SharePoint Dev Weekly – Episode 70

SharePoint Dev Weekly – Episode 70

episode-70.png

 

In this episode, Vesa and Waldek are joined by Sébastien “Seb” Levert, Product Lead and MVP managing product strategy at Valo Intranet in Montreal, Canada. The conversation focused on the convergence of portals and collaboration platforms.  Teams is becoming the primary work environment through which LOB apps, communications, BOTs, SharePoint, etc., are being accessed.  Valo follows a Teams First development approach.  The challenge is creating the tailored/personalized landing page in Teams without the same controls that are available in SharePoint.  Other trends discussed – clickable BOT actions, Teams left nav, building personal apps using SPFx, enterprise provisioning and “proper snow.”

 

This episode was recorded on Monday, February 11, 2020

 

SharePoint “Next steps” 📢 moves people to the latest collaboration experiences

SharePoint “Next steps” 📢 moves people to the latest collaboration experiences

SharePoint in Microsoft 365 is continuously evolving and improving, especially in areas where Microsoft can refine the first-run experience and guide people to the best use and adoption of the technology that supports their day to day.

 

Today, we expand the in-product help that appears at the top-right of your SharePoint team sites – to make people’s first SharePoint experiences with sites that much easier and actionable. This is especially true for those who help manage sites and train people at scale within your organization. The question is, how do you get the most out of SharePoint and other integrated apps today? How do you ensure a great first-run experience for your people? What is the next step?

 

SharePoint Next steps appear when you click on the megaphone icon in the upper-right of the site.SharePoint Next steps appear when you click on the megaphone icon in the upper-right of the site.

The answer lies in two options: one “self-service” approach and one “at-scale” method:

  • Self-service | people click Next steps and choose from the suggested tips to improve teamwork collaboration.
  • At-scale | SharePoint admins perform bulk operations across multiple SharePoint sites at once

No matter which option you choose, your site(s) get improved list and library experiences, an updated home page, and mobile readiness.  You, too, can the added benefit from other integrated apps such as Planner and Outlook; this process is often referred to as “groupify” as it begins with adding a new Office 365 Groups membership. Updated sites then present helpful, first-run experiences to guide people through the upload of their first set of files, posting news articles for other team members, and adding others as new members.

 

And with one additional, sequential step you add a Microsoft Teams team as an additional app for your team members to bring communication alongside content; this is sometimes referred to as “teamify” as you are adding a Microsoft Teams team to your team site; yes, a mouth full, but well worth using beyond saying.

 

Let’s dive into the details of both options …

 

Self-service “Next steps” tips improve SharePoint site first-run experiences

We’re expanding the in-product help that appears at the top-right of your SharePoint team sites. More and more, SharePoint in Microsoft 365 helps people get the most value from new sites by providing contextual, actionable help. And today, we’re pleased to announce the expansion and location of the Next steps panel.

 

Left-to-right: “Next steps” showing from a classic team site and “Next steps” showing from a group-connected team site. Simply click on the megaphone icon to bring up "Next steps" tips from the Office 365 suite header at the top of the SharePoint site.Left-to-right: “Next steps” showing from a classic team site and “Next steps” showing from a group-connected team site. Simply click on the megaphone icon to bring up “Next steps” tips from the Office 365 suite header at the top of the SharePoint site.

The SharePoint site “Next steps” panel provides helps for a great first-run experience. All to help you move forward as a team and work out-loud and with confidence and awareness on how everything works in and around your SharePoint site interaction.

 

Currently there are four tips (cards) site members and owners may see within the Next steps panel:

  • Upload files – Collaborate on shared content with your team; encourages people to Upload a document.
  • Post news – Communicate with your team by sharing updates and announcements; helps Create a news post the first few times.
  • Invite team members – Engage with your team by adding them to your site’s group; makes it easier to see how to Add members.
  • Power your site with apps – Promote team collaboration on shared content by adding a team email, calendar, notebook, task management tool, and more; integrates additional capabilities when you Add apps to your site. #groupify

These tips help your users customize and improve their team sites. Tips are useful for anyone learning more about SharePoint or setting up a new team site for the first time.

 

Note: the “Power your site with apps” card will appear only on classic SharePoint team site that have not yet connected to a new Office 365 Groups group. Once this update has run, that option will no longer appear for that team site and the additional “Invite team members” may then appear.

 

For clarity, we also wanted to take a moment to highlight the other four top-right icons you will see above and to the right of your site – next to Next Steps:

  • Notifications – people will see various alerts from across Microsoft 365 services based on their notification’s preferences.
  • Settings – this gives access to deeper level site settings, like Site contents, Site information, Site usage and more.
  • Help – this pulls in contextual “how to” information from support.office.com
  • Your Office profile – where you can be you and adjust your account settings and Office profile.

Note: “Connect site to a new Office 365 group” may still appear in upper-right gear icon. This is the same as the new “Power your site with apps” Next steps card.

 

Learn more how to connect your SharePoint team site to a new Office 365 group.

 

At-scale, SharePoint admins plan and move multiple sites to modern experiences

Beyond individual site owners being able to connect to new Office 365 Groups from either the new Next steps action described above, it’s important to note that SharePoint admins can do this at scale using bulk operations across numerous sites deemed ready for modernization.

 

You can perform a bulk operation (known as a group-connection) in which you connect an Office 365 group to a series of sites at one time. This option is preferred for enterprise customers because it enables you to control the configuration (public/private, site classification, alias name) – and save time doing it on behalf of people and sites that qualify and request it.

 

Below are the two main steps to plan and execute the move to the latest SharePoint and Office 365 Groups experiences at scale:

FIRST | Use the Modernization Scanner tool to better understand classic SharePoint sites and the available capabilities to modernize them. The tool provides factual data about optimizing lists and libraries, connecting to Office 365 Groups, rebuilding classic publishing portals, workflow, blogs and more. Using the dashboards generated by the scanner you’ll be able to better assess the readiness of your sites and plan moving forward and any suggested remediation guidance.

 

Select the SharePoint Modernization Scanner option you want in the dropdown and then the checkboxes will show which components will be included in the scan. The "Office 365 Group connection readiness" component is the main component that will be included all scan modes.Select the SharePoint Modernization Scanner option you want in the dropdown and then the checkboxes will show which components will be included in the scan. The “Office 365 Group connection readiness” component is the main component that will be included all scan modes.

Select the SharePoint Modernization Scanner option you want in the dropdown and then the checkboxes will show which components will be included in the scan. The “Office 365 Group connection readiness” component is the main component that will be included all scan modes.

 

Learn how to get started with the SharePoint modernization scanner. And then download the SharePoint Modernization Scanner and try it today.

 

SECOND | Programmatically modernize your sites using a CSV files and bulk group-connect PowerShell script. After running the scanner and processing the results, you have identified which sites are ready to group-connect. The next step is to prepare a CSV file to drive the bulk group-connection process.

 

Section of the sample PowerShell script to modernize SharePoint pages.Section of the sample PowerShell script to modernize SharePoint pages.

Section of the sample PowerShell script to create a new Microsoft Teams team and associated it to the SharePoint site.Section of the sample PowerShell script to create a new Microsoft Teams team and associated it to the SharePoint site.

As you move through the options of what you can do, note you’ll be able to:

 

  • Add a Microsoft Teams team to each SharePoint site
  • Modernize all the pages within each site
  • Clean up site branding
  • Apply a tenant theme to each site

 

Learn how to connect new Office 365 groups to across multiple sites at once (includes sample PowerShell script); this, too contains a best practices guide to managing SharePoint modernization projects.

 

Wrapping it up…

We recently spoke to Nicole Woon (Twitter | LinkedIn), a program manager at Microsoft. She helped update the above-mentioned “Next Steps” experience for SharePoint sites. In the podcast episode, I interview Nicole about this new feature update and dig into the design, customer use and future action cards that help customers have a great first-run experience with SharePoint sites:

 

 

You, too, can learn from the person behind the modernization tool, Bert Jansen (Twitter | LinkedIn), as he shares how to get started transforming classic SharePoint sites to modern experiences using the admin patterns, practices and tools mentioned above:

 

 

We hope you enjoy not only the move to more modern experiences, but improved ways to support your growth and engagement throughout your organization.

 

What is the next step? Click Next steps and see.

 

Thanks, Mark Kashman – senior product manager – Microsoft

Microsoft Graph Security API add-on is now available for Splunk Cloud!

Microsoft Graph Security API add-on is now available for Splunk Cloud!

The Microsoft Graph Security API add-on for Splunk is now supported on Splunk Cloud, in addition to Splunk Enterprise, and includes support for Python 3.0. The support is enabled as an enhancement to the Microsoft Graph Security API add-on for Splunk released last year. Refer to the Microsoft Graph Security API add-on for Splunk announcement blogpost for further details. This add-on enables customers to easily integrate security alerts and insights from their security products, services, and partners in Splunk. The Splunk add-on is built by Microsoft, certified by Splunk, and is available on Splunkbase at no additional cost.

 

This add-on, powered by the Microsoft Graph Security API, supports streaming of alerts from different Microsoft solutions like Microsoft Defender ATP, Azure Sentinel, Azure Security Center, and more into Splunk using a single add-on and common schema, enabling easier correlation of data across these products.

 

Note: If you have an earlier version of the Microsoft Graph Security API add-on installed on Splunk Enterprise, and upgrade to this version, please follow the upgrade guidance to reconfigure your inputs.

 

Getting Started

Choose one of these options depending on your scenario.

 

Scenario: New Installations on Splunk Cloud or Splunk Enterprise

Follow these steps to install and configure this app as a first-time add-on user. Refer to the documentation for more details.

  1. Register your application for this Splunk add-on on Azure portal.
  2. Configure permissions and be sure to add the SecurityEvents.Read.All permission to your application. Get your Azure AD tenant administrator to grant tenant administrator consent to your application. This is a one-time activity unless permissions change for the application.
  3. Copy and save your registered Application ID and Directory ID from the Overview page. You will need them later to complete the add-on configuration process. 
  4. Generate an application secret by going to Certificates & secrets Save the generated secret as well for add-on configuration purposes.
  5. In Splunk, click on Find More Apps to browse more apps.
  6. Search for Microsoft Graph Security as shown below (the picture below is on Splunk Cloud).    Find the add-onFind the add-on

     

  7. Installation of the add-on
    1. For Splunk Enterprise – Install Microsoft Graph Security API add-on for Splunk. Restart, if prompted to do so. 
    2. For Splunk Cloud – This add-on requires an Inputs Data Manager (IDM) on Splunk Cloud. Contact Splunk Cloud support per the Splunk Cloud IDM installation guidance
  8. Verify that the add-on appears in the list of apps and add-ons as shown in the diagram below.Add-on installedAdd-on installed
  9. Set up a new account in the Account tab in the Configuration page. Then click Add to create an account.
  10. Enter a unique Account Name, the Application ID and Client Secret registered in abovementioned steps 1 through 4 as shown in the diagram below. Add accountAdd account
  11.  Configure Microsoft Graph Security data inputs illustrated in the diagram below as per the detailed guidance in the section Configuring Microsoft Graph Security data input. This add-on provides the capability to pre-filter your data by specific alert providers or by alert category or severity, etc. by specifying the OData Filter field as shown in the diagram below. Add inputAdd input
  12. Now you can use your Microsoft Graph Security alerts for further processing in Splunk, in dashboards, etc.

If you have Splunk and relevant add-ons running behind a proxy server, follow the additional steps for Splunk behind a Proxy Server in the installation documentation for this add-on. For specific guidance on distributed set up, follow the steps in Where to Install the add-on in the installation documentation for this add-on

 

Scenario: Upgrade on Splunk Enterprise

If you have an existing version of the add-on installed on Splunk Enterprise that is lower than this version (1.1.0), the best practice recommended is to remove your older version of the Microsoft Graph Security API add-on for Splunk before re-installing version 1.1.0 of the Microsoft Graph Security API add-on for Splunk per abovementioned guidelines.

 

If you are upgrading on Splunk Enterprise, follow these steps.

  1. Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may result data loss against your already configured inputs.
  2. On the app list, navigate to the Microsoft Graph Security add-on for Splunk, to see an option to upgrade the app. Click on Update button.
  3. A new screen appears with the standard Splunk Terms to upgrade an app. Click Accept and ContinueSplunk termsSplunk terms
  4. Enter your username and password to log in the app. Click Login and ContinueLogin and continueLogin and continue

  5. After login, an Overview page appears, and the Update button disappears. Follow the instructions in the Configuring Microsoft Graph Security data inputs section in the installation documentation for this add-on to get alerts from Microsoft Graph Security API using the new configuration experience

 

Closing

We would love your continued feedback on this add-on. Please share your feedback by filing a GitHub issue.

 

SharePoint Dev Weekly – Episode 69

SharePoint Dev Weekly – Episode 69

sp-dev-weekly-episode-69.png

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), and typically a special guest from the SharePoint PnP Community, discuss the latest news and topics around SharePoint development.

 

In this episode, Vesa and Waldek are joined by Agnes Molnar, owner of Search Explained based in Budapest, delivering consulting and training services worldwide. In addition to drawing attention to the recent advancements being delivered by the SharePoint Community and Microsoft, Vesa, Waldek and Agnes’ discussion this week centered on why search is again cool

 

This episode was recorded on Monday, February 3, 2020.

 

 

Updates to Office.com and the Office 365 app launcher

Updates to Office.com and the Office 365 app launcher

Office.com is the URL for an experience that we’ve been building for a couple of years. We designed it to be your work hub experience and help you quickly get to the apps, tools, documents, and content you use on a daily basis. We’ve also brought intelligence into the experience that customizes the experience based on your activities.

 

clipboard_image_0.pngFigure 1 – Office.com home page

Office.com includes the Office 365 app launcher, which opens when you click the app launcher icon . The app launcher, which in addition to Office.com is also available across the suite, is a menu of your Office 365 apps and services that makes opening and switching between apps easy.

 

clipboard_image_1.pngFigure 2 – Office 365 app launcher

 

We’re rolling out some changes to the way pinned applications work on Office.com and in the app launcher:

  1. We’ve provided admin controls in the Azure Active Directory portal that enable admins with the Cloud application administrator, Application administrator or Global administrator role to pin up to three apps to Office.com and the app launcher. Any app added by an admin can be unpinned by the user at any time. Office.com and the app launcher are now one experience and will show the same set of apps.
  2. There’s no need to manually pin apps to the app launcher because the system now automatically pins apps for you based on usage. Any app added automatically can be unpinned at any time.
  3. In the previous experience, apps were removed after they were unused for a certain period of time. In the updated experience, apps will remain until manually unpinned.

clipboard_image_2.pngFigure 3 – Office 365 gallery

 

We’re also rolling out a change that provides admins through the Azure Active Directory portal with the ability to group apps and customize the view of the Office 365 gallery. The Office 365 gallery enables you to explore and learn about available applications. This customization can be done via the “collections” blade in the Azure Active Directory admin portal. For more information, see Help your workforce discover and connect to all their apps with the My Apps portal refresh.

Customers will see these changes rolled out soon. We welcome your comments and feedback so be sure to let us know what you think of these changes.

 

–The Office.com and app launcher team

 

Intelligent Intranet Accelerator Workshop Locations In 2020

Intelligent Intranet Accelerator Workshop Locations In 2020

Accelerator Workshop.png

 

2020 is officially here and we are ready to help you understand and master all the possibilities that are available in the new modern SharePoint. If you haven’t had a chance to sign up for our hands-on Intelligent Intranet Accelerator Workshop yet, now is your chance.

We have a team of enthusiastic SharePoint, One Drive, Yammer and Stream experts traveling the globe in 2020. From half-day workshops to multiple day shows with breakouts and hands on training, the team is ready! No matter where you are in the world, we will be close by to help you discover the art of the possible with Microsoft and SharePoint technologies. Come see the team at an event near you!

 

February 2020

February 7 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour, Washington DC

As part of Microsoft Ignite The Tour, the Microsoft Intelligent Intranet Accelerator Workshop will bring a deeply technical and immersive hands-on experience where you will build real-world applications to connect, succeed, and engage – faster. You will enjoy a plethora of keynotes, breakout sessions and one-on-one networking opportunities. This free event provides technical training led by Microsoft experts and your community. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.

Register Today!

 

February 11 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour, Dubai

The Microsoft Intelligent Intranet Accelerator Workshop is a hands-on session within Microsoft Ignite The Tour in this location. By registering, you’ll receive instant access to not only the Microsoft Intelligent Intranet Accelerator Workshop, but also the free 2-day Microsoft Ignite The Tour.

Register Today!

 

February 12 – The Intelligent Intranet Accelerator Workshop – Hosted at the Microsoft Offices in Sydney, Australia

Get inspired with the art of the possible at the FREE Microsoft Intelligent Intranet Accelerator Workshop. Complete the registration today and reserve your spot in your city. By attending the workshop, you’ll walk away with the tools and capabilities necessary to accelerate your time-to-value.

Register today!

 

February 18 – The Intelligent Intranet Accelerator Workshop- Featured as part of SPTechCon San Francisco 2020

Featured as a part of SPTechCon San Francisco 2020, the Microsoft Intelligent Intranet Accelerator Workshop will bring a deeply technical and immersive hands-on experience where you will build real-world applications to connect, succeed, and engage – faster.

Register today!

 

February 21 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour Singapore

The Microsoft Intelligent Intranet Accelerator Workshop is a hands-on session within Microsoft Ignite The Tour in this location. By registering today, you’ll receive instant access to not only the Microsoft Intelligent Intranet Accelerator Workshop, but also the free 2-day Microsoft Ignite The Tour. You will enjoy a plethora of keynotes, breakout sessions and one-on-one networking opportunities. This free tour provides technical training led by Microsoft experts and your community. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.

Register today!

 

February 28 –  The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour, Copenhagen

As part of Microsoft Ignite The Tour, the Microsoft Intelligent Intranet Accelerator Workshop will bring a deeply technical and immersive hands-on experience where you will build real-world applications to connect, succeed, and engage – faster. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.

Register today!

 

March 2020

March 10 – The Intelligent Intranet Accelerator Workshop – Hosted at the Microsoft Offices in Amsterdam

Get inspired with the art of the possible at the FREE Microsoft Intelligent Intranet Accelerator Workshop. Complete the registration today and reserve your spot in your city. By attending the workshop, you’ll walk away with the tools and capabilities necessary to accelerate your time-to-value.

Register today!

 

March 25 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour Hong Kong

The Microsoft Intelligent Intranet Accelerator Workshop is a hands-on session within Microsoft Ignite The Tour in this location. By registering below, you’ll receive instant access to not only the Microsoft Intelligent Intranet Accelerator Workshop, but also the free 2-day Microsoft Ignite The Tour.

Register today!

 

April 2020

April 16 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour Chicago

The Microsoft Intelligent Intranet Accelerator Workshop is a hands-on session within Microsoft Ignite The Tour in this location. By registering below, you’ll receive instant access to not only the Microsoft Intelligent Intranet Accelerator Workshop, but also the free 2-day Microsoft Ignite The Tour. You will enjoy a plethora of keynotes, breakout sessions and one-on-one networking opportunities. This free tour provides technical training led by Microsoft experts and your community. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.

Register today!

 

April 28 – The Intelligent Intranet Accelerator Workshop- Hosted at the Microsoft Offices in Berlin, Germany

Get inspired with the art of the possible at the FREE Microsoft Intelligent Intranet Accelerator Workshop. Complete the registration today and reserve your spot in your city. By attending the workshop, you’ll walk away with the tools and capabilities necessary to accelerate your time-to-value.

Register today!

 

May 2020

May 5 – The Intelligent Intranet Accelerator Workshop- Featured as part of Microsoft Ignite The Tour Stockholm

As part of Microsoft Ignite The Tour, the Microsoft Intelligent Intranet Accelerator Workshop will bring a deeply technical and immersive hands-on experience where you will build real-world applications to connect, succeed, and engage – faster. You will enjoy a plethora of keynotes, breakout sessions and one-on-one networking opportunities. This free tour provides technical training led by Microsoft experts and your community. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.

Register today!

 

We hope we will see you on the road!

Register today for a city near you for our Intelligent Intranet Accelerator Workshop!

Latest SharePoint Dev Weekly – Episode 68

Latest SharePoint Dev Weekly – Episode 68

episode-68-promo.png

 

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), and typically a special guest from the SharePoint PnP Community, discuss the latest news and topics around SharePoint development.

 

In this episode, Vesa and Waldek are joined by Erwin van Hunen  Lead architect at Valo Intranet.  In addition to drawing attention to the recent advancements being delivered by the SharePoint Community and Microsoft, Vesa, Waldek and Erwin’s discussion this week focused on Erwin’s pioneering work on and evolution of PnP Provisioning and PnP PowerShell, the shaping of a tenant templating engine (support for Azure, Teams, OneDrive, SharePoint) – PnP .Net Core SDK, .NET frameworks, and tools – CLI and PowerShell.

 

This episode was recorded on Monday, January 27, 2020.

 

 

Microsoft 365 compliance center: Unified compliance administration for all customers

Microsoft 365 compliance center: Unified compliance administration for all customers

Early last year, we launched the Microsoft 365 compliance center for Microsoft 365 E3 and E5 customers. Since then we’ve been hard at work making it a unified and comprehensive compliance administration console for all our customers. Today, we are excited to announce that we’ve shipped several new enhancements to the portal, and are making it available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans.

clipboard_image_1.png

In this release we’ve focused on three areas: integrated management, easier on-boarding, and improved controls.

 

Integrated management

Microsoft 365 compliance center is now truly a one-stop compliance destination. We’ve converged disparate admin experiences into one console, and we’ve built integrations with third-party data as well, giving you a single pane of glass to manage your entire compliance posture

 

  1. Converged console

Microsoft 365 compliance center is now truly a single destination to manage your compliance posture. Admins no longer need to go to the Office 365 Security & Compliance Center for compliance administration. Existing compliance capabilities within the Office 365 Security & Compliance Center are now available in the Microsoft 365 compliance center. Any data and policies authored in the Office 365 portal will automatically carry over to the Microsoft 365 one, since they share the same data back-end.

Additionally, we’ve introduced several exciting features and capabilities on the Microsoft 365 compliance center. Some of them are highlighted in this post, but you can see the full list here.

While you can choose to continue using Office 365 Security & Compliance Center by visiting protection.office.com, we encourage you to move your admin experience to the Microsoft 365 compliance center, since all the new capabilities will be available only in the new center.

 

2. Data connectors

You can now easily import and archive your business data from third-party social media platforms, instant messaging platforms, and document collaboration platforms. After this data is imported, you can apply Microsoft 365 compliance features—such as Litigation Hold, eDiscovery, In-Place Archiving, Auditing, Communication compliance, and retention policies—to this data. Examples of supported sources are Bloomberg, LinkedIn, Facebook, and Twitter. Learn more

clipboard_image_2.pngEasier onboarding

A recurring theme of feedback from you, our customers, has been that compliance is complex and it’s hard to get started. We looked at ways to make this easier and have introduced three key capabilities towards this goal.

  1. Microsoft Compliance Score helps you simplify compliance and reduce risks and gives you simple, actionable recommendations to improve your compliance posture.
  2. Solution catalog: We’ve organized our compliance capabilities into integrated solutions that help you manage an end-to-end compliance scenario. A solution’s capabilities might include a combination of policies, alerts, reports, end-user facing experiences, and more. The solution catalog is your one-stop-shop for discovering, learning about, and quickly getting started with our compliance and risk management solutions. It provides information about the benefits and target use cases for a solution, and how to get started with it. Solutions in the catalog are organized into three compliance categories: Information protection & governance, Insider risk management, and Discovery & response.clipboard_image_0.pngclipboard_image_3.png3. Insights: To make it easier to get started with compliance, we’ve provided out-of-the-box insights into the sensitive data across various locations in your organization: Exchange, SharePoint, OneDrive for Business, and endpoints. You can easily determine the right retention and DLP policies to apply based on these insights. This feature is in public preview.

clipboard_image_4.pngclipboard_image_5.png

Improved administrative controls

We’ve invested in more administrative flexibility by adding new roles and enabling more customizable experiences. 

 

  1. Support for new roles

We’ve added support for the much-requested Global Reader and Compliance Data Admin roles. Learn more about these roles. These new roles allow you to delegate administration tasks and reduce the number of Global administrators in your directory.

 

The Global Reader role can view everything a Global administrator can view without the ability to edit or change. The Compliance Data Admin role can create and manage compliance data policies and alerts.

 

2. Customizable experience

Every admin has different priorities when it comes to compliance. The Microsoft 365 compliance center allows you to customize your experience to suit your needs. You can customize the homepage dashboard by selecting from a catalog of cards.

clipboard_image_6.png

You can also customize the left navigation bar by selecting and pinning the solutions that you use most frequently.

clipboard_image_7.png

If you’re ready to try the new center out, be sure to visit the Microsoft 365 compliance center at compliance.microsoft.com today. You can learn more about the new center in this supporting documentation.

Troubleshooting Office Cloud Policy Service (OCPS)

Troubleshooting Office Cloud Policy Service (OCPS)

The Office cloud policy service (OCPS) is a cloud-based service that enables you to apply policy settings for Office 365 ProPlus on a user’s device.  The policy settings roam to whichever device the user signs into and uses Office 365 ProPlus.  As end users become increasingly mobile, IT Pros need a single approach to secure Office 365 ProPlus for traditional on-premises domain devices, Azure AD registered devices, Azure AD Joined, and Hybrid Azure AD joined devices.  OCPS applies to all scenarios above without the need to download and replicate any content such as Administrative Template files (ADMX/ADML) on-premises.  The goal of this blog is to provide some transparency of how the service works to help IT Pros during their validation phase and to encourage transition from classic domain-based policy to OCPS service for Office 365 ProPlus.

 

Requirements of OCPS

1. At least Version 1808 (August 2018) of Office 365 ProPlus
2. User accounts created in or synchronized to Azure Active Directory (AAD). The user must be signed into Office 365 ProPlus with an AAD based account.
3. Security groups created in or synchronized to Azure Active Directory (AAD), with the appropriate users added to those groups.
4. To create a policy configuration, you must be assigned one of the following roles in Azure Active Directory (AAD): Global Administrator, Security Administrator, or Office Apps Admin.
5. Connectivity to addresses below. Microsoft recommends proxy bypasswhitelist for these URLs
*.manage.microsoft.com, *.officeconfig.msocdn.com, config.office.com over 443

 

Steps to perform proof of concept and validation
1. Create a test user, ours will be “Kasper Graf”, kgraf@contoso.com.
2. Create security group “OCPS Service Validation” and add user to group within Active Directory Users and Computers.
3. Allow AAD Connect to synchronize user and group to Azure AD. (lunch break 🙂 or force synchronization via commands below)

(optional) From AAD Connect Server and elevated PowerShell, run the following commands:
PS C:WINDOWSsystem32>import-module adsync
PS C:WINDOWSsystem32>Set-ADSyncScheduler -NextSyncCyclePolicyType Delta
PS C:WINDOWSsystem32>Start-ADSyncSyncCycle

Browse Azure AD portal and explore Users – All Users, select Kasper Graf and then Groups. Verify that group “OCPS Service Validation” has been assigned and source says, “Windows Server AD”. This confirms user and group were synced into Azure AD successfully and we can proceed to next steps.
4.  Create your first OCPS policy and select “Create” button:

Create1.png

5. Complete input fields, when selecting assigned security group input “OCPS” and service should filter results to “OCPS Service Validation” group.  Next, define a policy.  For the demo, I chose policy “VBA Macro Notification Settings”, “Enabled” where VBA Macro Notification Settings are set to “Disable all with notification”.   Once selections have been made “Create” or “Save”.

Create4.png

Create3.png

6. From Policy Management, we can now see our policy exists.

Create2.png

So, we’ve got a policy, we’ve assigned it to a security group containing our test user, our next step is to validate. My test machine happens to be classic on-premises domain joined machine. My user, Kasper Graf, is signed in with his normal Active Directory credentials which is displayed in upper right hand corner of Word.

signin.png

Traditional Group Policy uses Client-Side Extensions in Windows to apply policy every 90 minutes.  IT Pros can force policy by using command line “gpupdate /force” and inspectverify registry as well as application behavior prior to broad deployment.  OCPS checks for policy upon initial Office application launch, calls into cloud service endpoints listed above, determines policy applicability based on group membership and priority assignment and registry keys are populated. 

 

Specifically, there are two locations of interest in registry.

1. HKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonCloudPolicy
This will contain information about FetchInterval, 90 minutes is default, as well as record of Last Fetch Time and Last Payload Hash.

2. HKEY_CURRENT_USERSoftwarePoliciesMicrosoftCloud. This key will contain path to registry keys representing the policy assignment. For example, ours will be HKEY_CURRENT_USERSoftwarePoliciesMicrosoftCloudOffice16.0wordsecurity
Vbawarnings = 2 (DWORD)

 

IT Pros can achieve the same behavior of gpupdate by simply deleting the key HKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonCloudPolicy, close Office application and relaunch to fetch policy.  I typically use tools like Process Monitor to help trustverify operations of this type with filters such as “Path” contains “CloudPolicy” or where Operation is “RegSetValue” etc.  Opening a Word document containing a Macro displaying warning with notification as expected.

Warning.png

FAQ:
How does conflict resolution work if the same policy is set via traditional domain-based policy as well as OCPS?
OCPS takes priority if there are any conflicts with traditional domain-based policies.

 

Currently policies are limited to user settings. Are there plans on adding machine settings?
Yes. This has been accepted and currently is in our backlog. We hope to have this available next year.

 

Group Policy provides a view of all policies on the device or for the specified user. Does OCPS support this?
Currently OCPS does not provide a list of all Office policies applied to a specific user or device. This is on our backlog and we hope to have this available next year.

 

Will OCPS support other platforms such as MacOS, Android and iOS?
Yes, OCPS in the future will also support additional platforms such as MacOS, Android and iOS. We will create additional blog postings per platform once features are generally available.

 

Are there any environments where OCPS is not available?

The Office cloud policy service isn’t available to customers who have the following plans: Office 365 operated by 21Vianet, Office 365 Germany, Office 365 GCC, or Office 365 GCC High and DoD.

 

The Author

This blog post is brought to you by Dave Guenthner, a Senior Premier Field Engineer and “ProPlus Ranger” at Microsoft. Feel free to share your questions and feedback in the comments below.