Category: Skype for Business

June 22nd, 2021 by Tom Arbuthnot

Microsoft Teams is a constantly evolving cloud product, with many new features being added over time. Microsoft added over 300 features between April 2020 and April 2021.

The Teams web app is updated weekly. Teams desktop client updates are released every two weeks. Client updates usually happen quietly in the background. Not every update brings new features or UI changes, there are constant minor improvements and changes.

New features may be rolled out to a subset or percentage of the total Teams user base, this is not based on a percentage of your tenant, but a percentage of overall users, so you may find some users in your organisation get features or updates before other users.

Some features may be targeted first at specific tenant types, for example, Education tenants get lots of specific Teams features.

The modern approach to apps is to automatically and regularly update them. Auto-updates ensure that users have the latest capabilities, performance enhancements, security, and service reliability.

Can Office 365 Administrators control Microsoft Teams updates?

No, Microsoft Teams updates roll out regularly and organisation administrators cannot control them. There is no channel update model like Office.

The exception is Virtual Desktop Infrastructure (VDI) clients, which do not auto-update and require the administrator to regularly update the VDI image manually.

When will my users get feature X?

Unfortunately, there is no way to know exactly when a feature/update will light up for your specific users. You can review the Office 365 roadmap and Office 365 Message Center for estimates and target dates for rolling out features.

image

How can I tell if/how many of my users have feature X?

Unfortunately, there is no way to report on how many of your users have X new feature.

Can I disable feature X?

Some features come with administrator control to disable them but most do not. If there is an option to disable the feature you usually be told about it in Office 365 Message Center Updates. Some new features also roll out disabled for users by default, like Webinars.

How can I test and communicate about new Microsoft Teams features before my users get them?

There is a Microsoft Teams Public Preview program that allows you to nominate select users to receive early access to unreleased features in Teams.

You can see release notes for what is in Microsoft Teams Public Preview at Release Notes for Office Current Channel (Preview)

You can elect which uses get public preview in the Teams Admin Center

image

Be sure to subscribe to the blog for my best efforts to keep you updated on what is coming for Microsoft Teams.

 

Reference:

Microsoft documentation – Teams update process

Microsoft Teams Public Preview

Posted in Skype for Business

June 22nd, 2021 by João Ferreira

Long gone are the days where the voicemail was a recording machine with cassette tapes that you could listen in the machine itself or in any other cassette player.

Despite being an old feature, it continues to be super useful, and Microsoft Teams has a modern version of the voicemail where you can access to all your messages from a central location but sadly it lacks the option to download the audio file for each message.

A missing save option does not mean you cannot download the audio file; in this article you will find detailed instructions that will guide you through the download process for each message individually.

download Microsoft Teams voicemail

  1. Start by opening Microsoft Teams in the browser as you will need to access the developer tools to get the ID of the message.
  2. Once in Microsoft Teams go Calls and open your Voicemail. Make sure you do not expand the voicemail message you want to download.
  3. Press F12 to open the developer tools and click in the Network To better identify the recording is also recommended that you clear all the entries from the network pane. Both options are highlighted in the following image.
    download Microsoft Teams voicemail
  4. With the developer tools open click to expand the voicemail you want to download.
  5. Voice mail messages are stored in Outlook in a hidden folder and Microsoft Teams will get the attached audio file to play it. From the network tab you must identify the attachments process and then from the Headers tab copy the message id as illustrated in the following animation.
    download Microsoft Teams voicemail
  6. Open Microsoft Graph Explorer by accessing the following url Graph Explorer – Microsoft Graph.
  7. Authenticate in the tool with the same account you are using in Microsoft Teams.
  8. In the query text box type the following link followed by the message id you copied before from the browser developer tools. https://graph.microsoft.com/v1.0/me/messages/MESSAGE_ID
  9. Click Run query
  10. From the response preview look for the property weblink and copy its value.
    download Microsoft Teams voicemail graph explorer
  11. Open the Outlook link you just copied in a new browser tab.
  12. You will see the MP3 with the voicemail immediately, however the download option will not download the file. Instead, you must click in the arrow to preview it, from the player click in the 3 dots and then select Download. Alternatively, you can save it in your OneDrive and then download it from there.
    download Microsoft Teams voicemail graph explorer

Despite not being a straightforward process, all the steps necessary to download the audio message are available to any user using Microsoft Teams. By following them you will get your voicemail messages locally in just a few minutes.

The post How to download Microsoft Teams voicemail messages appeared first on HANDS ON Teams.

Posted in Skype for Business

June 22nd, 2021 by Adrian Valencia
Are you ready to dive into the Office 365 Security and Compliance Center for the first time? Here's what you need to know before jumping in.

Posted in Skype for Business

June 22nd, 2021 by Lauren Goodwin

How to think about building a threat intelligence program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Red Canary Director of Intelligence Katie Nickels, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team.

Natalia: Where should cyber threat intelligence (CTI) teams start?

Katie: Threat intelligence is all about helping organizations make decisions and understand what matters and what doesn’t. Many intelligence teams start with tools or an indicator feed that they don’t really need. My recommendation is to listen to potential consumers of the intel team, understand the problems they are facing, and convert their challenges into requirements. If you have security operations center (SOC) analysts, talk to them about their pain points. They may have a flood of alerts and don’t know which ones are the most important. Talk to systems administrators who don’t know what to do when something big happens. It could be as simple as helping an administrator understand important vulnerabilities.

The intel team can then determine how to achieve those requirements. They may need a way to track tactics, techniques, procedures (TTPs), and threat indicators, so they decide to get a threat intelligence platform. Or maybe they need endpoint collection to understand what adversaries are doing in their networks. They may decide they need a framework or a model to help organize those adversary behaviors. Starting with the requirements and asking what problems the team needs to solve is key to figuring out how to make a big impact.

Also, threat intel analysts must be selfless people. We produce intelligence for others, so setting requirements is more about listening than telling.

Natalia: What should security teams consider when selecting threat intelligence tools?

Katie: I always joke that one of the best CTI tools of all time is a spreadsheet. Of course, spreadsheets have limitations. Many organizations will use a threat intelligence platform, either free, open-source software, like MISP, or a commercial option.

For tooling, CTI analysts need a way to pull on all these threads. I recommend that organizations start with free tools. Twitter is an amazing source of threat intelligence. There are researchers who track malware families like Qbot and get amazing intelligence just by following hashtags on Twitter. There are great free resources, like online sandboxes. VirusTotal has a free version and a paid version.

As teams grow, they may get to a level where they have tried the free tools and are hitting a wall. There are commercial tools that provide a lot of value because they can collect domain information for many years. There are commercial services that let you look at passive Domain Name Server (DNS) information or WHOIS information so you can pivot. This can help teams correlate and build out what they know about threats. Maltego has a free version of a graphing and link analysis tool that can be useful.

Natalia: How should threat intelligence teams select a framework? Which ones should they consider?

Katie: The big three frameworks are the Lockheed Martin Cyber Kill Chain®, the Diamond Model, and MITRE ATT&CK. If there’s a fourth, I would add VERIS, which is the framework that Verizon uses for their annual Data Breach Investigations Report. I often get asked which framework is the best, and my favorite answer as an analyst is always, “It depends on what you’re trying to accomplish.”

The Diamond Model offers an amazing way for analysts to cluster activity together. It’s very simple and covers the four parts of an intrusion event. For example, if we see an adversary today using a specific malware family plus a specific domain pattern, and then we see that combination next week, the Diamond Model can help us realize those look similar. The Kill Chain framework is great for communicating how far an incident has gotten. We just saw reconnaissance or an initial phish, but did the adversary take any actions on objectives? MITRE ATT&CK is really useful if you’re trying to track down to the TTP level. What are the behaviors an adversary is using? You can also incorporate these different frameworks.

Natalia: How do you design a threat model?

Katie: There are very formal software engineering approaches to threat modeling, in which you think of possible threats to software and how to design it securely. My approach is, let’s simplify it. Threat modeling is the intersection of what an organization has that an adversary might target. A customer might say to us, “We’re really worried about the Lazarus Group and North Korean threats.” We’d say, ”You’re a small coffee shop in the middle of the country, and that threat might not be the most important to you based on what we’ve seen this group do in the past. I think a more relevant threat for you is probably ransomware.” Ransomware is far worse than anyone expected. It can affect almost every organization; big and small organizations are affected equally by ransomware.

If teams focus on all threats, they’re going to get burnt out. Instead, ask, “What does our organization have that adversaries might want?” When prioritizing threats, talking to your peers is a great place to start. There’s a wealth of information out there. If you’re a financial company, go talk to other financial companies. One thing I love about this community is that most people, even if they’re competitors, are willing to share. Also, realize that people in security operations, who aren’t necessarily named threat intel analysts, still do intelligence. You don’t have to have a threat intel team to do threat intel.

Natalia: What is the future of threat intelligence?

Katie: Cyber threat intelligence has been around for maybe a few decades, but in the scope of history, that’s a very short time. With frameworks like ATT&CK or the Diamond Model, we’re starting to see a little more formalization. I hope that builds, and there’s more professionalization of the industry with standards for what practices we do and don’t do. For example, if you’re putting out an analysis, here are the things that you should consider. There’s no standard way we communicate except for those few frameworks like ATT&CK. When there are standards, it’s much easier for people to trust what’s coming out of an industry.

My other hope is that we improve the tooling and automation to help support human analysts. I’m often asked, “How can threat intel be automated?” Threat intelligence is fundamentally a human discipline. It requires humans to make sense of complex and disparate information. There’s always going to be a human element of threat intelligence, but I hope we can do better as an industry in figuring out what tools can make analysts powerful and support the decisions that security teams have to make.

Learn more

To learn more about Katie, follow her on @likethecoins, and for more details on Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Strategies, tools, and frameworks for building an effective threat intelligence team appeared first on Microsoft Security Blog.

Posted in Skype for Business

June 22nd, 2021 by YammerTeam

In case you missed it..... we had a vibrant conversation with Microsoft Yammer MVPs, Amy Dolzine and Melanie Hohertz, and other customers on ways to build engagement in your Yammer networks. This was an interactive discussion with over 45 folks from across the globe.  

 

Here’s the recording.  

 

 

We’ve pulled together some highlights and best practices that’s shared below.  

 

 

Leadership engagement  
 

We’ve shared previously how important leaders are to the community and the Yammer network. We started by discussing the merits of  the upcoming Post on Behalf of (POBO) feature, authenticity, and how to use it to get your leaders involved.  

 

  • How to think about using “Post on Behalf of” (POBO) with leaders  
    • Find their passion – maybe its less about the business and more about their personality, like post what they are watching on Netflix with their kids, or what music they are playing/listening to, what they are baking, whatever they are passionate about  
      • Can't fake passion 
      • Build authenticity 
      • Push vs pull communications 
    • Use POBO as training wheels or a starting point for getting leaders involved in Yammer. You won’t be able to “react” on behalf of others at this time.  
  • Leaders are creating a digital footprint on inside the community 
    • A few customers shared how they get leaders on board when the org has a “protect the quarterback" mentality - meaning they protect the Executives from anyone besides their own leadership teams  
    • Work with their support systems, like exec admins, internal comms teams 
      • Executive assistants hold time and space in the execs calendar and can help give reminders  
    • Find a willing member of the herd and have them set the example to win over the herd  

Related resources for Leadership Engagement 

 

Can you use products like TikTok for user generated content and inspiration for campaigns in your Yammer network? 

Use other social media platforms to harvest new ideas! There’s something about how and why things are viral, how can you adapt it to your community and culture. It’s easier to contribute to the familiar, so take cues from the social networks around you and see what resonates with you. 

  • An example would be “Tell me you’re ______ without telling me you’re a ______” 
  • You can do this for specific communities or the organization as a whole.  

 

Related Resource:  

 

How can you use All Company more strategically?  

You can set up All Company to be a strategic tool for your organization! Make a stand. Either restrict it or don’t but come up with some governance.  

  • Doesn’t have to be complicated, just communicate the expectations of All Company 
    • Decide who can post, who can reply,  
    • How many posts a day/week/month  
    • What are the boundaries for what gets posted, announced  
  • Partner with Internal Comms as an offer of reach 
    • Can offer reach, exclusivity,  
    • Conversation insights provide first level analytics to use as leverage 

 

Related resources:  

 

What are the Success Metrics in your organization?  

 

  • Measure trends for your org over time – its hard to compare apples to oranges 
  • Try to find stories and build a library of success stories that you can pull out for different parts of the business 
    • Tracking unknown expertise throughout your org 
    • Giving numbers beyond reach to stories, vs something you’d see in other tools  
  • Tracking praise, recognition, the word thank you  
    • How can you show people are coming back 
    • Best answer compared to questions asked 
    • People are coming back to the community, sustained visits, posts 

Related resource: 

 

How can we use system of records and Yammer better together?  

  • Use Yammer to compliment the service of record – like Service Now 
    • Yammer provides context and conversation and searchable around a topic 
    • Creating topics around Frequently asked questions 
    • Helps to create knowledge for future content/support needed from the System of Record/processes/support teams 
  • If someone is willing to go out of their way to ask a question about a topic, help them find the answer, even if its “not the right place” 
    • Don’t leave a question unanswered in community 
    • If it’s a question that already been answered, link back to that one!  
    • Someone shared that Yammer is the place to go for answers and find experts because the SLA has become faster!  
    • If users aren’t finding information, there may be a bigger reason why!  
    • Helping others helps bring additional talent and expertise to the surface  
  • Communities admins should build out info box, cover photos to use for the purpose of the community, hyperlink to common topics in the info box, and tag the experts in the info box  
    • Make this space count, beyond just beautiful!  
    • Use emoji’s in the info box to create a visual distinction  

Related Resources: 

 

Some of your fun campaigns and favored communities! 

  • Strategic Selfie campaigns - everyone know how to do a selfie!  
    • You can send around a cut out of historical figure or product – encourage people to take pictures and post 
    • An idea would be “Healthy - Selfie Campaign” 
    • Mug Shot Mondays – sharing a picture of the coffee cup on Monday morning 
    • “Zoom out” campaign – photo one is what everyone sees, photo two the same picture zoomed out -- the reality 
       
  • Our customers shared that they have a community for… 
    • Birth announcements 
    • Marketplace -  buy/sell/trade 
    • Stock trading 
    • Question of the day 
    • Working apart, together  
    • Book clubs 
    • Inspirational quote 
    • Jokes  
    • O365, Microsoft Teams, other software products  
    • Your organization’s product/service in the “wild” 
    • Pandemic potluck – cooking ideas!  

 

Thanks for joining us! 

 

Stay tuned for more customer conversations in the upcoming months.  

Posted in Skype for Business

June 22nd, 2021 by Paul_Diamond

Want a second chance to perfect that family portrait? Need to adjust the colors on your sunset photo? Now you can with OneDrive’s new photo editing features. Starting today you can crop, rotate and adjust the light and color in your photos on OneDrive.1, 2 Plus, we’re launching new ways to organize and view your photos on OneDrive for Android. Our new editing, organization, and viewing features put you in control, so you can take your pictures to the next level and add your own touch of style.

 

Today is just the start of a number of new enhancements that OneDrive is bringing to photos over the next year, all of which are built on trust and powered by innovation like the rest of your OneDrive experiences. Relentless innovation has made OneDrive a world-class app for file storage, sharing and collaboration. We’re now extending that same commitment to a refreshed photos experience that will enhance the joy you get from your photos. Like always, you can expect that we’ll remain committed to your privacy – we don’t scan your photos, files, or personal content to target ads to you, and we don’t share your data without permission.

 

Here’s a deeper look at our new editing, viewing, and organization features to help you maximize your photo enjoyment.

Crop away

Sometimes you just need to trim out unwanted parts of an image to bring more focus to your subject. Now you can easily crop to standard image sizes for your social media apps with our built-in presets, or you can go free-form and crop your image exactly the way you want3. These preset ratios are perfect for when you want to share a picture in your social stories, create a new profile image or even a banner.

ODC Web Crop.gif

 

Rotate and flip

Our rotation feature makes it simple to rotate left and right by 90 degrees or flip an image by 180 degrees. We’ve also added incremental degree rotation, so you can easily straighten out those slightly tilted pictures. Now you don’t need to tilt your head to view your pictures just the right way.

ODC Web Rotate.gif

 

Light and Color Adjustments

Have you ever noticed how satisfying it is to adjust the light and color saturation of your images? There’s no better feeling than watching an image transform from muted colors and low contrast to richly colored and stunning. Now it’s easy to make those transformations with adjustments for brightness, exposure, contrast, highlights, shadows, and color saturation. Once you’re done with the enhancements, admire your artistry by tapping and holding on the image to compare the new version with its original.

ODC Web Adjust.gif

 

When you make edits to photos on OneDrive you’ll have the option to save the changes as a new image or overwrite the original image. And if you accidentally overwrite your original, you can use version history to recover it.

 

These editing features are now rolling out to OneDrive for Web and OneDrive for Android1. We expect to bring them to OneDrive for iOS later this year. Currently, editing is rolling out for OneDrive personal accounts – we expect to bring these features to OneDrive for work and school accounts this summer.

 

From left to right photo cropping, rotation and light adjustments as seen on OneDrive for Android.From left to right photo cropping, rotation and light adjustments as seen on OneDrive for Android.


Ready to make your photos picture perfect? Try out these features today. Download OneDrive for Android or open OneDrive for Web.

 

Cast it to the big screen with Chromecast

Now you can enjoy your OneDrive photos and videos in a larger format by displaying them on your TV with Chromecast. To display media files on Chromecast devices, just connect your phone to a Chromecast-enabled device, open the OneDrive for Android app, and tap on the upper right corner of the OneDrive home tab. As you move through photos and videos on your phone, you’ll see them on your Chromecast-enabled TV or device.

chromecast double screenshot.PNG

 

 

Organize your photos by date and source

We’re making it easy to organize your photos. Many of us save images to OneDrive not just from our phone’s camera, but also from sources like text messages, social media, WhatsApp, and screenshots. To help keep these better organized, we’re soon introducing a new setting that creates folders based on the upload source. Images from those sources are automatically added to their respective folders. And if you like to keep images organized by date, you can group your images by month and year. We expect this feature to ship within the next two months on OneDrive for Android.

 

camera_upload_ororganize.gif

 

Filter your photos

There are times when you only want to see images from your Pictures folder and times when you want to see all the photos in your OneDrive. Whatever the time, now you can filter for it. You can find this new option in the top right of your Photos tab on OneDrive for Android and the photos area of OneDrive for Web.

 

Let OneDrive protect and organize your photos, so you have time to be you. Download the OneDrive app and turn on camera roll backup today.

1 Photo editing is available on OneDrive for Web and OneDrive for Android (requires Android Version 6.0 or higher and OneDrive app version 6.30 or above).

2Photo editing in OneDrive is currently limited to JPEG and PNG formats.

3 OneDrive’s preset ratios include square, 9:16, 16:9, 4:5, 5:4, 3:4, 4:3, 2:3, 3:2,1:2 and 2:1.

 

 

 

 

 

 

 

 

 

 

Posted in Skype for Business

June 22nd, 2021 by Mark Kashman

From your desktop to the cloud, we’ve got you covered. The design intent and integration boosts productivity with scale management in mind.

 

In this episode, Chris McNulty and I talk with Thomas Trombley (Senior program manager - Windows Servicing and Delivery) and Jason Howard (Senior program manager - Windows, Developers, and Experiences (WDX)) about how the Windows desktop and ecosystem supports modern work in the context of Microsoft 365. We dig into helping customers plan for hybrid work, best practices for systems and services for IT to tune and optimize, and how to get into and remain in a good run state for managing it all from "the chip to the cloud."

 

Listen to podcast below:

 

 

Subscribe to The Intrazone podcast! And listen to episode 67 now + show links and more below.

 

Intrazone hosts + guests: Chris McNulty (Director – Microsoft Viva Topics and SharePoint Syntex) [co-host], Jason Howard (Senior program manager - Windows, Developers, and Experiences (WDX)), {smaller inlay photo upper-right} Mark Kashman (Senior product manager – Microsoft Lists and SharePoint) [co-host], and Thomas Trombley (Senior program manager - Windows Servicing and Delivery).Intrazone hosts + guests: Chris McNulty (Director – Microsoft Viva Topics and SharePoint Syntex) [co-host], Jason Howard (Senior program manager - Windows, Developers, and Experiences (WDX)), {smaller inlay photo upper-right} Mark Kashman (Senior product manager – Microsoft Lists and SharePoint) [co-host], and Thomas Trombley (Senior program manager - Windows Servicing and Delivery).

Links to important on-demand recordings and articles mentioned in this episode:  

 

Subscribe today!

Listen to the show! If you like what you hear, we'd love for you to Subscribe, Rate and Review it on iTunes or wherever you get your podcasts.

 

Be sure to visit our show page to hear all the episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog where we’ll share more information per episode, guest insights, and take any questions from our listeners and SharePoint users (TheIntrazone@microsoft.com). We, too, welcome your ideas for future episodes topics and segments. Keep the discussion going in comments below; we’re hear to listen and grow.

 

Subscribe to The Intrazone podcast! And listen to episode 67 now.

 

Thanks for listening!

The SharePoint teams want you to unleash your magic, creativity, and productivity – and visualize it all. And we will do this, together, one diagram at a time.


The Intrazone links

+ Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts.

 

Left to right [The Intrazone co-hosts]: Chris McNulty, director (SharePoint/Viva – Microsoft) and Mark Kashman, senior product manager (SharePoint – Microsoft).Left to right [The Intrazone co-hosts]: Chris McNulty, director (SharePoint/Viva – Microsoft) and Mark Kashman, senior product manager (SharePoint – Microsoft).

The Intrazone, a show about the Microsoft 365 intelligent intranet (aka.ms/TheIntrazone)The Intrazone, a show about the Microsoft 365 intelligent intranet (aka.ms/TheIntrazone)

Posted in Skype for Business

June 22nd, 2021 by Habib Mankal

In this episode, the team gets an update from Microsoft Teams Compliance Recorder - Numonix CEO Michael Levy about

  • New updates to their solution
  • Updates to the Microsoft Teams API's
  • Bot requirements for recording
  • Future of call recording

Check out our previous episode 61 where we discuss their IX Cloud

Posted in Skype for Business

June 22nd, 2021 by SharePoint Maven

Security is probably on every Site Owner’s mind – and this totally makes sense. As a Site or Content Owner, I want to make sure my site is not just visually appealing and has the right content, but is also secure in terms of inadvertent deletions and data loss. In this post, I compiled a list of 15 settings/features that will help make your SharePoint site more secure and will help you sleep better at night.

1. Adjust External Sharing in the SharePoint Admin Center

By default, all Team Sites (sites connected to Microsoft 365 Groups) are enabled for external sharing. In case the content of your site is strictly for internal consumption, why not turn off external sharing altogether on a given site? I documented how to achieve it in this post. This will prevent the users from sharing the site and its files and folders outside of the organization, preventing an inadvertent data loss.

2. Limit sharing by domain

In case external sharing is necessary, you can allow such sharing to designated/trusted domains (i.e., from your clients or vendors), while preventing others. For example, you can prevent sharing to gmail.com or yahoo.com domains for a given site. Such a setup might help prevent unnecessary sharing of data. I documented how to set it up here.

3. Configure Admin Sharing Settings and default link permission

While you are in the SharePoint Admin Center, you can also control the default sharing links. Just like with external sharing, you can control this at the site level as well. For example, if you change the link type from the default “People in your organization” to “People with existing access,” you will disallow generating links to files and folders that might give access to those who do not have access to the site already. In addition, you can also make the generated link “view only” by default, preventing unnecessary edits by mistake.

make your SharePoint Site more secure

4. Specify Network Location/IP Address in Admin Center

Another thing that might help make your SharePoint Site more secure is to designate approved IPs where the SharePoint site could be accessed from. This one might not be practical anymore given the current work-from-home trend, but in case you have designated locations/offices where the site should be accessible from, this might be worth considering.

make your SharePoint Site more secure

5. Set up proper security for a site

A very important aspect of making your SharePoint Site more secure is to set up proper security. Too often, I see users having privileges much higher than what they need. If your users just need to edit content, they do not need Full Control. If the users just need to read and download – Visitors Group is all they need. Make sure to understand how security and permission levels work first.

6. Create a Custom Permission Level if necessary

Sometimes, creating a custom permission level might be necessary. For example, if you want your users to add/edit documents, but not delete, you will need to create a custom permission level. Though I personally do not support straying from OOTB setup – sometimes this might be necessary. In case you are looking for instructions on how to set up custom permission levels – check out this post.

make your SharePoint Site more secure

7. Adjust Site Sharing Settings

Once you set up security for the site, you absolutely have to adjust the Site’s sharing settings. By default, any site member (those with Edit privileges) can share the whole site with anyone they wish. Which kind of means that whatever security you set up for the site almost doesn’t matter unless you also adjust site sharing settings and prevent users from sharing the site or its files and folders. I explain this in greater detail here.

make your SharePoint Site more secure

8. Prevent page editing

Sometimes you want your users to edit documents, but not mess with the other aspects of the site (i.e., be able to edit pages). In such a situation, you would need to break inheritance between the Site Pages library and the site. You can find the instructions on how to achieve this here.

9. Prevent Doc Library sync

A lot of accidental deletions and data loss occurs when users decide to sync the document libraries to their computers locally and then decide to “clean” their C: Drive. I explained this phenomenon here. So might not be a bad idea to disable sync on certain libraries as well – detailed instructions on how to do this are here.

10. Enable Audience Targeting

Audience Targeting is not really a security feature, but allows to display the content to the user based on their role/security group. So in a way, it “hides” the stuff the users do not need to see. You can set an audience targeting on navigation, documents, and pages. Please reference this article to learn how to set all of them up.

make your SharePoint Site more secure

11. Enable Retention policies on a site

A very solid option to prevent data loss and inadvertent deletions is to enable Retention Policies. You can apply retention policies at a site level or via labels at a library/folder/file level. I provided step by step instructions here for site level policies and here for label-based policies.

make your SharePoint Site more secure

12. Data Loss Prevention Policies

You can go one step further and apply data loss prevention policies to prevent certain actions like printing, sharing, or downloading of content based on certain criteria (i.e., financial or personally identifiable information). In such cases, you would need to set up Data Loss Prevention policies. Please reference this article from Microsoft for additional info.

13. Configure settings in Teams

Many SharePoint sites these days are created and being used as part of MS Teams. By default, Teams are pretty liberal in terms of what team members can do (i.e., Team members can create and delete channels, for example). Since these actions, in turn, create a folder in a site (for a standard channel) and a separate site altogether (for a private channel), you might want to restrict the ability for members to do this freely (since deleting a private channel, for example, deletes the site as well).

14. Do not make everyone an admin

The reason I have this point here is that this happens way too often. No, your site or Teams does not need 5 Owners with Full Control. Full Control means you can delete a site, shall I say even more? Here is a nice article to read on the subject.

15. Training

All of the above points provide different technical means on how to make your SharePoint Site more secure. But nothing will do a better job and provide the best Return on Investment than Training. Your users need to understand the consequences of external sharing or syncing. Or know how long they have to recover deleted items from the Recycle Bin. If I was given a choice to choose just one item from the list of the 15 I documented for you here – Training would be the one I would choose over the others. Please, please, please do not ignore it and make sure your staff understands how SharePoint works! Trust me, this will make your SharePoint most secure right away!

Staff Training is the most effective way to make your SharePoint Site more secure

The post 15 ways to make your SharePoint Site more secure appeared first on SharePoint Maven.

Posted in Skype for Business

June 21st, 2021 by Joseph Dadzie

Companies collaborate with hundreds of clients, partners, and vendors every day. Today’s organizations use many applications and devices, and managing digital identities for these guests increases the risk of security breaches. More than 40% of IT leaders said that they want an identity governance solution that improves their security posture, according to an internal Microsoft survey.

 

guest accounts.png

 

These decision-makers’ top concern is the increased risk of security breaches due to distributed access to company resources. This problem is exacerbated as more companies adopt hybrid work and require secure collaboration with external users. IT admins have no way to track usage or answer the following questions:

  •  What content are users interacting with?
  • How long have the resources been shared?
  • Are accounts still active?
  • Are user privileges at risk of expiring?

 

Organizations can manage guest access with automated reviews

More than 70% of survey respondents said they either don’t have a process for managing guest accounts or they manually manage guest accounts. Manual processes often involve reliance on custom scripts or middleware, increasing the chance of human error that leads to elevated security risk. Also, an IT admin can never know all of the external users who require access to company resources. Business managers are the ones who are best suited for identity and access management activities for their guests and external partners.

 

 

periodic access certifications.png

Figure 1: Access review features enable customers to securely manage guest access at scale.

 

An Azure Active Directory Identity Governance solution empowers Microsoft customers to securely collaborate with guests across organizational boundaries. Customers can set up automated, periodic access reviews using an intuitive interface that provides smart recommendations, ensuring that guests gain the right access to the right resources for the right amount of time.

 

Once guests no longer require access to sensitive data, companies can automatically revoke their access to those resources. If a business owner or a manager isn’t in Azure AD, guests can review their own membership in a group.

 

Automated provisioning and deprovisioning of guest access to sensitive data enables customers to move away from custom scripts and reduces errors associated with manual processes Automated provisioning and de-provisioning of guest access into SaaS applications ensures that the only way guests can access these apps is through permissions set up by the organization and not decisions made on a case-by-case basis by an IT admin.

 

In large organizations, business managers are best suited to manage guest access for collaboration. Azure AD governance features put control firmly in the hands of business managers who are best suited to provide appropriate levels of access to sensitive data to external users. By delegating to non-administrators, customers can ensure that the right people are managing access to their department’s sensitive data. Delegation of responsibility reduces the IT helpdesk burden and frees up the IT staff for more strategic initiatives.

 

The response from Azure AD governance customers has been positive:

“Azure Active Directory guest access reviews give us that ability to be agile in our collaboration with external parties, with the right level of control, so our security, legal, and data privacy people are comfortable.” ~ Avanade

 

Microsoft customers in regulated industries and those that work with the government have to regularly demonstrate to auditors the effectiveness of their controls over access rights. Azure AD access reviews for guests enable these customers to easily prove to auditors that their organization has the appropriate controls in place. Azure AD provides a centralized view of all access reviews with a simple interface involving very few configuration steps, enabling IT admins to see which resources a user can or cannot access across a multi-cloud, multi-device, and fragmented application landscape.

 

Watch our video review of guest user access across all Microsoft 365 groups and Microsoft Teams for a step-by-step overview of Azure AD Access Reviews. To learn more about Microsoft Identity Governance solutions, visit our website.

 

 

Learn more about Microsoft identity:

Posted in Skype for Business