Latest SharePoint Dev Weekly – Episode 68

Latest SharePoint Dev Weekly – Episode 68

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

episode-68-promo.png

 

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), and typically a special guest from the SharePoint PnP Community, discuss the latest news and topics around SharePoint development.

 

In this episode, Vesa and Waldek are joined by Erwin van Hunen  Lead architect at Valo Intranet.  In addition to drawing attention to the recent advancements being delivered by the SharePoint Community and Microsoft, Vesa, Waldek and Erwin’s discussion this week focused on Erwin’s pioneering work on and evolution of PnP Provisioning and PnP PowerShell, the shaping of a tenant templating engine (support for Azure, Teams, OneDrive, SharePoint) – PnP .Net Core SDK, .NET frameworks, and tools – CLI and PowerShell.

 

This episode was recorded on Monday, January 27, 2020.

 

 

The above is kindly provided by the Microsoft Tech Community!

Microsoft 365 compliance center: Unified compliance administration for all customers

Microsoft 365 compliance center: Unified compliance administration for all customers

Early last year, we launched the Microsoft 365 compliance center for Microsoft 365 E3 and E5 customers. Since then we’ve been hard at work making it a unified and comprehensive compliance administration console for all our customers. Today, we are excited to announce that we’ve shipped several new enhancements to the portal, and are making it available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans.

clipboard_image_1.png

In this release we’ve focused on three areas: integrated management, easier on-boarding, and improved controls.

 

Integrated management

Microsoft 365 compliance center is now truly a one-stop compliance destination. We’ve converged disparate admin experiences into one console, and we’ve built integrations with third-party data as well, giving you a single pane of glass to manage your entire compliance posture

 

  1. Converged console

Microsoft 365 compliance center is now truly a single destination to manage your compliance posture. Admins no longer need to go to the Office 365 Security & Compliance Center for compliance administration. Existing compliance capabilities within the Office 365 Security & Compliance Center are now available in the Microsoft 365 compliance center. Any data and policies authored in the Office 365 portal will automatically carry over to the Microsoft 365 one, since they share the same data back-end.

Additionally, we’ve introduced several exciting features and capabilities on the Microsoft 365 compliance center. Some of them are highlighted in this post, but you can see the full list here.

While you can choose to continue using Office 365 Security & Compliance Center by visiting protection.office.com, we encourage you to move your admin experience to the Microsoft 365 compliance center, since all the new capabilities will be available only in the new center.

 

2. Data connectors

You can now easily import and archive your business data from third-party social media platforms, instant messaging platforms, and document collaboration platforms. After this data is imported, you can apply Microsoft 365 compliance features—such as Litigation Hold, eDiscovery, In-Place Archiving, Auditing, Communication compliance, and retention policies—to this data. Examples of supported sources are Bloomberg, LinkedIn, Facebook, and Twitter. Learn more

clipboard_image_2.pngEasier onboarding

A recurring theme of feedback from you, our customers, has been that compliance is complex and it’s hard to get started. We looked at ways to make this easier and have introduced three key capabilities towards this goal.

  1. Microsoft Compliance Score helps you simplify compliance and reduce risks and gives you simple, actionable recommendations to improve your compliance posture.
  2. Solution catalog: We’ve organized our compliance capabilities into integrated solutions that help you manage an end-to-end compliance scenario. A solution’s capabilities might include a combination of policies, alerts, reports, end-user facing experiences, and more. The solution catalog is your one-stop-shop for discovering, learning about, and quickly getting started with our compliance and risk management solutions. It provides information about the benefits and target use cases for a solution, and how to get started with it. Solutions in the catalog are organized into three compliance categories: Information protection & governance, Insider risk management, and Discovery & response.clipboard_image_0.pngclipboard_image_3.png3. Insights: To make it easier to get started with compliance, we’ve provided out-of-the-box insights into the sensitive data across various locations in your organization: Exchange, SharePoint, OneDrive for Business, and endpoints. You can easily determine the right retention and DLP policies to apply based on these insights. This feature is in public preview.

clipboard_image_4.pngclipboard_image_5.png

Improved administrative controls

We’ve invested in more administrative flexibility by adding new roles and enabling more customizable experiences. 

 

  1. Support for new roles

We’ve added support for the much-requested Global Reader and Compliance Data Admin roles. Learn more about these roles. These new roles allow you to delegate administration tasks and reduce the number of Global administrators in your directory.

 

The Global Reader role can view everything a Global administrator can view without the ability to edit or change. The Compliance Data Admin role can create and manage compliance data policies and alerts.

 

2. Customizable experience

Every admin has different priorities when it comes to compliance. The Microsoft 365 compliance center allows you to customize your experience to suit your needs. You can customize the homepage dashboard by selecting from a catalog of cards.

clipboard_image_6.png

You can also customize the left navigation bar by selecting and pinning the solutions that you use most frequently.

clipboard_image_7.png

If you’re ready to try the new center out, be sure to visit the Microsoft 365 compliance center at compliance.microsoft.com today. You can learn more about the new center in this supporting documentation.

Troubleshooting Office Cloud Policy Service (OCPS)

Troubleshooting Office Cloud Policy Service (OCPS)

The Office cloud policy service (OCPS) is a cloud-based service that enables you to apply policy settings for Office 365 ProPlus on a user’s device.  The policy settings roam to whichever device the user signs into and uses Office 365 ProPlus.  As end users become increasingly mobile, IT Pros need a single approach to secure Office 365 ProPlus for traditional on-premises domain devices, Azure AD registered devices, Azure AD Joined, and Hybrid Azure AD joined devices.  OCPS applies to all scenarios above without the need to download and replicate any content such as Administrative Template files (ADMX/ADML) on-premises.  The goal of this blog is to provide some transparency of how the service works to help IT Pros during their validation phase and to encourage transition from classic domain-based policy to OCPS service for Office 365 ProPlus.

 

Requirements of OCPS

1. At least Version 1808 (August 2018) of Office 365 ProPlus
2. User accounts created in or synchronized to Azure Active Directory (AAD). The user must be signed into Office 365 ProPlus with an AAD based account.
3. Security groups created in or synchronized to Azure Active Directory (AAD), with the appropriate users added to those groups.
4. To create a policy configuration, you must be assigned one of the following roles in Azure Active Directory (AAD): Global Administrator, Security Administrator, or Office Apps Admin.
5. Connectivity to addresses below. Microsoft recommends proxy bypasswhitelist for these URLs
*.manage.microsoft.com, *.officeconfig.msocdn.com, config.office.com over 443

 

Steps to perform proof of concept and validation
1. Create a test user, ours will be “Kasper Graf”, kgraf@contoso.com.
2. Create security group “OCPS Service Validation” and add user to group within Active Directory Users and Computers.
3. Allow AAD Connect to synchronize user and group to Azure AD. (lunch break 🙂 or force synchronization via commands below)

(optional) From AAD Connect Server and elevated PowerShell, run the following commands:
PS C:WINDOWSsystem32>import-module adsync
PS C:WINDOWSsystem32>Set-ADSyncScheduler -NextSyncCyclePolicyType Delta
PS C:WINDOWSsystem32>Start-ADSyncSyncCycle

Browse Azure AD portal and explore Users – All Users, select Kasper Graf and then Groups. Verify that group “OCPS Service Validation” has been assigned and source says, “Windows Server AD”. This confirms user and group were synced into Azure AD successfully and we can proceed to next steps.
4.  Create your first OCPS policy and select “Create” button:

Create1.png

5. Complete input fields, when selecting assigned security group input “OCPS” and service should filter results to “OCPS Service Validation” group.  Next, define a policy.  For the demo, I chose policy “VBA Macro Notification Settings”, “Enabled” where VBA Macro Notification Settings are set to “Disable all with notification”.   Once selections have been made “Create” or “Save”.

Create4.png

Create3.png

6. From Policy Management, we can now see our policy exists.

Create2.png

So, we’ve got a policy, we’ve assigned it to a security group containing our test user, our next step is to validate. My test machine happens to be classic on-premises domain joined machine. My user, Kasper Graf, is signed in with his normal Active Directory credentials which is displayed in upper right hand corner of Word.

signin.png

Traditional Group Policy uses Client-Side Extensions in Windows to apply policy every 90 minutes.  IT Pros can force policy by using command line “gpupdate /force” and inspectverify registry as well as application behavior prior to broad deployment.  OCPS checks for policy upon initial Office application launch, calls into cloud service endpoints listed above, determines policy applicability based on group membership and priority assignment and registry keys are populated. 

 

Specifically, there are two locations of interest in registry.

1. HKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonCloudPolicy
This will contain information about FetchInterval, 90 minutes is default, as well as record of Last Fetch Time and Last Payload Hash.

2. HKEY_CURRENT_USERSoftwarePoliciesMicrosoftCloud. This key will contain path to registry keys representing the policy assignment. For example, ours will be HKEY_CURRENT_USERSoftwarePoliciesMicrosoftCloudOffice16.0wordsecurity
Vbawarnings = 2 (DWORD)

 

IT Pros can achieve the same behavior of gpupdate by simply deleting the key HKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonCloudPolicy, close Office application and relaunch to fetch policy.  I typically use tools like Process Monitor to help trustverify operations of this type with filters such as “Path” contains “CloudPolicy” or where Operation is “RegSetValue” etc.  Opening a Word document containing a Macro displaying warning with notification as expected.

Warning.png

FAQ:
How does conflict resolution work if the same policy is set via traditional domain-based policy as well as OCPS?
OCPS takes priority if there are any conflicts with traditional domain-based policies.

 

Currently policies are limited to user settings. Are there plans on adding machine settings?
Yes. This has been accepted and currently is in our backlog. We hope to have this available next year.

 

Group Policy provides a view of all policies on the device or for the specified user. Does OCPS support this?
Currently OCPS does not provide a list of all Office policies applied to a specific user or device. This is on our backlog and we hope to have this available next year.

 

Will OCPS support other platforms such as MacOS, Android and iOS?
Yes, OCPS in the future will also support additional platforms such as MacOS, Android and iOS. We will create additional blog postings per platform once features are generally available.

 

Are there any environments where OCPS is not available?

The Office cloud policy service isn’t available to customers who have the following plans: Office 365 operated by 21Vianet, Office 365 Germany, Office 365 GCC, or Office 365 GCC High and DoD.

 

The Author

This blog post is brought to you by Dave Guenthner, a Senior Premier Field Engineer and “ProPlus Ranger” at Microsoft. Feel free to share your questions and feedback in the comments below.

Introducing – and Managing – Microsoft Search in Bing through Office 365 ProPlus

Introducing – and Managing – Microsoft Search in Bing through Office 365 ProPlus

Customers tell us they want easier ways to manage their environments while delivering more productivity value to their employees. This includes helping people quickly find the information they need, a potentially frustrating prospect given the sheer and constantly growing volume of content within an organization. To help IT solve this — and to do so in a way that is easy for you to manage — we are offering the Microsoft Search in Bing extension to Office 365 ProPlus customers starting at the end of February.1,2 To help you prepare, we want to share guidance on how you can configure Office 365 ProPlus updates to best meet your organization’s search needs.  

 

Microsoft Search in Bing

 

Bing is a gateway to Microsoft Search, a unified enterprise search solution that provides contextual work-related information using data sources in Office 365 including SharePoint, Microsoft OneDrive for Business, and Exchange. Microsoft Search delivers personalized results surfaced by the Microsoft Graph to make search in your organization more effective, increase productivity, and save everyone time.

 

Employees can search for colleagues by typing the title, team name, or even office location into the address bar. They can also search for office location and get answers that show floor plans for directions. They can even get definitions for company acronyms.

 

As part of Microsoft 365, Microsoft Search is on by default for all Microsoft apps that support it.  This update is designed to enable an accessible and familiar entry point for your users: a search engine.

 

 

Deploy Microsoft Search through Office 365 ProPlus

You have told us that you want a single tool to deploy all desktop components of Office 365. To simplify the process of deploying Microsoft Search, we’re making the Microsoft Search in Bing extension available through Office 365 ProPlus with version 2002, alongside Word, Excel, PowerPoint, Outlook, OneDrive, and Teams. This extension will be installed with new installations of Office 365 ProPlus and when existing installations are updated. If Bing is already the default search engine, the extension will not get installed. 

If you don’t want to deploy the extension to your users, you can exclude it by using the Office Deployment Tool or Group Policy. There are also ways to exclude it if you’re using Microsoft Endpoint Configuration Manager (current branch) or Microsoft Intune. For more information about how to manage the extension, read this article. 

 

Honor your users’ search preferences

Even if you deploy the Microsoft Search in Bing extension with Office 365 ProPlus, users will still have an opportunity to choose their search engine. The first time your users open Google Chrome after the extension for Microsoft Search in Bing is installed, they will have an option to change back their search preferences by taking a few simple steps.

 

Mockup.pngMockup of the search toggle in Chrome browsers (subject to change).

 

Learn more about the user benefits of this change by downloading the Microsoft Search in Bing Adoption Kit (zip file) and this user adoption guide. As always, please visit our Tech Community page to learn more about Office 365 ProPlus, and share your feedback and insights

 

Footnotes

  1. This change is enabled for new and existing Office 365 ProPlus installations in Australia, Canada, France, Germany, India, the United Kingdom, and the United States. As we add locations, we will notify admins through the Message Center.
  2. The extension will be released to the Monthly Channel in late February 2020. Release for the Semi-Annual Channel (Targeted) and Semi-Annual Channel are coming soon.

 

Latest SharePoint Dev Weekly – Episode 67

Latest SharePoint Dev Weekly – Episode 67

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

sp-dev-weekly-episode-67-promo.png

 

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), and typically a special guest from the SharePoint PnP Community, discuss the latest news and topics around SharePoint development.

 

In this episode Vesa and Waldek are joined by Yannick Plenevaux  Microsoft 365 Solutions Architect, new MVP and owner of PVX Solutions, Belgium.  

 

This episode was recorded on Monday, January 20, 2020.

 

The above is kindly provided by the Microsoft Tech Community!

Azure ATP investigation of brute force and account enumeration attacks made over the NTLM protocol

Azure ATP investigation of brute force and account enumeration attacks made over the NTLM protocol

 

Security research shows most successful enumeration and brute force attacks use either NTLM or Kerberos authentication protocols for entry. In fact, they’re the most popular discovery-phase attacks Azure ATP observed in the past 12 months.

 

 

Why does account enumeration matter?

 

In an account enumeration attack, the malicious actor attempts to use different usernames to access a server, with the goal of discovering which users exist within the organization. Once an attacker identifies these users, a brute force attacks begins to get their credentials and move laterally within the organization toward higher-profile assets.

 

 

What is NTLM and how does it work?

 

The NTLM protocol authenticates users and computers, using a challenge/response mechanism designed to prove to a server or domain controller that the user knows the password associated with the account they’re trying to access. Whenever a new access token is needed for domain accounts, a resource server must contact the domain controller to verify the identity of a computer or user.

 

Standard NTLM authentication flow includes 2 major steps:

 

  1. The user tries to access a resource server.
  2. The resource server validates the user with a domain controller.

NTLMflow.png

 

 

How does Azure ATP provide visibility into NTLM authentications?

 

Network traffic and Windows Events 4776 and 8004 capture NTLM data. In turn, Azure ATP parses the NTLM traffic and events from your domain controllers.

 

NTLM 8004 events provide full information on your NTLM authentications, including:

 

  • Source account
  • Source device
  • Accessed resource server
  • Domain controller that is doing the account validation

 

 

Why do some devices show up as “unknown” in Azure ATP alerts?

 

The source device in Azure ATP account enumeration and brute force detection alerts can be marked as coming from “unknown” devices, such as Workstation, MSTSC, or Unknown. This happens because the source device name field is occasionally overwritten when the attacker is already inside your organization, or when they try to enumerate accounts from the internet. This is common when the accessed server is opened to the internet and used by adversaries to enumerate users from outside the organization.

 

With enhanced support for Windows event 8004, Azure ATP now determines which servers were attacked and how the attacks happened.

 

 

How can Azure ATP detect the actual server accessed inside the network?

 

Azure ATP sensors parse Windows event 8004 for NTLM authentications. When NTLM auditing is enabled and Windows event 8004 is logged, Azure ATP sensors automatically read the event and enrich your NTLM authentications with the accessed server data.

 

Account enumeration.png

 

In addition, Azure ATP now provides Resource Access over NTLM activity, showing the source user, source device, and accessed resource server:

resource access NTLM.png

Example of enhanced NTLM activity details

 

Use the following links to learn more about enabling NTLM auditing when working with Azure ATP to detect, protect, and remediate NTLM and brute force attacks:

 

Get Started Today

 

Just starting your Azure ATP journey? Begin a trial of Microsoft Threat Protection to leverage integrated defenses and unparalleled intelligence across the threat landscape to defend the modern workplace. 

Latest SharePoint Dev Weekly – Episode 66

Latest SharePoint Dev Weekly – Episode 66

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

SP-dev-weekly-episode-66-hugo-promo.png

 

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), and typically a special guest from the SharePoint PnP Community, discuss the latest news and topics around SharePoint development.

 

In this episode Vesa and Waldek are joined by Hugo Bernier  Director of Consulting Services at Point Alliance in Toronto. Hugo is an old friend and contributor to the PnP community and now a MVP who has delivered many code samples and reusable controls to-date (SharePoint Framework Samples repository) with more to come in 2020.

 

This episode was recorded on Monday, January 13, 2020.

 

The above is kindly provided by the Microsoft Tech Community!

SharePoint Development Community (PnP) – January 2020 update

SharePoint Development Community (PnP) – January 2020 update

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

pnp-jan-2020-promo.png

 

Latest monthly summary of SharePoint Development guidance for SharePoint Online and on-premises is now available from the SharePoint Dev Blog. Check the latest news, samples and other guidance from this summary.

 

The above is kindly provided by the Microsoft Tech Community!

Streamline deployment and management of Microsoft Teams with Office 365 ProPlus

As more and more Office 365 customers adopt Microsoft Teams, we’ve heard from many of you that you want to deploy and manage Teams the same way you deploy and manage other Office 365 apps. To streamline that process, we made Teams available through Office 365 ProPlus alongside Word, Excel, PowerPoint, Outlook, and OneDrive. We first provided this option to customers on the monthly channel several months ago. Starting on January 14, 2020, customers on the semi-annual channel will start to receive Teams through Office 365 ProPlus as well. With that date approaching, we want to remind you how to configure Office 365 ProPlus and Teams updates to meet the needs of your organization.   

Deploy and manage Teams through Office 365 ProPlus 

If you are an existing Office 365 ProPlus (or Office 365 Business) customer on the semi-annual channel, Teams will be included in your organization’s next update starting on January 14, 2020, as a part of the normal update process. 

If you’re ready for Teams to be deployed on your users’ machines, you don’t need to take any action. You can learn more how to adopt Teams in this article. If Teams is already installed on a user’s machine, there will be no impact when the semi-annual update rolls out.  

Learn more about how Teams updates, after it is installed.  

Customize Teams deployment as a part of Office 365 ProPlus 

While the number of customers using Teams continues to grow, we recognize that not all customers are ready for Teams to be automatically deployed on their users’ machines. You can manage your preferences and configure each Office 365 ProPlus app using the Group Policy or the Office Deployment Tool. Learn more about how to deploy and manage or exclude Teams in your Office 365 ProPlus updates in this articleDeploy Microsoft Teams with Office 365 ProPlus 

Send us your feedback 

Every innovation we make with Microsoft 365, the world’s productivity cloud, is designed to help you and your organization unlock new forms of productivity to achieve more. Thank you for being our customers and we look forward to your feedback and insights. 

Visit our Tech Community page to learn more about Office 365 ProPlus.

Latest SharePoint Dev Weekly – Episode 65

Latest SharePoint Dev Weekly – Episode 65

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

sp-dev-weekly-episode-65.jpg

In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), discuss the latest news and topics around SharePoint development.

 

In addition to drawing attention to the latest advancements being delivered by the SharePoint Community and Microsoft, Vesa and Waldek’s discussion this week focused on:  Predictions for 2020.

 

This episode was recorded on Tuesday, January 7, 2020.

 

The above is kindly provided by the Microsoft Tech Community!