Office 365 Groups is the membership service that drives teamwork and powers collaboration across Microsoft 365. With Office 365 Groups, a group of people can access and share a collection of collaboration resources, such as a shared Outlook inbox, calendar, SharePoint document library, a Planner, a Team, and more.
Recently, at Microsoft Ignite 2019 in Orlando, FL, the Office 365 Groups team delivered several session that included announcements of enhancements and new innovations for Office 365 Groups, such as new user activity-based expiration policy for Office 365 Groups, and the Groups Admin role, and best practices, such as creating a governance plan, enabling self-service, and leveraging analytics to understand usage.
The Office 365 Groups breakout sessions highlighted innovations across Outlook Mobile, Outlook Desktop, Outlook on the Web, Microsoft Teams, Microsoft 365 admin center, SharePoint Site URL Rename, Identity Governance, Yammer, and more. In case you missed it, you can view the Office 365 Groups sessions on-demand, and download the slide decks, as well.
||Addressing top management issues with users and groups
||What’s new and what’s next: SharePoint and OneDrive administration
||Embrace Office 365 Groups: What’s new and what’s next
||Deploy Office 365 groups at scale to power Microsoft Teams, Outlook, Yammer, and SharePoint
||Finding your collaboration sweet spot with Office 365 Groups, SharePoint, Teams, and Yammer
||The future of Yammer: Share knowledge, engage leaders, and build communities in Microsoft 365
||Transform collaboration and fight shadow IT with Office 365 groups
||Master sharing and permissions of Office 365 in 20 minutes
||How Microsoft empowers employees through self-service collaboration while still protecting the company in Office 365
||Microsoft Teams and Office 365 Groups PowerShell MasterClass
||Office 365 Groups: Ask us anything
We’re also taking the learning path session for Office 365 Groups (Embrace Office 365 Groups: What’s new and what’s next) on the Microsoft Ignite The Tour, so if you would like to see it live, and interact with Office 365 Groups experts, register now for a city near you.
–The Office 365 Groups Team
At Microsoft, we’re committed to protecting your data and helping your organization stay current and secure in today’s fast-moving, complex technology environment. And we’ve designed new innovations for Office 365 ProPlus to do just that. As announced at Microsoft Ignite 2019 last week, we introduced:
- An update to the Office cloud policy service.
- Deeper integration for managing Office 365 for Mac using Jamf Pro.
- New tools for Configuration Manager to better plan Office deployment projects.
- New security features for the Office client.
- New Group Policy setting to enable users to install Insider builds.
Together, these new functionalities help you more efficiently adopt, deploy, and manage Office 365 ProPlus—regardless of the size of your organization and the platform you choose.
Cross-platform support* for the Office cloud policy service
The Office cloud policy service—initially announced for Windows earlier this year—is a cloud-based service that enables IT admins to enforce policy settings for Office 365 ProPlus users. The settings are enforced across devices, whether domain-joined, Azure Active Directory (AAD)-joined, or completely unmanaged. In short, the policy settings roam with the user.
Today, we’re introducing an update to add cross-platform support for Office on the web, Android, Mac*, and iOS* devices, giving administrators the ability to manage Office policies from a single portal for all their Office users. To learn more, read this article.
Easier Office 365 for Mac management using Jamf Pro
Today, we’re announcing deeper integration for managing Office 365 using Jamf Pro. Our integration with the new Application and Custom Settings experience, which was demonstrated at the Jamf Nation User Conference (JNUC), allows IT admins to easily set Office 365 policies using a familiar forms-based interface. Mac administrators can centrally configure security, privacy, and update policies to deliver the very best Office 365 experience to their users, including:
- Enabling friction-free sign-on to Office 365
- Controlling privacy and telemetry options
- Reducing the attack surface for sensitive devices
- Increasing compliance levels through feature enablement
- Lowering support costs by implementing desired update workflows
Pilot health and inventory tools to deploy faster
We’ve brought a pair of updates to the Microsoft System Center Configuration Manager—you probably know it as Config Manager—to help IT admins streamline parts of the device upgrade process. The first of these shows the health of pilot devices as it relates to a forthcoming upgrade. Pilots are a subset of devices you’ve selected to validate before deploying. With this update, that subset will also show the upgraded health of selected devices, including which are ready to upgrade right now. For those not ready, you can see what issues are blocking the upgrade and remediate those for faster deployment.
The second update, which enhances your existing inventory tools, leverages device telemetry to determine which devices running Office 365 ProPlus are ready to update to newer release. This update also provides insight into issues that are blocking an immediate upgrade, giving you the information needed to remediate problem areas.
Pilot health and enhanced inventory tools are just the beginning. With 80% of Office 365 ProPlus admins using Config Manager, we’re continuing to prioritize upgrades for the Config Manager console—including features like recommended configurations.
Safe Documents and Application Guard for enhanced file protection
On Tuesday, we shared Safe Documents, a new capability that brings the power of Microsoft Defender Advanced Threat Protection (ATP) to Office 365 ProPlus. When a user has a document in Protected View and wants to consider that document “trusted”, the field will be automatically checked against the ATP threat cloud before release. Admins will have advanced visibility and response capabilities, including alerts, logs, and visibility into similar threats across the enterprise.
We also showed an early, live demo of Application Guard capabilities integrated with Office 365 ProPlus. When available in mid-2020, Microsoft 365 customers will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container instead of Protected View. From there, users will be able to view, print, edit, and save changes to untrusted Office documents—all while benefiting from hardware-level security. If the untrusted file is malicious, the attack is confined to the isolated container and the host machine is untouched. Users will be able to leverage Safe Documents to “trust” a document securely, and full reporting and audit trails will be available through ATP.
Group Policy to allow users to experience Office Insider builds
Enabling your users to self-select into the Office Insiders program is as simple as delivering a policy. This can be done by using the Office Cloud Policy service which is available in config.office.com and via group policy. This policy makes it easy for you to enable which users can self-select their device to receive the Office Insider builds as they become available in order to try new features. Read more in this article.
Microsoft Teams deployed with Office 365 ProPlus
As a quick reminder, when you update to Version 1908 of Office 365 ProPlus in January, Microsoft Teams will be rolled out to existing installations on the Semi-Annual Channel. Learn more about deploying Teams as part of Office 365 ProPlus in this article.
Office 2010 End of Support
Finally, support for Office 2010 is ending in October 2020—but with Office 365 ProPlus, you can continue to stay current with the latest Office tools and security features, like the ones we described above. Read more in this blog.
Catch up on all other Office 365 ProPlus deployment content recorded at Ignite by following this guide. As always, learn what’s new in Office 365 ProPlus, watch our YouTube Deployment Insider channel, and join Office Insider Program.
You may also find the following additional resources useful:
*Office cloud policy service support for Mac and iOS devices is expected to roll out soon.
From your flashes of inspiration at 2:00 AM to the list of funny things your children say, or that brilliant idea you had in the conference room, and your ever-growing list of household chores — OneNote holds the notes to your life to track all the things you need to keep in mind, but simply don’t have room for in your overworked brain.
We enjoy the privilege of serving millions of customers like you, who each have unique needs and who use OneNote in unique ways. Over the past year, we’ve been listening to your passionate feedback and are humbled by your consistent love for OneNote. We hear you loud and clear — you want to keep your notes your way!
With that in mind, we’re pleased to announce that we are continuing mainstream support for OneNote 2016 beyond October 2020, so that you can continue using the version of OneNote that works best for you. New support dates for OneNote 2016 now align with Office 2019 (October 10, 2023 for mainstream support and October 14, 2025 for extended support). We also want to make deployment and installation easier for organizations and individuals, so for Windows users, starting in March 2020, when you deploy or install Office 365 subscriptions that include the Office desktop apps or Office 2019, the OneNote desktop app will be installed by default alongside Word, Excel, and PowerPoint. If you’d like to install OneNote 2016 earlier, you can get it here: aka.ms/InstallOneNote.
And, of course, OneNote should look the way you want it to. That’s why this week we are rolling out Dark Mode for OneNote 2016. This will be available for Office 365 subscribers and non-volume licensing Office 2019 customers. Dark Mode changes the app’s interface elements from light to dark. Using OneNote in this mode can improve readability in low light environments, increase legibility of the user interface as well as your notes, provide better contrast, and reduce eye strain. You might also use OneNote in Dark Mode simply as a personal preference. The choice is yours!
We’re excited about today’s announcements and we’ll keep listening to your feedback to make your OneNote better and better! Please continue requesting features and telling us what you think via the in-app feedback.
For more information check out our OneNote FAQ!
O365 Groups power collaboration across Office 365
Collaboration is a key ingredient for the success of any organization. Office 365 groups, of the most used collaboration features in Microsoft 365 today, power the collaboration features across apps, including Outlook, Teams, Yammer, and SharePoint. Employees can create groups quickly and start collaborating with co-workers by sharing group documents, emails, and calendars.
The twin problems of Groups Life cycle Management
As the number of Office 365 groups increases, an organization needs to strike a balance between cleaning up unused groups and ensuring any valuable groups do not get deleted unintentionally, causing data loss. Many of you have shared feedback about these challenges in groups lifecycle management.
You say, we listen and act
We heard your feedback, and we’ve made some changes! We are excited to announce the new version of expiration policy which ensures any group being actively used continues to be available, circumventing expiration. This feature makes life easier for users, including admins, group owners and members, by automating the expiration and renewal process by tracking groups for user activity across different apps, like Teams, SharePoint, Outlook, tied to the group.
The new expiration policy puts group life cycle management on autopilot
The current Expiration policy allows you to set an expiration time frame for selected or all Office 365 groups . After the defined group lifetime, owners are asked to renew them if they are still needed. With this newly added intelligence, groups which are being actively used will be automagically renewed. This preempts the need for any manual action on the part of the group owners. This is based on user activity in groups across Office 365 apps like Outlook, SharePoint, Teams, Yammer, and others.
Example: At Contoso, the administrator has configured the Group lifetime to be 180 days. Megan is the owner of the Contoso Marketing O365 Group, with Enrico and Alex as its members. Her group is set to expire in 45 days. If an owner or a member performs actions like uploading a document in SharePoint, visiting Teams channel or sending an email to the group in Outlook, the group is automatically renewed for another 180 days, and she does not get any expiry notifications.
Manual Controls: Group owners will continue to have the manual “delete”, “renew” option for granular control.
Soft Delete: Like before, groups which aren’t renewed (either automatically based on activity or manually) will be soft deleted. Groups in “Soft-delete” state can still be restored within 30 days, after which the content is deleted permanently.
User actions for group auto-renewal: The following user actions will lead to automatic renewal of groups
- SharePoint – View, Edit, Download, Move, Share, Upload Files
- Outlook – Join group, Read/write group message from group space, Like a message (OWA)
- Teams – Visit a Teams channels
We will continue to update this list to fine tune group auto-renewal experience.
Auditing and reporting: Administrators can get a list of auto-renewed groups from audit logs on the azure portal.
Here are some quick steps to get you started.
Office 365 groups expiration policy can be configured from the Azure Active Directory portal, as well as programmatically via Azure Active Directory PowerShell. Please note you need an Azure AD Premium license. Below is a quick tutorial on how to get started with the functionality in the new Azure portal experience.
1. Create Expiration Policy: Sign into the Azure portal, select Azure Active Directory, go to the Groups tab and select Expiration under Settings. (More details here) .
2. Set Group Life cycle: Specify the group lifetime in days and select which groups you want the expiration settings to apply to.
Group owners will receive a renewal notification 30 days before the expiration date, and from that notification they can renew their group with a single click!
If there is no user activity in the group (and the owners don’t manually renew their group) within the required time frame, their group will expire. Upon expiry it will stay in a “soft deleted” state for 30 days. Owners of deleted groups will receive a notification letting them know their group has been deleted and giving them the opportunity to restore their group within 30 days after its deletion date. The Group will be permanently deleted after 30 days.
3. Auto-renewal based on user activity: No explicit action is required to enable activity-based auto-renewal. If an the expiration policy is set for Office 365 groups, auto-renewal will be enabled by default.
Learn more about how you can restore you group to recover all its content, including SharePoint, Planner, and Outlook – how to restore deleted Office 365 groups.
Note: The new version of Office 365 groups expiration feature is available in private preview today for select Azure AD Premium customers. Please reach out to your TAMs/CSMs regarding enrollment in private preview.
Let us know what you think!
We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment below. We’re always looking for ways to improve.
User Voice: Add security groups to Office 365 groups
Support & feedback: firstname.lastname@example.org
Salil Kakkar Yuan Karppanen
Program Manager Program Manager
Office 365 Groups Azure Active Directory
If you’re an Office IT Admin, get ready to learn the latest and greatest about Microsoft Office 365 ProPlus deployment at Ignite starting November 4. We’re very excited to announce the following sessions, workshops, speakers, and other learning opportunities to help you make your Office 365 ProPlus deployment and management success. Here is what we have lined up for you:
Best practices for deploying and managing Microsoft Office 365 ProPlus (BRK3087). Amesh Mansukhani, a Principal Program Manager focused on helping enterprise organizations efficiently manage Office 365 ProPlus deployments, shares what’s new from the Office engineering team on how to best deploy and manage Office 365 ProPlus within your environment. He’ll also walk through the deployment tools and discuss the best options to suit your environment.
What’s new in the Office Customization Tool (THR 30309). Learn what’s new in the Office Customization Tool for Office 365 ProPlus from Chris Hopkins, a Senior Program Manager on the Office Enterprise Lifecycle team responsible for the deployment and management experience for Office across Office 365, System Center Configuration Manager, and Microsoft Intune.
Best practices for compatibility assessment and Office 365 ProPlus upgrades using Office Readiness in Configuration Manager (BRK3090). In this session, Tara Hanratty, a Senior Program Manager in Microsoft Ireland who focuses on helping enterprises address compatibility concerns, will discuss best practices for upgrading to Office 365 ProPlus, including:
- Evaluating Office readiness
- Using the Readiness Toolkit for advanced VBA readiness
- Discovering and remediating issues
- Deploying to “ready devices” with the right settings
- Identifying optimal pilots to unblock more devices
- Viewing health on deployed devices
- Viewing unblocked devices
- Advanced plug-in reports (accessibility)
Get to know the new Office Cloud Policy Service (THR3038). If you are still managing Office policies using Group Policy Manager, but you want to move the cloud, come learn about the new Office Cloud Policy Service. Chris Hopkins will explain how you can use the Office Cloud Policy Service to manage policies for Microsoft Office 365 ProPlus on Windows, Mac, and Office on the web. He’ll also show you how to use built-in intelligence to provide security policy recommendations and baselines for simplifying management and compliance.
Deploying and managing Microsoft Office 365 ProPlus (WRK3019). In this workshop, Matt Philipenko, Senior Premier Field Engineer for Office Deployment, Servicing, and Activation and ProPlus Ranger, will cover deploying and managing Office 365 ProPlus using Configuration Manager and Intune. He will walk through creating an Office 365 ProPlus deployment, managing updates, configuring cloud policies, and monitoring your current deployment status, and also share Microsoft best practices and common customer implementations.
Microsoft Office privacy controls and Diagnostic Data (BRK3088). Office uses the power of the Microsoft Cloud to deliver exciting new capabilities to individuals and organizations. Diagnostic data helps Microsoft keep Office and these experiences secure, up to date, and performing as customers expect. Some organizations have wondered what happens to this data, how it’s used, and how they might control the flow. Revolutionary change in product transparency over the past year means commercial customer IT departments can now control this data. In this session, you’ll gain a deep understanding about diagnostic data, identify the benefits of diagnostic data to your organization, learn about you can view and manage this data, and hear from a customer that has implemented the controls. This session is presented by Brian Albrecht and Steve Conn. Brian runs the Microsoft Office Data, Privacy, and Insights PM Team and is responsible for diagnostic data privacy and compliance with GDPR and next generation privacy regulations across the Office 365 client experiences. Steve has worked on Office and Windows in various marketing and engineering roles for 12 years.
The future of Office: The insiders view and how we’re making it easier for IT admins and organizations to deploy and use Office 365 ProPlus (BRK3298). Are you interested in what’s being developed for Office 365 ProPlus deployment? In this panel, moderated by Amesh Mansukhani, Microsoft CVPs Aleš Holeček and Tara Roth dive deep into what we’re bringing in the coming year to IT Admins and organizations around Office 365 ProPlus deployment. We also talk about the Office Insider program and why it’s a necessary component to successful deployments. And, we’ll get some real-world feedback from several customers, including Thuy Mesina from Chevron and Jason Meyers from Mars, about their recent experiences with ProPlus deployment and the Office Insider program.
Moving to Windows 10 and Office 365 ProPlus? FastTrack is here to help! (BRK2177) Learn from the FastTrack experts Sean McLaren and Bryan Allen as they share deployment best practices and learnings from experience with customers moving to Windows 10 and Office 365 ProPlus. The clock is ticking on end of support for Windows 7, with the January 14, 2020 deadline quickly approaching. Learn how FastTrack can help you accelerate your upgrade to Windows 10 with Desktop Analytics and leverage your existing investments in System Center Configuration Manager. You’ll also learn how we can help you deploy Office 365 ProPlus, mitigate application compatibility issues with Desktop App Assure, and keep your devices up to date. FastTrack for Microsoft 365 is your advisor to help deploy Windows 10 and Office 365 ProPlus, and leverage the value of Office in the cloud at no additional cost.
We look forward to seeing you at Ignite in Orlando, Florida starting November 4! Come talk with us at the Hubb. Our experts are easiest to find in the following booths: Office 365 ProPlus Deployment, Office Insiders Program, and FastTrack. For those not joining Ignite in person, you can watch livestream keynotes and some select sessions on-demand. As always, visit out Docs page to see what’s new in Office 365 ProPlus, watch our YouTube Deployment channel, and join the Office Insider program.
You may also find the following additional resources useful:
Changes have been made to the Office 365 system requirements. Go here to see the September 6, 2018 update and announcement: https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/
Today on the Office blog, we announced changes to Office 365 system requirements for Office client connectivity and how we will make it easier for enterprises to deploy and manage Office 365 ProPlus. In this post, we are sharing some more detail on what the system requirement changes mean for IT between now and 2020 and why we’ve decided to make this change.
As technology evolves, system requirements need to change
The new system requirements provide clarity and predictability for client connectivity to Office 365 services. When customers connect to Office 365 with a legacy version of Office, they’re not enjoying all that the service has to offer – The IT security and reliability benefits and end user experiences in the apps is limited to the features shipped at a point in time.
When we release new on-premises apps and servers, we use that opportunity to update the system requirements. But there is not yet a common convention on when to update system requirements for a multitenanted cloud service that is always up to date. In absence of that, we are sharing these system requirement changes as early as possible and as part of a larger discussion of the Office 365 ProPlus roadmap for deployment and management capabilities.
As we get closer to 2020, we will share more details about implementation and the user experience for affected desktop clients. The updated Office 365 system requirements for Business Enterprise and Government plans state:
Effective October 13th, 2020, Office 365 will only support client connectivity from subscription clients (Office 365 ProPlus) or Office perpetual clients within mainstream support (Office 2016 and Office 2019). (Please refer to the Microsoft support lifecycle site for Office mainstream support dates.)
Here is a high level summary of the implications for client connectivity in 2020, depending on how you use Office 365:
Connectivity to Office 365
Impact of change
Office 365 ProPlus or Office clients in mainstream support (Office 2016 and Office 2019)
Plan for regular updates to stay within support window
No action required
Office clients outside mainstream support
Client connectivity no longer supported
Office desktop client applications, such as Outlook, OneDrive for Business and Skype for Business clients will not connect to Office 365 services
Upgrade to current version of ProPlus or mainstream Office clients or use browser or mobile apps
browser and mobile apps
No action required
Office desktop clients outside mainstream support not using Office 365
Set your own desktop upgrade timeline, in line with your on-premises server upgrades. When planning to move to Office 365 services, an Office client upgrade will be required
No action required
2020 may sound like a long way away, but your feedback to us has been consistent on the more advanced notice for Office 365 changes, the better. Providing over 3 years advance notice for this change to Office 365 system requirements for client connectivity gives you time to review your long-term desktop strategy, budget and plan for any change to your environment.
For now, the key takeaway is: Office 365 ProPlus is our recommended Office client for Office 365 users. This is the Office client that stays up to date with frequent feature releases and ensures the best service experience.
Here are some resources to help you plan for a ProPlus upgrade:
Edit: Survey results as of August 6, 2019: Thank you to all who participated in the survey! Here are the top 5 takeaways from your responses:
- Who: Admins and adoption/change management teams start with support from decision-makers and leverage power-users.
- Challenges: Lack of time, executive support/budget, metrics, training resources, and the complexity of newer apps.
- Needs: Adoption statistics and product roadmaps to help plan, plus training in the form of business scenarios and short, guided tutorials and videos.
- MS Comms: It’s ok for Microsoft to communicate to end users only if admins/adoption teams can control/customize frequency and content.
- Portal: Admins/adoption teams want all content centrally stored and navigable for easy referral and use.
Survey request as of June 12, 2019: Microsoft is looking for IT professionals like you to provide feedback on end user adoption and engagement for Microsoft 365 / Office 365 through a brief survey. Topics include key challenges in your role, end-user adoption and engagement practices, and preferred communications from Microsoft. Your feedback will help drive the types of content Microsoft develops for you and your end-users.
To qualify for this survey, you must meet the following criteria:
- Your role involves end-user training / change management / adoption of Microsoft 365 & Office 365 applications
- You are not in government or education sectors
- Your organization has at least 150 employees / seats on Microsoft 365 & Office 365 subscription
Since 3D was first introduced in Office, we’ve heard resounding feedback from the community that better guidance was needed to help users acquire, build and convert 3D content for use in Office. Whether you are an Office user looking to acquire 3D assets for your documents, or a 3D professional creating content for your clients, we are pleased to announce that the 3D Content Guidelines for Microsoft are now publicly available, and have been developed to help users be more successful with 3D in Office.
Download the guide in PPT format
Download the guide in PDF format
Customer connections were the key to defining the scope of what the guidelines cover. These connections gave us the opportunity to understand the friction points first-hand, provide immediate support to keep customers moving forward, and roll those learnings back into the guidelines.
The 3D Content Guidelines for Microsoft are split into four major sections and can be read in sequence or independently depending on what you would like to accomplish.
3D engine overview
Learn about the inner workings of the real-time 3D engine used in Office and how it compares to other methods of rendering 3D content.
Learn tips and tricks for finding quality 3D content in online marketplaces and best practices when working with third party vendors to build custom 3D assets.
Step through the process of creating custom 3D content for real-time rendering in Office. From modelling, surfacing and animation guidance for new content, to exporting, converting and optimizing existing 3D content, this section will help to ensure that 3D assets targeted for Office will render optimally.
Discover tools for viewing, analyzing and validating your 3D content as well as links to other valuable resources.
While today’s version of the guidelines is focused on Office, the vision is to expand the scope and include other Microsoft products and services in the future. We believe these guidelines will be a good connection point between many of the great existing resources and look forward to continuing to evolve them to meet the growing needs of all our users. Please check them out!
Download the guide in PPT format
Download the guide in PDF format
The Office cloud policy service allows administrators to define policies for Office 365 ProPlus and assign these policies to users via Azure Active Directory security groups. Once defined, policies are automatically enforced as users sign in and use Office 365 ProPlus. No need to be domain joined or MDM enrolled and works with corporate owned devices or BYOD.
Get started today by visiting and signing into the Office cloud policy service
- Build a policy configuration that includes the policies you want to enforce, configured for your organization’s needs. The service is always up to date and includes the latest policies as they are released.
- Target a group of users by assigning the policy configuration to a specific AAD security group.
- Policies automatically enforced as users sign into Office 365 ProPlus.
- Health reporting available for each of the policy configurations, letting administrators know that the policies are getting deployed to users and their devices.
This service is now generally available and supported for all Office 365 ProPlus customers. If you are an administrator, you can start using this service today by signing into the Office client management portal and creating policy configurations.
We are also excited to announce the public preview for the security policy advisor feature; an intelligent policy recommendation engine being added to the Office cloud policy service. Click here for more information on the security policy advisor feature.
This service is just one of many new services which the Office team will be releasing over the next 12+ months. These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.
For additional documentation on how to use this new policy service and its capabilities take a look at this document.
As always, please provide feedback using the feedback button to help us improve the service.
- Does the Office client policy service replace Group Policy management options?
No, this service provides an alternative to Group Policy management. Group Policy management enforces policies on Windows PCs joined to an Active Directory domain, while the Office client policy service only requires the user sign into Office using their corporate credentials (Azure Active Directory) along with a valid Office 365 ProPlus license.
- What are primary differences between the types of policies I can enforce using Office client policy service compared to Group Policy?
Office client policy service manages only user-based policies for Office 365 ProPlus. Group Policy can manage both user-based and machine-based policies.
- How does the Office client policy service compare with the Office Customization Tool for Click-to-Run’s application preferences settings?
The settings configured as part of Office installation using the Office Customization Tool for Click-to-Run – as well as previous OCT versions – are based on ‘preferences’, meaning that a user can change them. Office client policy service settings are enforced, like Group Policy enforcement.
- If I use Group Policy Management and the Office cloud policy service, how will conflicts be resolved?
The policies configured in the Office cloud policy service take precedence over any policies configured via Group Policy Management. If there are conflicts, the values specified in the Office cloud policy service for the conflicting policies will be honored.
- Can I import policies from Group Policy Management to Office cloud policy service?
At this time we do not have import capabilities, but we are looking at providing this functionality to help admins migrate.
- How is this different from the Administrative Templates feature in Intune for Device configuration
The Office cloud policy service is built specifically for managing Office policies in non-domain joined and non-MDM managed scenarios. Office cloud policy service is available to any customer that owns Office 365 ProPlus. If used with Intune, the policies configured in Office cloud policy service take precedence over any Office policies managed via Intune.
With last month’s Twins Challenge, we shared a few time-saving tips for Word, Excel, and PowerPoint. Today, we’re following up with a few ways to get you started collaborating in your documents.
1. Create and save your documents to the cloud by default. Whether you plan to work on a document with others or simply share it for review, your documents are safer when saved to the cloud.
Create and save your documents to the cloud by default
Now, when you Word, Excel, or PowerPoint file in the desktop app using Ctrl-S (Windows), Cmd-S (macOS), or the Save button in Office, a new dialog will default to OneDrive or SharePoint Online and allow you to quickly set the Once saved to the cloud, you can access the file across your devices.
And when you forget to save a new document before exiting, you’ll see an updated save experience directing you to the cloud. And because documents are saved to the cloud, you can work with others, like real-time co-authoring, from the get go.
Turn on AutoSave so you never have to worry about saving changes to your document.
Once a document is in the cloud, AutoSave takes over to regularly sync your documents to the cloud. With AutoSave, you don’t have to worry about hitting save or losing changes since edits are saved automatically.
If the AutoSave toggle is turned off, flip it to “On” and store your file in OneDrive. It saves your file so that you don’t have to.
For those using Office in the browser, your files are already being saved automatically!
And if you are still saving files to your computer’s hard drive, you are leaving your documents vulnerable to device theft or destruction. Use Known Folder Move to easily backup and sync your desktop documents and folders to OneDrive, making OneDrive the default location for those files.
2. Once in a shared cloud document, you can co-author and even assign tasks using @mentions.
Share Office 365 documents with others to co-author the document together.
Stop spending time merging changes from coworkers into one document or sifting through emails for versions of a file. Simply share the Word document, Excel spreadsheet, or PowerPoint presentation with collaborators and work together.
Once a cloud file is shared, you can work in the file on your own time or with multiple collaborators simultaneously. If you’re editing together in real time, you’ll see others’ changes in real time. Co-author with others on any device that works best for you – web browser, desktop, or mobile.
Collaborate with your team by using @mention and threaded comments to have a conversation right next to the relevant content in Excel, Word, and PowerPoint.
Threaded comments and @mentions ensure that you always have context on what’s going on and enable you to easily have conversations about specific content with collaborators.
To @mention someone, type “@” and the person’s name in the comment. This is an efficient way to get their attention because they will get notified via email to take action. And rolling out to Word, you will be able to assign tasks to others using @mentions.
*Threaded comments is available across Word, Excel, and PowerPoint on the desktop apps, web, and mobile.
**@mention is rolling out across Word, Excel, and PowerPoint. @mention is now available in Office Online, Office for iOS, Office for Android, and for Office Insiders on desktop.
***To-dos is currently available for Word on the Mac for Office Insiders (Fast).
3. Work together with confidence in a shared document.
See what’s changed in your PowerPoint presentation while you were away.
If you’re collaborating on a deck with others, you can see who made new changes, quickly get up-to-speed and start working. You no longer need to scroll through the whole deck to see what’s changed or painstakingly compare slides side-by-side. We’ll tell you if someone has made changes to the slides while you were away and highlight the things that have changed.
*This feature is available in PowerPoint client app and on the web now.
Set your file to Read-Only and set the context for how collaborators’ interact with the file.
Want to share a document with a colleague but avoid accidental changes? You can set permissions on a shared document to “Restrict Editing” or “Always Open Read-Only”. By flagging the document as read-only, you are letting collaborators know not to make unintentional edits.
If the file is finalized, you may also want to consider applying “Mark as Final”.
Feel confident making changes in a shared document. Version History lets you see what changes have occurred and revert back if necessary
If a document is being used as a basis for a new document, users should always Save a Copy first to avoid changing the original file.
If you forget and make changes to the original file while AutoSave is on, no need to worry. You can easily restore a previous version through Version History. To see the list of previous versions of your files, you can go to File > Info > Manage Document.
You also have the option to click on the title bar at the top of your document and select Version History to see who edited your file and how the file has evolved over time. Click on “open version” to see the previous version of the document and compare edits or restore changes.
4. For existing documents, find and work on them on the web, mobile, or desktop, wherever you prefer.
Find documents you’ve been collaborating on or share them with others from Office.com or the new Office app for Windows 10.
Office.com and the recently released Office app for Windows 10 are great ways to get started with Office and jump quickly into your work. In the documents section, you can easily find the documents that you have used most recently, pinned for easy access, or shared with others. And, we curate a list of recommended shared documents so that you can spend less time looking for what you need and more time getting things done.
Open file links in the Word, Excel, or PowerPoint desktop applications to start working where you prefer
If you are in the Office desktop apps and click on an Office 365 document link that others have shared with you, the file will open directly in the Office desktop apps instead of the web. This option to open files in the Office desktop apps will save you time by taking you to your preferred starting location.
If you prefer using Office on the web, your Word, Excel, and PowerPoint files will continue opening in the browser.
*This feature is rolling out to Word, Excel, and PowerPoint desktop applications over the next few months.
5. Don’t have an Office 365 subscription? You can give Office a try at Office.com.
For consumers, you can get started for free with Word, Excel, and PowerPoint on the web by signing in or creating an account at Office.com.
Once you have an account created, you can get started working in the web browser at Office.com and even work on documents with collaborators (including those who are not using Office).
Find more Office tips and tricks here.
Updated March 27, 2019
Today, we’re thrilled to announce the General Availability of Multi-Geo Capabilities in SharePoint Online and Office 365 Groups. The functionality has been in preview, and thanks to the invaluable feedback from our preview customers, it’s now ready for prime time.
Multi-Geo in SharePoint and Groups enables global businesses control the country or region where shared resources like SharePoint Team Sites, Office 365 Groups content (associated SharePoint Sites and Groups mailboxes) are stored at-rest.
Earlier this year we launched Multi-Geo in Exchange Online and OneDrive, giving control over the geo-location of user-attached resources like user’s mailbox and OneDrive files.
With more data residency measures being legislated around the world for cloud data, global businesses are challenged with meeting their data residency requirements and digitally transforming with the cloud.
Multi-Geo addresses these challenges by enabling a single Office 365 tenant to span multiple regions and/or countries and giving customers the flexibility to choose the country or region where each employee’s Office 365 data is stored at-rest. This helps businesses meet their global data residency needs and digitally transform with Office 365.
Configuring Multi-Geo in SharePoint
Setting up and managing Multi-Geo is now available through the SharePoint admin center. Simply click ‘Add location’ and select the needed satellite geo and then pick a namespace URL. New sites created by users are automatically created in the geo where their PreferredDataLocation (PDL) was established. See more about managing PDL with Azure AD Connect at aka.ms/PDL
For your global workforce, the digital transformation means that every employee is empowered with a modern productivity experience in Office 365.
Global SharePoint Home experience
With SharePoint Multi-Geo, satellite geos now get the rich SharePoint Online functionalities in addition to the OneDrive functionalities. SharePoint Home experience shows a curated list of News roll-up and Suggested sites powered by the intelligence of the Office graph, which analyzes the activities and signals from across the global organization and tailors a list for every user.
New site creation in the user’s geo
Team sites and Communications sites creation experience automatically detects the user’s configured geo-location and triggers sites creations in the corresponding geo.
New sites automatically created in the user’s geo
Hub site is Multi-Geo aware
SharePoint Hub sites enhances the discovery and engagement with content for employees, while creating a complete and consistent representation of projects, departments or regions. With SharePoint Multi-Geo, sites from Satellite geos can easily be associated with a hub site regardless of which geo the hub site is hosted in. This makes it easy for employees to tailor their business units needs through hubs while at the same time being part of One Enterprise. Employees can search and get results across the hub through a single search experience, regardless of in which geo the sites are located at-rest.
SharePoint Hub Site experience
For employees on the go, the same great productivity experience is available on rich mobile apps for SharePoint, OneDrive and Outlook. Employees simply sign in with their Office 365 credentials and access content in their Multi-Geo enabled Office 365 tenant, they don’t need to remember any geo specific URLs or other information.
SharePoint Mobile with sites and people from around the world
For organizations that use taxonomy enterprise managed metadata to organize their sites and contents, Multi-Geo enables an easy way to centrally manage metadata in a central location and behind the scene these get replicated to all the satellites and ready to use in satellite sites. This doesn’t require any additional customization.
Multi-Geo for SharePoint Online and Exchange Online Groups is now rolled out to all Office 365 tenants enabled with the Multi-Geo feature. Please see https://aka.ms/GoMultiGeo for details.
Multi-Geo in SharePoint Online and Groups is included with the existing Multi-Geo offering. Please see https://aka.ms/GoMultiGeo for further details or contact your Microsoft representative.
Today we are pleased to announce the preview of the Office cloud policy service to help administrators manage policies for all Office 365 ProPlus users in their organization, from an easy-to-use, Internet-based portal focused on Office 365 ProPlus management.
Office 365 ProPlus allows users to access full Office experiences from multiple Windows devices. These may be managed or MDM-enrolled devices, but are often also personally-owned and unmanaged. Now with the Office cloud policy service, you can define and enforce Office policies without the infrastructure or MDM services traditionally required.
The Office cloud policy service allows administrators to define policies for Office 365 ProPlus and assign these policies to users via Azure Active Directory security groups. Once defined, these Office policies are automatically enforced as users sign in and use Office 365 ProPlus.
- Build a policy configuration that includes the policies you want to enforce, configured as needed for your organization’s needs. The service is always up to date and includes the latest policies as they are released.
- Target a group of users by assigning the policy configuration to a specific AAD security group.
- Policies automatically enforced as users sign into Office 365 ProPlus.
This service is now available as a preview for all organizations with Office 365 ProPlus. If you are an administrator, you can start using this service by signing into the Office client management portal and creating Office cloud policy configurations. As you evaluate this preview, please provide feedback using the feedback button (in the upper right corner) to help us improve the service.
For a guided walk-though of this new service, take a look at a this video which also includes a deep dive into the Office Customization Tool.
For additional documentation on how to use this new policy service and its capabilities take a look at this document.
Does the Office cloud policy service replace Group Policy management options?
No, this service complements Group Policy-based management as another option. Group Policy management enforces policies on Windows PCs joined to an Active Directory domain, while the Office cloud policy service only requires Azure Active Directory sign-in as part of Office 365 ProPlus.
What are primary differences between the types of policies I can enforce using Office cloud policy service compared to Group Policy?
Office cloud policy service manages user-based policies for Office 365 ProPlus. Group Policy can manage both user-based and machine-based policies.
How does the Office cloud policy service compare with the Office Customization Tool for Click-to-Run’s application preferences settings?
The settings configured as part of Office installation using the Office Customization Tool for Click-to-Run – as well as previous OCT versions – are based on ‘preferences’, meaning that a user can change them. Office cloud policy service settings are enforced, similar to Group Policy enforcement.
Is an Intune subscription required?
No. It is not required that the tenant have an Intune subscription. This is a feature of Office 365 ProPlus and only requires that the tenant have a subscription that includes Office 365 ProPlus.
Does this work with all Office Click-to-Run products?
No. This is a feature of Office 365 ProPlus and only works with the Office apps that are deployed as a part of the Office 365 ProPlus suite.
Does this new policy service support all the policies from the Office ADMX templates?
No. Currently this preview is limited to a subset of the user based policies defined in the ADMX templates. All machine based policies are not included.
Which admin roles are allowed access to configure policies?
Only the Global Admin, Security Admin or Desktop Analytics Admin (private preview) roles are allowed access to create or view policy configurations.
To protect against device loss or damage and to provide anywhere access to files, we recommend storing them in Office 365. Last June we announced Known Folder Move (KFM) in OneDrive for customers on Windows 7, 8.1 and Windows 10. Known Folder Move provides an easy way to redirect your desktop documents and folders to OneDrive, making OneDrive the default location for those files. With KFM, your content is automatically synced to OneDrive with no disruption to productivity.
Today we are announcing a new capability that makes it easier for you to create and save your Word, Excel, or PowerPoint document directly to the cloud. When you go to save an Office365 document using Ctrl+S (Windows), Cmd+S (macOS), or the Save button, the new dialog box will default to OneDrive or SharePoint Online. And if you forget to save a new document before exiting, you will also see this updated save experience.
Once a document is saved in the cloud, you can easily rename the file and change the location from the title bar. This ability to save your document to the cloud directly from Word, Excel, or PowerPoint will roll out to Office 365 on Windows and Mac beginning in February.
These features, along with OneDrive Files On-Demand for Mac, are part of our investments in making it easier for you to get your files into the cloud. By saving to the cloud, you will be able to securely access your most important documents from any device and start collaborating with others from the get go.
We’re thrilled to announce that all customers using Multi-Geo Capabilities in Office 365 will soon be able choose India as a satellite geo-location to store their users’ Exchange Online Mailboxes and OneDrive for Business files at-rest, and address their global data residency needs. Once SharePoint Multi-Geo is generally available, it will also include the India geo.
We’re in the process of rolling out the India geo to all Multi-Geo enabled Office 365 tenants. In the next few weeks, Multi-Geo customers will get a Message center notification in Office 365 indicating that the India geo available. After that, simply set the “PDL” to “IND” to trigger the move of mailboxes and OneDrive files to the India geo. Read more on configuring Multi-Geo at aka.ms/ExchangeMultiGeo and aka.ms/OneDriveMultiGeo.
This means Multi-Geo is available in 10 geos across Microsoft’s massive global data center footprint. Learn more about Multi-Geo at aka.ms/GoMultiGeo
The Office Online team is pleased to release our latest update to Office Online Server (OOS). OOS empowers organizations to view, edit, and create documents in the browser with Word, PowerPoint, Excel, and OneNote from their own datacenter.
Please verify that you have the latest version of the OOS release to ensure the best experience.
The November 2018 update of OOS includes the following improvements:
- Additional formatting options in PowerPoint Online such as paragraph customization (indentation, line spacing, spacing), custom slide sizes, enhanced table functionality, increased list options
- New PowerPoint Online slide themes
- Pivot tables, conditional formatting for Excel Online
- Faster boot and editing performance in Word, PowerPoint and Excel Online
- Accessibility & usability improvements across all applications
- ULS logging formatting changes (details)
- Many more improvements + bug fixes across all applications
How do I get OOS/download the update?
We encourage OOS customers to download the November 2018 release, as only the latest version will be supported with bug fixes and security patches available from the Microsoft Updates Download Center. You must uninstall the previous version of OOS to install this release.
Eligible customers can download the latest update of OOS through the Volume License Servicing Center (under the product pages for Office Professional Plus or Office Standard). Customers that have purchased Office 365 Pro Plus subscriptions or Software Assurance (SA) with an Office licensing suite will have OOS rights for document creation, editing, and save functionality. Other volume licensing customers, except those who have purchased Open licenses, can download OOS with view-only functionality. For more information on licensing requirements, please refer to our product terms.
For customers whose licenses qualify for OOS, but cannot obtain OOS through the Volume Licensing Services Center, the following actions are possible:
- Direct customers can submit a request from their Office 365 admin center or contact support.
Modern workers are always looking for ways to be more productive, but in today’s always connected world filled with infinite distractions, it is hard to stay focused, find what you are looking for and determine where to get started doing your most important work. Office.com pulls your most relevant apps, documents and places where you and your coworkers are working—all in one place. We are pleased to update you on the new capabilities that are coming to Office 365 in the web.
Get started with Office.com
We reimagined Office.com last year as the best place to get started, get back to your content and get the most of your Office 365 subscription. Giving you fast access to what’s most important to you, we have rolled out a Recommended Section that helps you discover relevant documents, like the ones your colleagues recently edited or added. We have also introduced new start pages for Word, Excel, PowerPoint and Sway that give you access to recommended and recent files filtered to the specific application you are working in.
Bringing Microsoft 365 Search, and improved help to your fingertips
Microsoft is introducing new tools for collaborating and getting back to work that are available across all of Office 365 in the web in a single click—streamlining the ability for users to work more efficiently by reducing context switching.
Microsoft 365 Search
You no longer have to search different applications separately. With Microsoft 365 Search within Office 365 in the web, you can find the documents, people, sites, and apps you need—even third-party apps your company uses. Microsoft 365 Search is available on www.office.com now, and It will be elevated to the top of the page by the end of the year. In the coming months, it will be rolling out to other Office 365 applications. Learn more about it here.
Improved Help and Support
The services that power help and support in Office desktop clients, are now extended to the web. The new and improved help and support pane gives you tips, access to the latest support articles, and provides contextual help on the top issues for the app you’re using. You can also customize the pane with your company’s helpdesk information. The new experience is rolling out on www.office.com over the next month and will roll out across all Office 365 in the web over the coming months.
Visit www.office.com and try out the new experiences. Stay up to date on the latest news and features for Microsoft 365 and join the conversation in the Microsoft 365 Tech Communities
Today we’re pleased to announce the release of Exchange Server 2019, Skype for Business Server 2019, SharePoint Server 2019, and Project Server 2019. These four servers round out the Office 2019 release, a wave of product updates that started with the Office 2019 client apps released at Ignite in September. The Office 2019 servers have been in commercial preview since July.
Office 365 delivers the most productive and most secure Office experience – with the lowest total cost of ownership for deployment and management. However, for customers who aren’t yet ready to move to the cloud, Office 2019 provides an update to the on-premises apps and servers. Here we highlight some of the features and functionality in each of the Office 2019 server offerings.
Exchange Server 2019
Exchange Server 2019 includes scale and performance enhancements, new and improved search powered by Bing technology, new options to restrict the forwarding of meeting requests, and increased control over “out of office” settings. Exchange Server 2019 requires Windows Server 2019. At the time of publication, all media for Windows Server 2019 and Windows Server version 1809 have been temporarily removed from market as we work through a product quality issue. We will provide an update when refreshed media is available and will ensure that all Office 2019 services are fully compatible with the newly refreshed version. Learn more about Exchange Server 2019 here.
Skype for Business Server 2019
Skype for Business Server 2019 provides on-premises and hybrid customers with additional security, quality, and performance features to improve the hybrid scenario. New features include Cloud Voicemail, Cloud Call Data Connector, Streamlined Migration to Teams, and support for TLS 1.2. Learn more about Skype for Business Server 2019 here.
SharePoint Server 2019
SharePoint Server 2019 brings the ease of use of SharePoint Online to on-premises customers. For end users, the new release delivers modern libraries, lists, and communication sites.
IT professionals will see improved performance and scale with simplified management. And developers will now be able to build for both cloud and on-premise environments with deeper SharePoint Framework integration. Learn more about SharePoint Server 2019 here.
Project Server 2019
Project Server 2019 offers a robust end-to-end project and portfolio management solution, with strong collaboration capabilities powered by SharePoint Server 2019. Updates include enhancements to performance and scalability, improved reporting, and an expanded set of APIs. Learn more about Project Server 2019 here.
While the cloud offers real benefits in productivity, security, and total cost of ownership, we recognize that each customer is at a different point in their adoption of cloud services. Office 2019 is a valuable upgrade for customers who feel that they need to keep some or all of their apps and servers on-premises. As such, we are committed to another on-premises release in the future. However, we will be investing in and adding new capabilities to Office 365 regularly, including innovations in artificial intelligence (AI), collaboration, and security.
Note: October 2018 – Both Office 2019 and the Office 2019 Servers are now available. Learn more about Office 2019 here; learn more about Office 2019 Servers here.
Today we’re pleased to announce the commercial previews of Exchange Server 2019, Skype for Business Server 2019, SharePoint Server 2019, and Project Server 2019. This announcement wraps up our set of commercial previews for Office 2019, which included Office 2019 for Windows and Office 2019 for Mac earlier this year. With this announcement, we’re well positioned to ship Office 2019, the next perpetual update to Office, in the next few months.
Office 365 delivers the most productive and most secure Office experience – with the lowest total cost of ownership for deployment and management. But for customers who aren’t yet ready to move to the cloud, Office 2019 provides an update to the perpetual apps and servers.
Exchange Server 2019
Exchange Server 2019 will support Windows 2019 Server core and allow customers to run Exchange on the most secure Windows operating system to date. In addition, this release will include new and improved search powered by Bing and improved calendaring with features like Do Not Forward and Simplified Calendar Sharing. See what else we’re bringing to Exchange Server 2019 here.
Skype for Business Server 2019
Skype for Business Server 2019 will continue to support on-premises and hybrid customers. This release adds security, quality, and performance features to improve the hybrid scenario, and refreshes mainstream support. New features include Cloud Voicemail, Cloud Org Auto Attendant, Cloud Call Data Connector, and Streamlined Migration to Teams. For more on Skype for Business Server 2019, see our blog post here.
SharePoint Server 2019
SharePoint Server 2019 adds new value for end users, IT, and developers. For end users, SharePoint Server 2019 delivers new, modern experiences. IT professionals will see improved performance and scale with simplified management. And developers will now be able to build for both cloud and on-premise environments with deeper SharePoint Framework integration. Check out the preview blog to see what we are delivering in SharePoint Server 2019.
Project Server 2019
Project Server 2019 offers a robust end-to-end project and portfolio management solution, with strong collaboration capabilities powered by SharePoint Server 2019. Updates include enhancements to performance and scalability, improved reporting, and an expanded set of APIs. For more information, see the Project team’s blog post.
Going forward, we will be investing in and adding new capabilities to Office 365. But we recognize that for many customers, moving to the cloud is a journey with many considerations along the way. Office 2019 will be a valuable upgrade for customers who feel that they need to keep some or all of their apps and servers on-premises.
Today we are pleased to announce the availability of the Whiteboard app for iOS, and the commercial preview of the Whiteboard app on the web. Building on the ￼Whiteboard app for Windows 10 released in July￼, these releases move us closer to achieving our vision of a collaborative space for ideation that is accessible from any device and integrates seamlessly into the collaboration workflows teams already use.
Whether on Windows 10, iOS, or the web, Microsoft Whiteboard provides an infinite canvas where imagination has room to grow. On your Windows or iOS device, you can draw, type, add a sticky note or an image, stack things up, move them around. And from any device with an up-to-date web browser, you can now open and view your boards, and add and erase ink.
Whiteboard brings every member of a team together, whether they’re huddled around a wall-size touchscreen or working independently from their own laptops, tablets, or mobile devices.* And because Whiteboard automatically saves your boards to the cloud, you can always pick up right where you left off, whenever, wherever – and now from a broader range of devices.
To start using Whiteboard on your iOS device running iOS 9 or later, download the app for free from the Apple App Store. To start using the web app (commercial preview), your IT admin first needs to enable the service; more information available here. To start using Whiteboard on your Windows 10 device, download the app for free at the Microsoft Store.
Want to learn more? Visit the Whiteboard product page, or read the FAQ.
*The Microsoft Whiteboard apps for Windows 10 and iOS are available for all users; Microsoft Account or Office 365 account required. For commercial users, the Whiteboard web app (preview) makes their whiteboards accessible from other devices.
Traditional enterprise networks are designed primarily to provide users access to applications and data hosted in company operated datacenters. A secondary use has been as a gateway for access to the Internet for communications and web browsing. In this model, there is minimal or no network security between users and the company operated datacenters, and a substantial security perimeter between users and the Internet with many network devices such as firewalls, anti-virus scanners, data loss prevention, and intrusion detection devices.
Because of the large network security stack, Internet connectivity for branch offices is commonly centralized and backhauled over the customer’s wide area network (WAN). This model worked well for secure access from users within the office to corporate on-premises apps such as email and document sharing where bandwidth could be assured, and minimal network security within the WAN meant network traffic was not impeded.
Traditional enterprise network backhauling Internet bound traffic over its WAN
As enterprise adoption and reliance on SaaS apps like Office 365 continues to grow, and as employees work from more varied locations, the old methods of backhauling traffic to a central location for inspection creates latency and leads to a poor end user experience. The shift from accessing enterprise applications in a customer operated central datacenter to Office 365, and the differences in traffic patterns, performance requirements, and endpoint security needs to be acknowledged and planned differently when compared with simple Internet communications and web browsing research connectivity.
The Microsoft global network and Office 365
The Microsoft global network is one of the largest network backbones in the world consisting of high bandwidth links that have minimal network congestion, with thousands of miles of privately owned dark fiber, multi-terabit network connections between datacentres, and application front doors servers spread around the world. Over 100 public Internet peering interconnection locations on this network makes it easy for all users, regardless of location, to connect into the network using the Internet and access services such as Office 365, Azure, Xbox, Bing, Skype, Hotmail and more.
Microsoft continues to invest in the network, the geographical locations of the application front doors, public peering partnerships with ISP’s, and traffic backhauling capabilities. This allows user network traffic to enter the Microsoft global network very close to the user, and then the traffic is backhauled at Microsoft’s cost over high bandwidth lines within the network to the location where the user’s data is stored.
Microsoft global network with each of the blue dots representing Office 365 front end servers around the world
Office 365 connectivity principles
Microsoft recommends using the Internet and a simple network design for optimal connectivity and performance in Office 365. A key goal in the network design should be reducing the round-trip time (RTT) from your network into the Microsoft global network and ensure that the network traffic is not hair pinned or centralized to specific locations. Use the Office 365 connectivity principles to manage your traffic and get the best performance when connecting to Office 365.
1. Identify and differentiate Office 365 traffic using Microsoft published endpoints
Office 365 URLs and IP addresses aka.ms/O365IPAs a SaaS application Office 365 has a large number URL’s and IP Addresses representing Office 365 service front end servers. We refer to these URL’s and IP addresses as endpoints and customers can use them to identify specific network traffic that is destined for Office 365.
Identifying Office 365 network traffic is the first step in being able to differentiate that traffic from generic Internet-bound network traffic. Microsoft publishes the Office 365 endpoints and guidance on how best to use this data. An Office 365 administrator can use a script to fetch the endpoint details and apply it to a perimeter firewall and other network devices. This will ensure that traffic bound for Office 365 is identified, treated appropriately and managed differently to network traffic bound for generic and often unknown Internet web sites that employees may browse. See the Office 365 endpoint categories and Office 365 IP Address and URL web service to automate endpoint management.
2. Egress Office 365 data connections as close to the user as practical with matching DNS resolutionLocal Internet egress into Microsoft’s networkMany enterprise WANs are designed to backhaul network traffic to a central company head office for processing before network egress to the Internet. Because Office 365 runs on Microsoft’s large global network that includes many front end servers around the world, there will often be a network connection and front end server close to the user’s location.
When compared to backhauling data across the corporate WAN, the user is most likely going to get better performance by egressing Office 365 network traffic to the Internet close to their location where it can be connected to Microsoft’s global network. Additionally, many Office 365 applications use DNS requests to determine the user’s geographic location. If the users DNS lookups are not done at the same point as the network egress the user may be directed to a distant Office 365 front end server.
By providing users with local Internet egress and local DNS resolution their network traffic destined for Office 365 can connect to Microsoft’s global network and Office 365 front end servers as close as possible to the user. Shortening the network path to Microsoft’s global network and to Office 365 front end servers in this way should be expected to improve connectivity performance and the end user experience in Office 365.
3. Avoid network hairpins and optimize connectivity directly into the nearest entry point into Microsoft’s global network
Enterprise network hairpinning Office 365 bound Internet trafficMicrosoft is continuously working on reducing the distance between users and Office 365 endpoints, driving down latency and improving end user experience. There are two types of network route hairpin that may occur in connecting users to Office 365. These network hairpins greatly lengthen the network path between a user and Microsoft’s global network, and this increases network latency and reduces performance of Office 365.
As discussed, the second type can result from a cloud based network security infrastructure device. If the network device vendor has limited hosting locations and directs a user to a specific one that is distant from them they may create a hairpin route where network traffic goes from the user to the distant network device and back to an Office 365 front end server that is near the user. This can be avoided by asking cloud based network security vendors about the specific locations of their hosting and being critical of the network paths that this creates that may be different to the direct route to Office 365 endpoints on Microsoft’s global network.
The first type results from misaligned network egress and DNS lookups for a user. This can result in the user being directed to an Office 365 front end server that is close to them, but via a distant corporate egress location at a head office. This can be avoided by local egress and local DNS as outlined in the principle above.
4. Assess bypassing proxies, traffic inspection devices and duplicate security which is available in Office 365Bypassing additional security for Office 365
Generic Internet web browsing traffic to unknown Internet sites can have substantial security risk and most enterprises implement network security, monitoring, and traffic evaluation technology at their Internet egress locations. Network security technology includes proxy servers, inline SSL break and inspect of network traffic, network layer based data loss prevention, and more. Network security devices is a strongly growing industry. Unfortunately, whilst all this equipment reduces the enterprise risk of Internet connectivity, it also increases the cost and resources required for Internet connectivity, and it reduces the performance for network connections.
Office 365 servers are all hosted in Microsoft datacenters and Microsoft is very transparent about datacenter security, operational security and risk reduction around those servers and the network endpoints that they represent. These security details can be found in the Microsoft Trust Center. Office 365 also has many other methods available for reducing that network security risk including the built-in security features in Office 365 such as, Data Loss Prevention, Anti-Virus, Multi-Factor Authentication, Customer Lock Box, Advanced Threat Protection, Office 365 Threat Intelligence, Office 365 Secure Score, Exchange Online Protection, Network DDOS Security, and other many other security features.
Enterprise customers should review these risk reduction methods specifically for Office 365 bound traffic and use the Office 365 in-built security features to reduce the reliance on intrusive, performance impacting, and expensive network layer security technologies for network traffic that is identified as Office 365.
The Office 365 networking product group would like to learn about your networking challenges when connecting to Office 365. Please comment on this blog to start a conversation.
- Office 365 Connectivity Principles in greater detail: https://aka.ms/PNC
- Office 365 product group videos expanding on the Office 365 connectivity principles: