Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series
Posted inExchange Online Exchange Online Protection Microsoft 365 Microsoft Defender Microsoft Defender for Office 365 Microsoft Defender XDR

Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) are the email and collaboration security services native to Microsoft 365. EOP is included at all levels of licensing for Exchange Online, with MDO bringing additional security capabilities to license levels such as Business Premium, Microsoft 365 E3, and Microsoft 365 E5. In this blog, I'll review five of the most common security mistakes I see in tenants regarding EOP and MDO. Realistically,…
Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)
Posted inAutopilot Intune Microsoft 365 Microsoft Intune Office 365

Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it's called this month, can be deployed by Intune to Windows 10 devices using a built-in wizard.  The advantage of this is you don't need to package anything: you fill out some nice drop-downs and options in a GUI, assign it like any other app, and Microsoft takes care of the rest. In the background, this is using the Office CSP to deploy the…
Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection
Posted inSensitivity labels (Azure Information Protection)

Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection

Most of us have had that "oh <blank>" moment where we have given someone access to someone only to immediately or later need to undo that access.  Azure Information Protection has historically been able to help us there.  AIP allowed us to create protected (encrypted) documents and also let us remove access.  However, in the move from 'classic' AIP to the new unified labelling with sensitivity labels, the ability to revoke was lost in the…
Understanding Application Guard for Office, Now Generally Available
Posted inApplication Guard Intune Microsoft 365 Microsoft Defender News Office 365 PowerShell Windows

Understanding Application Guard for Office, Now Generally Available

Application Guard first appeared in Windows 10 1709 ("Fall Creators Update") to isolate Edge browser activity within a Hyper V container.  Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10... ... if you have Microsoft 365 E5 or E5 Security.  You knew that was coming! With Application Guard for Office, your files can open in a sandbox without access local…
The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance
Posted inMicrosoft 365 Office 365

The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance

There are currently three separate admin consoles in Microsoft 365 for administrators to view or configure security and compliance policies, alerts, and reports.  Believe it or not, this is down from four at the peak of just-tell-me-where-to-go-to-do-this.  This doesn't even include consoles such as Microsoft Cloud App Security (MCAS).  The direction things are heading is good, as I'll explain in this blog, but the situation does highlight Microsoft's relatively new culture and position of…
Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins
Posted inMicrosoft 365 Office 365 Outlook

Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins

Deploying Outlook add-ins ("apps") for your O365 tenant is an intuitive experience via AppSource.  As a Global Administrator, click GET IT NOW on the app's page and you are immediately redirected to the Services & add-ins page of the M365 Admin Center. From there, you can configure add-ins for the whole tenant, just yourself, or by group.  All AAD group types, except non-email enabled ones, are supported.  If a group is nested, the top-level…
Manage MyAnalytics Weekly Insight Digest Emails and App Availability
Posted inMicrosoft 365 MyAnalytics Office 365

Manage MyAnalytics Weekly Insight Digest Emails and App Availability

Made available to more than just E5 licencees earlier this year, MyAnalytics will, by default, send users weekly emails regarding their work patterns. Users can control this themselves in settings pane of the MyAnalytics web app. Administrators cannot, in bulk, keep MyAnalytics enabled for users but disable the email digest. The following PowerShell example instead disables MyAnalytics across all your Microsoft 365 Business licensed users, and therefore removing these emails.  This makes use of…