Wednesday, October 24, 2018

Restore your data in #OneDrive for Business

Introduction:

Restore feature has been added to OneDrive for Business, this feature allows to restore files any time during the last 30 days. So, users will be able to use this feature and restore the file to a specific period of time.
Restoring file:
  1. Sign in to your OneDrive for Business using work account credentials.
  2. Choose Settings.
  3. Then choose “Restore your OneDrive”.
  4. Select a Date, you can select either ‘One week ago’, ‘Three weeks ago’ or you can also select a custom date and time.
  5. So, in this case, I am choosing a custom date and time. Also, choose the period of days and files you need to restore. After choosing the files click on ‘Restore’.
  6. Click on Restore on the confirmation pop up.
  7. Once the files are restored click on ‘Return to my OneDrive’ and you will be able to see your restores files.

Conclusion:

This is a great and very much wanted feature has been added in OneDrive for Business that will save a lot of efforts and users will be no more worried about OneDrive data.

Tuesday, October 16, 2018

Learn how to use Document Fingerprint in #ExchangeOnline

Introduction:

If your organization uses forms to collect sensitive information, Document Fingerprint makes it easier for you to protect this information by identifying standard forms that are used throughout your organization.
Document Fingerprint is a feature of Data Loss Prevention that converts a standard form into a sensitive information type which you can use to define DLP Policies.

Working:

Documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document and creates a document fingerprint based on that pattern and uses that document fingerprint to detect outbound documents containing the same pattern.

Limitation:

Document Fingerprint DLP agent will not detect sensitive information in the following cases:
  • Password protected files
  • Files that contain only images
  • Documents that don’t contain all the text from the original form used to create document fingerprint.
To upload a blank form:
  1. Go to Exchange Admin Center > Compliance Management > Data Loss Prevention.
  2. Click Manage document fingerprints.
  3. Click + New, provide a Name and Description. The name you choose will appear in the sensitive information types list.
  4. Click Add + to upload a form.
  5. Choose a Form and click Open.
  6. Click Save.
The Document Fingerprint is now part of your sensitive information types, and you can add it to a DLP policy.

Creating a rule in DLP policy:

  1. Go to Compliance Management > Data Loss Prevention.
  2. Click + New, choose custom DLP policy.
  3. Provide a Name and Description for DLP policy, Enable the state of the DLP policy and Enforce the policy.
  4. Click Save. New created DLP policy will be shown.
  5. Click Edit and go to Rules > Create a new rule.
  6. Add a Condition, so that if this (Employee Information Form) sensitive info type is sent to the external Recipient. Depending upon your organization requirement add an Action, that it will block the message, but sender can override and can send the documents to an external recipient if there is a business requirement.
  7. Fill out the other properties of this rule as per your requirements and Save.
  8. So, whenever a user will try to send a form which has been managed by Document Fingerprint to external contacts the results will be as below.

Conclusion:

In this way, you can secure and monitor the sensitive information from leaking outside your organization.

Set up User’s Manager in #Office365

Introduction:

It is important that you have your organization hierarchy set up in order to use advanced features. To setup Manager for User in Office 365, there’s a couple of ways how you can make that happen.
  1. Manager setup in Exchange Online.
  2. Manager setup in Azure AD.
Manager setup in Exchange Online:
1. You need to log in as administrator to your Office 365 and then choose ‘Admin Centers’, and ‘Exchange’.
2. Then go to ‘Recipients’ left menu item, search for the person that you want to manage, highlight the person and choose details.
3. Navigate down to the Organization and then browse their manager.
Manager Setup in Azure AD:
The alternative is to set user’s manager in Azure Active Directory directly. To do that, you need to log in as administrator to your Azure portal, Users and Group > All User.
In order to set Manager in Azure AD, You will need to know manager’s person object ID to set it as a Manager ID for a user (which you can look up by checking manager’s profile)’
Manager’s Profile –
User’s Profile –

After filling Manager ID and saving user profile, Manager will also be shown after a few minutes in Mailboxes (Exchange Online).
Manager setup can also be done in Dynamics 365, for doing so log in to Dynamics 365.
And, go to Settings > Users > Organization information and search for Manager of that user.

Conclusion:

In this way you can setup hierarchy in your Organization which is important in order to use full and advanced features, you can also setup manager form Dynamics 365. Setting Manager information between Exchange Online and Azure AD will be synced.

Monday, October 15, 2018

Enhance user experience using simple Naming Convention for #DocumentManagement

Introduction:

When facing the task of naming a new file, every personnel will name it accordingly what may think is the best. You can organize and manage documents more effectively. Organizations should have a standard naming convention for documents, libraries, lists and pages in SharePoint Online.
To improve the user experience for SharePoint, here are a few points to consider while naming a document.

General Instructions:

1. No Spaces – Spaces on the Internet are “%20”. It is the character encoding for space. So, do not provide spaces while naming any document library, documents, etc.
Instead, you can use underscore “_ “or dash “- “in place of a space.

2. Make sure document versioning is turned on so that you can store, track & restore files in SharePoint Online.

3. A name should be meaningful and make sense.

4. Dates – Dates are commonly used for two objects “Articles” and “Documents”.
For article place the date in front of the name like “20180911_Article”
For documents, dates should be placed at the end of the name like “Document_20180911”
Date Format – yyyymmdd.
5. Make it short and simple – The file name should be as short as possible without losing its potential to be identified and searched. Longer names take more time to search or read. SharePoint includes file name as well so the short name will make short URL.
We can use abbreviations – Invoice can be “INV”, Quotes can be “QTE”

6. No special character, except “_” & “- “.
7. Data Order (From general to specific) – We can consider using the abbreviation (Point 5) followed by Project and then date. We can also consider adding versions & document id.
Example – INV-Microsoft365Talks-20180911.pdf

8. For Site Pages – It is not a best practice to name pages with a “_” or space. Instead, it is recommended using “-“. Example (This-is-a-site-page).

9. Many organizations like to prefer placing versions numbers in a document name.
  • Place the version at the end of the file name.
  • Use dash “- “to separate major versions and minor versions or drafts. Example (Document_V01-01.docx). Here, V01 is the major version and “-01” is the minor version.
10. Do not change the name of Lists & Libraries.

Conclusion:

A simple naming convention is the best way to avoid naming related issues or accidental overwrites which affect end users’ experience. Though it varies from company to company, each organization should have a standard naming convention.

Tuesday, October 9, 2018

Unable to see Room list in Room Finder - #Outlook Client

Introduction:

While scheduling a meeting from Outlook client, sometimes we may also need to select the room where the meeting will be held. Room Finder in Outlook client helps us to find the available rooms.
Sometimes it may happen that when a user creates a new meeting in Outlook, no conference rooms are listed in Choose an available room box in Room Finder. The issue is that user doesn’t select a room list.
A user can select a room list from Show a room list option in Room Finder. But before that admin needs to create a room list so that option “Show a room list” will be visible in Room Finder.

Steps:

  1. Open Exchange Online Power Shell and connect your Office 365 environment.
  2. Run the following command to create a Room List Distribution Group –
    New-DistributionGroup <RoomListName> -RoomList -Members $Members
    <RoomListName> – Provide a name to the Room list.
  3. Run the following command to add existing rooms to the list –
    Add-DistributionGroupMember <RoomListName> -Member <RoomMailbox>
    <RoomListName> – Put a name of the room list which was created in the earlier step.
    <RoomMailBox> – Put a name of the room mailbox. You can find the room mailbox name from Exchange Admin Center.
  4. If you want to add multiple rooms at once, you need to create a .txt file and add all the room mailboxes and save the file.

    Run the following command to add multiple rooms –
    Get-Content <EnterFileLocation> | Add-DistributionGroupMember -Identity <RoomListName>
    <EnterFileLocation> – Where the .txt file has been saved.<RoomListName> – Provide the room list name.
  5. You might need to confirm whether the rooms have been added to room list. Run the following command to check the same –
    Get-DistributionGroupMember -Identity <RoomListName>
    <RoomListName> – Put a name of the room list, which you have created.
    After following the above steps, you will be able to see the Show a room list option in Room Finder. There you can choose the room list and select the rooms.

Conclusion:

This is how you can enable Room List in Room Finder, which helps users while scheduling a meeting through Outlook client and can easily see the available rooms and timings through Room Finder.

Monday, October 1, 2018

Application accessed from untrusted location? Enforce #MFA through Conditional Access with #AzureAD

With Azure AD Conditional Access, you can control how authorized users’ can access your cloud applications. 

Multi-factor authentication (MFA) is a method of authentication that requires more than one verification method and adds a second layer of security to sign-ins.

Requirement –
I had a requirement to prompt for MFA if the user is trying to access Dynamics 365 (or other O365 services) from a location outside of the company network.

Solution –
In this article, we will see how to create conditional access to enforce MFA, if a user is accessing services from an untrusted location (outside of company’s network).

Pre-requisites
  • You will require Azure AD Premium license for users.
  •  Create a security group and add the users’ you need to specify in the policy.
  • Company’s public static IP in CIDR format. Example – 15.250.0.89/24 (You can contact your network team to get this detail)

Trusted locations -
  1.  Configure MFA trusted IP’s in Azure AD (see below image).





  2.  Provide your company’s public static IP in CIDR format (check below image).

Conditional Access –

1.       Go to Azure AD > Conditional Access > +New Policy.



2.       Name the policy as UntrustedLocation_PromptMFA and the first thing to configure is Assignments in which you need to mention the User & Groups to be included in this policy (see below image).



3.       Select Dynamics CRM Online under Cloud Apps. You can similarly choose other applications as well (see below image)



4.       Under Conditions, you need to configure the Device state and client apps as per your requirements (see below images)
 In Location –
 Include - Any locations




 Exclude – Selected locations and then select MFA trusted IPs (see below image)




5.       In Access control > Grant Access, tick Require multi-factor authentication (see below image)


6.       Finally, Enable the policy and Save.




User specified in the group will be asked for MFA when accessing services from an untrusted location (outside the company’s network)







Using Microsoft Support & Recovery Assistant for Outlook issues

Many times you find issues like one of your users is unable to set up their Office 365 Email account in Microsoft Outlook or Outlook su...