Quadra

Connecting Technology and Business.

Use more than one authentication method to keep identities secure

Microsoft has added Multi-Factor Authentication for Office 365 to Office 365 Business plans, Enterprise plans, Academic plans, Non-profit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online. This allows organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription.

Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.

Multi-factor authentication is available for Office 365 administrative roles and also to any Office 365 user and users who are authenticated from a federated on-premises directory.

Microsoft has also added App Passwords for users so they can authenticate from Office desktop applications.

Multi-factor authentication enhances security for Office 365. (Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences. More information about security in Office 365 is available in the Office 365 Trust Center).

Multi-Factor Authentication for Office 365

Office 365 administrators enroll users for multi-factor authentication through the Office 365 admin center.

mfa_02

On the users and groups page in the Office 365 admin center, you can enroll users for multi-factor authentication by clicking the Set Multi-factor authentication requirements: Set up link.

mfa_03

The multi-factor authentication page lists the users and allows you to enroll a user for multi-factor authentication.

After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at their next login. Each subsequent login is enforced and will require use of the password and phone acknowledgement.

mfa_04

After being enrolled for multi-factor authentication, the next time a user signs in, they see a message asking them to set up their second authentication factor.

Any of the following may be used for the second factor of authentication.

  1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
  2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
  3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
  4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
  5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.

mfa_05

Once a user is signed in they can change their second factor of authentication.

The settings menu is the little cog at the top right of the portal screen. In the settings menu clicking the additional security verification link. 

App Passwords in Multi-Factor Authentication for Office 365

Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and OneDrive for Business.

Once an information worker has logged in with multi-factor authentication, they will be able to create one or more App Passwords for use in Office client applications. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor.

App Passwords are not available for use with PowerShell access to Office 365, and they can be turned off entirely for the Office 365 tenant for customers who have special security policies.

mfa_06

After you’ve created an App Password for an Office desktop application, such as Outlook, it is indicated in a list in your account.

- gleaned from Office blogs

SharePoint Server or SharePoint Online – that is the question

Many business enterprises grapple with the dilemma whether to host their SharePoint on-premises or to settle for what is available on the SharePoint online services that Microsoft offers in its Office 365 offerings. There is a third but less considered option – host SharePoint server on the cloud using the Infrastructure as a Service (Iaas) offered by Microsoft (Azure) or other cloud players.


Any decision, according to Gartner, must be based on the business objective of the enterprise rather than any other consideration. As this question gets complex with the increase in the number of users/user teams, their location, connectivity, security, compliance, privacy and controllability, Gartner has published decision frameworks, decision factors and lists of strengths and weaknesses to help enterprises base their decisions on.


While many enterprises that desired an intranet for their staff have already invested in SharePoint for an on-premises solution (SharePoint Online was a late-comer), with the cloud-first principle, Microsoft has started rolling out a lot of new features in the SharePoint online services that has become attractive and is becoming a deterrent in decision making in support of an on-premises solution. Now, a serious decision is looming in the near future for many enterprises whether to go for the next upgrade of SharePoint server or should the enterprise opt for the cloud services.


Some of the factors that influence a decision are listed hereunder:


Is my enterprise content safe on the cloud?


A number of enterprises are still worried about the security of their content. With news of data breaches happening all around the web, this is a factor of grave concern for the enterprises. Many of them still hesitate to consider the online services as a safe bet and are not ready to move their content to the cloud due to legal constraints. While Microsoft, one of the most trusted IT companies in the world, has come up with a lot of information on its trust center about the various steps it has taken to make the enterprise content secure and about the various certification that it has acquired over the years (http://azure.microsoft.com/en-us/support/trust-center/ ), it still fails to offset the fears in the mind of the enterprise decision makers. They would rather live with their content in their datacenter and risk a breach than trust it to a third party vendor.


Where is my data?


Many business enterprises that provide services to their customers and clients are facing this question – where is my data located in the cloud? Many of them are bound by legal compliance requirements that prohibit them from moving their data beyond their national boundaries. Customers and clients might consider it a threat to allow their data to be held in a country that might not align with their political, religious or cultural convictions. While Microsoft allows enterprises to choose a zone of their choice for holding their content on the azure services, it is not so transparent with respect to the Office 365 services.


How is the connectivity?


While a SharePoint server might require only a LAN connectivity, SharePoint online would require an always online kind of a WAN connectivity for accessing content. Many developing countries are still facing a problem of poor internet connectivity which might be a very important factor that influences the decision against SharePoint online services. While there is the 3G and 4G connectivity that is becoming popular lately in the urban areas, this might not be the case in places  that are far removed from the cities where the manufacturing centers are located – in industrial estates and export processing zones that have limited connectivity even today.


How much do I get to store?


SharePoint online provides 500 mb per user subscription apart from the 10GB available for the enterprise. This might become a limitation where the enterprise is content-intensive. While additional space for storage of the content can be bought from the service provider, this might be considered as an additional expense and there might not be an upper predictable limit for budgeting purposes.


Will my search be fast enough?


As SharePoint is made available in a multitenant environment, search capabilities might be slow and not give the user as good an experience as an on-premises solution. There is a potential scalability concern when it comes to the online services.


What limit of customization do I want?


With a SharePoint on-premises solution, there is a possibility of extensive customization. Enterprises can make the solution as user friendly as possible. With the SharePoint designer, a lot of apps can be built in to the solution to make the platform a real collaborative entity. SharePoint online provides limited customization options.


How much am I going to spend?


The online services is available at a fractional cost of the on-premises solution and comes in a subscription model. The underlying infrastructure is of no worry to the enterprise and does not require the upkeep of it. The personnel for maintaining the solution and their skill set requirements become minimal. An on-premises solution would require a Windows server, the respective client access licenses, SQL server, the SharePoint server and the client access licenses and a double investment for high availability scenarios.


How fast do I want to roll out / scale up the solution?


An On-premises SharePoint solution requires details architectural planning and the roll out might take several months. The end-user waiting time for this solution might at some time sap the enthusiasm of the users. An online solution would shorten this time significantly as the infrastructure is readily made available by the service provider. And scaling up and down depending on the requirement is possible in an online solution as it is a pay for what you use model. Scaling down on the number of users in an on-premises model will only reduce the Return on investment (RoI) significantly.


The third option – Hosting the SharePoint server on the cloud


This might be an option that enterprises might want to consider if they are financially crunched on acquiring fresh hardware or provision existing hardware for this SharePoint solution. In this case, not only have they to pay the vendor for IaaS but also have to pay for the software Server licenses and CALS. And the responsibility of running and upkeep of the solution is on the shoulders of the internal IT admins.



Azure Active Directory - Capabilities and Business Benefits (1)

Azure Active Directory provides single sign-on to thousands of cloud (SaaS) apps and access to web apps that an enterprise runs on-premises. Built for ease of use, Azure Active Directory features Multi-Factor Authentication (MFA), access control based on device health, user location, and identity and holistic security reports, audits, and alerts. Azure Active Directory is available in 3 editions: Free, Basic and Premium.

Benefits of Azure Active Directory

Single sign-on to any cloud and on-premises web app

Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.

Easily extend Active Directory to the cloud

Connection to Active Directory and other on-premises directories to Azure Active Directory is available in just a few clicks and it helps maintain a consistent set of users, groups, passwords, and devices across both environments.

Works with iOS, Mac OS X, Android, and Windows devices

Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.

Protect sensitive data and apps

Application access security is enhanced using rule-based Azure Multi-Factor Authentication for both on-premises and cloud applications. Security reporting, auditing, alerting, and “shadow IT” application discovery helps protect the business. Business can also take advantage of unique machine learning-based capabilities that identify potential threats.

Protect on-premises web apps with secure remote access

Users can access their on-premises web applications from everywhere and can be protected with multi-factor authentication, conditional access policies, and group-based access management. They can also access SaaS and on-premises web apps from the same portal.

Reduce costs and enhance security with self-service

Admins can delegate important tasks such as resetting passwords and the creation and management of groups to their employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.

Enterprise scale and SLA

Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.

Empower Users

Business enterprises can enable users to work from any location – corporate office, home office, on the go, using any device – desktops, laptops, tabs, smartphones. They can give the users always-on access to all their work resources using a single set of credentials protected with Multi-Factor Authentication. After a user has signed in, they get single sign-on access to their apps and data.

Self-service capabilities

Enterprises can minimize support costs and keep users up and running by configuring self-service experiences. With web-based tools such as Access Panel and Password Reset, users  can be given a personalized, company-branded portal to access SaaS applications.



Users create and manage their own groups

Admins can empower users to create their own groups, assign members to groups they own, approve join requests, and more.

Users change and reset their own passwords

Businesses can give all users in their directory the capability to change and reset their passwords – whether they are in the cloud or on-premises.

The PowerBI Desktop

With Power BI now generally available, many new features and capabilities of Power BI Desktop (known as Power BI Designer in the Preview) are ready to experience. These include major updates to open source visuals, the Power BI Android app, and authoring enhancements.

sign up for 
free

PowerBI Desktop is a powerful new visual data exploration and interactive reporting tool available at PowerBI.com. It provides a free-form canvas for drag-and-drop exploration of your data and an extensive library of interactive visualizations, while streamlining report creation and publishing to the Power BI service. The Power BI Desktop has been enhanced to include:

  • New visualizations including matrix, area, waterfall, and donut charts.
  • New visualization formatting such as color setting, titles, labels, and legends.
  • New data source support has also been extended to include Zendesk, Intuit Quickbooks Online, AppFigures, GitHub, Twilio, and SweetIQ.
  • Direct connection to SQL Server Analysis Services tabular models for data exploration.

http://blogs.msdn.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-01-60-20/6574.01.png

Other features

The full list of updates Microsoft has rolled out since preview includes:

  • Globally available and localized to 44 languages
  • New visuals – Tree Map, Combo Chart, Funnel, Gauges, Area Map, Waterfall, Donut, Area Chart, Matrix and others.
  • Significantly enhanced Power BI Desktop (renamed from Designer)
  • Native touch optimized mobile apps for iOS, Android and Windows
  • Rich control over visual coloring, including conditional formatting in Reports
  • Visual formatting and customization  in Reports (Title, Background Color, Legend, Data Labels, and X/Y axis for Cartesian charts)
  • Support for Hyperlinks in Reports and report tables
  • Report publishing directly from Power BI Desktop to the PowerBI.com service
  • New styling, look and feel
  • Simple and categorized Get Data Experience
  • A dozen ISVs delivered content packs for Power BI, providing rich, out-of-the-box reports and dashboards for a variety of popular business services (Acumatica, appFigures, Google Analytics, MailChimp, Microsoft Dynamics Marketing, QuickBooks Online, SQL Server Database Auditing, SweetIQ, Twilio, UserVoice, Visual Studio Online)
  • Four direct query sources enabling users to build Power BI reports and dashboards without the need to move data (Azure SQL Database, Azure SQL Data Warehouse, SQL Server Analysis Services, Spark on Azure HDInsight)
  • Easy import of CSV files
  • Support for connecting and refreshing from on-Premises data sources
  • Enhanced data modeling in Power BI Desktop (Calculated Columns, Data Categorization, Smart DAX Formula Editor, 12 new DAX functions)
  • Enhanced data transformation and mashup capabilities in Power BI Desktop with ten new transformation functions
  • Direct report exploration over Analysis Services tabular model from Power BI Desktop
  • Building and publishing Organizational content packs
  • Power BI Groups to enable collaboration on a jointly owned set of datasets, reports and dashboards
  • Browser rendered Excel reports in Power BI
  • Power BI REST API
  • Support for real time dashboards over massive data streams through Azure Stream Analytics
  • Open source Power BI visualization stack to enable Developers to starting building custom visuals
  • Developer samples and test bed for getting started quickly using the REST API
  • New community forum site at community.powerbi.com

Declutter for a cleaner Inbox using Clutter

Microsoft has added an awesome new feature in O365 Exchange Online that helps filter your low-priority email—saving time for your most important messages. Microsoft calls it Clutter.

 

Clutter looks at what you've done in the past to determine the messages you're most likely to ignore. It then moves those messages to a folder called Clutter. Just keep using email as usual and Clutter will learn which messages aren't important to you.

 

From time to time, Clutter might get it wrong. You can move the messages we've incorrectly identified as clutter to your inbox, and Clutter will take notice.

 

Your privacy is extremely important to Microsoft. So, they remove any personally identifiable information from the data it uses to make the feature better.

 

And if you find Clutter isn't for you, you can turn it off any time.

Continuum and Window 10 Phones

Microsoft has a lofty vision for Windows 10 - one operating system core for all devices called OneCore. One of the keys to making that vision a reality for smartphones is a software feature called Continuum. With Continuum for phones, Microsoft believes any phone can be your PC. Microsoft aims to turn Windows 10 phones into full-blown PCs when they’re connected to PCs. Also, with Windows 10 phones, the devices will perform similarly to a traditional PC when they’re connected to an external monitor, along with a Bluetooth mouse and keyboard.

Continuum is a software tool that will aid Windows 10 in detecting what type of device a user is on and help the operating system configure itself accordingly. It is integral for Surface and other convertible tablets that double as laptops. For instance, Continuum will be able to know when you're using Windows 10 with a mouse and keyboard attachment and when you've switched to a touch interface with finger- and pen-based inputs.

Microsoft’s universal apps use the same basic code base across devices and scale to fit the screen they’re being used on. Continuum is Microsoft's solution for shifting among various form factors.

When a Windows Phone is plugged into a PC monitor, a PowerPoint app is treated like a PC app because it is in fact the same code that one would see for PowerPoint on a PC. When numerous tablet apps are opened, Continuum would switch them to PC-style apps when the device is docked. Even desktop-centric stuff will work just fine. Seamless copying and pasting between mobile-centric apps, and yes, even the legendary ALT-TAB are available now. Continuum for Phones changes the interface on the screen it's connected to and gives you extra tools on the handset as well. Microsoft calls it a "PC-like experience".


Windows 10's Mail app running on a Windows Phone connected to an external monitor, using Continuum.


When you first connect your phone to a keyboard and screen using the new Connect button in the Action Center (which Microsoft also refers to as 'docking'), a notification at the top of your phone screen asks if you want to use the phone as a trackpad to control the cursor on the other screen - that's an app that gives you an experience very like controlling an Xbox with the SmartGlass app on your phone. (It helps to turn the phone sideways, so it looks like a trackpad, and to put it down in front of the keyboard). Or you can keep using the handset with the usual phone interface. Apps you launch by touching the phone screen stay on the phone screen - so you could project PowerPoint for a presentation but keep your email and personal text messages off the big screen. There will be a gesture to move an app from the phone screen to the big screen and back.

If what you're running is a web application from the Windows Store, it will give you a different interface if it uses responsive design. But if it's an Android app packaged for Windows 10 for Phones (or an iOS app that the developer hasn't added extra features to), you'll just get the standard phone app interface, only bigger.

Soon, one can rely solely on a smartphone for their computing needs.