Quadra

Connecting Technology and Business.

How to keeping winning the battle against hackers

Office 365 is the fastest growing SaaS offering globally. It is also the most targeted by hackers today as phishing and Ransomware transform into business models in the Dark Web world. Breaches come from emails and misused identities and the attacks only accelerate by the minute. It is high time that Office 365 admins hack-proof their environments – and it is possible with the tools available from Microsoft – tools for studying, analyzing, warning and preventing attacks and plugging vulnerabilities.

The recent Wannacry ransomware attack has created a sense of panic among enterprises using Office 365; remember other cloud services too, are not immune to hacking attacks. Attackers use Social engineering to gain access to the victim’s identity, data and device. It is a security attack vector that involves tricking someone into breaking normal security procedures.

A social engineer runs what used to be called a "con game." Techniques such as appeal to vanity, appeal to authority and appeal to greed are often used in social engineering attacks. Many social engineering exploits simply rely on people's willingness to be helpful. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources.  

Popular types of social engineering attacks include:

  • Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
  • Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
  • Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.
  • Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
  • Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.

Security experts recommend that IT departments regularly carry out penetration tests that use social engineering techniques. This will help administrators learn which types of users pose the most risk for specific types of attacks while also identifying which employees require additional training. Security awareness training can go a long way towards preventing social engineering attacks. If people know what forms social engineering attacks are likely to take, they will be less likely to become victims.

Fortunately, Microsoft provides enough tools to protect its users and especially Office 365 subscribers from such attacks.

Exchange Online Protection (EOP)

Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.

As a part of Microsoft Exchange Online   By default, EOP protects Microsoft Exchange Online cloud-hosted mailboxes. Exchange Online Protection provides protection against malicious links by scanning content.

Advanced Threat Protection (ATP)
  • Securing mailboxes - With Exchange Online Advanced Threat Protection, admins can protect mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
  • Protection against Unsafe Attachments - With Safe Attachments, admins can prevent malicious attachments from impacting the messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. 
  • Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.
  • Protection of the environment when users click malicious links - Safe Links expands on EOP by protecting the O365 environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. URL detonation provides deeper protection against malicious URLs. Not only does Microsoft check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioural malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.
  • Dynamic delivery— Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email.
  • Rich reporting and tracking links in messages — Gaining critical insights into who is being targeted in the organization and the category of attacks the organization is facing. Reporting and message trace allow admins to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows admins to track individual malicious links in the messages that have been clicked. Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing.
  • Intelligence sharing with Windows Defender Advanced Threat Protection— Security admins will be able to see malware activity and relationships across Windows 10 and Office 365.
  • Broader protection— Advanced Threat Protection extends to include protection for SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business. 
Threat Intelligence
  • The office 365 Threat Intelligence service provides information on security using data from various sources. The data is harvested via the Microsoft Intelligent security Graph technology. Organizations are being targeted with increasingly sophisticated attacks. 
  • Threat Intelligence, which helps admins proactively uncover and protect against advanced threats by analysing billions of data signals across Office consumer and commercial services.
  • It also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world. In addition, Microsoft is integrating signals from Windows and Azure to help customers realize the full benefit of the Microsoft Cloud.
  • Security admins will see a dashboard with rich insights to do deep investigation of malware and will be able to integrate data with existing security management tools.
  • Threat Intelligence takes it a step further by alerting security admins and proactively creating and suggesting security policies to help protect against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert customers in finance and related areas to the trend. Threat Intelligence will also dynamically create and suggest additional security policies to help protect you before they get to your network.

 

Advanced Data Governance

Microsoft has also brought Advanced Data Governance to Office 365 to help customers manage the exploding volume and increasing complexity of corporate data. Microsoft applies intelligence to help admins achieve organizational compliance and automate data retention.

Enterprises will be able to classify, set policy and take action on the data that is most relevant for their organization and industry, with recommendations driven by behavioral analysis and machine learning.

 

Advanced Data Governance includes the following capabilities:

  • Import—Intelligently import only the data needed from on-premises and third-party archives using classifications such as age, data type, user or groups, sensitivity or importance.
  • Policies—Policy recommendations are provided, based on machine assisted insights of the data, classifications, tenant, organization, industry, geography and more. Recommendations may include delete, move, encrypt or share.
  • Retention—Intelligently preserve only what’s important to the organization by using classifications such as keywords, age, data type, user or group, sensitivity, importance. Integration with line-of-business systems allows admins to trigger retention based upon events, such as creation of a human resources record.

 Advanced Data Governance will help organizations apply the right actions to preserve high value data and purge redundant or obsolete data.

 

Advanced Security Management (ASM)

 

Microsoft has launched Advanced Security Management to help give organizations visibility and control over security in Office 365.

 

They have added a new feature lately called Productivity App Discovery, which will help IT pros and security operations teams understand their organization’s usage of Office 365 and other productivity cloud services. This will help them to better determine the extent to which shadow IT is occurring in their organization.

 

Productivity App Discovery shows usage of Office 365 and other productivity cloud services. App Permissions will assist in monitoring applications that users are connecting to Office 365.

 

Office 365 Secure Score

The Office 365 Secure Score is available to help organization evaluate their security level in Office 365. Secure Score analyzes an Office 365 organization’s security based on their regular activities and security settings and assigns a score. It is a credit score for security.

Secure Score figures out what Office 365 services an organization is using (like OneDrive, SharePoint, and Exchange) then looks at the settings and activities and compares them to a baseline established by Microsoft. O365 admins get a score based on how aligned they are with best security practices.

Using Secure Score helps increase an organization’s security by encouraging them to use the built-in security features in Office 365 (many of which they have already purchased but might not be aware of). Learning more about these features as they use the tool will help give them piece of mind that they are taking the right steps to protect their organization from threats.

Admins must check secure scores reports weekly. A sample list of reports is presented here:

  • Sign-ins after multiple failure report
  • Sign-ins from unknown sources report
  • Sign-ins from multiple geographies report
  • Mailbox access by non-owners report
  • Malware detections report
  • Sing-in devices report
  • Account provisioning activity report
  • Non-global administrators report
Making use of these features that are made available by Microsoft will help enterprises not only defend themselves  from hackers but also keep winning the battles against them.

 

Now OneDrive for Business in under better control of the Admin

Control provisioning of OneDrive

OneDrive for a user is created when they click on OneDrive tile or access the service first time. Their ability to create OneDrive site is governed by the create personal site permission in SharePoint Online. By default, the permission is assigned to all users.

If your Organization is looking for a phased rollout then you can create specific user groups and assign the create personal site permission to them.

Enable Sync client restrictions

SharePoint Online administrator can use PowerShell cmdlets to enable the OneDrive for Business sync client from only the domains present in the safe recipients list. After that, if the version of sync client on a user’s PC is earlier than 15.0.4693.1000, sync client is considered outdated and user will not be able to sync documents.

Configure restricted Domain sharing

At a tenant level, administrators can configure external sharing by using either the Allow List or Deny List feature. Administrators can limit sharing invitations to a limited number of email domains by listing them in the Allow List or opt to use the Deny List, listing email domains to which users are prohibited to extend invitations.
 
Additional parameters have been added to the PowerShell, to allow configuration of restricted domains using PowerShell.

All external sharing invitation emails will blind copied to set mailboxes using available parameters.

Discourage Org-wide sharing

To discourage users from sharing files from their OneDrive with everyone in the Organization, hide “Everyone”, “All Users” and “Everyone except External Users” groups in the people picker.

Restrict Sync based on file types

When required, block syncing of certain file types using the new sync client. For e.g. sync of .pst and .mp4 can be blocked as all emails should be in EXO mailbox and videos should be in O365 Videos service or, just to conserve bandwidth consumption.

Monitor User activities

Office 365 Audit log search and Management Activity APIs enable monitoring of user activities on OneDrive and also integrate them with existing SIEM tool in your Organization. Refer to the Audit log search section later in this document.

Configure usage or anomaly based alerts

Office 365 Advanced Security Management enables you to set up anomaly detection policies, so you can be alerted to potential breaches of your network. For example, you can be alerted to impossible travel scenarios, such as if a user signs in to the service to check their mail from New York and then two minutes later is downloading a document from OneDrive in Tokyo.

Advanced Security Management also lets you set up that can track specific activities. With out-of-the-box templates like Mass download by a single user, IT can easily create policies that flag when someone is downloading an unusually large amount of data. Alerts can also be for multiple failed sign-in attempts or signs in from a risky IP address.

Configure Mobile App Management (MAM) for mobiles

Intune MAM, part of Enterprise Mobility + Security (EMS) suite, provides ability to manage OneDrive mobile app and disable user’s ability to copy-paste corporate content from their OneDrive to a non-managed/consumer app.

Configure Conditional Access

Azure AD Premium, part of Enterprise Mobility + Security (EMS) suite, provides Risk-based conditional access through an intelligent assessment of granting or blocking access to OneDrive. For e.g. access to OneDrive can be blocked is the user is using non-managed device.

Additional Administrative settings for the sync client

A variety of OneDrive and OneDrive for Business settings can be centrally administered through group policy. The group policy objects are available as part of the OneDrive Deployment Package.

The following User Configuration group policies are available:
• Coauthoring and in-app sharing for Office files
• Configure OneDrive.exe to receive updates after consumer production
• Prevent users from changing the location of their OneDrive folder
• Prevent users from configuring personal OneDrive accounts
• Set the default location for the OneDrive folder
• Users can choose how to handle Office files in conflict
The following Computer Configuration group policies are available:
• Prevent users from using the remote file fetch feature to access files on the computer
• Set the maximum percentage of upload bandwidth that OneDrive.exe uses

- Office 365: Everything You Wanted to Know - Jan 2017 - Microsoft

Yammer for Your Organization Too...

Here are some of the ways that organizations benefit from Yammer.

  • Centralize teams and projects. Simplify collaboration by providing teams and projects flexible workspaces that allow them to communicate, share files, and find resources in one place.

  • Promote knowledge sharing. Improve decision-making and reduce duplicate work by using Yammer to tap into knowledge across the organization and build on the work of others.

  • Foster innovation. Foster innovation by connecting employees, ideas, and information without regard for time zones, geographies, or hierarchies

  • Support remote/mobile workers. Identify and resolve problems with the customer experience by giving employees on the front line an efficient way to communicate with headquarters and supporting teams.

  • Improve internal communications. Improve the effectiveness of the corporate communications strategy by connecting employees to executives, groups, and feedback.

  • Expand external collaboration. Extend collaboration to customers, partners, and vendors by sending them a Yammer message, inviting them into a Yammer group, or setting up an external network.

  • Empower sales. Yammer can maximize your sales team’s effectiveness with better account insight, instant access to experts, and enhanced information when on the road.

  • Enhance HR practices. Reduce cost and initial training cycles for new employees by creating a designated group with the onboarding resources they need, while giving them access to subject matter experts across the organization.

  • Extend the reach of IT. Speed end-user adoption by sharing tips and tricks for new products. Enable self-help, access to peer expertise, and a searchable knowledge base to reduce total time to problem resolution.

Transform Your HR Organization

An engaged workforce means good things for your company’s HR and Corporate Communications Organizations. With Yammer, employees feel empowered to make a difference by contributing to recruiting efforts, recognizing peer performance, and learning from experts throughout the company or industry. Yammer increases employee engagement by giving every team member a voice and the tools and information to do more.

  • Onboard new hires quickly. Enable new hires to ramp up faster and continue to develop their skills over time as they learn from their peers.

  • Recognize top talent. Identify high performers and publicly recognize employees who do great work - increasing engagement, satisfaction, and retention.

  • Gain insight into performance. Keep up to date with what your team is working on and the progress made.

  • Start a company dialogue. Connect with your coworkers and encourage two-way dialogues in order to improve communication among teams, employees, managers, and executives.

  • Give employees a voice. Spark creativity and innovation by allowing all employees to share ideas, offer feedback and help drive business results.

Transform Your Marketing Organization

Collaboration across teams and with customers is critical to your organization’s marketing success. With Yammer, you can engage with agencies to build high-impact campaigns across geographies, share customer insights, and drive refined go-to market strategies. You can also improve execution through real-time collaboration of collateral. Empower your employees to become brand ambassadors and strengthen your competitive position with Yammer.

  • Centralize information. Create one workspace where designated teams can sync up and get projects done.

  • Accelerate collateral development. Develop quality collateral much faster and in real-time with colleagues, ensuring that the salesforce is always equipped with the latest materials.

  • Collaborate securely with agencies. Share information and gather feedback easily with internal and external agencies through external private networks.

  • Plan and execute events. Drive awareness of activities and promote interaction among attendees pre-, during-, and post-event.

  • Create brand ambassadors. Easily ensure employees and partners are aligned with company messaging and positioning.

Empower Your Sales Organization

Finding the right information at the right time is critical to the success of your sales team. With Yammer, sales representatives can tap into the collective knowledge of your organization to close deals quickly and increase customer retention. Empower your teams to instantly access expertise and information, gain a competitive advantage, and secure deals faster.

  • Access and share key information. Quickly distribute the latest key messaging out to the entire field.

  • Connect mobile workers. Give your mobile and remote sellers access to key information in a timely manner with the Yammer mobile app.

  • Beat the competition. Share in real-time what is and isn’t working in the field, giving your team a competitive advantage.

- Office 365: Everything You Wanted to Know - Jan 2017 - Microsoft

Six tips to a better engaged online meeting

15 percent of an organization’s collective time is spent in meetings, as reported by the Harvard Business Review. But as technologies change, workloads increase and attention spans shorten, truly reaching your audience can be a challenge. Making use of tools like Skype for Business (SfB) for such meetings can not only reduce the challenges of distance and travel but also give the participants an added luxury of attending the meeting from wherever they are – not necessarily at their office meeting rooms. Result? More attendance. More savings in travel costs.

But there is a flipside to this.

A major hurdle is addressing the audience across multiple locations. Attendees might join from a conference room at office or might connect from various enterprise or home connections. Involving the audience and making them feel that their efforts are appreciated will go a long way in making the meeting successful. But, this might be an unsurmountable challenge.

Here are six tips to make your SfB meetings and webinars more interesting and fruitful:

Send a meeting request in advance – Use your Outlook calendar to open a new meeting and choose a suitable date and time. You can make use of the Scheduling Assistant for this purpose. Include all the names of the invitees to the event one below the other. (Include also names of people who you want to just inform of this meeting – though they might not participate – and mark them as optional attendees). Then choose the date and the time slot in which all required attendees are available. Optionally, add a room if you want, to book it for your convenience. (This must be enabled already in your enterprise). Set a reminder for the meeting depending upon the preparation time required for the meeting.

Make joining hazel-free—Click the “Skype meeting” option to include the auto generated hyperlink Join Skype Meeting appear in the body of the meeting invitation. Also, include any audio bridge numbers, participant PINs, document attachments (Optionally, include a Meeting Notes OneNote notebook page) in the invitation. Add reusable parts of documents – if any - that have been already shared among the users internally by clicking on the Document Item feature. Once the invitation is received at the participants’ end, all that he/she needs to do to join the meeting is the one-click on the Join Skype Meeting link.

Take control of your meeting - Make use of the Meeting Options feature to choose who all should wait in the lobby or join the meeting without waiting. You can also nominate / manage presenters for and during the meeting. This will provide an uninterrupted flow to keep everyone’s attention on the content being presented. You can also set some limitations – disabling IM, mute attendees, block attendees’ video – only presenters can always share audio and video.

Show, don’t just tell, important information—Effective visual communication is key to employee engagement in meetings. Show videos, presentations, websites, pictures and presenters themselves—instead of a static image that’s easy to ignore. On-site employees shouldn’t get a different meeting experience or information from people joining the meeting from other locations.

Allow for feedback, comments and engagement—If employees feel that they can’t ask questions or get involved in a meeting, they’re likely to pay little or no attention to the proceedings. Keep watch on the IM window for comments or suggestions flowing in. Appoint a person (moderator?) to attend to questions from the audience so that queries can be addressed promptly. Conduct polls at intervals to receive feedback from the participants, to gauge the interest of the participants on the topic being handled, whether they are following your line of thought and also to make sure you are driving home your point.

Mind the anywhere any time any device access - Since the meeting attendees are given the freedom to choose which devices they use to join the meeting, it is also more likely that you will hold their engagement through the duration of your meeting. (It gives everyone the freedom to participate whatever works best for them: on-the-go, at their desk or from anywhere their devices are connected to the internet). Keep this distributed audience in mind when you are speaking and keep addressing them - if possible, by individual names - so that they feel engaged well.

Follow these and your next meeting might be the most productive ever.

Microsoft Password Guidance

Microsoft has come up with recommendations for password management based on current research and lessons from their own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.


Microsoft sees over 10 million username/password pair attacks every day. This gives Microsoft a unique vantage point to understand the role of passwords in account takeover. The guidance provided here is scoped to users of Microsoft’s identity platforms (Azure Active Directory, Active Directory, and Microsoft account) though it generalizes to other platforms.

 

Summary of Recommendations

Advice to IT Administrators

Azure Active Directory and Active Directory allow Enterprises to support these recommendations:

1. Maintain an 8-character minimum length requirement (and longer is not necessarily better).

2. Eliminate character-composition requirements.

3. Eliminate mandatory periodic password resets for user accounts.

4. Ban common passwords, to keep the most vulnerable passwords out of your system.

5. Educate your users not to re-use their password for non-work-related purposes.

6. Enforce registration for multi-factor authentication.

7. Enable risk based multi-factor authentication challenges.

 

Advice to Users

Create a unique password for your Microsoft account

The security of your Microsoft account is important for several reasons. Personal, sensitive information may be associated to the user account such as their emails, contacts, and photos. In addition, other services may rely on their email address to verify their identity. If someone gains access to their email, they may be able to take over the user's other accounts too (like banking and online shopping) by resetting their passwords by email.

 

User Tips for creating a strong and unique password:

  • Don’t use a password that is the same or similar to one you use on any other website. A cybercriminal who can break into that website can steal your password from it and use it to steal your Microsoft account.
  • Don’t use a single word (e.g. “princess”) or a commonly-used phrase (e.g. “Iloveyou”).
  • Do make your password hard to guess even by those who know a lot about you (such as the names and birthdays of your friends and family, your favorite bands, and phrases you like to use).
Keep the security info up to date

Current security info (like an alternate email address or phone number) helps us to verify the user's identity if they forget their password or if someone else tries to take over their account. Microsoft never uses this info to spam the user or to try to sell them something.

Watch for suspicious activity

The Recent activity page helps the user to track unusual or suspicious activity. The user can see their latest sign-ins and changes to their account. If they see something wrong or unfamiliar, they can click "This wasn’t me" and Microsoft will take the user through a few steps to change their password and review the security info on their account.

Turn on two-step verification

Two-step verification boosts account security by making it more difficult for hackers to sign in—even if they know or guess the user's password.

If the user turns on two-step verification and then try to sign in on a device Microsoft doesn’t recognize, Microsoft will ask the user for two things:

  1. The user's password.
  2. An extra security code.

Microsoft can send a new security code to the user's phone or their alternate email address, or they can get one through an authenticator app on their smartphone.

Keep the operating system, browser, and other software up to date

Most service and app providers release security updates that can help protect users' devices. These updates help prevent viruses and other malware attacks by closing possible security holes.

If the user is using Windows, in order to receive these updates automatically, he / she has turn on Windows Update.

Be careful of suspicious emails and websites

The users are advised not to open email messages from unfamiliar senders or email attachments that they don't recognize. Viruses can be attached to email messages and might spread as soon as they open the attachment. It's best not to open an attachment unless they expected to receive it. They should also be careful when downloading apps or other files from the Internet, and make sure they recognize the source.

Install an antivirus program on your computer

Hackers can steal passwords through malware (malicious software) that's been installed on users' computer without their knowledge. For example, sometimes malware is maliciously downloaded with something they do want, like a new screen saver. The user has to take the time to check and clear their computer of viruses or malware before they change their password.

Is your computer running Windows?

Great! Windows Defender is free anti-malware software built-in to Windows 8 and Windows 10. It updates automatically through Windows Update. If the user is running an earlier version of Windows, they can download and install Microsoft Security Essentials for free.

After the user installs an antivirus program, they should set it to regularly get updates and scan their computer.

Gleaned from a paper from - Microsoft Identity Protection Team

Microsoft Cloud App Security

More and more cloud-based apps are being used by businesses, such as Dropbox, Box and Microsoft-created services like OneDrive and Office 365. Now Microsoft has launched Microsoft Cloud App Security, a service designed specifically to help protect companies and their employees who use cloud-based apps.

Microsoft says that, according to its surveys, each employee in a company uses 17 cloud apps and workers in 91% of organizations grant access to their personal accounts to their company's cloud storage services. Microsoft Cloud App Security provides those organizations the following features to protect their employees and the company as a whole:

  • App Discovery: Cloud App Security identifies all cloud applications in an enterprise’s network—from all devices—and provides risk scoring and ongoing risk assessment and analytics

  • Data Control: With special focus on sanctioned apps, enterprises can set granular controls and policies for data sharing and loss prevention (DLP) leveraging API-based integration. They can use either out-of-the box policies or build and customize their own

  • Threat Protection: Cloud App Security provides threat protection for the Enterprise’s cloud applications leveraging user behavioral analytics and anomaly detection

Go beyond Passwords - Use an Additional Factor for Authentication

Multi Factor Authentication helps secure user sign-ins for cloud services beyond just a single password. The security of multi-factor authentication lies in its layered approach.

  • Compromising multiple authentication factors presents a significant challenge for attackers.

  • Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device.

  • Should the user lose the device, the person who finds it won't be able to use it unless he or she also knows the user's password.

Mult-Factor Authentication overview

Office 365 uses multi-factor authentication to help provide the extra security and is managed from the Office 365 admin center.

Features

Office 365 offers the following subset of Azure multi-factor authentication capabilities as a part of the subscription:

  • The ability to enable and enforce multi-factor authentication for end users

  • The use of a mobile app (online and one-time password) as a second authentication factor

  • The use of a phone call as a second authentication factor

  • The use of a Short Message Service (SMS) message as a second authentication factor

  • Application passwords for non-browser clients

  • Default Microsoft greetings during authentication phone calls

Feature comparison of versions

A form of multi-factor authentication is included with Office 365, but Enterprises can also purchase Azure Multi-Factor authentication that includes extended functionality.

Proofup

The following table below provides a list of the features that are available in the various versions of Azure Multi-Factor Authentication.

Feature

O365 MFA

Azure MFA

Administrators can protect accounts with MFA

Mobile app as a second factor

Phone call as a second factor

SMS as a second factor

App passwords for clients that don't support MFA

Admin control over authentication methods

 

PIN mode

 

Fraud alert

 

MFA Reports

 

One-Time Bypass

 

Custom greetings for phone calls

 

Customization of caller ID for phone calls

 

Event Confirmation

 

Trusted IPs

 

Suspend MFA for remembered devices (Public Preview)

 

MFA SDK

 

MFA for on-premises apps using MFA server

 

A Video Streaming Portal for the Enterprise

Office 365 Video is an intranet website portal where people in an organization can post and view videos. It's a streaming video service for the organization that's available with SharePoint Online in Office 365. It's a great place to share videos of executive communications or recordings of classes, meetings, presentations, or training sessions.

Features

Channels

  • Channel admins for Office 365 Video can create channels to organize videos.

  • Enterprises can have channels for particular subjects, for example, or for specific groups such as departments or teams

  • End users see only the channels that they have permission to view

Uploading videos

  • To upload a video, users upload it to a specific channel.

  • Users can upload multiple videos to a channel at the same time.

  • Anyone in the organization who has edit permission for a particular channel can upload videos to it

Watching a video

  • Users can watch videos from where they are featured on the Office 365 Video home page, and from specific channels.

  • When the user selects a video thumbnail, the video plays right in the browser window

Sharing videos with others

  • Embed an Office 365 video on the enterprise's site. Users can display the video on a SharePoint Online site or other website by adding the embed code for that video to the page where they want the video to appear.

  • Post to Yammer. Users can post to Yammer about a video while they're watching it, and the post will automatically include a link to the video that they're watching.

  • Send a link to a video in an email. To get a link for a video, the users select the video in Office 365 Video and then copy the URL from the browser address bar.

Discover spotlighted channels and videos

  • Admin can spotlight up to three channels and four videos on the home page.

  • Person with edit permission for a channel can spotlight up to five videos on the page for that channel.

Find the most popular videos

  • Users can see what videos are most popular for the entire organization, check the Trending section on the home page.

  • Users can see what videos are particularly popular in a certain channel, check the Trending section on that channel page.

Find videos that you've uploaded

  • Users can see what videos they've uploaded to a channel, select a channel, and then choose My Videos.

Search for a video

  • Users can search for a particular video by typing what they are searching for in the Search videos box.

  • Users can find videos that are in Office 365 Video by using SharePoint enterprise search.

Channel permissions

There are three types of channel permissions: owners, editors, and viewers. One must have owner permission to change permission settings.

  • Owners - has full control over a channel. They can manage the channel from the channel settings page, upload videos, delete videos, and delete the channel.

  • Editors - has edit permission for a channel. They can upload videos and delete videos. Then cannot manage the channel settings or delete the channel.

  • Viewers - can view all of the videos that are in the channel. By default, everyone in your organization has viewer permission for a channel when the channel is created.

Client Requirements for Video Streaming

Desktop Requirements


Browser

OS

Playback Supported

IE 11

Windows 8.1

HTML5

IE 11

Windows 7

Adobe Flash

IE 9 / 10

Windows

Adobe Flash

Chrome 37+

Windows / OSX

HTML5

Firefox

Windows / OSX

Adobe Flash

Safari 8

OSX Yosemite

Adobe Flash

Safari

Below OSX Yosemite

Adobe Flash


 

Mobile Requirements


Browser

OS

Playback Supported

IE 11

Windows Phone 8.1

HTML5

Chrome

Android 4.4.4

HTML5

Safari

iOS 6

Native HTML5


Scenarios where O365 Video comes in handy

  • On-demand Trainings.

  • Corporate Messages.

  • Community knowledge sharing.

  • Help & How to.

Mobile Apps for Office 365

Office provides the following apps:

·         Office for Android™: View, create and edit documents with touch-friendly Word, Excel and PowerPoint apps. You can count on Office for Android to keep your content and formatting intact so the document looks great when you’re back on your PC or Mac. In Word, add comments or track changes while you work together with others. Review and update Excel spreadsheets and easily add formulas or charts. Make changes to PowerPoint presentations and project them wirelessly on a big screen.
You can view documents for free with Office for Android. Editing and creating documents requires an eligible Office 365 subscription: Office 365 Home, Office 365 Personal, Office 365 University, Office 365 Business, Office 365 Business Premium, Office 365 Enterprise E3, E4, and E5, Office 365 Enterprise E1 and E3 (Government Pricing), Office 365 Education Plus, and Office 365 ProPlus.
·         Office for iPad®: View, create and edit documents with touch-friendly Word, Excel and PowerPoint apps. You can count on Office for iPad to keep your content and formatting intact so the document looks great when you’re back on your PC or Mac. In Word, add comments or track changes while you work together with others. Review and update Excel spreadsheets and easily add formulas or charts. Make changes to PowerPoint presentations and project them wirelessly on a big screen.
You can view documents for free with Office for iPad. Editing and creating documents requires an eligible Office 365 subscription: Office 365 Home, Office 365 Personal, Office 365 University, Office 365 Business, Office 365 Business Premium, Office 365 Enterprise E3, E4, and E5, Office 365 Enterprise E1 and E3 (Government Pricing), Office 365 Education Plus, and Office 365 ProPlus.
·         Office Mobile: Office Mobile is preinstalled on Windows Phone 8 and is available for select models of iPhone® and Android phones. Office Mobile offers great Office content viewing and on-the-go content editing capabilities. And you can count on Office Mobile to keep your content and formatting intact so the document still looks great when you’re back on your PC or Mac. Office Mobile for iPhone and Android phones can be used for free for non-commercial use, simply download the app from the store on your phone.
In order to edit or create documents or to access documents stored in SharePoint and OneDrive for Business on premises, you must have a qualifying Office 365 plan: Office 365 Business Premium, Office 365 Enterprise E3, E4, and E5, Office 365 Enterprise E1 and E3 (Government Pricing), Office 365 Education Plus, Office 365 ProPlus, and Office 365 University.
·         Outlook Mobile: Windows Phone 8 includes a pre-installed version of Outlook that you can use to access your Outlook.com, Office 365, or Exchange email.
·         OneNote: You can use the mobile OneNote app to access your notes while on the go. This app is available on Windows Phone 8, iPhone, iPad, and Android phones.
·         OWA: If you have an Office 365 subscription that includes Exchange Online, you can use the OWA app to sort, scan, and respond to email, and stay on top of your schedule. This app is available on iPhone and iPad.
·         Lync Mobile: If your organization uses Skype for Business or the newest version of Lync, you can use the mobile Lync app or the Skype for Business mobile app, to stay connected while on your mobile device. This app is available on Windows Phone 8, iPhone, iPad, and Android phones.
·         SharePoint Newsfeed: If your organization uses the newest version of SharePoint, you can use the SharePoint Newsfeed app to access your newsfeed from your mobile device. This app is available on Windows Phone 8, iPhone, and iPad.

Your company's IP remains your company's in Office 365

Rights Management Services enables users to restrict access to documents and email to specific people and to prevent anyone else from viewing or editing them, even if they are sent outside the organization.

  • Exchange Online IRM Integration. Enables users of Exchange Online to IRM protect and consume e-mail messages (and attachments). Exchange Online administrators can enable additional features, such as transport rules, to ensure content is not inadvertently leaked outside of the organizational boundary and edit the content of the message to include disclaimers.

  • SharePoint Online IRM Integration. Enables SharePoint Online administrators to create IRM-protected document libraries so that when a user checks-out a document from the IRM-protected document library, protection is applied to the document no matter where it goes and the user has the usage rights to that document as they were specified for the document library by the administrator.

  • Office IRM Integration. Enables Microsoft Office users to be able to IRM protect content using predefined policies provided by the service within an organization. Office applications that include these capabilities are Word, Excel, PowerPoint and, Outlook.

Features

  • Help protect emails against unauthorized access by applying different IRM options to email messages.

  • Enhance security of your SharePoint libraries by using IRM to set up appropriate permissions.

  • Help keep information safe, online or offline, because files are protected whether they’re viewed using Office Online or downloaded to a local machine.

  • Seamless integration with all Office documents helps guard an organization’s intellectual property.

  • Apply custom templates based on business needs in addition to using default Rights Management Services templates.

Examples of policies users can apply to email and documents with Rights Management for Office 365 are:

  • Do not forward (email)/ Restricted Access (Office apps): Only the recipients of the email or document will be able to view and reply. They cannot forward or share with other people or print.

  • ABC Company Confidential: Only people inside the organization (that is, people with an Office 365 account @companyname.com) can access the content, make edits, and share with others inside the company

  • ABC Company Confidential View Only: People inside the organization can view this content but cannot edit or change it in any way. They can print and share with other people inside the company.

Levels of Protection

Native

  • For text, image, Microsoft Office (Word, Excel, PowerPoint) files, .pdf files, and other application file types that support AD RMS, native protection provides a strong level of protection that includes both encryption and enforcement of rights (permissions).

 Generic

  • For all other applications and file types, generic protection provides a level of protection that includes both file encapsulation using the .pfile file type and authentication to verify if a user is authorized to open the file.