Quadra

Connecting Technology and Business.

Hold a Townhall style meeting using Skype Meeting Broadcast

Skype Meeting Broadcast enables organizations to broadcast a Skype for Business meeting on the Internet to up to 10,000 people, who can attend from a browser on nearly any device. Meeting broadcast makes it easy to host large virtual meetings like internal “Town Hall” style meetings and public webinars. The service includes integration with Bing Pulse, for real-time polling and sentiment tracking, and Yammer, to enable attendee dialogue during the broadcast.

Skype Meeting Broadcast roles

  • Organizer. Creates the meeting request and invites attendees. Reviews meeting reports.

  • Producer. Manages the meeting sources (live presentations, dial-in presentations, audio, video, and PowerPoint decks), records the event, and posts the recording to Office 365 Video.

  • Event team member. Participates in the meeting by presenting live or dialing in from a remote location.

  • Attendee.  Watches the event online.

 Attendee options

  • Anonymous: anyone with the meeting link can join the meeting

  • Secure: only attendees listed below can join the meeting

  • All Company: anyone from my company can join the meeting

Features

Schedule a meeting: Use the Skype Meeting Broadcast scheduling and management portal to schedule a meeting

  • Manage an Event: Upload PowerPoint decks, cue live feeds from Camera sources, activate feeds and, switch sources during event. Users can have one feed providing audio and another providing video.

  • Customize a meeting: Add a Yammer feed or Bing Pulse to meeting so the audience can participate during the event and the user can gauge their involvement and satisfaction

Large Meeting Capabilities

The Maximum audience Size is 10,000. The presenter can have the audio and video capabilities. The presenter can also present a PowerPoint show and also share the Desktop / app. Yammer, Pulse and Q & A can be used during the meeting to engage with listeners. The whole meeting can be recorded and stored on the cloud. Client side DVR controls like pause and rewind are allowed. The whole meeting can be branded. There is also a possibility of nominating somebody as a Meeting Producer.

Set up Skype Meeting Broadcast

Distribution of the media content of a broadcast meeting utilizes Microsoft Azure's Content Delivery Network (CDN) to achieve very high scale, supporting thousands of people watching a broadcast. The chunked media content passing through the CDN is encrypted, and the CDN cache has a limited lifetime. Skype Meeting Broadcast has been disabled by default for all locations worldwide.


Customers with EU Standard Contractual clauses must choose whether or not to opt into the service after reviewing the information in Microsoft’s communication to them.  In the regions not affected by the EU Standard Contractual Clauses, the IT Admin can manually activate the Skype Meeting Broadcast feature.

To setup …

  • Enable Skype Meeting Broadcast for your organization: The O365 / Skype for Business Admin has to enable Skype Meeting Broadcast for the organization.

  • Enable external access and setting up allowed domains: The Admin can use either Skype for Business admin center or the Office 365 admin center to enable external access and allow access.

The Skype Meeting Broadcast portal can be found at portal.broadcast.skype.com.

Work together in Groups in Office 365

Getting things done at work means sharing information and collaborating across ad hoc groups and project teams.  But, often times the tools we use to bring people together are different in each app—distribution groups in Outlook, Favorites lists in Skype for Business, groups in Yammer.  That’s why Microsoft has introduced Groups in Office 365, so you can easily connect with the colleagues, information and applications you need to do more.

OWA Groups conversation feed

To support a project, one can easily create a new Group and invite colleagues. One can also search for and join existing Groups, which are open by default, to see all discussions, milestones and files and get up to speed quickly.  Of course, one can create private Groups as well for sensitive projects and content.

Groups will show up within the web experiences of Office 365 email and calendar and OneDrive for Business.  Yammer and Lync also will be added to the Groups experience to help users do even more.

Eligible Office 365 plans include the Office 365 Enterprise E1, E3 and E4 subscription, Office 365 Business Essentials and Business Premium plans and Office 365 Kiosk plan.

In some ways, Office 365 Groups behave like traditional email distribution groups in that you can send a message to a group and have it delivered to all the group members. But the problem with distribution groups is that if you’re not a member, you don’t get the information. And when you join, you don’t gain access to previous discussions.

An Office 365 group is a more persistent entity than an email distribution group because while you can use a group like a regular distribution group, it also stores discussions for new members to discover when they join. It’s kind of like an Office 365 Group is a cross between a distribution group and a public folder. And like a distribution group, an Office 365 Group is instantiated as a group object in the directory - in this case, within Azure Active Directory. 

Perhaps a more accurate comparison is to a combination of a distribution group and a site mailbox (or even a traditional shared mailbox). Groups are preferred to site mailboxes if you need a collaboration platform for a new project.

Document Fingerprinting for DLP in Office 365

Information workers in an organization handle many kinds of sensitive information during a typical day. Document Fingerprinting makes it easier for organizations to protect this information by identifying standard forms that are used throughout the organization.

Basic scenario for Document Fingerprinting

Document Fingerprinting is a Data Loss Prevention (DLP) feature that converts a standard form into a sensitive information type, which you can use to define transport rules and DLP policies. For example, organizations can create a document fingerprint based on a blank patent template and then create a DLP policy that detects and blocks all outgoing patent templates with sensitive content filled in. Optionally, organizations can set up Policy Tips to notify senders that they might be sending sensitive information, and the sender should verify that the recipients are qualified to receive the patents. This process works with any text-based forms used in an organization. Additional examples of forms that you can upload include:

  • Government Forms

  • HIPPA compliance forms

  • Employee information forms for HR departments

  • Custom forms

An organization might already have an established business practice of using certain forms to transmit sensitive information. After an empty form is uploaded to be converted to a document fingerprint and set up a corresponding policy, the DLP agent will detect any documents in outbound mail that match that fingerprint.

How Document Fingerprinting works

In the same way that a person’s fingerprints have unique patterns, documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document, creates a document fingerprint based on that pattern, and uses that document fingerprint to detect outbound documents containing the same pattern. That’s why uploading a form or template creates the most effective type of document fingerprint. Everyone who fills out a form uses the same original set of words and then adds his or her own words to the document. As long as the outbound document isn’t password protected and contains all the text from the original form, the DLP agent can determine if the document matches the document fingerprint.

The following example shows what happens if you create a document fingerprint based on a patent template, but you can use any form as a basis for creating a document fingerprint.

Example of a patent document matching a document fingerprint of a patent template

A patent document matching a document fingerprint.

The patent template contains the blank fields “Patent title,” “Inventors,” and “Description” and descriptions for each of those fields—that’s the word pattern. When you upload the original patent template, it’s in one of the supported file types and in plain text. The DLP agent uses an algorithm to convert this word pattern into a document fingerprint, which is a small Unicode XML file containing a unique hash value representing the original text, and the fingerprint is saved as a data classification in Active Directory. (As a security measure, the original document itself isn’t stored on the service; only the hash value is stored, and the original document can’t be reconstructed from the hash value.) The patent fingerprint then becomes a sensitive information type that you can associate with a DLP policy. After you associate the fingerprint with a DLP policy, the DLP agent detects any outbound emails containing documents that match the patent fingerprint and deals with them according to your organization’s policy. For example, you might want to set up a DLP policy that prevents regular employees from sending outgoing messages containing patents. The DLP agent will use the patent fingerprint to detect patents and block those emails. Alternatively, you might want to let your legal department to be able to send patents to other organizations because it has a business need for doing so. You can allow specific departments to send sensitive information by creating exceptions for those departments in your DLP policy, or you can allow them to override a policy tip with a business justification.

Supported file types

Document Fingerprinting supports the same file types that are supported in transport rules.

Limitations of document fingerprinting

The Document Fingerprinting DLP agent won’t detect sensitive information in the following cases:

    • Password protected files

    • Files that contain only images

    • Documents that don’t contain all the text from the original form used to create the document fingerprint

Prevent Data Loss in Office 365

When was the last time you asked your employees to carry your company’s handbook containing all the company policies with them? Do your IT workers know whether a particular email message they’re sending may violate company policy and run the risk of being noncompliant? Are they sure whether an email they’re sending contains sensitive information? Almost every IT worker faces compliance questions like these daily.  

DLP Policy Tips inform your workers in real time. With the DLP Policy Tips in Office 365, admins can inform email senders that they may be about to pass along sensitive information that is detected by the company’s policies-before they click Send. This helps your organization stay compliant and it educates your employees about custom scenarios based on your organization’s requirements. It accomplishes this by emphasizing in-context policy evaluation.

Policy Tips not only analyzes email messages for sensitive content but also determines whether information is sensitive in the context of communication. That means you can target specific scenarios that you associate with risk, external communication for example, and configure custom policy tips for those scenarios. Reading those custom policy tips in email messages keeps your workers aware of your organization’s compliance policies and empowers them to act on them, without interrupting their work.

DLP Policy Tips is supported only in Outlook 2013, but even if your users don’t have the latest version of Outlook, you are still protected from disclosing sensitive data through back-end processing. Admins can configure rules and take actions by setting up DLP rules in the Exchange Administration Center (EAC). This ensures that a single DLP policy controls both the client and server endpoints, minimizing the admin administrative overhead.

How do Policy Tips work? Consider a real-life scenario. A company has an internal policy to warn its employees any time they include sensitive information like a credit card number in email communications. An employee is composing an email to a person, who works outside her organization. She includes credit card information in the mail, and immediately a DLP policy tip shows up in the message in Outlook.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/1462.DLP_01.png

When you include sensitive information in an email message, a DLP policy tip alerts you before you send the message.

At this point the employee can decide to: send the email message with the credit card information, send the message with the credit card information and click Report to report a false positive, or delete the credit card information before sending the message. If she’s unsure what to do, she can click Learn more to understand her company’s policy, which her admin may have customized. 

Let’s look at another scenario. A company has recently set up a policy that blocks emails containing multiple credit cards or that need to be overridden with a business justification. An employee starts an email message to book the travel for multiple employees in the company and attaches a document that includes the personal credit card information of the employees. A different policy tip shows up, highlighting the new compliance requirement. In Outlook 2013, the attachment that is the cause of concern is also highlighted, making it easy for her to locate the information being questioned.

 

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/5040.DLP_02.png

A custom DLP policy tip alerts you about an attachment that may contain high-count sensitive information.

As these two scenarios show, data loss prevention empowers end users, making them part of the organization’s compliance process and ensuring that the business flow is not interrupted or delayed, because achieving compliance does not get in users’ way. At the same time, data loss prevention simplifies compliance management for admins, because it enables them to maintain control easily through the Exchange Administration Center in the Office 365 admin portal.

Policy Tips are similar to MailTips, and Admins can configure them to present a brief note in Outlook 2013 that provides information about your business policies to the person creating a message. Admins can configure policy tips that will merely warn workers, block their messages, or even allow them to override your block with a justification. Policy tips can also be useful for fine-tuning a company’s DLP policy effectiveness, because they allow end users to easily report false positives. If policy tips are not available to a user in Outlook, admins can still control compliance behavior by setting up rules in the Exchange Administration Center. For example, admins can set up an action to generate incident reports if a particular DLP event occurs. Such incident reports can help tracks events in real time, because a report is generated in real time and sent to a designated mailbox, such as the mailbox for incident manager account.

The figure below shows a sample incident report.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/0777.DLP_03.png

Admins can generate incident reports for specific DLP events in Office 365.

 -gleaned from Office blogs

Your Messages are Encrypted in Office 365

Message Encryption in O365 is service that lets you send encrypted emails to people outside your company. No matter what the destination-Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it - you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential. Here are just a few.

  • A bank sending credit card statements to customers over email.
  • An insurance company providing details about the policy to clients.
  • A mortgage broker requesting financial information from a customer for a loan application.
  • A healthcare provider using encrypted messages to send healthcare information to patients.
  • An attorney sending confidential information to a client or another attorney.
  • A consultant sending a contract to a client.
  • A therapist providing a patient diagnosis to an insurance company.

Office 365 E3 and E4 users will get Office 365 Message Encryption at no extra cost.

Setting up encryption

Administrators set up transport rules to apply Office 365 Message Encryption when emails match specified criteria. Transport rules provide great flexibility and control, and can be managed via a web-based interface or PowerShell.

Setting up the transport rules is simple. Administrators simply select the action to apply encryption or remove encryption in the Exchange admin center.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/3808.OME_0.png

You set up Office 365 Message Encryption rules in the Exchange admin center.  

Once the admin sets up the rules, whenever anyone in the company sends a message that matches the conditions, the message is encrypted using Office 365 Message Encryption. The outgoing message is encrypted before it is delivered to the outside mail server to prevent any spoofing or misdirection.

Receiving and responding to encrypted messages

When an external recipient receives an encrypted message from your company, they see an encrypted attachment and an instruction to view the encrypted message.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/7245.OME_1.png

The encrypted message appears as an attachment in a message in the recipient’s inbox, with instructions for how to view it. 

You can open the attachment right from your inbox, and the attachment opens in a new browser window. To view the message, you just follow the simple instructions for authenticating via your Office 365 ID or Microsoft Account.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/3660.OME_3.png

Once you are authenticated, the content of an encrypted message appears.

The Message Encryption interface, based on Outlook Web App, is modern and easy to navigate. You can easily find information and perform quick tasks such as reply, forward, insert, attach, and so on. As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails are also encrypted.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/6012.OME_4.png

When you reply to an encrypted message you’ve received, your reply is also encrypted.

-gleaned from Office Blogs

Use more than one authentication method to keep identities secure

Microsoft has added Multi-Factor Authentication for Office 365 to Office 365 Business plans, Enterprise plans, Academic plans, Non-profit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online. This allows organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription.

Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.

Multi-factor authentication is available for Office 365 administrative roles and also to any Office 365 user and users who are authenticated from a federated on-premises directory.

Microsoft has also added App Passwords for users so they can authenticate from Office desktop applications.

Multi-factor authentication enhances security for Office 365. (Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences. More information about security in Office 365 is available in the Office 365 Trust Center).

Multi-Factor Authentication for Office 365

Office 365 administrators enroll users for multi-factor authentication through the Office 365 admin center.

mfa_02

On the users and groups page in the Office 365 admin center, you can enroll users for multi-factor authentication by clicking the Set Multi-factor authentication requirements: Set up link.

mfa_03

The multi-factor authentication page lists the users and allows you to enroll a user for multi-factor authentication.

After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at their next login. Each subsequent login is enforced and will require use of the password and phone acknowledgement.

mfa_04

After being enrolled for multi-factor authentication, the next time a user signs in, they see a message asking them to set up their second authentication factor.

Any of the following may be used for the second factor of authentication.

  1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
  2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
  3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
  4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
  5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.

mfa_05

Once a user is signed in they can change their second factor of authentication.

The settings menu is the little cog at the top right of the portal screen. In the settings menu clicking the additional security verification link. 

App Passwords in Multi-Factor Authentication for Office 365

Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and OneDrive for Business.

Once an information worker has logged in with multi-factor authentication, they will be able to create one or more App Passwords for use in Office client applications. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor.

App Passwords are not available for use with PowerShell access to Office 365, and they can be turned off entirely for the Office 365 tenant for customers who have special security policies.

mfa_06

After you’ve created an App Password for an Office desktop application, such as Outlook, it is indicated in a list in your account.

- gleaned from Office blogs

Azure Active Directory - Capabilities and Business Benefits (1)

Azure Active Directory provides single sign-on to thousands of cloud (SaaS) apps and access to web apps that an enterprise runs on-premises. Built for ease of use, Azure Active Directory features Multi-Factor Authentication (MFA), access control based on device health, user location, and identity and holistic security reports, audits, and alerts. Azure Active Directory is available in 3 editions: Free, Basic and Premium.

Benefits of Azure Active Directory

Single sign-on to any cloud and on-premises web app

Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.

Easily extend Active Directory to the cloud

Connection to Active Directory and other on-premises directories to Azure Active Directory is available in just a few clicks and it helps maintain a consistent set of users, groups, passwords, and devices across both environments.

Works with iOS, Mac OS X, Android, and Windows devices

Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.

Protect sensitive data and apps

Application access security is enhanced using rule-based Azure Multi-Factor Authentication for both on-premises and cloud applications. Security reporting, auditing, alerting, and “shadow IT” application discovery helps protect the business. Business can also take advantage of unique machine learning-based capabilities that identify potential threats.

Protect on-premises web apps with secure remote access

Users can access their on-premises web applications from everywhere and can be protected with multi-factor authentication, conditional access policies, and group-based access management. They can also access SaaS and on-premises web apps from the same portal.

Reduce costs and enhance security with self-service

Admins can delegate important tasks such as resetting passwords and the creation and management of groups to their employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.

Enterprise scale and SLA

Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.

Empower Users

Business enterprises can enable users to work from any location – corporate office, home office, on the go, using any device – desktops, laptops, tabs, smartphones. They can give the users always-on access to all their work resources using a single set of credentials protected with Multi-Factor Authentication. After a user has signed in, they get single sign-on access to their apps and data.

Self-service capabilities

Enterprises can minimize support costs and keep users up and running by configuring self-service experiences. With web-based tools such as Access Panel and Password Reset, users  can be given a personalized, company-branded portal to access SaaS applications.



Users create and manage their own groups

Admins can empower users to create their own groups, assign members to groups they own, approve join requests, and more.

Users change and reset their own passwords

Businesses can give all users in their directory the capability to change and reset their passwords – whether they are in the cloud or on-premises.

Continuum and Window 10 Phones

Microsoft has a lofty vision for Windows 10 - one operating system core for all devices called OneCore. One of the keys to making that vision a reality for smartphones is a software feature called Continuum. With Continuum for phones, Microsoft believes any phone can be your PC. Microsoft aims to turn Windows 10 phones into full-blown PCs when they’re connected to PCs. Also, with Windows 10 phones, the devices will perform similarly to a traditional PC when they’re connected to an external monitor, along with a Bluetooth mouse and keyboard.

Continuum is a software tool that will aid Windows 10 in detecting what type of device a user is on and help the operating system configure itself accordingly. It is integral for Surface and other convertible tablets that double as laptops. For instance, Continuum will be able to know when you're using Windows 10 with a mouse and keyboard attachment and when you've switched to a touch interface with finger- and pen-based inputs.

Microsoft’s universal apps use the same basic code base across devices and scale to fit the screen they’re being used on. Continuum is Microsoft's solution for shifting among various form factors.

When a Windows Phone is plugged into a PC monitor, a PowerPoint app is treated like a PC app because it is in fact the same code that one would see for PowerPoint on a PC. When numerous tablet apps are opened, Continuum would switch them to PC-style apps when the device is docked. Even desktop-centric stuff will work just fine. Seamless copying and pasting between mobile-centric apps, and yes, even the legendary ALT-TAB are available now. Continuum for Phones changes the interface on the screen it's connected to and gives you extra tools on the handset as well. Microsoft calls it a "PC-like experience".