IMPLEMENTATION | Service Automation - SPO - Teams - PowerApps - Nintex - C## - Postman

Microsoft Visio Viewer app for iOS will be retired from the App Store

Since the introduction of Visio for the web (then Visio Online) more than six years ago, we’ve continuously improved the viewing and file sharing experience for Visio drawings stored in OneDrive and SharePoint. And we’ll continue to bring exciting innovations to Visio for the web to enhance the diagramming experience across devices.

On August 14, 2023, the Microsoft Visio Viewer app will be retired and removed from the Apple App Store, so that our team can focus our energy on making Visio for the web even better. Starting August 14, 2023, existing installations of the app on iPhone and iPad devices will continue to work. However, over time, the integration with services like OneDrive and SharePoint will break. Furthermore, users will not have the option to re-install the app on their iOS device if the app is uninstalled or they’ve switched devices.

Next steps

If you are an admin and received a notification in the Microsoft 365 Message center, it means one or more people in your organization are using the Visio Viewer app for iOS. This blog post aims to provide guidance on how current users of the Visio Viewer app for iOS can access, view, and share Visio files moving forward. If you did not receive a notification in the Message center, then you don’t need to take any action.

Accessing files in Visio for the web

Users with a Microsoft 365 subscription can access and view Visio files through a web browser by signing in to visio.office.com with their work or school account. Here, files are listed in four different views: All, Recently opened, Shared, and Favorites.

An image of Visio for the web shown on an iPad device demonstrating how users can access their Visio files.

From here, select the file you want to open or select More options and then Open. The file will automatically open in Visio for the web.

An image of a timeline diagram in Visio for the web shown on an iPad device demonstrating how users can view files in the view mode.

From here, users can pan, zoom, and view all aspects of the diagram using touch on a touch-enabled device. Users can also share, add comments, print, and download the diagram directly from Visio Viewer.

Accessing Visio files from OneDrive

Alternatively, users can access Visio files stored in OneDrive or SharePoint directly from the OneDrive app in the browser. Go to www.microsoft365.com and select the App launcher in the upper left corner. Select the OneDrive app, then select My files on the left side of the page to browse through existing shared files. Scroll down to the file you want to open, select the More icon, and then select Open > Open in browser.

Learn more about Visio for the web

Transitioning from the Visio Viewer app on iOS to Visio for the web is easy. To learn more about which browsers work with Visio for the web, or how to view and comment on diagrams created with a Visio Plan 1 or Visio Plan 2 subscription, visit our Visio for the web FAQ.

Thank you to those who used the Visio Viewer app for iOS and provided reviews over the years. Your feedback has helped to shape the Visio viewing and file sharing experience on iOS devices and has helped us to understand areas where we can improve the experience across Visio. Please keep the suggestions coming—either via the Visio Feedback Portal or directly in the Visio web app using “Give Feedback to Microsoft” in the bottom right corner.

Continue the conversation by joining us in the Microsoft 365 community! Want to share best practices or join community events? Become a member by “Joining” the Microsoft 365 community. For tips & tricks or to stay up to date on the latest news and announcements directly from the product teams, make sure to Follow or Subscribe to the Microsoft 365 Blog space!

Microsoft 365 admin digest – February 2023

This month, we’re taking a closer look at change management in IT administration. Highlighting a few innovations and resources that’s been developed to help IT departments of large and small organizations manage change effectively. We also recently completed the migration of our Office 365 community to Microsoft 365 on Tech Community, bringing the previously disconnected spaces together and improving the overall experience. Lastly, learn more about the highly anticipated Microsoft 365 Conference that will be held in Las Vegas in May. Let’s dive in!

Effectively managing change

(Without too many spoilers, change management is going to be a recurring theme in this series because of how important we believe it is to your success as IT professionals.)

In our experience, having a robust change management strategy consists of more than just a process for successfully implementing change. Just as importantly, a good strategy should include how to appropriately help evaluate a change, determine its priority, and what the corresponding effort and resource required should be. We recognize this is challenging, especially in a cloud environment where changes and updates are constant and can affect a large, varied audience.

Knowing that IT departments are inherently at the heart of digital change and transformation, we’re continuously working on ensuring that while benefitting from the cutting-edge innovations cloud services offer, customers can thrive on predictability, relevance, and consistency. We recently published a blog post on this topic. Briefly, it covers:

How we’re supplying feature release status for each new and updated feature announcement in the Message center in the Microsoft 365 admin center to help you track feature availability, specifically for your organization.

Introducing relevance recommendations for Message center posts that give you the ability to differentiate the changes that are of high, medium, and low relevance to a particular tenant. Learn more here.

Use Targeted Release to manage how your organization receives updates. Allowing a select set of users in your organization to receive updates first or remain on the default release schedule and receive the updates later.

Successfully onboard Microsoft 365 with advanced deployment guides

If you’re an admin overseeing a larger company looking to deploy Microsoft 365, we recently updated the search tools, recommendations, and layouts for the Advanced deployment guides & assistance page in the Microsoft 365 admin center and at setup.microsoft.com. These guides are designed to offer step-by-step guidance and cover a range of scenarios to meet you where you are. Click the first link to learn more about how these improvements are going to help curate relevant guides specific to your tenant, offering you the most actionable information to help you get your Microsoft 365 apps and services deployed to your organization.

An image demonstrating the homepage for setup.microsoft.com.

Optimize user experience with the Experience insights dashboard

We’re starting to expand access to the Experience insights dashboard to Microsoft 365 tenants with at least 2,000 seats. Initially opened for preview to tenants of at least 20,000 seats in August, we’re excited to roll out availability to more accounts over the next month. We’ve developed Experience insights to give our customers’ designated IT admins an at-a-glance view of core user experience metrics, like product usage, in-product feedback, Net Promoter Score™ (NPS) values, and data on help content viewed across an organization. Seeing this information all together helps administrators determine whether they need to take specific actions, such as providing users with updated recommendations and support resources as workspaces and operations evolve over time.

If you’re in the Global Admin or Global Reader role, you’ll see Experience insights (preview) on the top right of the Microsoft 365 admin center. If you’re a member of Report Readers or User Experience Success Managers, you will be defaulted into the experience with the ability to opt out. Learn more about the Experience insights dashboard here.

An image demonstrating how to view Experience insights (preview) in the Microsoft 365 admin center.

Bookmark these small business IT resources

Change management in a small company is often much easier to manage and the challenges are more around getting tasks completed as quickly as possible to get back to your core business operations. Here are some helpful support resources worth bookmarking as self-service references:

Small business help & learning: A space dedicated to small business support. Organized by task, it provides simplified, step-by-step instructions to help you get things done and get back to work.

Microsoft 365 help for small businesses: If you prefer a more visual guide, this video library hosts a collection of short, objective-focused videos to walk you through specific tasks.

Over the course of this monthly series, we’ll highlight innovations that are more relevant to small business and continue improving on the resources listed above. If there are specific tasks you’d like us to consider making content for, let us know below!

An image demonstrating the homepage of the Small business help & learning site.

Welcome to the unified Microsoft 365 Tech Community

We recently completed the migration of our Office 365 community to the Microsoft 365 community on Tech Community. We’re particularly excited to have the Microsoft 365 admin center discussion space to create focus for admin discussions. Please make sure to visit the discussion space and hit that subscribe button so you can stay updated on the latest discussions in this section. We encourage you to do the same for other sections you might be interested in following and look forward to having everyone together growing this community.

Check out the Microsoft 365 community here where you can find all our related discussion spaces.

Join the Microsoft 365 Conference

Lastly, it was announced that Microsoft will once again be a Diamond Sponsor at the Microsoft 365 Conference in Las Vegas, May 2-4. Recently, we shared news on Yammer’s evolution to Viva Engage, Teams Premium, Viva Sales, and of course the Reinvention of search. There is so much more on the horizon over the next few months – spanning fundamentals and innovation. The event will feature over 150 sessions led by Microsoft executives and Subject Matter Experts (SME), including keynotes, breakout sessions, Ask Microsoft Anything (AMA), and workshops. You can read more and register here: https://aka.ms/m365conf23.

More ways to stay updated

While we continue sharing highlights and insights that benefit IT admins through this blog series, consider subscribing to updates on specific items in the Microsoft 365 Roadmap, and look out for communications published in the Message center in the Microsoft 365 admin center. We also highlight new feature releases and enhancements released each month in our What’s new in the Microsoft 365 admin center? series.

Comment below if there are topics within IT administration or change management that you’d like us to explore!

Simplifying change management of Microsoft 365

Microsoft constantly delivers innovation and improves Microsoft 365 services to help every person and every organization on the planet to achieve more. Changes are rapid and this is the reality of any cloud service. While committed to enhancing the end user experience, we are also dedicated to helping customers establish effective change management practices. This will enable admins to focus on delivering the most productive and secure experiences to their businesses. Our continuous goal is to build trust and to ensure that while benefiting from the cutting-edge innovations cloud services offer, customers can still thrive on predictability, relevance, and consistency.

Numerous resources, guides, and tools are already available to help Microsoft 365 admins successfully manage change today. Read this article to learn more. One such resource, the Microsoft 365 Roadmap, offers great visibility into upcoming changes to Microsoft 365 apps and services right at the time they are announced. However, this unauthenticated by design experience only offers general status information aggregated for all customers by cloud instance or environment (for example, commercial or government). Customers want to know what new features are being released and in what timeframe, when these features are being launched to a particular tenant and when they will be available to all applicable users, as well as when features will be available in Preview and Targeted Release so they can start validating and preparing for a change. Going forward, we are committed to offering you a set of capabilities to further simplify change management while adopting Microsoft 365 services.

Introducing the new feature release status

We start by providing you with a release status for each new and updated feature announcement in the Message center in the Microsoft 365 admin center to help you track feature availability for your organization. The new release status capability will help make feature release information specific to your organization rather than providing a broad release window for the feature roll out. Admins will not need to constantly check the respective app or service to verify if a particular feature has reached their tenant, and once launched, if it’s available to all users in their organization. With the new predictability feature showing the release status, admins will be able to plan end user communications and trainings, and therefore successfully drive services adoption and usage. Initially, the release status* will be available for a limited number of Microsoft Teams, Outlook on the web and Microsoft 365 admin center feature announcements.

As you log in into the Microsoft 365 admin center, you will be able to track feature rollouts** across the following three release stages available on each applicable message, which will be updated over the lifecycle of the feature release:

Scheduled: The feature is planned to release to your tenant and is not yet available to any user in your organization.

Rolling out: The feature is beginning to roll out to some applicable users in your organization.

Launched: The feature is generally available to all the applicable users in your organization.

Similarly, on the Microsoft 365 Roadmap, in the upper right corner of each roadmap item, you will see these dates labeled as “Preview Available” and “Rollout Start.” To give you a chronological view of the items you are most interested in, items in the list view can be sorted based on these date labels using the sort selector.

An image demonstrating filter capability on the feature rollout status in Message center to track release status at a glance.

An image providing an example of an organization-specific feature release status for an updated feature in the Message center.

Updates to feature release status will be provided on the original Message center post. Filtering capability on “Status for your org.” will offer easier visibility on the updated release status.

In future we are committed to bringing release status of other Microsoft apps and services. To provide feedback about other capabilities that help admin make change management easier, please ⁠provide feedback on Message center posts or follow this guidance on how to provide feedback to Microsoft. To track the status of this feature, check out this item on the Microsoft 365 Roadmap.

Introducing relevance recommendations for Message center posts

Through our customer conversations, we found that IT admins can feel overwhelmed by the volume of Microsoft 365 changes coming their way. They’d like to know which of these many changes are relevant to their organizations.

To address this, we have lit up an experience in the Message center to give admins the ability to differentiate the changes that are of high, medium, and low relevance to a particular tenant. This recommendation is based on service usage in your organization, and other attributes in a machine learning model. To learn more about relevance recommendations, please see this article.

You can use sort and filter capabilities to scope the Message center posts to one of these the following options:

High: Changes for which you need to act with urgency.

Medium: Changes you focus on next and plan for an action at a later date.

Low: Changes which you can choose to monitor to stay informed.

Note: Relevance recommendations is available for Targeted Release customers. To track the availability of this feature, view this item on the Microsoft 365 Roadmap.

Once you start receiving these relevance recommendations, please tell us how relevant a Message center post is to your organization through the extended feedback capability (example provided in the screenshot below).

An image demonstrating how to scope Message center posts with the Relevance filter by selecting one of three options: High, Medium, and Low.

Targeted Release now available for GCC, GCC High, and DoD

Targeted release is another way Microsoft helps customers establish effective change management practices. It lets you manage how your organization receives updates. You can sign up for early release through Targeted Release so that select set of users in your organization receives updates first. Or you can remain on the default release schedule and receive the updates later.

This capability was only available to commercial customers until recently. It was made available to GCC, GCC High and DoD customers at the start of December 2022. These customers will be able to opt-in to Targeted Release and get early access for OneDrive for Business, SharePoint Online, Outlook for the Web, Microsoft 365 admin center features and some Exchange features, with information about other apps and services also available in future.

To opt-in to Targeted Release, follow these steps in the Microsoft 365 admin center: Go to Settings -> Org Settings -> Organization profile -> Release preferences.

An image demonstrating the feedback experience to let Microsoft know when a Message center post is not relevant to your organization.

Targeted Release support coming soon for Microsoft Teams

Previously, the opt-in for Targeted Release provided early access to high quality releases for OneDrive for Business, SharePoint, Office for the web, Microsoft 365 admin center features, and some Exchange features. Targeted Release customers had been asking for this opt-in to also provide early access to Microsoft Teams features. We’re excited to share that Microsoft Teams support for Targeted Release commercial cloud customers is coming in March 2023!

With this support, users opted-in to Targeted Release will be the first Production users to see the latest Microsoft Teams features and help shape the product by providing early feedback.

*The release status will ONLY be available for generally available new and updated features that are also announced on the Microsoft 365 public roadmap. If you do not see the release status on a message, it means the release status is not available for that feature.

**Release status will be first available for Targeted Release.

AI, roadmap, community, and more at the Microsoft 365 Conference

There has never been more exciting time to be in tech and the Microsoft 365 Conference in Las Vegas on May 2-4th is the best place to learn about the latest collaboration tools and AI capabilities that are transforming the workplace and can help you grow your impact and career.

I am excited about this Microsoft 365 Conference – our largest yet – for two reasons:

Sharing the latest Microsoft 365 product roadmap – including the artificial intelligence revolution

I have never seen a more rapid period of innovation in my career. Last year, we introduced over 400 new capabilities in Microsoft Teams alone and this year will be even bigger. As Satya Nadella noted last week, “AI will fundamentally change every software category.” In just the last few days, we have shared news on Teams Premium, Viva Sales, and the Reinvention of Search to name a few. We have so much more coming in the next few months – spanning fundamentals and innovation. This Microsoft 365 Conference will have it all – content for end users, developers IT across Teams, SharePoint, OneDrive, Office, Viva, Syntex, Loop, and more including integration with Power Platform and Azure. You’ll be able to hear from, ask questions of, and give feedback directly to Microsoft product leaders – including me! We also have an amazing partner ecosystem innovating to deliver solutions for your needs built on the Microsoft Cloud platform. We can’t wait to hear from you.

Learning with the Microsoft 365 Community – the best community in tech

While the technology is fascinating, what really gets me most excited is people – how we can work together to help people be heroes in the organization – enabling creativity and collaboration, building better business solutions, and addressing IT needs with better security at lower costs. This is where the Microsoft 365 Conference comes in – bringing together a diverse community to learn from each other on how to apply the technologies to unlock the potential of every person and organization. It is a place where you can network and build life-long friendships. I have been to many community events in my career – from SharePoint Conferences to Ignite, from Build to Microsoft 365 events around the world. I promise – this one in particular will be special – as we discuss the transformation of work coming out of the pandemic and coming into a fascinating period for Generative AI. I am thrilled to connect with the community to learn and have fun over the course of the event.

I hope you will register today to join us in Las Vegas and dive deep into what’s next and how it can help you and your organization. Microsoft customers can use discount code MSCUST for $100 off your conference registration.

 I hope you can join us in Las Vegas, May 2 – 4. And I look forward to seeing you there! 

-Jeff

Let's Talk Education – Microsoft EDU

The Microsoft Education (EDU) commercial support team can help you find the right educational support, at a time that fits your schedule.

We’re excited to welcome Principal Product Manager Brad Davis to discuss Microsoft Education supportability.

Brian: Welcome Brad and thank you for taking the time to talk to me today! Please tell us a little about you, and your Microsoft experience.

Brad: My name is Brad Davis and I have worked at Microsoft for a little over 14 years. I have done a lot of exciting things for a lot of different teams, mostly customer facing, working with consumers, working with small businesses, education customers of all sizes, enterprise customers, government customers and public sector. It’s been a blast.

Brian: Thank you, and I see you are a leader on our Microsoft 365 Education team. Please share some background around this and how you got into your role.

Brad: Three years ago, or so, I joined customer success engineering where I lead a team that looks at consumer, small business, and education audiences, like EDU IT admins, teachers and educators, students, and parents of students across the Microsoft 365 usage and support funnel. We are currently doing most of our work focusing on Education IT admins.

Brian: Heard you mention a support funnel. I understand there’s a program out there called Microsoft 365 EDU Generalist. Can you share more information?

Brad: This program started a couple years ago, and it was derived in the same way that most of the best things are – from customer feedback! The voice of our customers and what we learned looking at in-product feedback and support feedback was that education IT admins specifically could really use support experiences from a team that not just understands Microsoft 365 – our support teams do understand Microsoft 365 very well – but really understood Microsoft 365 education nuances and the uniqueness of the education IT admin workflow. Nuances such as, seasonality with back to school, school year, and pre-summer. There was enough uniqueness in that use case and the types of users that education admins support that are different from broad commercial traditional enterprise admins.

“Customers want their experience to be as unique as their needs.”

-Brad Davis speaking about Microsoft customer feedback

Brad: Admins were telling us in so many words that they like a unique experience, something different than what we’d offer a broad commercial customer. So, my team and I went to work to see what was possible. What we developed was this hypothesis, this idea, that a Microsoft 365 Education Generalist team, that is to say a team that understands the whole product suite, not just a couple of parts of it well, but the whole suite, and specialized on Education IT admin workflows within that product suite specifically, could deliver a world class support experience. So, we went out and we built that experience. We’ve been testing it now for a couple of years. We just had our 2022 back to school, Northern Hemisphere moment in September and October and customer feedback and results are outstanding. So directionally, our customers are telling us, yes, this differentiated experience is the right thing to do, keep going. So, we are.

Brian: Love the focus on customer experience and feedback. Can you please give me a bit more about the generalist background? How are they selected to support our Microsoft EDU customers?

Brad: The support agents all come with a solid base of understanding of Microsoft 365 products and services. Any one of these guys and gals could support Microsoft 365 for broad commercial enterprise customers. So, they all have that base knowledge and on top of that, they have very deep understanding of the education nuances, such as, how Teams Commercial is different from Teams Education. How an IT admin in a university might leverage Exchange or SharePoint differently than maybe an oil and gas company or a bank or some other industry that’s not education. The uniqueness there is that they have a deep understanding of how schools are decentralized by nature. Lots of buildings across geographies.

A Microsoft Teams for Education infographic explaining the benefits for different student types.

Brian: Thank you for the great differentiation explanation. Shifting gears, what can our current and future customers expect to see from you and your team as we move into 2023 and beyond?

Brad: That’s a great question! What we’ve done so far has been mostly focused on what we call the reactive support experience. This is when customers reach out to us for help. This is just one picture of what we call the connected support funnel. What I’m really excited about is our opportunity to look at both in-product experiences and proactive experiences together. For example, this is just an idea and we’re still thinking about this…

Brian: Wait are you about to give us a product scoop here?

Brad: Yeah. If you think about what education IT admins are doing heading into their school year-it’s summertime and there is a long list of jobs to be completed. Common items, best practices around hybrid infrastructure settings for Microsoft Teams or Exchange, just as an example. Imagine a seasonally relevant experience where education IT admins receive a differentiated in-product and Microsoft 365 admin center experience to help guide them through all the best practices to ensure a successful school year.

Brian: Yes, any automation we can add to our lives makes each day a little easier! Before we wrap up is there anything else you would like to share with our readers?

Brad: Absolutely! I would love to talk with any education IT admin that has feedback or anything specific they’d like for us to think about. Please fill out the form below and I will be happy to connect directly.

An image requesting education IT admin feedback.

Submit your Education IT admin feedback and requests below!

Microsoft Education Contact Request form

Brian: Perfect! I know our customers will be excited to chat directly with you and help empower them to do more. Thank you for your time today and thank you to our readers as well!

Brad: Thank you!

Brad Davis is a Principal Program Manager within the Customer Success Engineering Amplify team.

Brian Randisi is a Supportability Program Manager in the CSS Modern Work Supportability team.

The CSS Modern Work Supportability team delivers innovative self-help solutions and diagnostics, in-service enhancements, and support programs to help customers get maximum value from their Microsoft 365 commercial subscriptions and create an easy-to-use, connected support experience.

Helping IT admins save time and effort managing Microsoft Viva

The Microsoft 365 Commercial Support team resolves customer support cases and provides support to help you be successful and realize the full potential and value of your purchase. Our support services extend across the entire lifecycle and include pre-sales, onboarding and deployment, usage and management, accounts and billing, and break-fix support. We also spend a considerable amount of time working to improve the supportability of Microsoft 365 services to reduce the number of issues you experience as well as minimize the effort and time it takes to resolve your issues if they do occur.

Today, we’re excited to share more about some of our supportability work with Microsoft Viva.

You may have seen this recent article on how Microsoft Viva helps businesses save time and money by improving employee experience and engagement to boost business outcomes. Whether it’s locating information, accelerating new hire onboarding, or creating common views of objectives and key results, the employee experience platform delivered by Microsoft Viva helps organizations and the people in them grow and flourish.

As the solutions and benefits delivered by Microsoft Viva have continued to expand, our Microsoft 365 Commercial Support team has been learning and gaining new insights on the support experience across the suite. One of the areas we’ve been focusing on from a supportability perspective is helping IT admins save time and be more effective with their management tasks. In this post, we’ll take a closer look at some of the outcomes of that work.

Improving SharePoint integration with Microsoft Viva Learning

Integrating with SharePoint as a source of content for learning and development is one of the most widely used capabilities in Viva Learning. This allows admins to bring curated content into Viva Learning from SharePoint content repositories. Through support feedback and customer listening channels, our supportability team learned that admins needed a more integrated way to review, diagnose, and troubleshoot setup and integration issues between SharePoint and Viva Learning. Of particular importance was creating more transparency around underlying content sync and ingestion processes to help admins understand and resolve commonly occurring configuration issues.

Working in close partnership with the Viva Learning product team, the new Managing Providers feature was prioritized and rolled out last November. Using the Admin tab in Viva Learning, admins can now track the status of sync processes for SharePoint and investigate ingestion failures using the Export Logs feature.

An image demonstrating the Manage Providers feature from the Admin tab in Viva Learning.

Note: The Viva Learning Admin tab also provides additional capabilities for managing provider integration with other learning management systems and content providers available with a Viva Learning subscription.

Additionally, the team has made considerable efforts to strengthen the admin-focused documentation related to integration with SharePoint. This documentation and other self-help solutions are surfaced contextually during the support workflow in the Microsoft 365 admin center.

An image demonstrating how to get instant answers during the support workflow within the Microsoft 365 admin center.

Acting on customer feedback with the Viva Connections first-run experience

Through support feedback and customer listening channels, our supportability team also learned that admins wanted to disable the Viva Connections first-run experience. As part of the investigation, we learned about a technical issue with this feature tied to how users signed in or signed out of Microsoft Teams. This caused the first-run experience to appear each time the user signed in. The Viva Connections product team has since disabled the first run experience and is looking to bring back a new first-run experience in the future that will address the Microsoft Teams sign in/sign out scenarios.

Enabling deeper Viva Engage and Yammer integration with Microsoft 365

Significant governance, compliance, and security functionality has been added to the Viva Engage and Yammer platform in recent years, which has required admins to move to native mode. Through support feedback and customer listening channels, our supportability team learned about the top challenges for admins moving to native mode. We learned that customers wanted more control over when and how they moved to make the transition, and that they wanted improvements to planning content. In collaboration with the Viva Connections and Yammer product teams, we prioritized the issues to ensure that we could quickly deliver improvements for admins.

The product team has since created a process to delay automatic migration giving customers more control and answered questions directly on a live webinar. In the coming months, we expect there will be further enhancements to the automatic migration process, which will simplify the process for admins.

Providing admins with longer trial periods for Viva Topics

Through support feedback, preview programs, and customer listening channels, our supportability team also identified a top request for Viva Topics to extend the trial period. As we learned, customers asked for this to allow more time for machine learning to automatically identify topics. This was desired to enable a deeper evaluation and hands-on experience with Viva Topics. The Viva Topics product team has since granted a longer trial period, allowing for a 60-day trial, plus an extension. The maximum number of trial users was also increased from 25 users at initial release to 50 users.

In the coming months, we’ll be working to develop new Viva self-help and diagnostics capabilities using our customer diagnostics platform to further assist admins with setup, management, and usage. In the meantime, take advantage of the Viva deployment resources available with FastTrack, which include self-serve solutions as well as access to specialists and services for eligible customers. You can also use the Viva employee experience dashboard for step-by-step instructions needed to deploy Microsoft Viva modules for your organization.

As part of our ongoing supportability work, we’ve been honored and proud to give back to communities in need when you use a diagnostic tool to solve your issue through our Microsoft 365 Diagnostics for Social Good program.

We look forward to sharing more about our Microsoft Viva supportability progress and plans in future updates!

Brian Stoner is a Director on the CSS Modern Work Supportability team where he leads a team of technical and business program managers.

Vikram Kartik Jindal is a Supportability Program Manager on the CSS Modern Work Supportability team focused on Office client and Microsoft Viva.

Brian Lyttle is a Senior Supportability Program Manager on the CSS Modern Work Supportability team focused on Yammer and Microsoft Viva.

Bryan Petersen is a Senior Supportability Program Manager on the CSS Modern Work Supportability team focused on SharePoint, OneDrive, and Microsoft Viva.

Bookable time coming soon to Outlook

Microsoft Bookings in Outlook is coming to help you reduce the back and forth in scheduling, while helping you maintain control of your calendar. You’ll be able to keep custom bookable time (via a new event drop down in the calendar pane) to share with others so they can easily find a time to schedule a 1:1 meeting with you according to your availability and preferences.

When someone books a time slot with you using your personal booking page, you will both receive an email confirmation. Attendees can update or cancel scheduled meetings with you directly from your personal bookings page.  

All users with the following subscriptions will have access to Bookable time in Outlook by default:  

Office 365: A3, A5, E1, E3, E5, F1, F3

Microsoft 365: A3, A5, E1, E3, E5, F1, F3, Business Basic, Business Standard, Business Premium

How can you start using Bookable time?

From Outlook on the web, click on the calendar tab on the left navigation menu, click the New Event button, and select Bookable time.

An image demonstrating where to find the Bookable time feature in Outlook on the web.

When you click on Bookable time, you can set your availability and share with your team members or external people.

An image demonstrating how to change your meeting availability from Bookable time in Outlook on the web.

Helpful resources

If you are enjoying Microsoft Bookings, read more about these recently released features:

Introducing follow-up reminders in Microsoft Bookings

Announcing Microsoft Bookings Power Automate connector – now available in Preview!

Using AI and machine learning to deliver the help you need

The Microsoft 365 commercial support team resolves customer support cases and provides support to help you be successful and realize the full potential and value of your purchase. Our support services extend across the entire lifecycle and include pre-sales, onboarding and deployment, usage and management, accounts and billing, and break-fix support. We also spend a considerable amount of time working to improve the supportability of Microsoft 365 services to reduce the number of issues you experience as well as minimize the effort and time it takes to resolve your issues if they do occur.

We’re excited to welcome one of our Microsoft 365 supportability team members to talk more about self-help capabilities for accounts and billing questions.

Brian: Welcome Jessica! Tell us a little about your role and what you’ve been working on.

Jessica: Thanks! I’m a Supportability Program Manager focused on commercial accounts, billing, purchase, and subscription management with Microsoft 365. My job is to review trends within our support volume and determine ways with the help of our engineering team to improve experiences or utilizing our self-help platform to provide customers with the information they need to resolve their issue.

Brian: That’s great. Can you share a quick overview of how the Microsoft 365 self-help experience gets delivered to customers?

Jessica: Sure. The magic is powered by an intelligent self-help platform built on Azure (of course!) that provides relevant and contextual self-help to you using machine learning and service telemetry. When you express your problem by typing in the “How can we help?” box, this gets combined with what we know about different types of customers, the questions they’ve been asking, and the solution assets that are available to show you the right answer at the right time like in the example shown below:

An image demonstrating auto suggestions for a “Change billing information” search query on the Microsoft 365 self-help platform on Azure.

As you type, you’ll also get auto suggestions for common topics, such as change payment methods, change billing information, how to purchase a user license, how do I view my bill, and many others!

Our team devotes a lot of time and effort every day to managing and optimizing the platform and applying our domain knowledge and support expertise to improve the quality of answers. Every month, our self-help solutions help thousands of customers quickly find answers to their accounts and billing questions.

Brian: What types of management and optimization activities are you doing on a regular basis?

Jessica: Our ongoing activities include bucketizing the areas where customers are experiencing issues, setting up rules to point to specific self-help solutions, and determining when to show multiple solutions when queries are too ambiguous to be certain of a solution. The key to all of this is taking historical support ticket data and query input from customers, clustering it, and then using it to train the machine learning models. This is the “secret sauce” so to speak. As you can imagine, it’s a big task and ever-changing and evolving as the service grows and new support scenarios are introduced.

Within the Microsoft 365 commercial commerce space, we have over 100 buckets that utilize machine learning models. Each one requires a minimum of 25 cases to train the model, but most of our models have over 40 data points to cover a wide variety of examples. As a result, we’ve utilized over 4,000 support tickets and customer queries to ensure that our self-help solutions are going to match a variety of related keywords and show the most valuable insight to your query.

Brian: That’s great. Can you take us through a recent real-life example of how you applied this in the Microsoft 365 accounts and billing support area?

Jessica: Sure. In reviewing customer queries, I found hundreds of queries regarding tax registration numbers and determined that customers wanted to know what this number was and how they could input it during purchase.

Brian: And what were the results?

Jessica: Over 500 queries for this solution are submitted monthly and on average, around 80% of those queries receive the information they need without having to create a support case and talk to a support engineer.

Brian: Amazing, and a great example of how these digital capabilities help customers to quickly get the help they need so they can get back to being productive.

Jessica: Absolutely! Every week, we gain new insights and are continually experimenting and trying new things to improve self-help effectiveness and coverage. A recent example of an experiment is utilizing our interactive solutions to help customers who have questions about how to find or understand their bill. We get thousands of queries a month with generic keywords like “invoice” or “bill” and we’ve recently surfaced an interactive solution with billing related selections (shown in the example below) that should help our customers narrow down what area they need help with instead of getting a solution that may be more of an overview.

An image demonstrating a “bill” search query and solutions populated via auto suggestions on the Microsoft 365 self-help platform on Azure.

Brian: Thank you, Jessica, for taking the time today and sharing how AI and machine learning help customers get their accounts and billing questions answered! Any last words before we go?

Jessica: You’re welcome! One final note – within some self-help solutions you’ll see a diagnostic workflow that takes your input and provides an automated solution or prescriptive guidance. Many diagnostics are currently available for Exchange Online and Outlook, SharePoint Online and OneDrive, and Microsoft Teams. Our CSS Modern Work Supportability team builds and manages these solutions with our own in-house DevOps expertise working in close partnership with product engineering teams.

An image demonstrating the diagnostic workflow to validate if the specified user has access to a file on the Microsoft 365 self-help platform on Azure.

As part of our ongoing work, we’ve been honored and proud to give back to communities in need when you use a diagnostic to solve your issue through our Microsoft 365 Diagnostics for Social Good program.

We look forward to sharing more about our progress and plans with self-help and diagnostics in future updates!

Jessica Darby is a Supportability Program Manager on the CSS Modern Work Supportability team focused on accounts, billing, purchase, and subscription management with Microsoft 365.

Brian Stoner is a director on the CSS Modern Work Supportability team where he leads a team of technical and business program managers.

The CSS Modern Work Supportability Team delivers innovative self-help solutions and diagnostics, in-service enhancements, and support programs to help customers get maximum value from their Microsoft 365 commercial subscriptions and create an easy-to-use, connected support experience.

What's new for Microsoft 365 admins at Microsoft Ignite 2022

Banner image for Microsoft Ignite event happening October 12-14, 2022.

Energized and empowered employees are the key to success in the current economic environment, which means embracing a people-first approach, enabling employees to stay connected and helping people learn and stay in the flow of work. The role of IT to drive success in their organizations has grown. The focus for IT is to continue improving end user experiences while maximizing investments in digital workplace tools. To address these needs, we are making continuous investments in Microsoft 365 admin center to help IT admins and other newly emerging roles in the IT department manage day-to-day admin tasks more efficiently, and better prepare for new innovations and service changes, while they help their users get the best experience with Microsoft 365.

Getting the most ROI is even more critical for small and medium-sized business (SMB) customers, and we are adding new capabilities to Microsoft 365 admin center to enable our partners to help them get most of their investments from Microsoft 365.

This year at Microsoft Ignite we are announcing new innovations and improvements for IT admins through the Microsoft 365 admin center aligned to the following areas.

Empowering more roles in the IT department to better address your organization’s growing needs

We’ve added new features to help support the expanding role of IT in driving adoption and consumption of digital tools across the organization, to help maximize ROI and ensure end users have the best possible experience.

Experience insights (currently in targeted release for enterprise organizations with 20,000 or more users) give IT admins, adoption specialists, and change champions an at-a-glance view of core user experience metrics. It’s specifically built as a one-stop shop to help you understand and improve your users’ experience with Microsoft 365 by aggregating relevant data signals across usage and sentiment and providing AI-powered training suggestions. Now, you can use Net Promoter Score (NPS) surveys to see user sentiment and pain points that can help you enhance best practices and recommendations to drive stronger usage and positive user experiences. We’ve also added training suggestions customized to your organization, so your users can get the most out of Microsoft 365 features in the context of their daily work. Learn more about NPS in this article.

Adoption Score is a set of anonymized metrics and tools to help IT admins and adoption specialists improve the everyday experience of their workforce by understanding Microsoft 365 usage patterns—such as the response rate for emails with @mentions over a period of time—and help ensure you are getting the most out of your investment in Microsoft 365. Adoption Score is rolling out two new capabilities in Preview in November 2022: Group-Level Aggregates, which allows IT admins and adoption specialists to filter insights by Azure Active Directory (AD) attributes, including Company, Department, City, State and Country, and Organizational Messages, which enables IT admins to deliver clear, actionable messages in product and in a targeted way.

IT admins and change experts can all use this information—which includes tenant level data only to help ensure user privacy is protected—to drive awareness and adoption campaigns to help users get the most out of Microsoft 365 capabilities. This information also helps IT admins identify trends and proactively address adoption issues. Learn more about Adoption Score here.

Learn more in this on-demand Ignite session from James Bell and Amisha Bhatia:

Realize value through new intelligent capabilities designed for Microsoft 365 admins and adoption specialists

As new products are added to address your organization’s needs, we are adding more admin features to manage these new services in the Microsoft 365 admin center. Today, we are announcing the addition of new capabilities to administer Microsoft Viva. The new Viva admin experience within the Microsoft 365 admin center will help centralize deployment and administration for IT professionals, giving them a left-to-right view of all Viva apps. It will also simplify deployment across the organization through management of licenses, indicate the status of configuration and role assignments.

Helping IT, from enterprise to small business, realize value from Microsoft 365

We continue to innovate in the Microsoft 365 admin center to help IT admins from very small businesses to the largest enterprises manage their environments. Based on your feedback over the last year, we’re adding new features to help you keep your Microsoft 365 environment healthy, make end users successful, and manage change effectively.

Get current to keep your organization productive and secure

Keeping your user’s Microsoft 365 apps and Windows devices up to date not only provides your organization with the latest features and bug fixes, but it also helps keep your organization secure. In June, we announced the preview of a new Software updates page in the Health section of the Microsoft 365 admin center to help you track updates for your Windows and Office clients. This page shows you whether any Windows devices and Microsoft 365 apps are behind on the latest updates. In September, we announced that we would be extending this experience to show customers in an Exchange hybrid configuration the update status of their on-premises Exchange servers. This new Exchange experience is currently in Private Preview.

Manage change effectively across the organization

A big benefit to adopting a cloud service like Microsoft 365 is continuous access to updates and improvements—but that can also be one of the biggest challenges. That’s why we are helping you simplify how you manage change across your organization. A new relevance score in Message center helps you identify the changes most relevant to your organization. This scoring is based on machine learning around service usage in your organization. We’re also improving predictability of when features will roll out, updating Message center posts to communicate a clearer path for how and when features will be rolled out to your tenant. Both Message center enhancements are expected early next calendar year. Learn more about new features in Message center here.

Handle health, monitoring, and support proactively

We’ve made several improvements to help you track the overall health of your Microsoft 365 environment. A new Health dashboard, introduced in July, brings together key info from various Microsoft 365 admin centers, including service health alerts, issues that require your action, software update status, and recommended actions for improving your organization’s health. This dashboard is optimized for smaller organizations where one person or a small team looks after all aspects of Microsoft 365. Learn more about the Microsoft 365 Health dashboard in this article.

Microsoft 365 monitoring (currently in Preview) offers powerful health monitoring capabilities for enterprise customers with more than 5,000 Microsoft 365 E3 or E5 licenses. This data helps you assess the performance of your Microsoft 365 tenant and understand how or if service incidents are affecting your end users. This data is collected and displayed in near real time (every 15 to 30 minutes) and provides links to let you drill down into how each Microsoft 365 workload is performing, to help you investigate the impact of service incidents. You can view up to four weeks of historical data to understand the health status and activity across each workload.

Improve IT efficiency with new features and integrations

To help you simplify administration, we’ve added fast, easy access to whatever you’re looking for with a new global search feature that works across admin centers to create a consistent and predictable search experience for IT admins. You can search for users, groups, and other Azure AD objects, organization-wide settings, specific admin center pages, or documentation. Learn more about search in the Microsoft 365 admin center here.

Giving admins excess permissions is a security risk and broadens the potential impact of administrative mistakes. To help you assign the right amount administrative privileges for each of the admins on your IT team, we’ve added support for Exchange scenarios in administrative units, which you can use to be more surgical in assigning which users each admins can manage. We’ve also created new admin roles like Exchange Recipient Administrator to give you more granular control for who can access what.

To give you access from anywhere and keep you productive on the go, we’ve also continued to invest in the Microsoft 365 admin mobile app. No matter where you’re working, you can use the app (available for iOS and Android devices) to access user administration, group management, license management, and support. You’ll also see notifications for service health, changes, and billing updates, and you can browse the Message center to learn about new features and other upcoming changes. Learn more about the Microsoft 365 admin mobile app in this article.

We know that many of you are managing more than just Microsoft 365, which is why we’ve launched Microsoft 365 support integration in the ServiceNow Store. This integration gives your support personnel instant access to Microsoft 365 insights created by Microsoft product teams and powered by machine learning, so they can assist end users. We’re also introducing the integration of Microsoft 365 recommended solutions with the ServiceNow Virtual Agent to further empower your end users with instant resolution to common issues, and to drive efficiency in your help desk. The integration gives support personnel access to Microsoft 365 support for each incident or task in ServiceNow. Precise targeted solutions are recommended based on the description, along with top web search results from the Microsoft knowledge base repository. Virtual Agent integration can also help in effectively guiding end users through step-by-step troubleshooting. Visit https://aka.ms/m365snowsupport to learn more and enroll in the Preview.

You can now easily migrate from Google Workspace. To simplify copying your content from Google Drive, Migration Manager, which currently sits within the SharePoint admin, will now be native to the Microsoft 365 admin center and introduce improvements like estimated time to migrate, bulk reporting, and migration filters. To offer a centralized experience, Gmail scenarios will also be a click away from the setup page. Learn more about Migration Manager here.

Check out this on-demand Ignite session with Maryam Khabazan and Sandhya Shahdeo:

How to efficiently optimize your environment and manage change using the Microsoft 365 admin center

Enabling Cloud Solution Provider (CSP) partners to become trusted advisors to SMB customers

Many of our partners are finding their time is stretched to the limits, as they struggle to secure and manage Microsoft 365 tenants for more and more SMBs who are undergoing digital transformation. That’s why we’ve added more tools to help partners simplify management and ensure their SMB customers are getting the most out of their Microsoft 365 investments.

Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSP) secure and manage devices, data, and users at scale for SMB customers. Lighthouse helps MSPs standardize tenant configurations with baselines to proactively protect them against cyberthreats. Cybersecurity has never been a higher priority for SMBs, and Lighthouse is THE tool for MSPs to secure and manage their customers’ devices, data, and users at scale. More importantly, Lighthouse is built for partners who are Cloud Solution Providers (CSP) and is free. To learn more about Microsoft 365 Lighthouse and to get started, visit aka.ms/M365Lighthouse.

Granular delegated admin privileges (GDAP) is a security feature that enables partners to implement least-privileged access, improve data security, and enable time-bound access per customer. With GDAP, partners can take the first step in securely managing their customer tenants by setting up delegated access with least-privileged Azure AD roles.

For partners who move between client sites, the Microsoft 365 admin mobile app (available in the Google Play Store or Apple App Store) lets you receive notifications, add users, reset passwords, manage devices, create support requests, and more, all while you’re on the go. We’ve also added multi-tenant support, so partners helping to manage several Microsoft 365 customers can now switch between tenants to stay informed, manage users, groups, and devices, and track and respond to service requests.

For SMBs, we’ve also added a new embedded Microsoft 365 admin app in Microsoft Teams (available in the Microsoft Teams Store) which provides an easy-to-use, simplified view that gives admins the capabilities they need in one place, such as onboarding new users, managing Teams settings and privacy, and opening support cases. Admins can also access the app through the Teams mobile app. Learn more in this article.

We are adding more in-product guidance to support SMB customers to achieve their business goals. The program consists of three key phases: assist, empower, and grow. It starts by asking about the unique goals of your small business to achieve success. Then, it empowers you by offering AI and human-assisted support based on your specific needs. Finally, it helps you maximize the value you are getting out of Microsoft 365 as you grow your business. The program is currently live in some of our support experiences and will begin rolling out in the simplified admin center for certain markets starting this month, with the admin Marketplace and Office.com soon to follow.

Learn more in this on-demand Ignite session with Meg Garland and Nick Seidler:

Empower partners and SMB customers to achieve more with Microsoft 365

Stay connected, watch Ignite session recordings, and join us for a post-Ignite Microsoft 365 admin center AMA on Tuesday, November 1st at 9:00 AM PT to ask questions about news from Ignite. Make sure to RSVP on the event link above!

Check out more Microsoft 365 announcements from Ignite:

Microsoft Editor using Context IQ in Outlook on the web and Word for the web coming soon!

Introducing new AI enhancements in Microsoft 365: New features coming to Microsoft Editor and more!

Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. For news on the development and roll out of the features announced in this blog, check out the Microsoft 365 Roadmap website.

Microsoft wants your ideas on end user adoption & engagement with Microsoft 365 & Office 365

Edit: Survey results as of August 6, 2019: Thank you to all who participated in the survey! Here are the top 5 takeaways from your responses:

Who: Admins and adoption/change management teams start with support from decision-makers and leverage power-users.

Challenges: Lack of time, executive support/budget, metrics, training resources, and the complexity of newer apps.

Needs: Adoption statistics and product roadmaps to help plan, plus training in the form of business scenarios and short, guided tutorials and videos.

MS Comms: It’s ok for Microsoft to communicate to end users only if admins/adoption teams can control/customize frequency and content.

Portal: Admins/adoption teams want all content centrally stored and navigable for easy referral and use.

Survey request as of June 12, 2019: Microsoft is looking for IT professionals like you to provide feedback on end user adoption and engagement for Microsoft 365 / Office 365 through a brief survey. Topics include key challenges in your role, end-user adoption and engagement practices, and preferred communications from Microsoft. Your feedback will help drive the types of content Microsoft develops for you and your end-users.

To qualify for this survey, you must meet the following criteria:

Your role involves end-user training / change management / adoption of Microsoft 365 & Office 365 applications

You are not in government or education sectors

Your organization has at least 150 employees / seats on Microsoft 365 & Office 365 subscription

Microsoft Whiteboard is now generally available for Windows

Note: September 2018 – Microsoft Whiteboard is now available for iOS and for commercial preview on web. Learn more here.

Today we are pleased to announce the general availability of the Microsoft Whiteboard app for Windows 10. Whiteboard gives teams a freeform, intelligent canvas for real time ideation, creation, and collaboration. Since releasing a preview of the app in December, more than 200,000 customers have helped us fine tune the feature set and end user experience. Based on their feedback we’ve added a number of new features, including text notes, the ability to add and manipulate images, enhancements to shape and table recognition, accessibility improvements, compliance with various global standards, and more. In addition, the Whiteboard app for iOS and preview on the web will be coming soon. These releases will mark an important milestone in our journey to make Whiteboard the best tool for freeform collaboration across platforms and form factors.

Create freely, work naturally

Whiteboard provides an infinite canvas where imagination has room to grow. Draw, type, or add images. Use sticky notes to organize ideas. Stack things up and move them around. Designed for pen, touch, and keyboard, Whiteboard allows you to share your ideas naturally. Intelligent ink recognizes shapes and makes creating tables a snap. And because the canvas expands along with your creations, you never have to worry about running out of space.

Work together in real time, wherever you are

Whiteboard brings a team together* – and gives them space to create. Teammates can huddle around a large touchscreen in the same room or work together on their own devices from around the world⁺. And, avatars on the canvas help you keep track of who is doing what and bring a natural rhythm to the interaction.

Save automatically, resume seamlessly

Forget taking photos of conference room whiteboards or marking them with “Do Not Erase.” With the Whiteboard app, your brainstorming sessions are saved automatically to the Microsoft cloud, so you can pick up where you left off, whenever – and wherever – inspiration strikes next.

To start using Whiteboard on your Windows 10 device, download the app for free at the Microsoft Store and log in with your Microsoft account (Outlook, Hotmail, Live, Xbox, etc.) or Office 365 account (work or school).

—–

* Whiteboard currently supports collaboration within Office 365 tenants for commercial customers, and across personal accounts for customers with a Microsoft account. Collaboration across multiple Office 365 tenants is planned for future release.

⁺Microsoft Whiteboard is available as an app for all users on Windows 10 devices. For commercial users, the Whiteboard app will be coming soon to iOS devices and will be accessible from other devices via the Whiteboard web client (preview).

For more information, see the FAQ.

Application Guard for Office is now generally available!

As of today, Application Guard for Office is now generally available.

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that’s isolated from the device through hardware-based virtualization. When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container. This feature will be off by default.

Here is the installation guide to get started:
Application Guard for Office 365 for admins – Office 365 | Microsoft Docs

Customers will receive a Message center post on Wednesday, 1/27/2021. Microsoft 365 Roadmap Featured ID is 67101. Application Guard for Office is only available to organizations with a Microsoft 365 E5 or Microsoft 365 E5 Security license.

Deploy Microsoft 365 Apps to remote workers

This blog post will address the enterprise IT admin’s challenge on how to deploy Microsoft 365 Apps to remote workers without saturating the company’s VPN connections. It will show you how to implement a tactical approach which allows an IT admin to stay in control and quickly relief the pain of VPN congestion by offloading content distribution to the Microsoft Content Delivery Network (CDN). Maybe you are in the process of moving off legacy versions of Office and want to keep the pace with e.g. the Office 2010 end-of-support approaching fast. There are multiple strategic solutions available (e.g. Intune and Windows Autopilot), but for now we focus on a quick fix.

Overview of blog post series

This blog post is part of a series, which is brought to you by the Office Rangers Team at Microsoft, a group of senior deployment experts. The series provides guidance on how to address scenarios around working-from-home across the lifecycle of an Microsoft 365 Apps installation:

Initial install – How to upgrade to Microsoft 365 Apps with minimal on-prem network impact for remote workers (this post)
Servicing – Configuring Microsoft 365 Apps updates for remote workers using VPN
Managing – Adding e.g. Project, Visio or additional Language Packs in “Building dynamic, lean & universal packages”
How to secure your remote workers with Office Cloud Policy Service

We hope this will help you to minimize the impact of deploying, servicing and managing Microsoft 365 Apps on your own network and your user’s VPN connections.

The Concept

With the approach described below, we want to achieve two things:

Keep IT admins in control what happens when by continue using your enterprise management solution like Microsoft Endpoint Configuration Manager (formally known as System Center Configuration Manager (SCCM))
Offloading the content distribution to Microsoft’s CDN to allow remote user to leverage their local internet connection instead of pulling large source files from your ConfigMgr Distribution Points over VPN connections

We will walk you through the process on how to adjust an existing Microsoft 365 Apps deployment package for a hybrid approach, update your sources and ensure that the source file download will bypass your VPN.

Step 1 – Adjust your deployment package

To allow remote users to leverage their local internet connection for source file access, we have to remove the source files from the Configuration Manager application. Navigate to the folder which is holding your software sources, locate the “office” folder and delete it:

In the above example, 11 Language Packs were included in the deployment package, bumping the size up to 6+ gigabytes. Keep the setup.exe as well as any configuration files located in the folder. This reduces the size of your deployment package to less than 10 megabyte. That’s a huge saving on your VPN connections.

In case you don’t have an Microsoft 365 Apps installation package yet, you can use the built-in wizard to create one. Maybe you want to adjust the handling of languages, instead of hard-coding those you might want to use MatchOS or MatchPreviousMSI. After that, apply the steps above.

Step 2 – Update the content sources

If your application was already synced to Distribution Points, those still have the larger package cached. Navigate to Software Library > Application Management > Applications, select your application, switch to the Deployment Types Tab, right-click the appropriate entry and click Update Content.

This will re-sync any changes to your Distribution Points, so those will now also have the smaller deployment package ready to sync to devices.

Step 3 – Verify VPN configuration and deploy

Once a client has received the smaller deployment package through ConfigMgr and kicks off the installation, it will download the source files directly from the Microsoft CDN. It is important to ensure that your devices can actually reach out to those endpoints directly and don’t backhaul through the VPN tunnel. We published guidance on how to enable so-called VPN split-tunneling, the endpoints relevant for Microsoft 365 Apps source file download are listed at Office 365 URLs and IP address ranges as entry #92.

If you already have an active deployment of the newly-updated package, clients will start receiving it after the Distribution Points have finished syncing the changes. If you want to start with a fresh deployment, just follow the regular guidelines in your organization.

Step 4 – Leverage peer caching to reduce on-prem traffic (optional)

The following step is not required, but highly recommended. In order to use the same deployment package for your remote and on-premises workers, we recommend to configure and enable Delivery Optimization for Office in combination with Connected Cache. This will enable your on-prem devices to share content which is no longer included in the deployment and greatly reduce the load on your corporate internet connection.

FAQ

Q: We usually controlled which build is installed by embedding the matching source files. How can I control this now?
A: By default, setup will fetch the latest build available for the specified update channel. You can use the version attribute in the configuration file to specify a build. This might be important if your organization is wants to deploy the older SAC feature release.

The Authors

This blog post is brought to you by from the Microsoft 365 Apps Ranger Team at Microsoft. Feel free to share your questions and feedback in the comments below.

Network optimization tips for on-premises Office installs and updates

There are a variety of scenarios including but not limited to, installations of Office using Content Delivery Network (CDN), lean 2nd installs (removing the Office source files from the install packages), right-sized first install (only include most used language packs), and default behavior where Office stays up to date using CDN. Microsoft recommends optimizing these network operations because a device can get portions of the content from other devices on its local network instead of having to download the update completely from Microsoft CDN. The goal of this article is to provide solutions for challenges collected from customers in the field.

Typical challenges we’ve heard from our customers

Office updates are too large.
Too many egress points within on-premises network when obtaining content.
In a remote work world, we need a solution to address on-premises and remote users.
Are there additional costs for this optimization? (Spoiler…NO!)
Fear of increased complexity for office installs and updates.
Can my compliance deadlines still be met?

Solution: Use Windows Delivery Optimization (DO) or if available, Microsoft Endpoint Configuration Manager Connected Cache

All of these above concerns can be addressed with this proposed solution. You can use Delivery Optimization (DO) to reduce bandwidth consumption by sharing the work of downloading Office content among multiple Windows 10 devices in your deployment. DO can accomplish this because it is a self-organizing distributed cache that allows clients to download content from alternate sources (such as other peers on the network). Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that to use the peer-to-peer functionality of DO, devices must have access to the DO cloud service end points.

Optionally, customers who use Microsoft Endpoint Configuration Manager can take advantage of a feature called Configuration Manager Connected Cache which delivers a powerful combination of DO plus Connected Cache leading to high hit rates for content searches. If the cache doesn’t contain necessary files, Configuration Manager Site Server will download content to Distribution Point to populate cache, based on the client needs. In this way, customers have far more flexibility in terms of supporting different architectures and languages as manual downloads are no longer required as they’ve been replaced by a dynamic workflow as well as making use of existing capital investments.

Prerequisites for solution

At least Office Version 1808 for background updates
At least Office Version 1908 for installing or user-initiated updates
Windows 10 Delivery Optimization
- For communication between clients and the Delivery Optimization cloud service:
  *.do.dsp.mp.microsoft.com.
  *.dl.delivery.mp.microsoft.com
  *.emdl.ws.microsoft.com
  
  Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don’t allow inbound traffic over port 7680, you can’t use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
- If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a “NAT traversal” setting in your firewall to set this up.
  
  Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
- Recommended (if existing Configuration Manager customer, use Microsoft Connected Cache combined with Delivery Optimization)

Implementation steps.

1. Operationally, stop any future software updates for Microsoft 365 Apps for enterprise using Configuration Manager

Group Policy or Configuration Manager Client Settings require setting “Management of Microsoft 365 Apps for enterprise” (formerly known as Office 365 Client Management) to Disabled in order to restore default functionality where software update workflow for Office updates uses CDN not Configuration Manager. When available, Connected Cache feature will be enabled but software updates workflow for Office using Configuration Manager will no longer be used.

2. Configure Group Policy for Microsoft Office 2016 (Machine)/Updates

Enable Automatic Updates	Enabled
Hide option to enable or disable updates	Enabled
Management of Microsoft 365 Apps for enterprise	Disabled
Update Deadline	3 (Deadline count starts once content download has completed on client)

3. Configure Group Policy for Microsoft Office 2016 (Machine)/Updates

Allow uploads while the device is on battery while under set Battery level (Percentage)	Enabled (60)
Delay background download from http (in secs)	Enabled *Higher time will increase likelihood of finding peer but slow background update. Example (240)
Delay foreground download from http (in secs)	Enabled (60)
Download Mode	Enabled (Group 2)
Enable Peer Caching while the device connects via VPN	Disabled
Minimum Peer Caching Content File Size (in MB)	Enabled (1)
Select a method to restrict Peer Selection	Enabled (subnet)
Set Business Hours to Limit Background Download Bandwidth	Enabled

4. (optionally) Configure Connected Cache for Microsoft Endpoint Configuration Manager

Navigate using Configuration Manger Console to AdministrationOverviewDistribution Points and select properties of Distribution Point. Enable Connected Cache by checking box and designate LUN to host cached content.

Navigate using Configuration Manger Console to panel AdministrationOverviewHierarchy ConfigurationBoundary Groups. Select each on-premises boundary group and enable selection highlighted below. (toggle on other selections based on your environment preferences)

Finally, using Configuration Manger Console Navigate to AdministrationOverviewClient Settings, enable options below.

How to verify DO and Connected Cache are working?

1. Deploy Office to validation machine where per Update history for Microsoft 365 Apps (listed by date) build is N-2.
For example, at the time of this writing, today is “Patch Tuesday” so August 2020 Monthly Enterprise Channel is Version 2006 (Build 13001.20520). The reference machine should have June 2020 Version 2004 (Build 12730.20430) installed. This should result in Office moving to N-1 or N (depending on CDN throttle).

2. Allow up for 24 hours for scheduled task Office Automatic Updates 2.0 to detect and perform Office update.
For accelerated lab testing consider moving system clock forward by one day prior to running scheduled task.

3. [Client] Use PowerShell on Windows client to verify Office content used DO and Conncted Cache.

PS C:Windowssystem32> Get-DeliveryOptimizationStatus

Search for field FileID from the list which contains string STREAM_X64_X_NONE or STREAM_X86_X_NONE for details which contains the build. (this is largest file containing Office). For the test, your looking for FileId is 95D2EE60-C9D3-45E4-876D-BAE16D758A87_16_0_13001_20520_STREAM_X64_X_NONE.
Search for fields under FileID such as FileSize, TotalBytesDownloaded, BytesFromPeers, BytesFromHttp and BytesFromCacheServer. In my lab, the FileSize was 1863339050 bytes or 1.86 GB. Referencing TotalBytesDownloaded, the Office client using DO only downloaded 516967466 bytes or 517 MB because only the necessary pieces were downloaded not the entire Office build. Further, using BytesFromCacheServer I can confirm the 517 MB was downloaded from Configuration Manager connected cache, not egress to internet.
*In the example the client was N-2 plus Office was a new version which contributed to larger download.

4. [Server] Check the Configuration Manager Connected Cache disk for build.

Browse the Connect Cache disk and explore content under officecdn.microsoft.com.edgesuite.net to find dynamically populated content for latest Monthly Enterprise Channel 16.0.13001.20520

Conclusion:

Delivery Optimization and Microsoft Connected Cache provide a powerful and low cost of ownership method for Office installations and updates using peer to peer sharing technologies.

FAQ

Are there some additional references for Delivery Optimization and its capabilities?

Are there some additional references for Configuration Manager and Connected Cache?

Where can I obtain more information about VPN and remote configuration options?

Can we use a third-party Configuration Manager alternate content provider with this solution?

No, alternate content providers typically depend on Configuration Manager software update workflow which won’t be used in scenario above.

For the UpdateDeadline GPO, how does that impact the end user experience?

Please see section “User Experience when updating from CDN” from blog posting Understanding Office 365 ProPlus Updates for IT Pros (CDN vs SCCM)

The Authors

This blog post is brought to you by and , two Office Rangers at Microsoft. We’re looking forward to your questions and feedback in the comments below.

Boost security of your remote workers with confidence using Security Policy Advisor

When it comes to securing the Microsoft 365 Apps using policies, IT Pros often face a challenge: You want to tighten security as much as possible to keep the bad guys out, but at the same time you do not want to impact your user’s productivity. And you would like to be able to evaluate the potential impact of a security config change before fully enforcing it. Sounds familiar? Then this blog post is for you!

This post will show you how to leverage the Security Policy Advisor (SPA) to identify slack in your security configuration, make changes to your policy settings and validate the new config first before enforcing them, reducing the risk to impact user productivity. The data-driven service allows you to make decisions based on facts like actual feature usage or if your users are already under attack by e.g. malicious Office documents being sent to them, rather than just guessing what the impact of a change might be.

Overview

With more people working from home, traditional security layers like working on a trusted network or trusted device are going away. It becomes more important to meet the user where they are and providing a secure setup without affecting their productivity. The Security Policy Advisor (SPA) is a service hosted in your tenant, so you can put it to work within minutes. No need for any on-prem infrastructure.

SPA uses the Office cloud policy service (OCPS) to enforce security policies in the Office applications. Such policies are bound to the AzureAD user identity, independent from the actual device used or how this device is managed (if at all). When a user signs into an Office application using their work credentials, SPA and OCPS will ensure that the policies are applied, at home or at work, on corporate and personal devices.

SPA currently supports several security policies, but in the following article we will focus on one policy which can drastically reduce your exposure to attacks targeting Office: VBA Macro Notification Settings. If you are an Office Desktop Admin, it is likely that you have had to deal with this dilemma: Restrict macro execution to protect your users and enterprise from malware attacks like this one or leave it enabled so you don’t risk impacting users productivity? Sounds familiar? OK, let’s look at an example on how you could tackle this challenge.

Step 1 – Review requirements and create policy configurations

There are only two requirements for using Security Policy Advisor:

Devices must run at least version 1908 of Microsoft 365 Apps for enterprise.
Apps must be allowed to send required service data for Office.

Use the Office cloud policy service (OCPS) to create a policy configuration. You are not required to configure any policies in this configuration to receive recommendations. Have a look at our OCPS walkthrough guide for further guidance on using OCPS.

Step 2 – Enable Security Policy Advisor

Next step is to enable SPA. Navigate to config.office.com, sign in with Global Administrator, Security Administrator, or Office Apps Admin permissions and click on Security. Toggle the switch to On.

That’s it. If you have policy configurations created in OCPS, SPA will now start generating recommendations for those. This happens quickly, typically within minutes. You can also create a policy configuration from Security Policy Advisor using the Create a policy configuration button.

Step 3 – Review recommendations and tighten up security

Once Security Policy Advisor has finished analyzing data, it will inform you of new recommendations. You can click through the policies and see a full list of settings to consider:

For each policy you can review more details by clicking on it. It will give you more information on how many users have actually used the feature and for specific settings (macros) also data on any attacks through this vector targeted at users in the group. Here’s an example of how the data might look like for the VBA Macro Notification Settings policy recommendation.

So in this case, you can see that no user has actually opened Excel documents with macros (Total users), but all users have been targeted by malicious macros. So there is a big opportunity to boost security without impacting the user’s productivity. SPA provides you the information you need to justify this change and take it through a change management process.

That’s one of two features which give you confidence when using SPA: You will get historical data based on the actual usage of the Office apps as well as any attacks detected by Office 365 Advanced Threat Protection (ATP). No more guessing if a certain user group is actually using a feature and is at risk by not restricting it. You get actionable data and should act on it.

Perhaps you still have reservation acting on these recommendations and data. This is where the second feature comes in handy: You can set a policy, but allow the user to override it. The above example strongly suggests to disable VBA notifications as users are not using this feature and are under attack. But we might want to flight this new setting to users first and monitor impact.

So in this example you would review the data for each of the VBA Notifications settings (there is one per application), accept the recommendation to disable VBA macros, but set Override to Enabled.

After clicking Apply, the new policy is set and will disable VBA macros for all targeted users. In case a user opens a document with macros embedded, a notification is shown that the VBA macro was disabled. In addition, the user is given an option to override this policy and still enable macros. When they do, this information is captured and surfaced back to you in the admin portal.

This approach combines the power of having insights into historical data, but also safely try out a more restrictive security configuration.

Step 4 – Monitor productivity impact and adjust configuration

After a given time, e.g. two weeks, you can review how often users have actually used the option to override the setting. Log into the SPA UI, select the policy and switch to the Applied policies tab. Clicking on the individual setting will bring up the policy details and you can review how many users have overridden the setting.

In the above example, you could go forward with confidence and disable the override to boost overall app security. You first must roll back the policy, select the policy from the recommendations tab again and re-deploy with user override disabled.

In case users opted to override the setting, you might want to move these users to another Azure AD security group and targeted them with a less strict security configuration using OCPS.

Step 5 – Iterate

A common statement in IT security is “Security is not a one-time activity, it is a process” and this is also true when it comes to securing Office applications. After deploying the VBA notification setting, you should start looking at the other available policies like:

Block macros in Office files from the internet
Disable All ActiveX
Check ActiveX objects
Blocking legacy file formats

We recommend that you first check if there are any recorded attack attempts for the Block macros in Office files from the internet settings. If yes, you might want to focus on these first to quickly reduce your attack surface. Then work your way through the list over time. This will boost your security stance step-by-step by removing any slack. Revisit the dashboard on a regular base to monitor impact and adjust policies where needed.

By default, we will show recommendations with a low productivity impact first. You can switch the Show all recommendations toggle to get a full view:

It is key to find the right balance between being restrictive and still allowing people to do their job. If security is too restrictive, users often start to work around these limitations and this might be a greater impact to your security posture then having a configuration which is not cranked up to the maximum.

About the Authors

For this blog post the Microsoft 365 Apps Ranger Team at Microsoft partnered with the engineering team behind Security Policy Advisor. Feel free to share your questions in the comment section. For feedback on SPA, please use the feedback functionality in the config.office.com portal, it will get routed directly to the SPA team.

FAQ

Q: SPA is not generating any recommendations, what could be wrong?
A: Double check if required diagnostic data is enabled in your environment and devices can upload the data to the required endpoints.

Q: Required diagnostic data is enabled, still nothing. What else could be the cause be?
A: SPA needs a certain share of users to report data back to generate recommendations per group. Double-check if most users in a targeted group are active Microsoft 365 Apps users and have diagnostic data enabled.

Changes to the Office 365 Groups Tech Community

As we announced last month, to reflect the fact that Office 365 Groups power collaboration across Microsoft 365, Office 365 Groups will become Microsoft 365 Groups. These changes will happen over time and will be reflected in all the connected endpoints over the next couple of quarters.

To align the Tech Community with the name change, we are also creating a new Community Hub called Microsoft 365 Groups. This new Hub will replace the existing Office 365 Groups community. Folks who are existing members of the Office 365 Groups Community Hub will be automatically joined as members of the new Hub. In addition, content from the conversation spaces in the Office 365 Groups Community Hub will be migrated to the Microsoft 365 Groups Hub, and the Office 365 Groups Hub will be redirected to the new Microsoft 365 Groups Hub. By migrating membership and content to the new Community Hub, we are making this move seamless and transparent for you, although you will need to update your bookmarks/favorites, as the URL will be changing.

We are making the transition on June 30, 2020, and we wanted to give everyone notice before doing so. The new Microsoft 365 Groups community will be your place to discuss best practices, news, and the latest topics related to Microsoft 365 Groups. It is intended as a place for sharing information and discussions.

Thanks for your help keeping the Office 365 Groups community a vibrant and useful place, and we look forward to seeing you in the new Microsoft 365 Groups community in the future!

–The Microsoft 365 Groups team

How to Optimize Stream & Live Events traffic in a VPN scenario

During this current COVID-19 crisis, many organizations have had to rapidly implement a work-from-home model for the majority of their users. For many, this means an enormous increase in load to the VPN infrastructure as all traffic is traditionally sent via this path that was invariably not designed for the volume or type of traffic now reliant on it.

To improve performance, and also reduce load on the VPN infrastructure, many customers have achieved significant results by following the Microsoft guidance to implement split tunneling (or forced tunnel exceptions to use the correct technical term) on the Optimize-marked Office 365 endpoints. This traffic is high-volume and latency-sensitive traffic, and thus sending it directly to the service solves the problems outlined above and is also the designed best practice for these endpoints.

Microsoft 365 Live Events (Teams-produced live events and those produced with an external encoder via Teams, Stream, and Yammer) and on-demand Stream traffic are not currently listed within the Optimize category with the endpoints listed in the ‘Default’ category in the Office 365 URL/IP service. The endpoints are located in this category as they are hosted on CDNs that may also be used by other services, and as such customers generally prefer to proxy this type of traffic and apply any security elements normally done on diverse endpoints such as these.

In most organizations the traffic is internally routed via a network path that is designed to cope with the load and provide latency at a level that doesn’t impact service quality. With the switch to large scale remote working, many customers have asked for the information required to connect their users to Stream/Live Events directly from their local internet connection, rather than route the high-volume and latency-sensitive traffic via an overloaded VPN infrastructure. Typically, this is not possible without both dedicated namespaces and accurate IP information for the endpoints, which is not provided for the Default marked Office 365 endpoints.

Microsoft is working to provide more-defined and service-specific URL/IP data to help simplify connectivity to the service for the VPN connection model but as you can imagine for a global SaaS service like Office 365, this is not something which can be achieved overnight. Therefore, in the interim we’ve been working on interim methods to meet customer demand for this information. As a result of some changes we were able to perform relatively quickly, we are able to provide the following steps to allow for direct connectivity for the service from a client using a forced tunnel VPN.

This is slightly more complex than normal to implement (requiring an extra function in the PAC file) but should provide a comprehensive solution to this challenge until such time as we can rearchitect the endpoints so as to simplify connectivity requirements.

To implement the Forced tunnel exception for Teams Live Events and Stream, the following steps should be applied:

1. External DNS resolution.

The client needs external, recursive DNS resolution to be available for the following FQDNs so they can resolve host names to IPs.

*.streaming.mediaservices.windows.net
*.azureedge.net
*.media.azure.net

It is important to note, it is not advised to just use these URLs to configure VPN offload even if technically possible in your VPN solution (eg if it works at the FQDN rather than IP). This is due to the fact some of these endpoints are shared with other elements outside of Stream/Live Events and as such the IPs provided below are not comprehensive for that FQDN, but are for Teams Live Events/Stream.

2. PAC file changes (Where required)

In most organizations, a PAC file will be used in a VPN scenario to configure the client to send traffic either direct, or via the internal proxy server. Normally this is achieved using FQDNs. However, with Stream/Live Events, the namespace provided currently includes wildcards such as *.azureedge.net, which also encompasses other elements for which it is not possible to provide full IP listings. Thus, if the wildcard is sent direct, traffic to these endpoints will be blocked as there is no route via the direct path for it in step 3.

To solve this, we’re able to provide the following IPs and use them in combination with the FQDNs in section 1 for Stream/Live Events in an example PAC file. The PAC file checks if the URL matches those used for Stream/Live Events and then if it does, it then also checks to see if the IP returned from a DNS lookup matches those provided for the service. If both match, then the traffic is routed direct. If either element (FQDN/IP) doesn’t match then the traffic is sent to the proxy. This way we ensure anything which resolves to an IP outside of the scope of Stream/Live Events will traverse the proxy via the VPN as normal.

Table 1: IP addresses for Live Events & Stream

IPv4	IPv6
72.21.81.200	2606:2800:011F:17A5:191A:18D5:0537:22F9
152.199.19.161	2606:2800:133:206E:1315:22A5:2006:24FD
117.18.232.200	2606:2800:0147:120F:030C:1BA0:0FC6:265A
192.16.48.200	2606:2800:0157:1508:1539:0174:1A75:1191
93.184.215.201	2606:2800:11F:7DE:D31:7DB:168F:1225
68.232.34.200	2606:2800:133:F17:19E8:2356:251B:02A9
192.229.232.200	2606:2800:0147:0FF8:129B:22EB:020B:1347

To implement this in a PAC file you can use the following example which sends the Office 365 Optimize traffic direct (which is recommended best practice) via FQDN, and the critical Stream/Live Events traffic direct via a combination of the FQDN and also the returned IP address. Contoso would need to be edited to your specific tenant name where contoso is from contoso.onmicrosoft.com

Example PAC file

function FindProxyForURL(url, host)

{

var direct = “DIRECT”;

var proxyServer = “PROXY 10.1.2.3:8081”;

//Office 365 Optimize endpoints direct

if(shExpMatch(host, “outlook.office.com”)

|| shExpMatch(host, “outlook.office365.com”)

|| shExpMatch(host, “contoso.sharepoint.com”)

|| shExpMatch(host, “contoso-my.sharepoint.com”))

{

return direct;

}

/* Don’t proxy Stream/Live Events traffic*/

if(shExpMatch(host, “*.streaming.mediaservices.windows.net”)

|| shExpMatch(host, “*.azureedge.net”)

|| shExpMatch(host, “*.media.azure.net”))

{

var resolved_ip = dnsResolve(host);

if (isInNet(resolved_ip, ‘72.21.81.200’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘152.199.19.161’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘117.18.232.200’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘192.16.48.200’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘93.184.215.201’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘68.232.34.200’, ‘255.255.255.255’) ||

isInNet(resolved_ip, ‘192.229.232.200’, ‘255.255.255.255’))

{

return direct;

}

// Default Traffic Forwarding.

return proxyServer;

}

It’s worth stressing again, it is not advised to attempt to perform the VPN offload using just the FQDNs, utilizing both the FQDNs and the IPs in the function helps scope the use of this offload to just Stream/Live Events. The way the function is structured means that only if the FQDN matches those listed, do we perform a DNS lookup for it i.e DNS does not have to be performed for all namespaces used by the client.

3. Configure routing on the VPN to enable direct egress

The final element is to add a direct route for the Live Event IPs in Table 1 into the VPN configuration to ensure the traffic is not sent via the forced tunnel into the VPN. Detailed information on how to do this for the Office 365 Optimize endpoints can be found in this article, and the process is exactly the same for the Stream/Live Events IPs listed in this document.

FAQ:

Question: Will this send all my traffic for the service direct?

Answer: No, this will send the latency-sensitive streaming traffic for a Live Event or Stream video direct, any other traffic will continue to use the VPN tunnel if they do not resolve to the IPs published.

Question: Do I need to use the IPv6 Addresses?

Answer: No, the connectivity can be IPv4 only if required.

Question: Why are these IPs not published in the Office 365 URL/IP service?

Answer: Microsoft has strict controls around the format and type of information that is in the service to ensure customers can reliably use the information to implement secure and optimal routing based on endpoint category.

The default endpoint category has no IP information provided for numerous reasons, such as it being outside of the control of Microsoft, is too large, or changes too frequently, or is in blocks shared with other elements. For this reason Default marked endpoints are designed to be sent via FQDN to an inspecting proxy, like normal web traffic.

In this case, the above endpoints are CDNs that may be used by other elements other than Live Events or Stream, and thus sending the traffic direct will also mean anything else which resolves to these IPs will also be sent direct from the client. Due to the unique nature of the current global crisis and to meet the short-term needs of our customers, Microsoft has provided the information above for customers to use as they see fit.

Microsoft is working to reconfigure the Live Events endpoints to allow them to be included in the Allow/Optimize endpoint categories at a later date.

Question: Do I only need to allow access to these IPs?

Answer: No, access to all of the ‘Required’ marked endpoints in the URL/IP service is essential for the service to operate. In addition, any Optional endpoint marked for Stream (ID 41-45) are required.

Question: What scenarios will this advice cover?

Answer:

1. Live events produced within the Teams App

2. Viewing Stream hosted content

3. External device (encoder) produced events

Re: How to quickly optimize Office 365 traffic for remote staff & reduce the load on your infras

I thought to use rule like following to be able to impact only audio/video streams:

if(shExpMatch(host, "*.streaming.mediaservices.windows.net"))
{
	var host_ip = dnsResolve(host);
 
	/* Check if Stream services are targets */
	if (isInNet(host_ip, '72.21.81.200', '255.255.255.255') ||
	isInNet(host_ip, '152.199.19.161', '255.255.255.255') ||
	isInNet(host_ip, '117.18.232.200', '255.255.255.255') ||
	isInNet(host_ip, '192.16.48.200', '255.255.255.255') ||
	isInNet(host_ip, '93.184.215.201', '255.255.255.255') ||
	isInNet(host_ip, '68.232.34.200', '255.255.255.255') ||
	isInNet(host_ip, '192.229.232.200', '255.255.255.255'))
	{
		returndirect;
	}

    return proxyServer;                
}

Then I could minimize the DNS queries. And above code is just a snap, not full .PAC file 🙂

Re: How to manage Office 365 ProPlus Channels for IT Pros

I just tested this, and it works exactly as you’ve outlined. On my clients Updates Enabled is set to True, so really, I think the only difference in the configuration you provided was the Accept EULA. I didn’t have that in mine, so I guess that’s why it wasn’t working? (I am using the latest ODT client) If the accept EULA is required, can we add that to the channel change example templates? As far as I can tell, that’s what was throwing me off. I appreciate you taking the time to provide detailed responses here. It’s been super helpful.

Have a great day!

Re: Understanding Office 365 ProPlus Updates for IT Pros (CDN vs SCCM)

, I’m taking the lazy approach. Let the C2R do its job, Microsoft improved a lot here and it is working smoothly. Via collections I’m identifying the amount of clients under each major version and if I see higher amount of clients stuck in older version I’ll dig into it.

We had SCCM management in place where the source was DFS share, not happy with it, always to keep the sources up-to-date. We thought about SCCM/CDN but we asked ourselves why to administrate SCCM to tell C2R what to do as C2R is already grown up and can handle it on its own.

We’re installing all O365 applications, language packs and proofing tools through CDN/DO, why not doping it with the updates, too.

SCCM has of course the monitoring and reporting capabilities, I’m missing those in the cloud but rumors say they are coming at some point.

So far relying on the hardware inventory is ok with me.

I’m interested to hear from your experience with SCCM/DO

« Older Entries

Next Entries »