Tagged: Collaboration

Microsoft 365 safe documents configuration

In this post I describe what safe documents in Microsoft 365 are, how you can configure it and why you should enable this in your Microsoft 365 tenant.

If you are not yet familiair with safe attachments and safe links you might want to read my previous post Safe attachments and links to protect your Office 365 collaboration first.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

What are safe documents?

Safe documents are a Microsoft 365 Advanced Threat Protection (ATP) feature. It protects your users from opening malicious documents which might harm your users data, privacy or even your complete IT infrastructure depending on what malicious document content is opened. ATP checks before opening it and avoids a user to open a document or leave the protected view in case ATP has recognized anything potentially malicious.

Why safe documents?

It adds another valuable layer of security for your users and infrastructure which kicks in even if someone opens a document which was not caught or categorized as malicious before by other security mechanisms. It might be the last barrier and defense if someone (accidentally) opens a document in your company to avoid a security incident with corresponding consequences for your company.

What’s required to use this capability in Microsoft 365?

Safe documents are an advanced security feature which requires the following:

  • Microsoft 365 E5 or Microsoft 365 E5 Security
    Microsoft emphasizes that it is not in Office 365 ATP plans
  • Organization Management or Security Administrator role in M365 (for configuration)
  • Office Version 2004 (12730.x) or later

How to configure it?

If the requirement are met you can configure and test it. By default it is turned off.

Please note configuring this will enable this for your complete Microsoft 365 tenant and therefore for your complete organization.

Enabling it via Admin Center

Screenshot – Go to Security & Compliance Center at https://protection.office.com
Screenshot – Go to Threat management\Policy\ATP Safe Attachments
Screenshot – Tick the checkbox “Turn on Safe Documents for Office clients …”

Maybe DON’T tick the checkbox “Allow people to click through Protected View even if Safe Documents identifies the file as malicious”.

Screenshot – Click Save

That’s it now it’s live.

Enabling it via Shell

Alternatively, you can also enable this using Exchange Online PowerShell. Example:

#Install Module 
Install-Module -Name ExchangeOnlineManagement
#Check Module availablity on system
Get-Module ExchangeOnlineManagement
#Update Module
Update-Module -Name ExchangeOnlineManagement
#Import Module
Import-Module ExchangeOnlineManagement

#Connect to EXO with MFA enabled
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $true

#Enabling safe documents but prevents users from leaving protected view
Set-AtpPolicyForO365 -EnableSafeDocs $true -AllowSafeDocsOpen $false
#Check values
Get-AtpPolicyForO365 | Format-List *SafeDocs*

#Disconnect from EXO
Disconnect-ExchangeOnline

#Uninstall Module
Uninstall-Module -Name ExchangeOnlineManagement

Validating it with Shell

Due to the fact that I’ve configured this in the Admin Center I’m just checking if the settings is set as expected.

Screenshot – Validate / verify settings

And there we go, it’s set.

Conclusion, opinion and summary

It’s very easy to configure however the licensing and client requirements are quite high. In case you met the licensing requirements you can enable it (with previous planning and testing).

Also note, you should check what your antivirus (av) client might do. In case you running a third-party av client. I did not test this having a third-party av client plus this enabled. I’d assume there should be no conflicts but there can be conflicts. So, I would not directly enable this in production without previously testing this maybe in a test tenant and a test client to ensure it works as expected before going live with safe documents.

Additional resources

G Suite security controls overview [May 2020]

Due to the increased and still increasing number of people working from home the requirement to keep users’ identities and devices secure and up-to-date is a must. Recently, I wrote some blog posts on Microsoft 365 communication and collaboration security. This time, I’d like to share what Google provides to secure its G Suite platform for communication and collaboration on an high level.

Basically, it doesn’t matter what kind of solution and service you provide, it must be secure by design to cope with more and more advanced threats for your company assets and user identities. To do so, you need to be alert, but not only just maintain your as-is security standards and architecture, no, moreover you must steadily enhance the security capabilities as there are always new threats on the rise.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

To keep your company assets secure if you rely on G Suite you might want to know what you can do.

  • Fundamental device management
    • Reports/view all devices which access corporate data
    • Reports on devices accessing corporate data
    • Remediation actions, e.g. remotely sign out a user
    • Context-aware access control, e.g. allow access to corporate data/services only under defined circumstances like only device storage must be encrypted etc.
  • Enhanced security for Windows 10
    • login with Google credentials because Google can be used as a credential provider for Windows
    • Single Sign-On (SSO) for Windows 10 devices, apps and services
    • identity and account protection (detection of anti-hijacking, suspicious login detection)
    • compliance checks for Windows 10 devices (checking if the device is secured and updated)
    • device management to roll out device configuration updates and wipe a device
  • New G suite security capabilities
    • data protection insights [for data loss prevention (DLP)]
    • automated classification with labels for DLP
    • iOS copy/paste protection for DLP
    • context-aware access with group-based policies
    • context-aware access for SAML apps
    • monitor logs with third-party monitoring

Conclusion, opinion and summary

I must admit that I haven’t checked for some time what’s new and which capabilities are offered lately with G Suite. By what I’ve read so far, a lot has changed and was added for good. I recognize that the features and capabilities regarding communication and collaboration security have been growing very well, too. It’s interesting to see how G Suite also evolves over time regarding communication and collaboration security, to keep users and things secure.

Additional resources

Modern Meetings with Microsoft Teams

In this post I provide an overview on key capabilities with modern meetings with Microsoft Teams. It enables you and your fellow co-workers for modern meetings [almost] anywhere, anytime and on [almost] any device.

Source: https://pixabay.com/illustrations/webinar-conferencing-video-beverage-3199164/

Key capabilities

Microsoft Teams offers you the following key capabilities for meetings but are not limited to these:

  • online meetings
  • audio conferencing
  • video conferencing
  • interactiv application and desktop sharing
  • dialin phone numbers from 65+ countries around the world
  • versatile clients and devices (mobiles, rooms, browsers, Windows, Linux)
  • recording
  • recording – transcript – for many languages (speech-to-text to transcript)
  • calendar integration (Outlook, Exchange, Teams)

Do more with Microsoft Teams Meetings

Microsoft Teams enables for modern meetings so that you can easily communicate and collaborate, either in a planned or scheduled meeting. No matter if you are in transit, in a meeting room, at a desk or any other space. The things you need are the right equipment as well as a sufficient connection, i.e. Internet or in case you are in transit at least cell coverage to dialin by phone.

Microsoft and partners offer many certified devices for Microsoft Teams depending on your needs and requirements to get that modern meeting experience for your users. Therefore you can get a glimpse on the “Microsoft Teams enabled devices” page to explore and discover what kind of devices are available and what devices are suited for which meeting space or scenario.

Source: Microsoft Teams enabled devices

Basically, there you can find

  • Headsets | user devices
  • Speakerphones | lightweight and compact user/room equipment
  • Desk phones | IP phones for users, lobby or other user cases
  • Room systems | for collaboration in meeting rooms and spaces
  • Conference phones | for conference rooms
  • Cameras | for users, rooms and other spaces

Conclusion, opinion and summary

Modern meetings with Microsoft Teams are easy and offer all the above key capabilities which are important to users today. Users get enabled to do more with Teams meetings and make meetings more productive and more fun, too, because client and device capabilities are available and easy to use and access with no frills and unhandy controls or preparation tasks for a Teams meeting. You can just meet, collaborate and focus on what you need to do.

Additional resources

Cisco Live 2020

Cisco Live 2020 is ahead. Cisco Live 2020 takes places in each world region (EMEA, NOAM, LATAM, APAC) and it is for customers, experts and partners. It’s the annual Cisco event to learn, explore and connect all around Ciscos’ products and services. And of course if you are not able to attend onsite you can watch certain live streams or afterwards session recordings.

In 2020 the events takes places at the following cities

  • 27.-31.01.2020 Barcelona Spain, EMEA
  • 03.-06.03.2020 Melbourne, Australia, APAC
  • 31.05.-04.06.2020 Las Vegas, USA, NOAM
  • 27.-29.10.2020 Cancun, Mexiko, LATAM

Conclusion, opinion and summary

I’m not going to attend the event but I’ll probably find some time to watch the key notes and some overview sessions regarding communication and collaboration to see what Cisco is planning in this space. Especially, what’s on the road map for 2020 and beyond.

To me, it’s important to observe the communication and collaboration market to stay up-to-date and to know (different) communication and collaboration services’ capabilities. Knowing helps in discussions regarding pros and cons. 

Additional Resources

Google Cloud Next ’19 live stream

For market observers, in this post I want to notify about Google Cloud Next. The event begins at April 9th, 2019 in San Francisco. However, you can watch it online at April 9th, 19:00 h (CET) on YouTube. The event is about news all around Google’s cloud services. There are “special” tracks you can stream which are regarding communication and collaboration services with the G Suite. I added the links to these communication and collaboration sessions at the bottom of this post.

Conclusion, opinion and summary

Why do I share this? In my opinion it’s important to observe the communication and collaboration market and always stay up-to-date. To know (different) communication and collaboration services’ capabilities helps in discussions regarding pros and cons plus adds more value to advisory services. 

Additional Resources

What’s new in Microsoft Teams for September 2018?

There are a some interesting news regarding Microsoft Teams for this/past month (August/September 2018) which I’d like to sum up and share with you:

  1. Skype for Business Online and Teams feature-parity is reached based on the official roadmap (pretty nice!)
    (Cp. external source: https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Microsoft-Teams-is-now-a-complete-meeting-and-calling-solution/ba-p/236042, roadmap https://skypeandteams.blob.core.windows.net/artefacts/Skype%20for%20Business%20to%20Teams%20Capabilities%20Roadmap.pdf)

    1. Messaging feature-parity (for details see above external links)
    2. Meetings feature-parity (for details see above external links)
    3. Calling feature-parity (for details see above external links)
    4. Replace Skype for Business Online over time with Teams
  2. You can now choose your mic and speaker (headset) before joining a Microsoft Teams Call/Conf
    (Cp. external source: https://www.petri.com/microsoft-fixed-one-annoying-aspects-teams)
  3. Microsoft Teams Launches Canada, Australia and Japan Data Residency
    (Cp. external source: https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Microsoft-Teams-Launches-Australia-and-Japan-Data-Residency/ba-p/237827, https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Microsoft-Teams-Launches-Canada-Data-Residency-Australia-and/ba-p/227178)
  4. I’m also looking forward to Microsoft Ignite 2018 to get some Team news and insights …

Enjoy working with Teams and the extended rich feature set.

Get Microsoft Teams for free to enhance your collaboration expierence if you haven’t yet tried

Do you want to try Microsoft Teams? You can now easily get Teams and evaluate some basic communication and collaboration features for up to 300 people. E.g. unlimited chat, search, 10 GB for storing your team data, 2 GB per person, audio/video meetings (P2P, multiparty), Office Online apps, third party apps and of course internal as well as external communication and collaboration.

For more details go and visit the Microsoft Teams Blog Post: https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Introducing-a-free-version-of-Microsoft-Teams/ba-p/214592

 

What’s new in Cisco Expressway 8.9?

Cisco’s new version of Expressway brings some new features which especially support your video infrastructure in regards of interoperability based on former Acano Edge features.

  • Edge Traversal of Microsoft SIP Traffic for Cisco Meeting Server Supported
  • Meeting Server Web Proxy NOT yet SUPPORTED
  • IM and Presence Service Federation With Skype for Business or Office 365 Organizations Preview
  • Cisco Expressway as H.323 Gatekeeper Supported
  • REST API Expansion Supported
  • Allow Jabber for iPhone and iPad to Use Safari for SSO Over MRA Supported
  • Shared Line / Multiple Line Support for MRA Endpoints Preview
  • Smart Call Home Preview
  • Secure Install Wizard Supported
  • DiffServ Code Point Marking Supported
  • Maintenance Mode For MRA Supported
  • X8.9 Changes and Enhancements Supported

The Cisco Expressway 8.9 release notes are here: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/release_note/Cisco-Expressway-Release-Note-X8-9.pdf and the Expressway 8.9 admin guide is there: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-9.pdf.

Cisco’s new video architecture design based on CMS 2.0

Recently Cisco made some changes for its video backend. The major changes are based on the acquisition of Acano which makes Cisco merging the technology portfolios together. For you as a customer, video backend operator or service user it brings you a more and more collaborative video solution. By the technology product merger old paths of pure video collaboration are left behind and abandoned. Yey!!!! 🙂 Still, you can have your high end video conferencing capabilities but new features and interoperability is added. Why not using them?

Typical Cisco Video Architecture Components

vc_todaystypicalciscovideoinfrastructure2016

  • Internal components for your intranet environment
    • Unified Communications Manager (CUCM) for registering video endpoints and systems plus add audio call capabilities e.g. for (phone) dial-in users
    • Telepresence Server (TPS) / Multi-point control unit (MCU) for video processing
    • Telepresence Conductor for TPS/MCU resource / port allocation (checking if sufficient video capacities are available at a time…)
    • Telepresence Management Suite (TMS) for managing systems
    • Telepresence Management Suite Extension for Exchange (TMSXE) for scheduling telepresence / video resources via Outlook (e.g. for booking a room which includes a video system registered to CUCM…)
    • Video ISDN gateway*
  • External components for your external connectivity (e.g. for B2B video calls, ISDN/H.323, …)
    • Expressway-Core (LAN)
    • Expressway-Edge (DMZ) for firewall traversal

Typical/classical Cisco Video Architecture Deployment Components: 7

Cisco Meeting Server (CMS) 2.0 (formerly known as Acano) Architecture Components

vc_newciscovideoinfrastructure2016

  • Internal components for your intranet environment
    • Unified Communications Manager (CUCM) for registering video endpoints and systems plus add audio call capabilities e.g. for (phone) dial-in users
    • Cisco Meeting Server 2.0 (CMS 2.0) for video processing and bridging (for interop to Skype for Business, Polycom, LifeSize, … sip-capable video endpoints)
    • Telepresence Management Suite (TMS) for managing systems
    • Telepresence Management Suite Extension for Exchange (TMSXE) for scheduling  via Outlook (e.g. for booking a room which includes a video system registered to CUCM…)
    • Video ISDN Gateway*
  • External components for your external connectivity (e.g. for B2B video calls, ISDN/H.323, …)
    • Expressway-Core (LAN)
    • Expressway-Edge (DMZ) for firewall traversal

Cisco Meeting Server 2.0 Video Architecture Deployment Components: 7

* I would not recommend using (legacy) ISDN for video anymore. Go for sip-uri dialing and sip instead of ISDN… Try to get rid of ISDN quickly and train users to utilize sip-uri dialing. Or better, provide OBTP (one button to push). I.e. provide address book services via TMS/TMSXE which enable users to schedule meetings and rooms via their Outlook calendar to go into a room an just press one button to join a video conference (OBTP, one button to push feature). This is a much more convenient and pleasant user experience, isn’t it?

Features and Capabilities

Erm… just 1 component less? Kidding? Well, no, but CMS 2.0 provides massive interoperability for video collaboration. By leveraging your CMS 2.0 video architecture you have tremendous interop advantages compared to an typical and pure Cisco Video Conferencing infrastructure. You can make almost every video endpoint join a video conference!!! It does not really matter if this is a Skype for Business user/endpoint (pc, tablet, mobile, web browser), a Polycom video endpoint, a  LifeSize video endpoint or any other sip-capable video endpoint. That’s really great folks! But wait before you run to upgrade or deploy you should analyse your enterprise business and collaboration stakeholder requirements first.

  • CMS 2.0 is a video bridge bringing together different video endpoints and systems
  • CMS 2.0 is a more dynamic approach where video resources are used dynamically instead of a more static resource allocation by the Telepresence Conductor, e.g. if you have 30 video room sessions in full HD (shared multiparty) and further video sessions are about to start the video resolution is scaled down to still provide video to all video conferences…
    … too avoid something like this the Acano Manager (still Acano) could provide you reporting on your video utilization so that you can add licenses/capacity as needed.
  • CMS 2.0 is collaborative you can have also interactive session sharing desktop screens etc.
  • CMS 2.0 is highly scale-able and distributable, i.e. you can distribute cluster nodes geographically as needed and can also control video call flows/breakouts/…
  • CMS 2.0 can be made highly available

Cisco Video Architecture Design Guides and further resources

What adds and fixes Skype for Business Server 2015 cumulative update 4?

Microsoft released cumulative update (CU) 4  / Nov ’16 for Microsoft Skype for Business Server 2015. The CU adds the following new features:

  • Support of Multiple Emergency Numbers up to 100
  • Support of Location Based Routing for SfB mobile app clients
  • Support of E911 is now supported for SfB Mac 2016 client

Additionally, of course, it includes some fixes (see also Microsoft KB):

  • 3203706 Long silence when you dial into a meeting in Skype for Business Server 2015 that has name recording disabled
  • 3203153 You experience intermittent message delivery delay or failure in Skype for Business Server 2015 Persistent Chat rooms
  • 3203152 Lync Phone Edition telephones cannot put a call on hold if “Music on Hold” feature is disabled
  • 3203148 Front End server of Skype for Business Server 2015 crashes upon restart
  • 3203707 Japanese characters in the subject of a missed call notification message are garbled
  • 3203150 Calls to mobile clients fail if Skype for Business Server 2015 has advanced privacy mode enabled
  • 3203147 LS Storage Service event 32054 after you upgrade to Skype for Business from Lync 2013

For further details please see KB. Download the latest cumulative update (CU) >>here<<  and  read KB article >>here<<.