We hope you enjoyed your holiday even in these strange times, we from the WMUG_NL did and are looking forward to organize meetings again for our still growing community.
For tomorrow, September 15th we are proud to announce that Ronny de Jong, lead consultant and Enterprise Mobility & Security MVP at InSpark will host a session about: “Improve the user experience of your workplace with “Insight-driven IT” Endpoint Analytics, a first impression!”
Microsoft 365 changes regularly, changes are implemented almost on a daily basis and as an Admin responsible for the service you must be aware of which changes are coming to your tenant.
In order to inform administrators Microsoft uses the Message Center. From within the message center administrative users are also automatically subscribed to weekly digest and major update emails. Within the message center message are categorized in the following categories:
This week Microsoft announced through the message center (MC220853) they are rolling out the External Email Forwarding Controls functionality for customers with Office 365 Advanced Threat Protection (ATP) licensed.
Update August 31, 2020: Microsoft has now communicated the following in the message center: For organizations that have some users externally forwarding prior to September 1st 2020 the setting “Automatic” will default to “On” and we will contact you separately when this will change for your tenant. The setting in my own tenant is still set to automatic though, perhaps it will change tomorrow (September 1). I’m for sure will test whether this has impact.
You should ask yourself, do I want my users to able to download the Office Apps on devices on which they have rights to install software and use Office Apps on those devices consuming one of the licenses the user has? Of no keep reading.
I have been following this feature request for a while now, and up until recently Microsoft stated that implementing Azure AD role assignment for Azure AD groups wasn’t the issue, the issue was more related to who is able to manage those groups. For example, if enabled how can we circumvent that someone with the “User Administrator” role (capable of adding users to groups) is capable of adding someone to the group used to assign Global Administrator rights. When implemented incorrectly, this new “feature” could then introduce a new security risk in your environment.
Assigning groups to Azure AD roles requires an Azure AD Premium P1 license at minimum, for the Privileged Identity Functionality an Azure AD Premium P2 license is needed.
Disclaimer: This post reflects the status of assigning groups to Azure AD roles as of August 20, 2020. Functionality may change, even right after this post has been published.
So, let’s walk through on what was announced and see..
In October 2019, Microsoft announced that it would enable end users to buy and manage their own licenses within their corporate account. At that time this “feature” was announced for the Power Platform: PowerApps, Flow (now Power Automate) and Power BI.
After that announcement Microsoft received critical feedback from tenant administrators where eventually Microsoft allowed tenant administrators to disable this functionality using PowerShell, the self-service feature is enabled by default in every tenant though.
Last week, on August 12th Microsoft announced that they will expand this functionality and also allow end users to buy Visio and Project licenses in the same way starting September 15th 2020 (at time of writing in less than a month).
After returning from my holiday this year, I noticed a welcome addition to the Threat Management Policy page in the Office 365 Security & Compliance center called “Templated Policies”, for now the section Templated policies contains one section called “Preset security policies”
One of the scenario’s we can build with Conditional Access, is the scenario where we restrict access inside the web application itself. By doing so, you could for example limit the functionality of the web applications on non-managed devices, or when accessing the web application from a country where your company normally doesn’t operate. The web applications can be configured to behave differently if the user is applicable for a Conditional Access policy where App Enforced restrictions are configured.
Within the Office 365 suite of applications, the following web applications are supported for App Enforced Restrictions:
Outlook Web Access
SharePoint and OneDrive
In this post I will go into detail on how to setup these app enforced restriction and what the expected behavior will be from an end-user perspective.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.