Tagged: OneDrive

Safe attachments and links to protect your Office 365 collaboration

In this post I describe how you can configure safe attachments and safe links in Microsoft Office 365 Advanced Threat Protection (ATP) to make your communication and collaboration a more secure. It is for your Office 365 workloads (SharePoint Online, OneDrive for Business, Exchange Online and Microsoft Teams).

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft Office 365. This is only a single part – well, two capabilities – of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change anytime and is just an example, demo piece.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

Basics

Let me describe it as follows short and simplified:

What are Safe Links?

Safe Links are (hyper)links/urls which are pre-checked (in a sandbox) before a user opens the link. This “pre-check” is built to check if the website behind the link is ok or might be bad, start to download malware or something else which might harm your system/s.

What are Safe Attachments?

Safe Attachment[s] is a feature which checks attachments and tries to detect if it is malicious.

Requirements

You need a subscription which includes Microsoft [Office] 365 Advanced Threat Protection (ATP).

To configure this your administrative Office 365 account must have the global admin, security admin or Exchange Online Organization Management role assigned.

Configuration overview and walk-through

For both, you can start at https://security.microsoft.com/securitypolicies in the Microsoft 365 Security portal.
The following screenshots depict what I configured, so you can of course configure it another way depending on your needs and requirements.

1 Open https://security.microsoft.com/securitypolicies
2 Policies
3 + 4 Configure each (ATP safe attachments + ATP safe links)

ATP Safe Attachments

1 Enable ATP for SharePoint, OneDrive and Teams
2 Save it, to enable it
3 Protect attachments – create a new safe attachments policy

1 + 2 Give it a name + description
3 Configure handling
4 + 5 Enable redirect of potentially maliciouse attachements to another mail [don’t use a usual mailbox, create a “dumpster mailbox” just for that purpose]
6 Configure condition/s / exception/s
7 Save it

Validate input and check if the policy is enabled and the priority fits in case you create several policies.

ATP Safe Links

1 Configure the default Safe Links organization policy
2 Create Safe Link policies for specific recipients

1 Enable it for all Office 365 Apps, … iOS and Android
2 Configure “reporting” + handling

1 + 2 Give it a name + description
3 Turn it on
4 Enable real-time scanning for URLs including content for download
5 Enable it internally, too
6 Configure “reporting”
7 Enable – disables users to click the original URL from the warning page if it is blocked

1 Configure condition/s / exception/s

Validate input and check if the policy is enabled and the priority fits in case you create several policies.

Finally, test and verify your configuration. Regularly take a look into your security reports to enhance your configurations. Plus, don’t forget from time to time to check out what has changed to keep your security configurations always at a current level.

Conclusion, opinion and summary

Safe Links and Safe Attachments are very helpful features in Microsoft Office 365 to make your communication and collaboration more secure regarding sending/receiving links and attachments. These two features are options to increase your security setup with Office 365. I think it might be a good idea to enable it if you do not yet have something like this in place already.

Although it makes links and attachments safe[r] there are more and more advanced/intelligent threats and approaches available to trick and compromise users and systems. So, admin and user security awareness is also essential although you can get rid of many threats with a holistic security architecture and technical solution or service implementations.

Additional resources

B2B Sync with OneDrive for Business and SharePoint Online

In this post I like to highlight a highly handy feature update “B2B sync” regarding Microsoft OneDrive for Business for “inter-org collaboration”.

B2B sync enables users to sync not only OneDrive for Business and SharePoint Online data of their organization but of other organizations, too! This means that your collaboration experience becomes much better because if you are a guest of an external Team, which is of course hosted in another Office 365 tenant, you’ll be able to sync files from this SharePoint Online, too.

Source: https://pixabay.com/illustrations/download-cloud-icon-network-2013195/

Conclusion, opinion and summary

I like this feature because this enables you to have much more synced data exchange and collaboration with external parties also having Office 365 incl. SharePoint Online and OneDrive for Business. So, you do not need to down-/upload files via browser.

Additional resources

Automatically mount SharePoint Team Site Libraries for OneDrive sync in File Explorer

Microsoft rolls out a new capability which enables administrator to automatically mount / add a specific SharePoint Team Site Library being synced for users (cp. M365 Roadmap).

M365 Roadmap – Feature ID 27031 (June 2019)

Configure SharePoint Team Site Libraries Auto-mount

To configure the auto-mount you need to configure a group policy which configures the users OneDrive sync settings. (cp. link “Configure team site libraries to sync automatically”)

Prereqs, requirements and limitations

Please note that there are certain prereqs, requirements and limitations before you can start.

  • Windows 10 1709 or later
  • Library must have below 5000 files/folders.
  • Not for 1000+ devices
  • Sync is applied next time the user signs in but it can take some time until the sync starts.
  • A user cannot stop the sync.
  • You need the OneDrvie GPO Template (OneDrive.adml, ..admx) in your central GPO store (e.g. erik-klefeldt.de\sysvol\domain\Policies\PolicyDefinition) …
  • This might be subject to change (June 2019).

Configuration steps overview

  1. Create a new GPO
  2. Configure the GPO based on your needs, applied to a OU and add WMI-filtering for a more granular scoping, if needed
  3. Add the SharePoint Team Site Library ID to the GPO
  4. Verify that the GPO is applied
  5. (Verify the reg key [HKCU\Software\Policies\Microsoft\OneDrive\TenantAutoMount]”LibraryName”=”LibraryID”)
  6. Verify that it syncs on the devices

Conclusion, opinion and summary

Easy to configure, isn’t it? In my opinion it might help you to move and simplify a migration from legacy files shares to SharePoint Online. It enables you as administrator to manage a smooth transition from file shares/services towards SharePoint Online and really adds a convenient way and comfortable user experience because your users do not need to manually add the library to their OneDrive sync and “map” the SharePoint Online Team Site Library on their device.

Additional Resources

Where can I get OneDrive for Business adoption guidiance material?

Rolling out and adopting Micrsoft OneDrive for Business (ODFB) is a great opportunity to get rid of your legacy onprem file servers, shares, local device saved data and roaming profiles etc.

ODFB enables you to access your files from a versatile set of endpoints (PC/Mac/common Browsers/iOS/Android) and keep your data safe and in sync. You can also share certain files with others as needed. However, ODFB is one part for storing data. It is primarily for your documents. Working requires also other options for data collaboration, distribution and sharing therefore you might want to consider SharePoint Online as backend for storing files within your company, department or team.

To start and abandon your legacy file repository you can find supportiv guidiance and details for ODFB, e.g.  

  • Usage Scenarios for OneDrive
  • Guidance on how OneDrive can be utiliized
  • Use Cases
  • Success measuring  options
  • Planning communication

https://resources.techcommunity.microsoft.com/resources/onedrive-adoption/