaOBSHoNxHkFBvLDfZY/s1600/AD+Connect+-+directory+extensions.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipCTOdgIvDH2_9iY6ne0I_7o_KKdz3q_8yNUSsvJVObGF7hW0itAQ4BScHhfxJW89v3aGy24Cn3RH_AE2-WoDhTUvbxfd9I52Jw710lngvrnQvfrb7nJkfimXFHaOBSHoNxHkFBvLDfZY/s320/AD+Connect+-+directory+extensions.png" width="320" /></a></div>
<div>
<br /></div>
<div>
In my example here, we can see that I've extended my AD schema to include a custom attribute called <b>MyCustomAttribute2</b> and I've selected that attribute to sync to Azure AD.</div>
<div>
<br /></div>
<div>
9. Click Configure to update the synchronization rules used by AD Connect for synchronizing the on premise AD attributes to Azure AD so that they now include the custom attributes you just selected. If you wish to start a fresh sync once this process is done then leave the '<b>Start the synchronization process when the configuration completes</b>' checkbox checked. In this case I recommend you leave this checkbox selected and start a fresh sync.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx1tf56ZEBRCzlb18ZA4M-cXwxPOoF021Fa-V_zRonF2CXBItOS9b2BH0RXSqSbBR3UiC_vOgcZfNfl0xKLiiwrwyfqOE6VMUQ1x5ykmauHaxN_ZO63i1DqSrxG9ehcCpU66uYWjKfLbk/s1600/AD+Connect+-+custom+attrib+-+ready+to+configure.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx1tf56ZEBRCzlb18ZA4M-cXwxPOoF021Fa-V_zRonF2CXBItOS9b2BH0RXSqSbBR3UiC_vOgcZfNfl0xKLiiwrwyfqOE6VMUQ1x5ykmauHaxN_ZO63i1DqSrxG9ehcCpU66uYWjKfLbk/s320/AD+Connect+-+custom+attrib+-+ready+to+configure.png" width="320" /></a></div>
<div>
<br /></div>
<div>
Our custom attributes are now synchronizing to Office 365! <br />
<br />
Part 2 in this series can be found here: <a href="http://www.trustsharepoint.com/2016/10/synchronizing-custom-ad-attributes-to_20.html">Step 2 - Retrieve Attributes in Office 365 Using PowerShell</a>.<br />
<br /></div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com2tag:blogger.com,1999:blog-1409324927428377638.post-79796273323622512982016-10-17T00:30:00.000-04:002016-10-20T09:32:17.347-04:00How Secure Is My Data in Office 365?A few weeks ago, on September 21, I gave a session at the DFW user group meeting called How Secure is My Data in Office 365? Thank you to all those that attended and my apologies for the delay in posting my presentation. Life has been busy.<br />
<br />
<div style="text-align: left;">
I actually get asked this question quite often from clients that are concerned about migrating their data and workloads to Office 365. Organizations tend to have an easier time when it comes to moving Exchange to Office 365. However, the question tends to come more from clients considering moving SharePoint team sites or OneDrive for Business to the cloud.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
Its important to consider the question from various angles. Here is a summary of the points I make during my session to help answer the question...</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b><i>How secure is my data in Office 365?</i></b></div>
<div style="text-align: center;">
<br /></div>
<br />
<a name='more'></a><br /><br />
My slides from that evening can be found here:<br />
<div style="text-align: center;">
<br />
<iframe allowfullscreen="" frameborder="0" height="485" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/q6y8DepEQ5zT7n" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="595"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/AntonioMaio2/how-secure-is-my-data-in-office-365" target="_blank" title="How Secure is My Data in Office 365?">How Secure is My Data in Office 365?</a> </strong> from <strong><a href="https://www.slideshare.net/AntonioMaio2" target="_blank">AntonioMaio2</a></strong> </div>
<br />
<h3 style="text-align: left;">
Data Center Security, Monitoring & Data Sovereignty</h3>
<ul>
<li style="text-align: left;">Microsoft operates over 100 world class data centers around the world to store and host the Office 365 platform. </li>
<li style="text-align: left;">Data center security includes undisclosed locations, 24 x 7 x 365 monitoring, fenced and guarded entry ways, access restricted to authorized personnel with multiple layers of biometric scans, background checks on all data center employees, redundant power and cooling, etc. etc. </li>
<li style="text-align: left;">Microsoft data centers truly are enterprise grade and operate at what is referred to as hyperscale, with over 1 million servers and over 15 billion dollars currently invested. </li>
<li style="text-align: left;">Microsoft data centers are currently located in 34 regions around the world so if data sovereignty is a concern, you can select which region you wish to have your tenant hosted in and be assured that your data will remain in region or in country. </li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Best Practices in Server Deployment</h3>
<ul>
<li style="text-align: left;">Servers are deployed to the Office 365 environment using the best practices that Microsoft has promoted and IT Pros have been using for years, including least privilege models, segregation of responsibilities for service accounts and server roles, control of ports & protocols through server hardening, etc. </li>
<li style="text-align: left;">The provisioning of new servers within farm is automated to ensure that new servers are always provisioned the same way every time. </li>
<li style="text-align: left;">The farms hosting the Office 365 services are built to meet Microsoft's extremely rigid SLAs.</li>
<li style="text-align: left;">The entire Office 365 service is constructed to maintain separation of data between tenants, so that data from one tenant cannot leak into another tenant. The service has been designed from the ground up to support this very strict requirement.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
High Availability and Disaster Recovery</h3>
<ul>
<li style="text-align: left;">Microsoft guarantees 99.9% availability of its Office 365 environment. That means a maximum of 8 h 45 m 57 s of downtime per year. This commitment is financial backed as well to its customers.</li>
<li style="text-align: left;">Microsoft publishes its measured SLA statistics on a quarterly basis and we can see that they are often hitting better that 99.9%, and occasionally achieving 99.99%. To put that in perspective, that's 52 m 35.7 s of downtime per year.</li>
<li style="text-align: left;">For disaster recovery, Microsoft commits to its customers a 6 hour RTO (recovery time objective) and a 1 hour RPO (recovery point objective). That means that in the event of a data center disaster, your tenant will be back up and running in a maximum of 6 hours, and you will at most lose 1 hour of data.</li>
<li style="text-align: left;">High Availability and Disaster Recovery is available out of the box with Office 365, to every level of license you can purchase. There is nothing that customers need to do to enable that!</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
If we consider just this one aspect of protecting your data, comparing what Microsoft provides to what you can build, deploy and maintain, would your current data center provide this level of availability or disaster recovery?</div>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Automation and Restriction of Server Administrative Functions</h3>
<ul>
<li style="text-align: left;">Regular server administration functions are automated through PowerShell, so that administrative functions are fulfilled the same way every time. The human element is removed when it comes to routine server maintenance and management.</li>
<li style="text-align: left;">Administrators of the Office 365 data centers have zero standing access to the environment. If an administrator or support personnel requires access to a tenant, they must submit a ticket internally requesting access through a formal process called 'lockbox'. They must specify exactly which capabilities and level of access is needed and for how long. Access and the time permitted are strictly minimized and all access expires after a maximum of 4 hours, requiring the process to start once again.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Encrypted Data at Rest & in Motion</h3>
<ul>
<li style="text-align: left;">All data at rest within Office 365 is encrypted using 2 different methods. First, all drives within the Office 365 data center are bit locker encrypted. </li>
<li style="text-align: left;">Secondly, all files within SharePoint sites and OneDrive for Business are encrypted using a complex file encryption mechanism. This mechanism will shredded every file into chunks, each chunk encrypted with a unique key, the encrypted chunks are randomly distributed across multiple Azure Storage Containers, the encryption keys are themselves encrypted with a master key, the encrypted keys are stored in the content database (in a different system from the Azure Storage Containers), the master key is stored in a third system called the key store (the most protected asset in the Microsoft data center), and finally all keys rotated (re-generated) every 24 hours. You can read more about this encryption process in an earlier blog post of mine: <a href="http://www.trustsharepoint.com/2015/10/how-does-microsoft-protect-our-data-in.html">How Does Microsoft Protect our Data in Office 365?</a></li>
<li style="text-align: left;">Later this year, Microsoft will allow organizations to bring and manage their own master key as part of an E5 license.</li>
<li style="text-align: left;">All data transmitted from an end user's browser to Office 365 is encrypted while in motion using TLS. The communication between all servers in the Office 365 data center is also encrypted using TLS. All SSL protocols have been deprecated and removed from the environment, since SSL is no longer considered secure. TLS 1.2 is used by default. Only in cases where older browsers are used, will communication security revert back to TLS 1.1 or TLS 1.0. This is important because PCI DSS compliance, for storing credit card data, requires the use of TLS 1.2 as the primary security protocol.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Advanced Authentication Models</h3>
<ul>
<li style="text-align: left;">Microsoft only supports secure authentication protocols such as claims based authentication using SAML 2.0 and OATH 2.0. </li>
<li style="text-align: left;">Microsoft provides the ability to quickly and easily enable multi-factor authentication for either end users or administrators (or both) within your organization. You can limit this to only privileged users, only to executives that access sensitive data, or to the entire organization. Multi-factor authentication supports a robust set of 2nd factors, including one time pass code via text message or phone call, smart card, client side digital certificates and Microsoft Authenticator app.</li>
<li style="text-align: left;">Modern authentication has recently been introduced so that users accessing documents or Office 365 services through Microsoft client applications such as Word, Excel, PowerPoint or Outlook either on their desktop or mobile devices can have the same secure and robust authentication experience.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Security & Vulnerability Patching with Zero Downtime</h3>
<ul>
<li style="text-align: left;">It's well known that most server security vulnerabilities come from administrators not keeping up to date with security patches. In 2016 alone, 16 critical or important security patches have been released across all SharePoint versions (2007, 2010, 2013, 2016. In an on premise environment, keeping up with all security patches is an extremely time consuming task, made only more difficult if you work in an environment where downtime is strictly minimized or not permitted.</li>
<li style="text-align: left;">Office 365 deploys deploys all server security patches as soon as possible, and with zero downtime to your tenant. This ensures that vulnerabilities and zero day attacks are closed as promptly as possible, while minimizing disruption to client tenants.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Regulatory Compliance, Security Audits & Transparency</h3>
<ul>
<li style="text-align: left;">Office 365 has provided unprecedented transparency into how it secures and operates the services.</li>
<li style="text-align: left;">Microsoft has complied with a long list of regulatory compliance standards for protecting and securing your data. The list of standards, along with exactly how they comply and how they do not comply is fully published on the <a href="https://www.microsoft.com/en-us/TrustCenter/Compliance?service=Office#Icons">Office 365 Trust Center</a>. </li>
<li style="text-align: left;">The Office 365 environment undergoes regular independent 3rd party security audits, and the results of those audits are published in the Office 365 Security and Compliance Center within all tenants, for clients to see. Along with those published audit reports, every control that has been audited is listed, along with the requirements and recommendations for each.</li>
<li style="text-align: left;">Microsoft also actively promotes of a <b><i>Shared Responsibility</i></b> with respect to security of your data within Office 365. Microsoft is very clear about their commitments for security the Office 365 platform, and they work to educate clients on what their responsibilities are as well, with respect to providing access to internal or external users, permissioning, reviewing activity logs, etc.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
Additional Security Capabilities</h3>
<div style="text-align: left;">
Office 365 provides a long list of additional robust security capabilities for administrators, site owners and end users to help them secure and protect their data within the Office 365 service, including:</div>
<ul>
<li style="text-align: left;">Information Rights Management</li>
<li style="text-align: left;">Data Loss Prevention</li>
<li style="text-align: left;">Activity Monitoring and Alerts</li>
<li style="text-align: left;">Advanced Threat Protection for Email</li>
<li style="text-align: left;">Advanced Security Management</li>
<li style="text-align: left;">Conditional Access Policies</li>
<li style="text-align: left;">Customer Lock Box</li>
</ul>
<div style="text-align: left;">
With all of these security considerations and capabilities in place to protect your information in Office 365, I think we would all be hard pressed to build an environment as secure and and as robust as what is currently available from the Microsoft cloud.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
-Antonio</div>
<div style="text-align: left;">
<br /></div>
<br />
<br /></div>
Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com6tag:blogger.com,1999:blog-1409324927428377638.post-81399248456629415562016-10-02T23:47:00.002-04:002016-10-20T09:33:36.978-04:00Office 365 Nightly PowerShell Scripts: Encrypting Admin Credentials<span style="font-family: inherit;">When using remote PowerShell to perform tasks in Office 365 we typically need to provide our administrator credentials to create the initial connection. These are typically a Global Administrator's username & password, or at least an Exchange or SharePoint administrator's username & password. These are highly privileged accounts and we need to ensure that the username and password associated with these accounts do not get compromised or stolen. </span><span style="font-family: inherit;">So, when we need to run remote PowerShell scripts on a nightly automated basis, without administrator intervention, how do we secure those highly privileged credentials? </span><br />
<span style="font-family: inherit;"></span><br />
<a name='more'></a><span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Running such a script, automatically each night, may be part of some automatic synchronization process. Or, it may be part of some process that automatically retrieves data from our Office 365 tenant each night.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Fortunately, we do have a number of PowerShell commands available which can encrypt our password, and we can be assured that it is secured when stored on the system that is hosting our nightly PowerShell script.</span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
<span style="font-family: inherit;">Protect the System Hosting the Nightly PowerShell Script</span></h3>
<span style="font-family: inherit;">First of all, its important to note that the machine hosting your nightly script needs to be protected according to your corporate policies. This protection needs to be applied as you would for any other critical piece of infrastructure - think on premise Exchange server, SharePoint farm server, etc. If you're going to build several scripts to run nightly, I typically recommend setting up a dedicated Windows Server to host and run all automated scripts. That way you only have 1 system to manage for hosting and running nightly scripts. So, when a script fails for whatever reason, its easier to find the system on which to investigate the issue. In addition, if you have multiple scripts running nightly and you want to ensure that they do not conflict with each other, its easier to configure the Windows task scheduler for all scripts on 1 machine. Finally, if you are running a number of on premise Microsoft server applications and you're relying on Microsoft support (premiere or otherwise), if your script is hosted on some other application's server and the server runs into an issue, Microsoft may ask you to remove that script prior to investigating the issue to rule out the script being the cause.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">In addition, we would also recommend creating a dedicated service account (really just a user account) in Office 365 that will only be used by the script to connect to the Office 365 service it is designed to work with. In the spirit of "least privilege", the account should only have the permissions required to connect to the necessary service - if the script only works with Exchange Online, then it should only have Exchange Online administrator permissions and should not have the Global Administrator role.</span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
<span style="font-family: inherit;">PowerShell CmdLets Required</span></h3>
<span style="font-family: inherit;">Next, we need to understand a few PowerShell commands that we'll use to encrypt our administrator account password:</span><br />
<br />
<ul>
<li>Read-Host (with the parameter -AsSecureString)</li>
</ul>
<br />
<span style="font-family: inherit;">This cmdlet will request input from the user at the command line. The -AsSecureString parameter will mask the input provided by the user so that it is not readable. </span><br />
<br />
<ul>
<li><span style="font-family: inherit;">ConvertFrom-SecureString</span></li>
</ul>
<span style="color: #2a2a2a;">This cmdlet converts a secure string (of type </span><span style="color: #2a2a2a;">System.Security.SecureString</span><span style="color: #2a2a2a;">) </span><span style="color: #2a2a2a;">to an encrypted standard string (of type </span><span style="color: #2a2a2a;">System.String)</span><span style="color: #2a2a2a;">. Unlike a secure string, an encrypted standard string can be saved in a file for use later. </span><span style="background-color: white; color: #2a2a2a;">ConvertFrom-SecureString doesn't accept empty an SecureString so you may wish to add a check for this in your PowerShell... but of course you would never have an empty string as an administrator's password. You can find more information here: <a href="https://technet.microsoft.com/en-us/library/hh849814.aspx">ConvertFrom-SecureString</a>.</span><br />
<span style="color: #2a2a2a;"><br /></span>
<br />
<ul>
<li><span style="font-family: inherit;">ConvertTo-SecureString</span></li>
</ul>
<span style="font-family: inherit;">This cmdlet will convert plain text or a standard encrypted string to a secure string. This is useful when you wish to pass an encrypted password that was stored to a cmdlet that requires a SecureString when authenticating</span><span style="background-color: white; color: #2a2a2a; font-family: "segoe ui" , "lucida grande" , "verdana" , "arial" , "helvetica" , sans-serif; font-size: 14px;">.</span><span style="color: #2a2a2a; font-family: inherit;"><span style="font-size: 14px;"> </span>The SecureString object can be used with cmdlets that support the SecureString or PSCredential parameters, such as those necessary to create a remote PowerShell connection to Exchange Online (which we'll see later). You can find more information here: <a href="https://technet.microsoft.com/en-us/library/hh849818.aspx">ConvertTo-SecureString</a>.</span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
<br />
<h3>
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;">Example</span></span></h3>
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;">In the following simple example, we use these cmdlets to check if we already have a password stored, then if not we request it from the user, and we </span></span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#get the path the script is currently running under</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$ScriptRoot = ""</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">Try</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">{</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $ScriptRoot = Get-Variable -Name PSScriptRoot -ValueOnly -ErrorAction Stop</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">}</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">Catch</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">{</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $ScriptRoot = Split-Path $script:MyInvocation.MyCommand.Path</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">}</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#Note there are some examples where this process does not return a proper path,</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#like if you are running under the temp folder - in that case, I suggest putting </span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#a test for an empty path and setting it to some default path</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#create the necessary paths where username and password may have been stored</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$sUserName = ""</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$sPassword = ""</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$usernameTokenPath = $($($ScriptRoot) + "usernameToken.txt")</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$passwordTokenPath = $($($ScriptRoot) + "passwordToken.txt")</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#Check if username & password files already exist </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><span style="color: #6aa84f;">#If they do not, then request them from an administrator and securely save them</span></span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">if((Test-Path $usernameTokenPath) -and (Test-Path $passwordTokenPath))</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">{</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName = Get-Content $usernameTokenPath</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sPassword = (Get-Content $passwordTokenPath | ConvertTo-SecureString)</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> Write-Host "Using saved administrator credentials"</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">}</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">else</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">{</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName = Read-Host "Enter an administrator username" </span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sPassword = Read-Host "Enter an administrator password" -AsSecureString</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $storeCreds = Read-Host "Would you like to securely store the administrator credentials for use next time? (y=yes)"</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> if(($storeCreds -eq "y") -or ($storeCreds -eq "Y") -or ($storeCreds -eq "yes") -or ($storeCreds -eq "YES"))</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> {</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> </span><span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#encrypt the password</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> #store the username and encrypted password in separate output files</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> #output files will reside in the same path as the script</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> </span><span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#Note: to reset the username and password, simply delete the 2 files</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> # usernameToken.txt and passwordToken.txt</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName | Out-File $usernameTokenPath</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $encryptedPassword = ConvertFrom-SecureString $sPassword | Out-File $passwordTokenPath</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> }</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> else</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> {</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> Write-Host "Administrator credentials have not been stored at user's request"</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> }</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">}</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#Create the PSCredential object needed for remote PowerShell to Exchange Online </span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$credential = New-Object System.Management.Automation.PsCredential ($sUserName,$sPassword)</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" –AllowRedirection</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">Import-PSSession $exchangeSession</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">Write-Host "Connection to Microsoft Exchange Online Established"</span><br />
<br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#do something in Exchange Online using remote PowerShell module</span><br />
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span><br />
<span style="color: #6aa84f;"><br /></span>
<span style="color: #6aa84f; font-family: "courier new" , "courier" , monospace; font-size: x-small;"># Remember to release the PowerShell session that's connected to Exchange online</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><span style="background-color: white;"></span></span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;">Remove-PSSession $exchangeSession</span><br />
<br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
<br />
<h3>
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;">Run Down</span></span></h3>
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;">You'll notice that the first time we run the script it checks whether the files containing the the username and password exist. If they do, then we retrieve that data with the following:</span></span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName = Get-Content $usernameTokenPath</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sPassword = (Get-Content $passwordTokenPath | ConvertTo-SecureString)</span><br />
<div>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span></div>
<span style="font-family: inherit;"><span style="background-color: white; color: #2a2a2a;">We use <b>ConvertTo-SecureString</b> to convert the standard encrypted string, that we retrieved from a local file, to a SecureString. The SecureString now stored in $sPassword can then be used later as the password when connecting to the Office 365 service. </span><span style="background-color: white; color: #2a2a2a;">Note: only the password is encrypted in this example, not the username. </span></span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;">If we do not find files containing the username and password (we're looking for both files to exist) then we request them from the administrator at the command line, along with whether or not we should save them. This is done with the following:</span></span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName = Read-Host "Enter an administrator username" </span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sPassword = Read-Host "Enter an administrator password" -AsSecureString</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $storeCreds = Read-Host "Would you like to securely store the administrator credentials for use next time? (y=yes)"</span><br />
<span style="background-color: white; color: #2a2a2a;"><span style="font-family: inherit;"><br /></span></span>
Notice we request the password as a SecureString object.<br />
<br />
Next, if the administrator chose to, we store the inputted username and password in seperate files, in the same folder in which the script is running, with the following:<br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $sUserName | Out-File $usernameTokenPath</span><br />
<span style="color: #2a2a2a; font-family: "courier new" , "courier" , monospace; font-size: x-small;"> $encryptedPassword = ConvertFrom-SecureString $sPassword | Out-File $passwordTokenPath</span><br />
<span style="background-color: white; color: #2a2a2a; font-size: 14px;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; color: #2a2a2a; font-size: 14px;"><span style="font-family: inherit;">Notice that we use <b>ConvertFrom-SecureString</b> to convert the SecureString $sPassword to a standard encrypted string which is stored in $encryptedPassword. If we don't need to store it, then we can simply use the password in SecureString form later when connecting to the Office 365 service.</span></span><br />
<br />
<span style="background-color: white; color: #2a2a2a; font-size: 18.72px; font-weight: bold;">Security Notes</span><br />
<span style="background-color: white; color: #2a2a2a; font-size: 14px;"><span style="font-family: inherit;">So, how is this secure? A malicious user who gets access to the system hosting the PowerShell script could potentially copy the file containing the encrypted password and call similar PowerShell commands to retrieve the administrators password. </span></span><br />
<span style="background-color: white; color: #2a2a2a; font-size: 14px;"><span style="font-family: inherit;"><br /></span></span>
<span style="background-color: white; color: #2a2a2a; font-size: 14px;"><span style="font-family: inherit;">First we take note of the fact that the PowerShell commands ConvertTo-SecureString and ConvertFrom-SecureString do have additional parameters like -Key and -SecureKey:</span></span><br />
<br />
<ul>
<li>-Key: allows the caller to specify a specific key as a byte array</li>
<li>-SecureKey: allows the caller to specify a specific key as a SecureString</li>
</ul>
<div>
If neither of these parameters is specified, as in our example above, then the PowerShell cmdlets will use the Windows Data Protection API (DPAPI) to encrypt and decrypt the password. The DPAPI will use the hashed password of the user that's logged in along with the machine identifier to encrypt the administrator's password. This means that the stored encrypted password can only be decypted when the same user is logged in on the same machine. You can find out more here: <a href="https://msdn.microsoft.com/en-us/library/ms995355.aspx">Windows Data Protection</a>. If you do specify -Key or -SecureKey then those strings need to be available on the system hosting he script</div>
<div>
<br /></div>
<div>
As mentioned above, the machine hosting the script (and storing the encrypted password) does need to be protected as you would any other critical infrastructure.</div>
<div>
<br /></div>
<div>
Finally, if more protection is required, then we recommend setting the execution policy for PowerShell on the machine running the script to -AllSigned and digitally signing your script. This will help to ensure that only scripts digitally signed with your specific code signing certificate can be run on the machine hosting your automated scripts. More information can be found on the digital signing process at the <a href="https://blogs.technet.microsoft.com/heyscriptingguy/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2/">Scripting Guy Blog</a>.</div>
<div>
<br /></div>
<div>
Enjoy.</div>
<div>
-Antonio</div>
<br />Antonio Maiohttp://www.blogger.com/profile/11590288142542819604noreply@blogger.com3