Office-365 on Ru Campbell MVP

Deploying Office 365 with Intune as a Win32 App (and Why You'd Want To)

Tue, 15 Jun 2021 15:26:14 +0000

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it’s called this month, can be deployed by Intune to Windows 10 devices using a built-in wizard. The advantage of this is you don’t need to package anything: you fill out some nice drop-downs and options in a GUI, assign it like any other app, and Microsoft takes care of the rest.

In the background, this is using the Office CSP to deploy the client, which makes it quite unique compared to the deployment of other apps, which are best done with Win32 packaging. I wrote a general guide about that for Petri.com, available here.

Microsoft Information Protection Sensitivity Labels - Custom User Permissions and Do Not Forward

Thu, 25 Feb 2021 15:02:30 +0000

With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries. These labels apply protection which, in the context of files and emails, really means encryption using AES-128 or 256 (key size depends on file type). The great thing about Information Protection is that you control an access control list of who is allowed to access the content and it’s managed as a cloud service by Microsoft. The document or message, when opened, checks who is authenticated (who is signed to Outlook or the Office 365 app, for example) and only allows access if they have permission.

Understanding Application Guard for Office, Now Generally Available

Sat, 30 Jan 2021 22:13:50 +0000

Application Guard first appeared in Windows 10 1709 (“Fall Creators Update”) to isolate Edge browser activity within a Hyper V container. Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10…

… if you have Microsoft 365 E5 or E5 Security. You knew that was coming!

With Application Guard for Office, your files can open in a sandbox without access local or network storage. This provides an additional layer of protection against threats such as ransomware, for which Office apps are infamous as an attack surface. There’s a significant catch: a standard configuration of Application Guard will allow users to bypass it if they say they trust the file, therefore executing it in the normal way; resource access included. You can change this default behaviour though, so keep reading.

PowerShell: Run Cmdlet If Another Was Successful (And Keep Trying Until It Is)

Fri, 23 Oct 2020 17:30:52 +0000

Today I’m sharing a useful bit of PowerShell I gracelessly punt from script to script whenever I need to make sure a prerequisite it met before running something and to keep checking until it’s met, then run what I need: “do X when Y is ready and keep checking Y until it’s ready”.

The original use for this was my script to create a new Microsoft 365 user, but hold off on some parts of it - such as time zone settings - until the Exchange Online mailbox is provisioned. That takes some time, so I wanted to keep checking and as soon as I could, continue the script.

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

Mon, 07 Sep 2020 19:15:17 +0000

Microsoft Cloud App Security (MCAS), Redmond’s cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate. It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP. MCAS started life as Adallom prior to Microsoft’s acquisition of that company in 2015. It’s included in Microsoft 365 E5 and numerous other licensing subsets, including EMS E5, E5 Security (an add-on for Microsoft 365 E3), Information Protection & Governance, or standalone. In all cases, you’d need to make sure it includes or you also get a license for Azure AD Premium for the reverse proxy benefits, delivered via Conditional Access App Control.

The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance

Mon, 01 Jun 2020 07:11:37 +0000

There are currently three separate admin consoles in Microsoft 365 for administrators to view or configure security and compliance policies, alerts, and reports. Believe it or not, this is down from four at the peak of just-tell-me-where-to-go-to-do-this. This doesn’t even include consoles such as Microsoft Cloud App Security (MCAS). The direction things are heading is good, as I’ll explain in this blog, but the situation does highlight Microsoft’s relatively new culture and position of continual small updates rather than delivering fully finished products.

Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins

Sun, 05 Jan 2020 21:00:38 +0000

Deploying Outlook add-ins (“apps”) for your O365 tenant is an intuitive experience via AppSource. As a Global Administrator, click GET IT NOW on the app’s page and you are immediately redirected to the Services & add-ins page of the M365 Admin Center.

From there, you can configure add-ins for the whole tenant, just yourself, or by group. All AAD group types, except non-email enabled ones, are supported. If a group is nested, the top-level group gets it, but none of the nested ones. You then choose to deploy as fixed, which means enforced, available, which means shown when users search for apps, or optional, which means installed but can be removed.

Manage MyAnalytics Weekly Insight Digest Emails and App Availability

Mon, 21 Oct 2019 14:25:45 +0000

Made available to more than just E5 licencees earlier this year, MyAnalytics will, by default, send users weekly emails regarding their work patterns.

Users can control this themselves in settings pane of the MyAnalytics web app.

image-2

Administrators cannot, in bulk, keep MyAnalytics enabled for users but disable the email digest. The following PowerShell example instead disables MyAnalytics across all your Microsoft 365 Business licensed users, and therefore removing these emails.