Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)
Posted inAutopilot Intune Microsoft 365 Microsoft Intune Office 365

Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it's called this month, can be deployed by Intune to Windows 10 devices using a built-in wizard.  The advantage of this is you don't need to package anything: you fill out some nice drop-downs and options in a GUI, assign it like any other app, and Microsoft takes care of the rest. In the background, this is using the Office CSP to deploy the…
Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward
Posted inMicrosoft 365 Office 365 Sensitivity labels (Azure Information Protection)

Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward

With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries.  These labels apply protection which, in the context of files and emails, really means encryption using AES-128 or 256 (key size depends on file type).  The great thing about Information Protection is that you control an access control list of who is allowed to access the content and it's managed as a cloud service by Microsoft. …
Understanding Application Guard for Office, Now Generally Available
Posted inApplication Guard Intune Microsoft 365 Microsoft Defender News Office 365 PowerShell Windows

Understanding Application Guard for Office, Now Generally Available

Application Guard first appeared in Windows 10 1709 ("Fall Creators Update") to isolate Edge browser activity within a Hyper V container.  Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10... ... if you have Microsoft 365 E5 or E5 Security.  You knew that was coming! With Application Guard for Office, your files can open in a sandbox without access local…
Posted inExchange Online Office 365 PowerShell

PowerShell: Run Cmdlet If Another Was Successful (And Keep Trying Until It Is)

Today I'm sharing a useful bit of PowerShell I gracelessly punt from script to script whenever I need to make sure a prerequisite it met before running something and to keep checking until it's met, then run what I need: "do X when Y is ready and keep checking Y until it's ready". The original use for this was my script to create a new Microsoft 365 user, but hold off on some parts…
The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Cloud Apps Office 365

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

Microsoft Cloud App Security (MCAS), Redmond's cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate.  It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP.  MCAS started life as Adallom prior to Microsoft's acquisition of that company in 2015.  It's included in Microsoft 365 E5 and numerous other…
The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance
Posted inMicrosoft 365 Office 365

The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance

There are currently three separate admin consoles in Microsoft 365 for administrators to view or configure security and compliance policies, alerts, and reports.  Believe it or not, this is down from four at the peak of just-tell-me-where-to-go-to-do-this.  This doesn't even include consoles such as Microsoft Cloud App Security (MCAS).  The direction things are heading is good, as I'll explain in this blog, but the situation does highlight Microsoft's relatively new culture and position of…
Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins
Posted inMicrosoft 365 Office 365 Outlook

Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins

Deploying Outlook add-ins ("apps") for your O365 tenant is an intuitive experience via AppSource.  As a Global Administrator, click GET IT NOW on the app's page and you are immediately redirected to the Services & add-ins page of the M365 Admin Center. From there, you can configure add-ins for the whole tenant, just yourself, or by group.  All AAD group types, except non-email enabled ones, are supported.  If a group is nested, the top-level…
Manage MyAnalytics Weekly Insight Digest Emails and App Availability
Posted inMicrosoft 365 MyAnalytics Office 365

Manage MyAnalytics Weekly Insight Digest Emails and App Availability

Made available to more than just E5 licencees earlier this year, MyAnalytics will, by default, send users weekly emails regarding their work patterns. Users can control this themselves in settings pane of the MyAnalytics web app. Administrators cannot, in bulk, keep MyAnalytics enabled for users but disable the email digest. The following PowerShell example instead disables MyAnalytics across all your Microsoft 365 Business licensed users, and therefore removing these emails.  This makes use of…