Quadra

Microsoft has announced an update to the Office 365 people profile experience under Delve, which consolidates the profile and activity pages to make it easier for users to discover relevant content, connect with colleagues and find experts inside an organization.

Learn more about your colleagues

The new profile page gives users a place to learn more about their colleagues, providing their contact information, a photo, who they work for and a summary of their experience and expertise, as well as discover their recent activity and a quick glimpse of what they are working on. The profile is actionable, too. Users can start a Skype chat, call or email to a colleague right from their profile page. Remember, Delve only shows content that the user already has permission to see.

The whole experience is responsive and looks great on any device.

Customize User profile and quickly find documents

Users can give their Delve profile a personal touch—upload a favorite profile photo, choose a unique background or edit your expertise. Up-to-date profiles make it easier for others to find out about the user and help the user when the user is looking for information. From the user’s profile, users can also quickly and easily get back to their documents, as well as see documents their most frequent contacts are working on.

Delve is more useful and intuitive than ever thanks to the new profile page. By connecting the users with the content and the contacts who are relevant to them, Delve helps break down silos and keeps the user in the know.

The new profile experience has been rolled out to First Release Office 365 tenants over the past several weeks, and Microsoft expects it to roll out to all eligible Office 365 customers by the second quarter of 2016.

Delve is included in the Office 365 Enterprise E1–E5 subscription plans (including the corresponding A2–A4 and G1–G4 plans for Academic and Government customers, respectively). Delve is also included in the Office 365 Business Essentials and Business Premium plans.

Delve never changes any permissions and only shows the users content that they already have permission to view. Only they can see their private documents in Delve, and other people can’t see their private activities—such as what documents they’ve read, what emails they’ve sent and received or which Skype for Business conversations they have participated in. Other people can see that they’ve modified a document, but only if they have access to the same document.

Microsoft has come up with recommendations for password management based on current research and lessons from their own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.

Microsoft sees over 10 million username/password pair attacks every day. This gives Microsoft a unique vantage point to understand the role of passwords in account takeover. The guidance provided here is scoped to users of Microsoft’s identity platforms (Azure Active Directory, Active Directory, and Microsoft account) though it generalizes to other platforms.

Summary of Recommendations

Advice to IT Administrators

Azure Active Directory and Active Directory allow Enterprises to support these recommendations:

1. Maintain an 8-character minimum length requirement (and longer is not necessarily better).

2. Eliminate character-composition requirements.

3. Eliminate mandatory periodic password resets for user accounts.

4. Ban common passwords, to keep the most vulnerable passwords out of your system.

5. Educate your users not to re-use their password for non-work-related purposes.

6. Enforce registration for multi-factor authentication.

7. Enable risk based multi-factor authentication challenges.

Advice to Users

• Don’t use a password that is the same or similar to one you use on any other website. A cybercriminal who can break into that website can steal your password from it and use it to steal your Microsoft account.
• Don’t use a single word (e.g. “princess”) or a commonly-used phrase (e.g. “Iloveyou”).
• Do make your password hard to guess even by those who know a lot about you (such as the names and birthdays of your friends and family, your favorite bands, and phrases you like to use).

Keep the security info up to date

Current security info (like an alternate email address or phone number) helps us to verify the user's identity if they forget their password or if someone else tries to take over their account. Microsoft never uses this info to spam the user or to try to sell them something.

Watch for suspicious activity

The Recent activity page helps the user to track unusual or suspicious activity. The user can see their latest sign-ins and changes to their account. If they see something wrong or unfamiliar, they can click "This wasn’t me" and Microsoft will take the user through a few steps to change their password and review the security info on their account.

Turn on two-step verification

Two-step verification boosts account security by making it more difficult for hackers to sign in—even if they know or guess the user's password.

If the user turns on two-step verification and then try to sign in on a device Microsoft doesn’t recognize, Microsoft will ask the user for two things:

1. The user's password.
2. An extra security code.

Microsoft can send a new security code to the user's phone or their alternate email address, or they can get one through an authenticator app on their smartphone.

Keep the operating system, browser, and other software up to date

Most service and app providers release security updates that can help protect users' devices. These updates help prevent viruses and other malware attacks by closing possible security holes.

If the user is using Windows, in order to receive these updates automatically, he / she has turn on Windows Update.

Be careful of suspicious emails and websites

The users are advised not to open email messages from unfamiliar senders or email attachments that they don't recognize. Viruses can be attached to email messages and might spread as soon as they open the attachment. It's best not to open an attachment unless they expected to receive it. They should also be careful when downloading apps or other files from the Internet, and make sure they recognize the source.

Install an antivirus program on your computer

Hackers can steal passwords through malware (malicious software) that's been installed on users' computer without their knowledge. For example, sometimes malware is maliciously downloaded with something they do want, like a new screen saver. The user has to take the time to check and clear their computer of viruses or malware before they change their password.

Is your computer running Windows?

Great! Windows Defender is free anti-malware software built-in to Windows 8 and Windows 10. It updates automatically through Windows Update. If the user is running an earlier version of Windows, they can download and install Microsoft Security Essentials for free.

After the user installs an antivirus program, they should set it to regularly get updates and scan their computer.

Gleaned from a paper from - Microsoft Identity Protection Team

More and more cloud-based apps are being used by businesses, such as Dropbox, Box and Microsoft-created services like OneDrive and Office 365. Now Microsoft has launched Microsoft Cloud App Security, a service designed specifically to help protect companies and their employees who use cloud-based apps.

Microsoft says that, according to its surveys, each employee in a company uses 17 cloud apps and workers in 91% of organizations grant access to their personal accounts to their company's cloud storage services. Microsoft Cloud App Security provides those organizations the following features to protect their employees and the company as a whole:

• App Discovery: Cloud App Security identifies all cloud applications in an enterprise’s network—from all devices—and provides risk scoring and ongoing risk assessment and analytics

• Data Control: With special focus on sanctioned apps, enterprises can set granular controls and policies for data sharing and loss prevention (DLP) leveraging API-based integration. They can use either out-of-the box policies or build and customize their own

• Threat Protection: Cloud App Security provides threat protection for the Enterprise’s cloud applications leveraging user behavioral analytics and anomaly detection

In Office 2016, Microsoft is also improving many aspects of Outlook 2016. For example, in the new version you can attach a recent file you have been working on to a new message. To do so simply click the Attach File (paperclip) button and you'll see a list with all the recent files. Then just pick the file and you're good to go -- no more spending time browsing your computer for a specific document.

Also, Microsoft is making it very simple to attach OneDrive documents. The attachment works in the same way as a local file, but for OneDrive files, Outlook 2016 will create a special cloud attachment link. When the recipient double-clicks the attachment, the document won't download and open with the default app. Instead, the document will open in the web browser.