Jennifer Reed

Article / Updated 08-16-2022

Garnering support for Microsoft 365 Business adoption isn’t easy. It's understandable for a leader approving a significant budget for a SaaS solution (such as Microsoft 365 Business) to want to see the return on the investment (ROI). Guess who's on the hook for demonstrating the ROI of Microsoft 365 Business? Your IT team. One of the ways you can convince your leaders about the ROI is to show your success in getting end users to adopt the technology. Unfortunately, though, technology adoption is tricky. If you think you can just roll out the changes and expect users to start using the technology and singing your praises, think again. Change is usually met with resistance. Studies have shown that only 34 percent of the user population typically will adopt a new technology, as illustrated in the theory of Diffusion Innovations. Here, you find some of the best practices, tips, and tricks for driving adoption of Microsoft 365 Business. Feel free to customize and tweak these suggestions to fit your organization. Do take credit if any of the suggestions here bring you success. Get leaders to sponsor the adoption of Microsoft 365 Business Executive sponsorship in technology implementations are usually a foolproof way to get users to adopt a new technology, even if begrudgingly. Let's be honest, an IT admin does not have as much clout as the president, CEO or owner. After you identify the executive sponsors for your technology implementation, make sure you agree on what's expected of them. Ideally, you want executive sponsors to assume a shared responsibility for the success of the implementation. They can provide air cover when you run into political challenges in your organization or when end users push back on the changes you're rolling out. For your part, make sure to give your executive sponsors training on the functionalities of the technology based on relevant scenarios. For example, if they tend to use email a lot versus co-authoring documents, train them on the new features in Outlook instead of teaching them how to save and share files in SharePoint. When they see the value of the technology, they'll be able to share their experiences with the rest of the organization. Recruit and activate champs to promote Microsoft 365 Business adoption Scientists have not figured out a cloning machine yet, but you can create clones of yourself to scale up your training efforts. How? By recruiting and activating a network of champions for your cause, namely the adoption of Microsoft 365 Business. Usually, these people are early adopters and super users of the current technology in your organization. Give them access to the full suite of the Microsoft 365 Business services and conduct a focused training for them. Apply the “train the trainer” model so that they understand that they will be tasked with training other people in the organization. It might help if you give them an incentive to be in the Champs network (such as a new laptop) in exchange for going through the experience of a Windows 10 AutoPilot deployment. Ideally, you'll want a champ from each department who understands the workflow for the users in a department. You might find that people in the Marketing department, for example, are excited about Microsoft Stream, but the folks in the Finance department, not so much. Communicate the change It has been said that 90 percent of a project manager's job is communication. This statistic is true and applicable when you're implementing Microsoft 365 Business in your organization. Whether you have an assigned project manager or are tasked with the role of the project manager, it's best to have a solid communication plan. Be mindful of the cadence for the communication. If you send an email every day for three months reminding end users of an upcoming change, you may end up with annoyed people who will create a rule to automatically delete your emails or route them to a folder to read later. If you space the communication too far apart, they might miss a communication and be unprepared when you finally make the switch. You need to find the right balance based on what you know about your end users. For small businesses, you should make an initial announcement about the Microsoft 365 implementation around the time that licenses are procured. Then about three weeks before the email is cut over to the new system, the drip communication starts, and the frequency gradually increases as the cutover date approaches. Develop and execute a Microsoft 365 Business training plan The saying, “fail to plan, plan to fail,” couldn't be truer when it comes to implementing a new technology. Key to the overall implementation plan is the training plan for end users. The training plan doesn't have to be complex. Even an outline of who's going to be trained on what and when is sufficient, especially if you have a small organization. Remember the champs network and the executive sponsors? Those groups need to be included in the training plan. You may find that you need to adjust your training plan as you get a feel for how well your initial groups of trainees are responding. As such, create your training plan in a format that can be easily updated or collaborated on. You can expose your trainees to the new technology by using SharePoint lists or document libraries as the repository for your training plan. They will start to get trained on the functionalities without even realizing it! Start with “easy win” scenarios A trainer was once asked to deliver a four-hour training on Office 365 for a small business with 25 users. Attempts to get information from the business owner on the training needs and the technical skill sets of the employees were unsuccessful and the trainer was told to just train the users “the dummies way.” What that signaled to the trainer was that he couldn't have a fixed topic for the training. The trainer ended up preparing different scenarios to fit a variety of personas. Based on the flow of the conversation, the trainer pulled a certain scenario and focused the training around it. So, what is a scenario? In the above example, a scenario went something like this: Jane, Rob, and Paul work in the marketing department and are constantly emailing each other documents they're collaborating on. It's hard to keep track of the latest version of the document and figure out who's made what comment. Jane, who is in charge of culling all the feedback, is getting frustrated because just as she thinks she's made the final version of the document, someone sends belated feedback. Or someone pulls into the conversation another person who then provides feedback on issues, not knowing they have already been dealt with in previous conversations. The trainer presented that scenario to the workshop attendees and asked if that happens in their organization. The response was overwhelmingly yes. Based on that, the trainer spent 30 minutes showing them the co-authoring features in Word, OneDrive for Business, and SharePoint. They then used their own laptops to practice. By the end of 30 minutes, everyone had a good grasp of the concept and figured out which people were better at it than others. The ones who were more skilled became the go-to person for the ones who needed more hand-holding. The lesson here is that if you want users to adopt the Microsoft 365 Business, make it a quick win for them and tailor the training to a scenario that is real for them. It wouldn't have worked if the trainer simply started the training with Outlook and how to send encrypted emails. Provide self-service Microsoft 365 Business resources If you have a small or one-person IT team, you can reduce the burden of supporting many users during the implementation of Microsoft 365 Business by creating a self-service portal in SharePoint or Microsoft Stream or both. You can post 30-second how-to videos to give end users a refresher on the training. You can ask the champs to post content at your portal, or open your self-service repository to anyone's contribution. By doing it this way, your end users will be practicing what they've learned as they load content in SharePoint or Stream. If you want to get fancy, you can gamify the process by giving incentives to users who have the most-liked video. The Internet has a ton of videos on different scenarios for Microsoft 365 that you can include in your resources. However, it’s often the case that raw videos created by a co-worker showing the organization's environment resonate more with users than high-production-value marketing videos from Microsoft on YouTube and other channels. If your users are not into videos, another option is to start a OneNote notebook from a SharePoint site. In the notebook, create different sections focused on a technology. In each section, include step-by-step instructions showing how to complete a task using the technology. For example, you could have a section on Outlook where you have a page for email, a page for the calendar, and a page for tasks. As users read your content, they'll be learning about not only Outlook but also OneNote and SharePoint, albeit unknowingly. Highlight your Microsoft 365 Business wins Implementing a new technology such as Microsoft 365 Business is not an easy task. When you have success stories, take the time to celebrate and share the win with your end users. When users understand the value of their contribution to the success of the implementation, it helps motivate others who may not be participating much. An example of a win is showcasing how much the company saved by reducing travel costs since people started having videoconference meetings using Microsoft Teams. A win might also be a testimonial from someone about the increase in productivity from co-authoring documents in real time versus emailing documents back and forth. SharePoint Online has a nifty feature called News, an out-of-the-box service that allows you to create content that then gets shared across the different SharePoint experiences and apps. You can highlight your wins by using SharePoint News to further drive adoption of the technology. To find out more about SharePoint News, download this PDF file. Check the Microsoft 365 Business usage report As a global admin to your Microsoft 365 tenant, you have access to usage reports that provide insight into how your user base is adopting the technology. The reports include activity and usage metrics for Exchange, Microsoft Teams, Office 365, OneDrive, SharePoint, Skype for Business, and Yammer. You can export the reports into Excel for further analysis. If you're so inclined, you can even analyze the data in Power BI, yet another tool from Microsoft for visualizing data. One way to act on the available data to drive adoption is to look at OneDrive for Business usage. The report includes information on the user, the last activity date, the number of files, the number of active files, and the storage used. If you notice that a user has zero (0) files and very low storage used, that might be a good indication that the user isn't adopting OneDrive for Business. Based on that information, you could target training for users who have low usage of OneDrive for Business. Be ready to provide support for your Microsoft 365 Business Integration When deploying a new technology, nothing fails as spectacularly as a deployment with no support model in place. Following a deployment, people have even been fired from their jobs because of bad user experience and no clear path for escalation. Depending on how you acquire your licenses, you may have different options for support. If you bought your Microsoft 365 Business licenses directly from Microsoft through their website, your support is provided by Microsoft. Unless you're paying big money for Premiere support, only the global admin can submit support tickets to Microsoft Support. That means you, as the IT admin, will be on point for providing support for your end users. However, you can submit a ticket on behalf of your end users, and Microsoft Support may end up working directly with them to resolve an issue. If you purchased your licenses from a Microsoft Partner, either through the Cloud Solutions Provider (CSP) or Enterprise Agreement (EA) model, the partner is on the hook for providing support. Depending on your agreement with the partner, you can either send your end users directly to the partner's support team or act as the intermediary between your end users and the partner's support team. Be aware that partners may charge an extra fee for support on top of license fees. At Cloud611, you can purchase Microsoft 365 licenses that include 24/7/365 end user support for a minimal fee on top of the license cost. Bring in the Microsoft 365 Business pros If you have followed all or most of the tips above and still aren’t having success in driving adoption for Microsoft 365 Business, it may be time to bring in the pros. The Microsoft Partner Network is replete with highly qualified training and adoption partners who can help you unblock adoption challenges. Although you have to shell out good money to engage these partners, the investment may be worth it in the long run. You can search for Microsoft training partners. Just a heads up — that web address may not work in the Chrome browser, but the URL works perfectly in the Microsoft Edge browser. One of the partners you'll find from the Microsoft Partner Network is Softchoice Corporation. They have a robust end user adoption professional service that includes defining use cases to understand the end users' needs all the way to the creating an implementation plan to drive desired business outcomes. Yet another training partner you might consider is Brainstorm Inc. They were contracted by Microsoft to provide training for the Customer Immersion Experience program. If you feel your organization has unique training needs, you may just need to be connected with the right partner. Please send an email to [email protected] with the subject line “Need help with training.” Someone will respond ASAP.

Cheat Sheet / Updated 02-24-2022

Millions of users have realized the value of Office 365. Making the best use of the services that make up Office 365, however, can be a challenge. This guide is a quick reference to the key services, productivity tools, and security features in Office 365 to help you maximize your investment in the technology.

Cheat Sheet / Updated 01-10-2022

If your organization has implemented Microsoft 365 as a productivity suite, be prepared to discover the bells and whistles of a cloud solution that has been adopted by millions of users across the globe. Even if you’re already a superuser of the bundled Office applications like Outlook, Word, Excel, and PowerPoint, you’ll find there are still a lot of features and functionalities within these tools you’ve never heard of before. Before you become overwhelmed trying to figure out all the how-tos, take a step back and consider the following tips. You might just realize the best value of Microsoft 365 is how you can adapt it to your own personality and style.

Article / Updated 10-21-2021

Microsoft Teams is available to users who have licenses with following Office 365 corporate subscriptions: E1, E3, E5, Business Premium, and Business Essentials. In the education plans, it is available in the A1, A1 Plus, A5, and A3 subscriptions. Plans are in place to roll out Teams in the government cloud as well. Teams can be accessed from the web browser, a desktop application, or a mobile app. The maximum number of users who can access the full functionality of Teams is based on the number of licensed users in the organization. Guest access is allowed, which means that users from other Office 365 tenants can be invited to an organization’s Teams hub without the need for additional licenses. With Teams, you can conduct one-on-one or group audio and video calls. You can share screens during web conferencing, schedule meetings, and also record those meetings. In addition, each user has up to 1 TB of storage space. From an administrator’s standpoint, Teams offers tools for managing users and third-party applications. There are reports to glean usage and settings that can be configured with policies specific to the organization. For peace of mind, Microsoft offers a 99.9 percent financially backed service-level agreement (SLA) uptime for Teams. Touring the Microsoft Teams user interface Tabs, bots, @mentions, and red bangs are just part of the new lingo you’re going to need to add to your vocabulary to use Teams. That’s assuming you’re already a savvy social media user who knows what emojis, stickers, and giphys are all about. Let’s take a tour of the Teams user interface. When you run the desktop application, the first screen you see after you log in is shown below. App bar: Here you can navigate to the various sections in Teams. From the top, you’ll see the following icons: Activity is where you’ll find mentions, replies, and other notifications. Chat is where you’ll see your recent one-on-one or group chats and your Contacts list. Teams displays all the teams you are a member of. Meetings or Calendar is synched with your Outlook calendar and displays all your upcoming meetings. Files aggregates all the files from all the teams you are a member of. It is also where you access your personal OneDrive for Business storage. Calls allows you to see a history of all incoming and outgoing video and audio calls. You can also call others in your organization, simply by typing their name. […] includes links to apps that are tied to Teams and the channels within Teams. Store takes you to apps and services that can be integrated into Teams. Feedback takes you to the Microsoft Teams user voice page where you can leave feedback about the service. Teams section: In the image above, the Teams icon is selected in the App bar, so the list of one's teams is displayed. Channel: A dedicated section within a team to organize conversations and tasks into specific topics or projects. Join or Create a Team button: Clicking this button takes you through the process of creating or joining a team. This button is only visible when the Teams icon is selected in the App bar. New Chat button: Clicking this button selects the Chat icon in the App bar and allows you to start a new chat with an individual or a group. Command bar: This bar at the top is used to query apps or perform a search in Teams. Tabs: Switch between different Teams pages with these tabs. Conversations and Files are automatically included; the + sign tab allows you to add shortcuts to content in Teams. Channel Conversations: This section displays all the conversations in the selected channel. Chats in Channel Conversations are persistent, so if you’ve been away, it’s easy to scroll through to get caught up when you get back. Chats can include visual indicators such as the @mention, which indicates that the chat specifically mentions a user, or a red bang to indicate high importance. Take note that chats are open by design so everyone in the team has visibility to the conversation to help speed up the decision-making process when needed. Compose box: This is where you can type a message to start a conversation. You can send a quick chat or expand the Compose box to access rich formatting tools. Send icon: When you’re ready to share your chat, click the Send icon to post your chat to the team. Getting help from the Microsoft Teams Command bar Teams is intuitive to use, but you if you need quick assistance, the Command bar is your one-stop destination for help. You can do a search across conversations, users, files, and apps. For example, if you enter the word “launch” in the command bar, the left pane will display the search results grouped by Messages, People, and Files. You can also run a command right from the Command bar by entering a slash ( / ). This action will display the available commands or shortcuts. Select the appropriate command from the list to initiate the command. Collaborating in the Microsoft Teams Hub Many think that the “email tree” phenomenon was isolated to big enterprise environments, but it often rears its ugly head in small organizations, too. Imagine the following scenario: Someone sends an email to three people asking for their input on something. Two of the recipients immediately respond. Recipient #3 replies to Recipient #2 but forgets to reply to all. Now Recipient #2 has information the others don’t have. Recipient #1 then forwards the email to yet another person (Recipient #4) who replies to all with his feedback, which doesn’t account for what’s already been discussed prior to him being involved. Pretty soon, everyone’s mailbox explodes with replies to replies and replies to all so that the sender finally throws her hands up in frustration because now the conversation has gotten out of hand and she's spending too much time getting everyone up to speed. On top of that, she now must consolidate all the feedback manually. Teams makes email trees go away. In Teams, the sender can avoid the previous scenario by uploading the file into the Teams channel, @mention the people she needs feedback from, and start a conversation right from the document in Teams. This way, everyone sees everyone’s comments and edits. A new person joining the conversation can just scroll up to get up to speed and everyone is well-informed and happy. Creating and managing a Microsoft Teams hub To collaborate in Teams, you first need to be either a member of a Teams hub or the creator of one. To create a team: Click Teams from the App bar. Click the Join or Create a Team link that appears at the bottom of the App bar. Click the Create a Team card. Enter the name and description of the team. Choose the privacy settings for your team (Private or Public). A Private team means only team owners can add members, while a Public team means anyone in your organization can join the Team. Click Next. Add members to your team by adding a name, email address, a distribution list, or a mail-enabled security group in the Add box. A team can have a maximum of 2,500 members from either your organization or external users through secure guest access. Optionally, you can choose the role of the team member (Owner or Member) by clicking the drop-down arrow next to Member. If you forget to do this, you can update the membership type later. Click Close. Team management features are accessed by clicking the ellipses next to your team name in the App bar. The following management options are available: Manage team launches the Members tab where you can add or remove members, change the role of a member, or search for a member. Add a channel launches a dialog box where you can enter a channel name and the description for the channel. Add members launches a dialog box where you can enter the names of people, distribution lists, or mail-enabled security groups to add to your team. Leave the team launches a validation window that asks you to confirm your intent to leave the team. Edit team launches a dialog box where you can change the team name, the team description, and privacy settings. Get link to team launches a dialog box where you can copy the URL for the team to share with others. Delete the team launches a validation window that asks you to confirm your intent to delete the team. Chatting in Microsoft Teams When a new member is added to a team, that member automatically gets access to all previous conversations, files, and other types of information shared in the team’s hub. This is especially helpful for onboarding a new team member to a project. There is no need to think about what files to forward to get the new member up to speed, since they can self-serve from the content available in the hub or simply ask for help from others through chat. To start a chat, click on the Compose Box and start typing your message while in either the Activity, Chat, or Teams sections. When you’re done, click the Send icon to post your message. Depending on the culture of your team, you can spice up your chats with emojis, giphys, or stickers. You’ll find a variety of options when you click these icons below the Compose Box. Sometimes conversations in a team can become noisy when there are many members talking about different topics. To help with that, take advantage of the threaded messages feature in Teams by replying directly to a specific message so the reply in in context with the original message. Sharing files in Microsoft Teams When you create a Teams hub, a SharePoint site is automatically created in the backend, which, in turn, creates a document library for each channel. Files uploaded in a Teams channel show up in the Files tab and are stored in a SharePoint document library. In fact, you can click the ellipses next to the file name and then choose to open the file from its location in SharePoint. To share a file in Teams: Select Teams from the App bar. Compose a message in the Compose box from a channel. Click the Attach icon (it looks like a paperclip) below the Compose box and select the source for the attachment you want to share. Select the file from the source and upload it. The file you uploaded will now be embedded in the message. Click the Send icon (it looks like an airplane) to post your message. The file you shared will also show up in the Files tab. Alternatively, you can go directly to the Files tab and click the Upload button to upload a file. Once the file is uploaded, click the name of the file to open it. Once opened, you can start a conversation with others regarding the document. Meeting and conferencing the Microsoft Teams way Chats and conversations in Teams are fun ways to communicate with others. Sometimes, however, it’s more efficient to get on a quick call with team members to resolve an issue versus going back and forth in a chat. Fortunately, Teams provides a complete meeting solution with support for audio and video conferencing. Because calling capabilities are built into Teams, you don’t need to log out of Teams and open a separate application to start an ad-hoc meeting. For more formal meetings, you can schedule a meeting much like how you set up meetings in Outlook. Meetings you create in Teams will show up in your Outlook calendar. Setting up an impromptu Microsoft Teams meeting Let’s say for example you are chatting with three members of your team about an issue. After a lengthy back and forth and waiting times in between, you decide it’ll be much faster to just get on a call and talk about the issue. To start an impromptu meeting: Reply to the conversation thread and click the Video icon that appears at the bottom of the Compose box. From the video window that pops up, enter a subject for your call. Toggle the video camera on or off to choose between sharing your video or just audio. Click Meet Now to start the conference. A conference window will open with a pane on the right where you can invite others to join the meeting. When you’re done with the meeting, click the red phone icon to end the call and leave the meeting. After the meeting, notes and conversations are posted to the channel so others who couldn’t make it to the meeting can quickly catch up on what they’ve missed. Scheduling a Microsoft Teams meeting You can set up a formal meeting ahead of time to give the invited participants notice about a meeting. Like Outlook, formal meeting requests in Teams include a Meeting Title (the equivalent of Subject in Outlook), Location, Start and End Date or Time, Details, and a list of participants. In Teams, you can select a channel to meet in. When a channel is selected, artifacts from the meeting are posted in the channel. To schedule a Teams meeting: Click Meetings from the Apps bar. Click the Schedule a Meeting button that appears at the bottom of the left pane. From the New meeting window, enter the Title, Location, Start and End Date/Time, Details, Channel, and the names of the people you want to invite to the meeting. If you want to check people’s availability, click Schedule Assistant above the Details section to display your participants’ availability based on their Outlook calendars. Click the Schedule a Meeting button. The meeting is now scheduled and will appear in the Meetings section in Teams as well as in your Outlook calendar.

Article / Updated 06-05-2019

What is Microsoft 365 Business? It’s Microsoft’s answer to business productivity. Baby boomers (1946–1964), Gen X (1965–1979), Gen Y (Millennials, 1980–1994), and now Gen Z (Centennials, 1995–2012) are the four cultural generations now converging in the workplace. If you think simply having a cookie-cutter approach for driving productivity in the workplace is all that’s needed, think again. Consider this. Baby boomers grew up during a time of prosperity and see work as a 9-to-5 career until retirement. Gen Xers, on the other hand, have the highest level of education in the US, saw the fall of the Berlin Wall and the tragedy of Tiananmen Square, and see work as a contract — just a job. Millennials grew up with a computer and the initial stages of Internet at home. They do best in a flexible work arrangement and will account for 50 percent of the workforce by 2020. Centennials are the multitasking fiends, super-connected kids who can troubleshoot a baby boomer’s cell phone while building a website and Snapchatting with a friend. With such a diverse workforce and different work styles, businesses need to figure out a way to provide a flexible and productive work environment while ensuring data privacy and security. The best way to address this challenge is to embrace cloud technologies and adopt a business strategy to run a secure and productive enterprise. Enter Microsoft 365 Business. Realizing the value of Microsoft 365 Business Bring your own device (BYOD), touchdown stations, outcome-driven versus process-driven goals, flexible work arrangements, and data security and governance are just a few of the catchphrases you hear at work today. As businesses shift from the old-school approach to a modern workplace, they do not need to spend a lot of money and procure several solutions from different vendors. Microsoft 365 Business is a complete, intelligent, and secure solution delivered through the cloud that empowers employees to be productive with tools built for teamwork but designed to fit individual work styles. With one subscription, an employee gets a comprehensive productivity, security, and device management toolkit that doesn’t require expensive consultants and highly trained systems engineers to implement. This image provides a high-level comparison between several stand-alone solutions versus the bundled Microsoft 365 Business solution. Clearly, SMBs can benefit from the cost-effective, simplified, and integrated solution Microsoft 365 Business offers. Promoting teamwork in a diverse workforce with Office 365 We all work differently and have our own preferred method for communication and collaboration. In a team with representation from all four cultural generations, you could end up with someone who prefers phone calls, another who prefers email, someone else who thinks anything other than instant messaging is lame, and yet another team member who mainly communicates with emojis and office memes. Lucky for you, Microsoft 365 Business has a way to bring all these people together with a universal toolkit for collaboration: Office 365. Office 365 comes with four key workloads, or services: Exchange Online powers email, calendar, tasks, journaling, and more. It has built-in intelligence to protect users from phishing, spoofing, and so on. SharePoint Online provides online storage with built-in capabilities for real-time co-authoring and data protection. OneDrive for Business is part of this workload. Microsoft Teams (soon to replace Skype for Business) serves as a digital collaboration hub for online meetings, web conferencing, instant messaging, and more. Office ProPlus includes the familiar Office desktop applications: Word, PowerPoint, Excel, Outlook, OneNote, and Access. In addition to these key workloads, Office 365 includes productivity and security tools that integrate seamlessly across the entire suite of services. Following is a partial list of services included in Office 365: Delve and Yammer help you identify people in your organization with certain expertise. Office 365 Groups automatically gives team members a shared mailbox, file folder, and notebook. StaffHub is a retail store’s solution for managing shift schedules for workers or associates, allowing them to share files, swap schedules, and connect to company resources. Stream is your YouTube at work. You can upload and view videos, create channels for your team, and even watch videos with transcripts and closed captions. Putting together a complete list of services is challenging because Office 365 is a software-as-a-service (SaaS) offering and Microsoft is constantly rolling out new features. Stay on top of notifications you receive from Microsoft regarding updates to the service. In that way, you will know about new features and will be prepared for functionalities scheduled for retirement or deprecation. If you’re wondering how you could possibly use all these services, consider the scenario below. On any given day, an employee in a modern workplace can work smarter by using at least four capabilities in Office 365.

Article / Updated 06-01-2019

When you run a business, you have data and you collect data. Data can be in the form of proprietary information, employee data, customer data, or data from your vendors and partners. In today's digital age, data is the new currency. That’s why you need to take the time to implement some basic security for Office 365. Hackers know that protecting data is a challenge for SMBs, so it is no surprise that hackers increasingly target small businesses. A few years ago, ransomware from hackers who wanted a quick buck started out at around $5,000. Nowadays, with the availability of ransomware-as-a-service, victims have been asked to pay $1,500 to get their data back. Although you can't stop hackers from being hackers, you can stop them from making you and your Office 365 tools their latest victim. The first step in protecting your environment is to assume that you will be attacked. With that mindset, you can begin securing your front door and letting hackers know they're not welcome. Office 365 Advanced Threat Protection overview Statista.com studies show that 48 percent of email traffic worldwide is spam. When you're using Office 365, the emails you see in your mailbox are mostly ones that have passed the cloud-based mail-filtering system for spam (unwanted mail) and malware (viruses and spywares). This filtering system is automatically configured in the subscription, but you, as an admin, can tweak the settings to fit your company's needs. Hackers, however, have become smarter. To bypass these filters, they've resorted to social-engineering techniques to try to breach your environment. They employ deceptive techniques to manipulate you — for instance, to get you to give them your password. Office 365 Advanced Threat Protection (ATP) is a cloud-based solution that employs a multilayered approach to protecting not just email but also data across the Microsoft 365 Business environment, including SharePoint Online, OneDrive for Business, and Microsoft Teams. In the Microsoft 365 Business subscription, Office 365 ATP comes with two features: ATP Safe Attachments, and ATP Safe Links. Secure Office 365 using ATP Safe Attachments Here’s a story from a Microsoft 365 expert: “While traveling this year, I thought I’d use a 30-minute layover to be productive and check my email. I connected to the airport Wi-Fi and fired up Outlook; soon I was responding to emails and accomplishing a lot. As I was about to shut down my computer to start boarding my flight, I saw an email come in marked “Urgent.” It was from a colleague, with an attachment and a note saying she needed my immediate approval or the project we were working on would be delayed by four weeks. In my rush, I didn't verify the email associated with the sender and immediately double-clicked the attachment. As it turns out, even someone aware of phishing tricks can still fall prey to social-engineering tactics. Lucky for me, ATP Safe Attachments is running on my system, so instead of the hacker wreaking havoc, I was presented with a notification that the attachment was blocked.” The moral of this story is…use ATP Safe Attachments. The ATP Safe Attachments feature took the appropriate action based on the policies that were configured in Exchange Online. The policy allowed the user to see the body of the email but blocked access to the malicious file. Sophisticated machine-learning technologies, artificial intelligence, and a host of other automated systems run in the background in real time to ensure that the policies are in effect — that is the beauty of cloud technologies. Imagine if you were to do this all by yourself. You'd have to spend a ton of money, time, brainpower, and — actually, you simply couldn't do what this technology does. ATP Safe Attachments also works for files in SharePoint Online and OneDrive for Business document libraries. If someone loads malicious files in document libraries, the system detects them and prevents users from opening them. Here's how to set up ATP Safe Attachments for Office 365. Log in as a global administrator. In the left pane, under Admin Centers, select Security & Compliance. In the left pane, in the Microsoft 365 Security & Compliance portal, expand Threat Management. Then select Policy, and click the ATP Safe Attachments card. On the Safe Attachments page, select the box to the left of Turn on ATP for SharePoint, OneDrive, and Microsoft Teams. This action enables Safe Attachments in SharePoint Online, OneDrive for Business, and Microsoft Teams. Click the New button (+ sign) to create a new policy. In the New Safe Attachments Policy window, specify the name and description. Here, the policy has been named Deliver Right Away. Choose the action that's appropriate for your organization. In the example above, Dynamic Delivery was chosen. This choice delivers an email that contains an attachment immediately to the recipient. While the attachment is being scanned, a placeholder attachment is attached, and the user is notified that the attachment is being analyzed. After the scanning is complete, if the attachment is deemed safe, the attachment is reattached to the email. If the attachment is determined to be malicious, it is sent to quarantine, where the global administrator of Microsoft 365 Admin Center can review and manage it. In the Redirect Attachment on Detection section, select the Enable Redirect option and enter an email address. This step is required if you want someone investigate malicious attachments. In the Applied To section, in the *If… box, select The Recipient Domain Is. In the domain picker window that pops us, select the domain for your Microsoft 365 Business tenant that ends with .onmicrosoft.com, and then click the OK button. Click the Save button. A Warning window appears, reminding you that Dynamic Email Delivery is only for mailboxes hosted in Office 365. Click OK to close the window. You return to the Safe Attachments page, where you can see the Safe Attachment policy you just created. In the Save Attachments page, click Save to save your changes. If you're finished with creating policies for Safe Attachments, you can navigate away from the page by clicking any of the menus on the left or by closing the browser. ATP Safe Links Hackers are persistent. They will continue to find ways to try to breach your environment. If you close the door with attachments, they will try to open another door by tricking you into clicking a link in the body of an email or inside a document to take you to a malicious site. They may even make it so that the first time you click the link, it takes you to a legitimate website. If you click the link again, it redirects you to a malicious site! ATP Safe Links, another security feature in Office 365 ATP, verifies the link each time you click it in real time. If the link is malicious, and ATP Safe Links is configured, a warning page will appear to notify the user that access to the website is blocked. Office 365 ATP comes with a default policy for ATP Safe Links that blocks malicious links based on sophisticated machine-learning algorithms, artificial intelligence, and a bunch of automated processes. This service is constantly being updated, so stay current to align your policies based on what's new. As a cloud service, Office 365 ATP is updated regularly, so it's best to edit the default policy to ensure that all the new features are enabled for your company. To edit the default ATP Safe Links policy in Office 365, follow these steps: Log in as a global administrator. In the left pane, under Admin Centers, select Security & Compliance. In the left pane, under the Microsoft 365 Security & Compliance portal, expand Threat Management. Then select Policy, and click the ATP Safe Links card. On the Safe Links page, under the Policies that apply to the entire organization section, select Default and click the Edit icon (pencil). In the Safe Links Policy for Your Organization window, add any URLs you want to block. For added protection, select all boxes under Settings that apply to content except email heading. This default policy does not apply to email messages. You can use this as a guide to create your own policy to apply to emails. Click the Save button to save your changes. You return to the Safe Links page. If you're finished with creating policies for Safe Links, you can navigate away from the page by clicking any of the menus on the left or by closing the browser. Using encryption to protect Office 365 email Today, sending encrypted emails in Office 365 involves a few clicks. There is no software to install or keys to generate or share with others. All the magic happens in the backend. The IT admin doesn't even have to configure anything in the backend. That's because Microsoft 365 Business automatically comes with Office 365 Message Encryption as part of the Azure Information Protection service. Right out of the gate, licensed users can immediately take advantage of this security feature. Azure Information Protection labels As the name suggests, Azure Information Protection (AIP) is a cloud-based service designed to protect information. AIP includes a variety of features depending on the type of plan you subscribed to. One of the features of AIP is Office 365 Message Encryption (OME). Microsoft 365 Business includes AIP Premium 1, which includes OME. OME in turn, comes with the following four default labels: Encrypt: When this label is applied to an email, the entire email is encrypted and can be viewed only by the recipients of the email. Recipients can be people inside or outside your company. If the recipients of the encrypted email are using Microsoft cloud technologies such as Office 365 or Microsoft 365, no additional steps are required to decrypt and read the email. Recipients who are using another email system, such as Gmail or Yahoo, must complete a few simple steps to confirm their identity before the email is decrypted and becomes readable. Recipients of an encrypted email will not be able to remove the encryption. Do Not Forward: If the Do Not Forward label is applied to an email, the email will be encrypted and the recipient will not be able to forward the email to anyone. Confidential: The Confidential label allows anyone in your organization with a Microsoft 365 Business license to view, reply, forward, print, and copy the data. If an email labeled Confidential is accidentally sent to someone outside the organization, the recipient will still receive the email but the content will not be readable. The sender of the email will be able to track and revoke access to the email at any time. Highly Confidential: This label is similar to the Confidential label except that recipients will not be able to forward, print, or copy the data. These labels are accessible from the Outlook desktop application as well as its cloud version, Outlook Online. Sending an encrypted email in Office 365 No software installation, no key generation or distribution, and no admin setup and configuration. That's the promise of Office 365 Message Encryption. Sending encrypted messages from Outlook or Outlook Online is quick and easy with a Microsoft 365 Business subscription. To send an encrypted email in Outlook Online: In Outlook Online, click New Message to create a new message. Compose the email as you normally would. Enter the recipient's email address in the To line, the subject, and the message. In the top menu bar, click Encrypt. The Encrypt label is automatically applied to the email. You can apply a different label by clicking Click Change Permission in the gray bar above the recipient's name. Click Send. The email is sent and the screen reverts to Outlook's reading view. If the recipient of the email uses Exchange Online in Office 365 of Microsoft 365, the email will automatically be readable. If the recipient uses another email system, such as Gmail, the email will include a button that shows the recipient how to read the encrypted email. This image shows a recipient using Gmail. When the recipient clicks the Read the Message button, a new window opens. In the new window, the recipient is given two options for viewing the message: sign in with a Google account or use a one-time passcode. After one of these authentication requirements is met, the email is displayed.

Article / Updated 05-30-2019

To deploy Windows 10 by using Windows AutoPilot, Azure Active Directory first must know that the company owns the device. This means that the device will need to be registered in Microsoft 365 Admin Center with the device’s hardware ID. After the device is registered, it is ready for Windows AutoPilot deployment. Keep reading to find out how to register the device. Capturing the device ID for Windows AutoPilot If you want to repurpose a computer or laptop for Windows AutoPilot, you must first extract the device ID of the device by using PowerShell, a utility tool installed on any Windows 10 device. In this exercise, you will be doing some geeky stuff, but don’t worry. No prior coding experience is required. The only skill required is the ability to read and type. Capturing the device ID for Windows AutoPilot involves three steps: Get the script that will extract the information from the device. Save the script in a shared folder or a USB flash drive for later access. Run the script on the device from which you want to extract the device ID. Windows AutoPilot step 1: Get the PowerShell script If you don’t want to reinvent the wheel, you might consider using a PowerShell script that's already been shared and tested in the geek community. Here's how to get the script that seasoned professionals use: From a device already running Windows 10, click the Windows Start icon and then type PowerShell. Right-click Windows PowerShell and choose Run as Administrator. Copy and run the following commands, which are the Get-WindowsAutoPilot script: Set-ExecutionPolicy Unrestricted Save-Script -Name Get-WindowsAutoPilotInfo -Path Install-Script -Name Get-WindowsAutoPilotInfo Accept the change by typing Y in the Execution Policy Change section and then press Enter.The PowerShell window displays an error in red. In the PATH Environment Variable Change section, type Y and press Enter. In the Nuget Provider Is Required to Continue section, type Y and press Enter. Under Untrusted Repository, enter Y and then press Enter. After the command has run successfully, the last line in PowerShell will be PS C:\WINDOWS\system32>/ Close the PowerShell window by clicking the X in the upper-right corner. Windows AutoPilot step 2: Save the script After you complete the preceding steps, you can add PowerShell in your IT admin's toolkit (check here to find out how to get executive buy-in for Microsoft 365 Business) — and be able to honestly add to your resume your experience using the tool. That's just the beginning. Next, let's save the script so you can it to capture the device ID. Open File Explorer by clicking the folder icon on the taskbar, and then navigate to C:\Program Files\WindowsPowerShell\Scripts Verify that the Get-WindowsAutoPilotInfo.ps1 file is there. Copy the file to both a shared location such as OneDrive for Business or a document library in SharePoint and to a USB flash drive. You will need to access that script from the device for which you want to capture the device ID. Windows AutoPilot step 3: Run the script Now that the script is readily accessible, let’s capture the device ID. You will step through two scenarios in this process: Scenario 1: Capture the device ID from a device that is already in use. Scenario 2: Capture the device ID from a new device that has not been turned on yet and has not gone through the Out-of-the-Box Experience, or OOBE. To capture the device ID from an existing device for Windows AutoPilot: From the device, navigate to where the PowerShell script is stored. Copy the file to the C drive, placing it in the root folder for easy navigation in PowerShell. Open Notepad and type the following: .\Get-WindowsAutoPilotInfo.ps1 -ComputerName {ComputerName} -OutputFile .\MyDeviceID.csv Make sure to replace {ComputerName} (including the braces) with the name of your computer. Don’t close Notepad. You will need it in Step 5. So you and your computer have been buddies for a while, but now you realize that you don’t know your computer’s official name! Fortunately, your computer won’t take offense. Just click the Windows Start button, click Settings, and then select System. In the left pane, click About to find the device name under the Device Specifications group. Run PowerShell as an administrator per the instructions above (“Step 2: Save the script”). PowerShell will default to the following path: PS C:\Windows\systems32> Point PowerShell to the folder where the script is saved from Step 1 by entering the following command: cd\ PowerShell displays the following path: PS C:\> Copy the code you wrote in Notepad in Step 2 and paste it after the > character in the resulting PowerShell path (PS C:\>) in Step 4. Then press Enter. PowerShell runs the script in the background. When it’s finished, it reverts to the C:\> path. In File Explorer, navigate to Local Disk (C:). You will find the file with the device ID called MyDeviceID.csv. The .csv file will contain information about the device in the following order: Column 1: Device serial number Column 2: Windows product ID Column 3: Hardware hash With the device information in hand, you're ready to register the device in the Microsoft 365 Admin Center for Windows 10 AutoPilot deployment. Registering the device for Windows AutoPilot deployment In this step, you upload the .csv file with the device information to Microsoft 365 Admin Center, and then create and assign an Windows AutoPilot profile to the device. Here’s how: In Microsoft 365 Admin Center, find the Device Actions card, and then select Deploy Windows with Autopilot. The Prepare for Windows page appears. Click the Start Guide button. The Upload .csv File with List of Devices page appears. Click the Browse button to locate the .csv file you created previously. Navigate to the C drive on the device, select the MyDeviceID.csv file, and then click the Open button. The Upload .csv File with List of Devices page appears. Click Next. The Assign Profile page appears. Create a new deployment profile by entering a name in the Name Your New Profile and then click Next. The You Are Done! screen appears. Click X (close). It will take a few minutes for the device to show up on the list of devices registered for AutoPilot. When it does, the end user will be taken through the simplified out-of-the-box experience (OOBE) for joining the device to Azure AD when he or she turns on the machine. Stepping through the OOBE Because Microsoft, HP, Dell, and Lenovo are part of the Windows AutoPilot program, these manufacturers can load the required device ID for your organization in preparation for an Windows AutoPilot deployment. If you purchase new devices from these companies, ask them about loading the device IDs for you. If you prefer to have a Microsoft Partner help you with device purchases and working with manufacturers, contact [email protected]. After the devices are registered for Windows AutoPilot, the end-user’s experience for joining the device to Azure AD for management is greatly simplified. For the IT admin, the Windows AutoPilot process eliminates the need to even touch the device. So, if you have employees out in the field and one of them loses his device while out on a trip, that employee can basically go to a computer store, purchase a laptop, have the IT admin register the laptop for Windows AutoPilot, turn the device on, enter the credentials, and — voila! — the laptop is now protected and managed. The following sequence provides a glimpse into the end user experience when users first turn on a new device that has been registered for Windows AutoPilot: The end user selects a language and region. The end user validates the keyboard layout and confirms whether a second keyboard layout needs to be added. The end user connects to the network. The end user enters his or her Microsoft 365 Business credentials. The system finishes the setup (about 5 to 10 minutes) and then displays the default Windows 10 desktop. If the IT admin has configured the deployment to also install Office ProPlus, the applications will automatically start to install after a few minutes. If you followed along with these steps and successfully deployed Windows AutoPilot for your company, congratulations! That was no small feat in the past, requiring deep technical expertise or the hiring of consultants and systems engineers. If you ran into issues, help is available. If you purchased licenses directly from Microsoft, you can call Microsoft support. If you prefer to have a Microsoft Partner guide you through the deployment, send an inquiry to [email protected]. Ready to delve into apps and features? Check out these top ten Microsoft 365 Business tools.

Article / Updated 05-30-2019

The term information protection, or IP, is generally used to encompass industry standards and best practices for protecting information from unauthorized access. In the Microsoft ecosystem, Azure Information Protection, is a cloud service that allows organizations to classify data with labels to control access. Azure Information Protection can be purchased as a stand-alone license or bundled into a solution such as Microsoft 365 Business. Here is a breakdown of the features included in each of the four versions of Azure Information Protection. The AIP Premium P1 license is included in Microsoft 365 Business. The evolution of Azure Information Protection Azure Information Protection has gone through an evolution in the last few years, and you may have encountered this technology under a different name. Some of the technology's old names are Azure Rights Management Service (Azure RMS), Azure Active Directory Rights Management (AADRM), Windows Azure Active Directory Rights Managements, Information Rights Management (IRM), or to some, simply “The New Microsoft RMS.” You'll do yourself and Microsoft a great favor by forgetting all those old names and just sticking with Azure Information Protection. The latest iteration of this cloud technology now offers classification and labeling capabilities that can, in turn, apply rights management to protect files. At a high level, Azure Information Protection protects your data in three key steps: First, data is classified and labeled. For example, if a document is classified as confidential and should be available only to the recipients of the email, the label might be Confidential — Recipients Only.” Next, data is protected through encryption, access control, and policies based on the label. Continuing with the preceding example, a document marked with the Confidential — Recipients Only label will be encrypted so that only the recipients can read it. Finally, documents can be tracked, and access can be revoked if necessary. From the preceding example, the sender of the email may decide that one of the recipients should no longer have access to the document. In that case, the sender can revoke access for a specific user. Office 365 Message Encryption, or OME, is one of the features in Azure Information Protection. If you have the AIP Premium P2 license, you can avail yourself of additional functionalities, such as automatic classification for cloud and on-premises data. Here, you discover the features available in the AIP Premium P1 license. Activating Azure Information Protection To start using Azure Information Protection, the first thing you need to do as an IT admin is to activate the service in your Microsoft 365 Business tenant. Even if you think the service is already enabled, it doesn't hurt to verify. Here's how: Log in to Microsoft’s Admin portal with your global admin credentials. In the left navigation, under the Settings group, click Services & Add-in. The Services & Add-ins page is displayed. Select Microsoft Azure Information Protection The Microsoft Azure Information Protection window is displayed on the right. In the Microsoft Azure Information Protection window, click Manage Microsoft Azure Information protection settings. Confirm that Rights Management is activated. If it isn't, click the Activate button In this example, the tenant is already activated for Azure Information Protection. After you've confirmed the status of your Azure Information Protection settings, you can safely close the browser window or navigate back to Microsoft 365 Admin Center from the app launcher. Getting familiar with Azure Information Protection labels Azure Information Protection comes preconfigured with default policies and labels that are applicable for most organizations, including small businesses. Before you start thinking about configuring custom labels and policies for your organization, take the time to become familiar with the Azure Information Protection default settings. You might save yourself a lot of work creating and testing custom policies. If your Office 365 tenant was provisioned with Azure Information Protection after February 2018, the following labels and corresponding descriptions are already available: Personal: Non-business data, for personal use only. Public: Business data that is specifically prepared and approved for public consumption. General: Business data that is not intended for public consumption but can be shared with external partners as required. Examples include a company internal telephone directory, organizational charts, internal standards, and most internal communication. Confidential: Sensitive business data that could cause damage to the business if shared with unauthorized people. Examples include contracts, security reports, forecast summaries, and sales account data. The Confidential label is further broken down into two sub-labels: Recipients Only: Confidential data that requires protection and that can be viewed only by the recipients. This label will only appear in Outlook and will apply the Do Not Forward policy. All Employees: Confidential data that requires protection that allows all employees full permissions. Data owners can track and revoke content. Anyone (not protected): Data that does not require protection. Use this option with care and with appropriate business justification. Highly Confidential. Very sensitive business data that would cause damage to the business if it was shared with unauthorized people. Examples include employee and customer information, passwords, source code, and pre-announced financial reports. The Highly Confidential label is further broken down into three sub-labels: Recipients Only: Highly confidential data that requires protection and that can be viewed only by the recipients. This label will only appear in Outlook and will apply the Do Not Forward policy. All Employees: Highly confidential data that allows all employees to view, edit, and reply permissions to this content. Data owners can track and revoke content. Anyone (not protected): Data that does not require protection. Use this option with care and with appropriate business justification. If your Office 365 tenant was provisioned before March 21, 2017, you'll find that the General and Highly Confidential labels are missing. Their equivalent in the older tenants are Internal and Secret, respectively. To further explore these labels and corresponding policies, you need to navigate to the Azure portal and access the Azure Information Protection service settings. Here's how: Follow Steps 1-4 above to activate Azure Protection Information. On the Rights Management page, click the Advanced Features button A new browser window launches and the Azure Information Protection — Labels page is displayed. The Confidential and Highly Confidential labels are collapsed by default. To view their sublabels, click the arrow to the left of the label to expand the selection. A few words about Azure Information Protection policies On the Azure Information Protection — Labels page, note that the labels all have Global under the Policy column. By default, Azure Information Protection comes with a Global policy that is applied to all users in the tenant. You can edit this policy, but you can't delete it. You can also create new policies and configure them to your heart's content, but the Global policy will always be there. To view the details of the Azure Information Protection Global policy, follow these steps: Follow Steps 1-4 above to activate Azure Protection Information. On the Rights Management page, click the Advanced Features button A new browser window launches and the Azure Information Protection — Labels page is displayed. In the left menu, under the Classifications group, click Policies. On the right, the Configure Administrative Name and Description for Each Policy blade is displayed.The Policy: Global blade is displayed. Be careful about changing the default settings in the Global policy because it is applicable to everyone in your organization. You might want to create another policy first and test it out. If you decide to change the Global policy, make sure to save your changes. (If you forget and simply close the blade, the system will prompt you to save your changes.) Putting Azure Information Protection Into Action Implementing Azure Information Protection is not something you would do without thoughtful planning and the involvement of keys stakeholders in your organization. You need to make sure that the rollout is communicated to end users, training is delivered, and support is planned. As an IT admin implementing Microsoft 365 Business, you should perform some testing and become familiar with the process before you implement Azure Information Protection for the entire organization. After you've explored the Azure Information Protection service in Microsoft Azure, the next step is to put what you know into action. In this phase, you need your end users to participate. Installing the Azure Information Protection client You can have the greatest policies and labels for Azure Information Protection in Azure, but they'll be no good if your end users can't see and apply them. The AIP client, a program that is run on the end users' devices, solves this problem. Before you install the AIP client, make sure Office ProPlus is already installed but not running on the device. When you're ready to install the AIP client, do the following: Navigate to the Azure Information Protection client download page. The Microsoft Download Center appears. Click the Download button. The Choose the Download You Want window is displayed. Select AzInfoProtection.exe by selecting the box and then click Next. From the notification that pops up at the bottom of your screen, click (or double-click) Run. The system performs a security check on the download. When the check is complete, the Microsoft Azure Information Protection window pops up. Click the I Agree button. You can opt to install a demo policy (not recommended because it will clutter your user interface) or send usage statistics to Microsoft or both. In the User Account Control window that displays, click Yes to start the installation. You see the progress of the installation. When the Microsoft Azure Information Protection window displays Completed Successfully, click the Close button. The installation window disappears, and you're now ready to check that the Azure Information Protection client was successfully installed.To verify the installation, open a blank document in Word. You see the labels below the ribbon. Applying a label to a document Now that the Azure Information Protection client is installed, and the labels are displayed in the Office applications, it's time to put it to the test. Create a Word document and pretend that it's highly confidential. On the Sensitivity bar, click Highly Confidential and select All Employees. The label is applied, and the other labels will disappear. Run Outlook, start a new email, and attach the Word document. Note that Outlook displays the Sensitivity bar with the same labels you saw in Word. Enter the email address of a user in your organization. Enter an email address outside your organization, and then click Send. Outlook sends the email to the recipients with the Highly Confidential/All Employees label.In this exercise, the email will still go out to both the internal and external user. The internal user will be able to open and read the document from the sharing invitation. The external user, however, will be blocked from opening the document and will be presented with the message shown here. Revoking access to information Azure Information Protection protects your company information from falling into the wrong hands — even after it has fallen into the wrong hands. For example, suppose you realize that you accidentally sent a document to the wrong people and want to remedy the situation by revoking all access to the document. Here's what you can do, continuing from the example above: Open the protected Word document from the preceding exercise. A yellow bar appears, indicating the sensitivity of the document and containing a button to view the permissions for the document. On the Ribbon, click Home, and then click the Protect button. A submenu appears below the Protect button. On the submenu, click Track and Revoke to launch the document-tracking site. Your browser launches to take you to the document-tracking site. If this is the first time you've visited the site, log in with your Microsoft 365 Business credentials. After a successful login, the document-tracking site displays a summary of views of your document. Explore the tabs to see the robust features in Azure Information Protection. At the bottom of the document-tracking site, click the Revoke access button. The Revoke access page is displayed. Click the Confirm button at the bottom of the page. The Revoke Complete window is displayed. Click Continue to go back to the document-tracking page. In the Summary view, the document displays the Revoked stamp. One of the features that is most amazing in this solution is that in the Map tab, you can see where around the world users tried to access your document! So, if you ever find that someone from, say, Russia or Timbuktu tried to open your document even though all your users are in the United States, you’ll know that access to the document should be revoked.

Article / Updated 05-28-2019

Generally, people don't object to providing multifactor authentication when using ATM machines to withdraw cash. Train end users that their identities are just as valuable as the cash in their bank accounts and, as a result, the same security precautions should be followed. Microsoft processes billions of authentications monthly and the cloud intelligence they gather from such a scale allows them to detect and block tens of millions of attacks every day. As new types of attacks are detected in various parts of the world, Microsoft's systems automatically protect customers, such as those in your organization. For organizations that have implemented risk policies, Microsoft has seen compromises reduced by 96 percent. For those who implement multifactor authentication specifically, they see a 99.9 percent risk reduction. If you have any doubt as to whether you should embrace multifactor authentication, those statistics should be convincing. Admin tasks for setting up multifactor authentication in Microsoft 365 Business By default, Microsoft 365 Business tenants are enabled for modern authentication, a protocol required for multifactor authentication. If you're running a version of Office older than Office 2016 or have users who check email using Apple Mail, however, end users will need to create multifactor authentication app passwords because those legacy systems do not support two-step verification. To configure multifactor authentication service settings in Microsoft 365 Business, follow these steps: Log in to Microsoft 365 Admin Center. You need your Microsoft 365 Global Admin credentials. On the left, Under Users, click Active Users. The Active Users page is displayed. Click the More Settings icon (…) and then select Setup Multifactor Authentication from the drop-down menu that appears. The Users tab of the Multifactor authentication page appears. Click Service Settings. The Service Settings page appears. Ensure that the options appropriate for your organization are selected, and then click the Save button. The system saves the changes and displays a validation window to confirm that the updates were successful. From the Updates Successful window, click the Close button. The validation window disappears, and the Service Settings page is displayed. Enabling end users for multifactor authentication in Microsoft 365 Business To enable multifactor authentication for a user licensed for Microsoft 365 Business: Log in to Microsoft 365 Admin Center. You need your Microsoft 365 Global Admin credentials. From the left menu, Under Users, click Active Users. The Active Users page appears. Click the More Settings icon (…) and then select Setup Multifactor Authentication from the drop-down menu that appears. The Users tab of the Multifactor authentication page appears. In the list of users, select the box to the left of the user you want to enable for multifactor authentication. The right pane displays additional information about the user and actions you can take for the user. On the right pane below the end user's contact information, click Enable. The system displays a validation window to confirm your intent to enable multifactor authentication for the user. Click the Enable Multi-Factor Auth button. The system processes the changes and displays the Updates Successful window. Click the Close button. The Users tab of the Multifactor authentication page is displayed. In the Service Settings page is an option to enable the Remember Multifactor Authentication feature. This handy feature allows end users to bypass second-factor authentications on trusted devices for a certain number of days after they've successfully signed in using multifactor authentication. Although this is a great experience for end users, Microsoft recommends NOT enabling this feature and this is advice you should definitely heed. Otherwise, the device will pose a security risk if it is compromised. If you decide to enable this feature and a device is compromised, you must perform a task to restore multifactor authentication on all devices on which users have logged in with multifactor authentication. You can enable multifactor authentication for multiple users at the same time by selecting more than one user from the list. For large organizations, a bulk update option is available to save the IT admin from clicking thousands of users. To enable multifactor authentication for a large number of users, click the Bulk Update button, upload a file in .csv format with all the users to be enabled for multifactor authentication, and then follow the prompts to complete the process. From the same window, you can download a sample file to ensure that your .csv file follows the required format. How an end user registers for Microsoft 365 Business multifactor authentication You've done your due diligence as an IT admin and have communicated that multifactor authentication will be implemented in your organization to access Microsoft 365 Business. It's now time for your end users to do their part. The first step an end user needs to take is to register other methods for authentication. It is not enough that an end user is enabled for multifactor authentication; the end user also needs to complete the registration process. Here's the fastest way for an end user to register for multifactor authentication: Navigate to Microsoft’s sign-in page. The sign-in page is displayed. Enter your username and click Next. The Enter Password window appears. Enter your password and click the Sign In button. The More Information Is Required window is displayed. Click the Next button. The Additional Security Verification page is displayed. Choose the appropriate option under Step 1. To follow along with the example, choose Mobile App. Select Use Verification Code under How Do You Want To Use the Mobile App? section, and then click the Set Up button. The Configure Mobile App window appears. Follow the instructions and then click the Next button. This example uses the Microsoft Authenticator app. After the app displays the six-digit code, the system displays the Verifying App window and a notification appears on the Authenticator app asking you to Approve or Deny the sign-in request. On your mobile device, in the Authenticator app, tap Approve. The Additional Security Verification page appears. Click the Save button. The system processes the changes and then displays the Updates Successful window. Click the Close button. The user's Account page appears. If you’re like most, you don’t like reinventing the wheel. So here's a link from Microsoft about Azure Active Directory that you can use in your communication email to prepare your end users for the multifactor authentication implementation. Managing multifactor authentication for Microsoft 365 Business It happens. No matter how much you empower your end users to self-serve, those members in your Azure Active Directory will invariably reach out to you for help with requests related to multifactor authentication. Or you may need to take action to mitigate a risk from a compromised device. You manage user settings for multifactor authentication in the same location that you enabled multifactor authentication: the Multifactor authentication page. From the Users tab of the Multifactor authentication page, note the three statuses in the Multi-Factor Auth Status column: Enabled: The user is enabled for multifactor authentication but has not yet completed the registration. Enforced: The user is enabled for multifactor authentication and has completed the registration. Disabled: The user is not enabled for multifactor authentication. If for some reason you need to remove the multifactor authentication feature for a user, select the enabled user from the list, and then click Disable under Quick Steps in the right pane. If an enabled user's device is compromised, click Manage User Settings under Quick Steps in the right pane. In the Manage User Settings window that appears, select one or more options. Then click the Save button. Having trouble getting the green light for adoption? Use these ten tips to help get executive buy-in for Microsoft 365 Business.

Article / Updated 05-27-2019

Microsoft 365 Business is like the gift that keeps on giving. For $20 per user per month, your employees can have an enterprise-class email system, a robust online storage and collaboration solution, a boundary-less chat and telephony system, and the desktop version of Office applications such as Word, PowerPoint, Excel, and Outlook. All four of these key workloads have built-in security and privacy features that an IT admin can configure to his or her heart's content. Best of all, Microsoft 365 Business also comes with the Windows 10 operating system, which simplifies the maintenance and upkeep of an organization's Windows devices. But wait — there's more! In November 2018, 27 apps were available for end users with a Microsoft 365 Business license — great value for your company, but additional work for the IT admin if end users start using these apps and then ask the IT admin for support when they get stuck. Here, you discover the top ten Microsoft 365 apps and features to help you administer the services effectively and support your end users better. The service is constantly being improved, so be sure to stay up to date by checking the Microsoft 365 roadmap. BitLocker Microsoft 365 Business provides a Setup wizard to enable device and app policies in your Microsoft 365 tenant. In the process, a set of policies were configured to protect the Windows 10 devices in your organization. One of those policies is BitLocker. BitLocker is a disk encryption feature in Windows 10 that is included in the Microsoft 365 Business license. You will want to use this feature to protect data, especially sensitive data, saved in the computer's hard drive. As a best practice, end users with the Microsoft 365 Business license should save their documents in either OneDrive for Business or SharePoint so they can access those documents even when they're not using their work computer. But sometimes, people will save data on their laptop's hard drive. Without encryption, the data in the hard drive could pose a risk to the organization if the laptop were lost or stolen. With encryption, you can sleep well knowing that even if someone manages to log in to a lost or stolen device, the data stored in the hard drive is protected. Or maybe you have a broken laptop you need to mail for repair. Do you want to have unencrypted data handled by strangers? If you don't, use BitLocker. When the BitLocker setting is switched on in the device policy for Windows 10, end users licensed for Microsoft 365 Business will see intuitive prompts to start encrypting their Windows 10 device after it's synced to Azure Active Directory. The end user can use other applications while the encryption runs in the background. The BitLocker key generated when encryption is first run is stored in the end user's profile. If, for some reason, the system does not prompt the end user to turn on BitLocker, you can start it manually. Search for bitlocker in the Cortana search box and then click Manage BitLocker in the search results (left). In the , and then BitLocker Drive Encryption window that appears, click Turn on BitLocker (right). End User Communications Let's face it. Using a SaaS application such as Microsoft 365 Business has tons of advantages, but it can also accelerate the graying of an IT admin's hair. Why? Because Microsoft is constantly updating the service with new features and sometimes replacing features your users have become accustomed to. There’s good news for users experiencing issues. Microsoft can communicate directly with your end users on changes to the Microsoft products they are licensed to use. Simply enable the End User Communications service in your tenant, and everyone in your organization will receive an email from Microsoft when new features are rolled out or old features are removed. End users can manage their own preferences for the email communication from their security and privacy settings in Office 365. To turn on End User Communications, log in to Microsoft 365 Admin Center. Under the Settings group in the left navigation, click Services & Add-ins. Then click End User Communications, and toggle the switch to On. Microsoft Flow A famous quote on the Internet supposedly came from Bill Gates: “I choose a lazy person to do a hard job because a lazy person will find an easy way to do it.” If that attribution is true, apparently the people at Microsoft want us all to be lazy. This much be a thing because Microsoft 365 Business includes Flow, which is an application that automates your workflow. You can choose from more than 200 (and growing) templates to manage your work, stay informed, and streamline processes. For example, you can use a Flow template to automatically save email attachments to OneDrive for Business or a document library in SharePoint Online. If you have business processes requiring approval from several people, you can start with an approval template and customize it to fit your needs. You can also integrate Flow with third-party applications such as Slack, Gmail, and RSS feeds. No programming skills are required to use Flow templates. The step-by-step instructions are easy to follow. To find these templates, click the Flow tile from the app launcher when logged in to Microsoft 365. The image below provides a glimpse of the templates available in Flow. Go ahead and check them out before one of your end users beats you to it! Microsoft Forms Survey Monkey out. Forms in. Yes, it's true. You can skip paying for third-party applications to create surveys, polls, or quizzes. Your Microsoft 365 Business license includes the Forms app, which is enabled by default in your tenant. You can create surveys, polls, and quizzes for internal use only, or you can invite people outside your organization to respond to a form on a web browser or a mobile device. Forms can have branching logic. Each licensed user can create up to 200 forms, and each form can have up to 50,000 responses. Export form responses to Excel for analysis and reporting. You can disable Forms for an end user in Microsoft 365 Admin Center by toggling the switch Off for Forms in the user's licenses. If an end user creates a form and leaves the company, the forms created by that person will be deleted 30 days after the user is deleted from Azure Active Directory. Aside from the Microsoft Forms app, you can also create a form from OneDrive for Business and Excel Online. In OneDrive for Business, click New, and then click Forms for Excel to start a new form. In Excel Online, the Forms command is on the Insert tab. Microsoft Planner When you're in IT, you're bound to be involved in one or more projects at any given time. You don't want to drop the ball in those projects, so you need some type of project or task management solution. You probably don't have the budget for a complex enterprise project management solution like Microsoft Project. You're in luck. Microsoft 365 Business includes Microsoft Planner, a visual task management solution that helps organize teams working on projects. Planner allows you to quickly create a plan, invite others in your organization to the plan, and then start assigning tasks to the members of the plan. You can access Planner from the app launcher when logged into Microsoft 365. It has a task-board type of interface with easy drag-and-drop functionalities. A plan can be private (only members can see the content) or public (everyone in the organization can see the content). The My Tasks page aggregates all the tasks assigned to you, so you don't have to go to every single plan to manage your tasks. Planner is also synced with Outlook, so you can see the project schedule in the Outlook calendar. You can invite people outside your organization to participate as guests in Planner. Guests have limited functionality, but their access is sufficient to perform basic task management. Planner is enabled by default as part of the Microsoft 365 Business license. When someone creates a plan, the service automatically creates an Office 365 group and adds the members of the plan to that group. If you must disable Planner for a certain user, you can do so by deselecting the Planner license for the user in Microsoft 365 Admin Center. Microsoft PowerApps With Microsoft 365 Business, you and your end users can become app creators without going to programming school! PowerApps is a service in Office 365 that allows licensed users to create business apps that connect to data stored in various sources, such as SharePoint Online and Excel. Depending on the skill level of your end users, they can create apps in either the Power Apps Studio model or the App Designer model. The former is simplified to make building an app feel like creating a PowerPoint presentation; the latter is geared more for the geek in your organization who likes to tinker with model-driven apps. So go ahead and explore PowerApps. After you've built your first app, don't forget to update your LinkedIn profile to include Business App Development as one of your skill sets. One of the templates you'll find in the PowerApps portal is the Help Desk template. With a few clicks, you can create a mobile app that allows end users to submit support tickets from their phone and allows you to track the progress of the support tickets — without paying an app developer a few thousand dollars. Microsoft Search Have you ever used Bing to search for something? Well, you're about to make the search experience for your end users better with Microsoft Search in Office 365. With this feature, searches powered by artificial intelligence (AI) technology give users search results from within or outside your organization across Windows 10, Office Apps, SharePoint, Microsoft Teams, and Bing from a desktop or mobile device. The image below shows an example search experience when logged into Bing.com with a Microsoft 365 account. Searching for the keywords Azure AD give you search results from your Office 365 environment (including conversations in Microsoft Teams) as well as the Internet. Microsoft Search is a new service that was announced at the Microsoft Ignite conference in September 2018, so expect the service to continue to evolve. If you want to enable this feature in your organization, you must first activate Microsoft Search and then follow the Setup wizard. It usually takes less than five minutes to set up. Ready to turn it on? Navigate to Microsoft 365 Admin Center with your global admin credentials. Then, under Settings in the left menu, click Services & Add-in, click Microsoft Search. Then follow these steps: Turn the toggle switch to On next to Activate Microsoft Search under Step 1. Click Save. Click the Get Started button under Quick Setup Wizard (below Step 2), and follow the prompts. A new browser tab launches and the Microsoft Search admin portal appears. After you've configured Microsoft Search, you're on your way to making your end users even more productive with AI-powered search results relevant to them. But what's in it for you? Well, you can reduce the number of help desk tickets coming your way by embedding answers to common questions, such as IT resources, policies, and new hire information. Happy searching! Microsoft Stream As in YouTube, users can create channels, upload videos, and rate and comment on videos. Unlike YouTube, however, Stream is a secure video service that uses Azure Active Directory to manage the identities of the users, so you can protect sensitive company data. When you upload a video in Stream, you can choose to have the service automatically generate captions by using Microsoft's Automatic Speech Recognition technology. You can watch Stream videos from a browser on a Windows PC, a Mac, and mobile devices. The service automatically adjusts the quality of the video depending on your bandwidth. And because it's part of Office 365, Stream integrates well with SharePoint, Microsoft Teams, and Yammer. Stream also allows you to broadcast live events. Suppose you have a company meeting or announcement, but some employees are in the field and can't make it to the meeting in person. With Stream, you can broadcast your meeting live and have employees tune in from their Internet-connected devices. If you are the organizer of the live event, you can monitor how engaged the participants are in real time. You can access Stream from the app launcher in Microsoft 365. To manage Microsoft Stream, click Settings (gear icon) beside your profile while logged into Stream with your Microsoft 365 Business global admin access. In the Admin Settings for Stream, under Live Events, you can specify who is allowed to create live events by toggling the switch On or Off. Microsoft Sway Do you secretly covet the web design skills of a friend or coworker? With all the work required of an IT admin, who has the time to take online courses on HTML and web development? Well, there's no need to give up that dream. Assuming you know how to use Microsoft Word, you can easily create beautiful and interactive web pages in Microsoft Sway without writing a line of HTML code! Sway is a web-based storytelling platform in Office 365, whether that story is in the form of a financial report, a corporate presentation, or a step-by-step instruction on how to use a sous vide tool. You can add text, pictures, and videos or embed content from other sources. To get started, go to the Sway portal by clicking the Sway app. Then you can choose from and customize a variety of templates. Another way to publish a web page that looks great on any device is available. Suppose you have a Word document that outlines your organization's security policies and the actions your end users need to take to keep your environment secure. Your millennial employees are not interested in reading your flat, boring document. You can quickly transform that document into a web page worthy of a web designer's thumbs up with the Transform to web Page command in Word! Simply open the document, choose File, and then click Transform in the left menu. The Transform to web panel appears on the right with style options. Choose the style that resonates with your users, click the Transform button, and then watch magic happens as artificial intelligence turns your boring document into an awesome web page complete with eye-catching headings and pull quotes to break up long paragraphs and make text easier to read. Do you want to be an IT admin who can design web pages? Check that off your list with Sway. Service Health Most self-respecting IT admins start their day with a prioritized list of critical items to tackle to keep the IT environment running smoothly. This is frequently interrupted with a phone call from an end user with an issue. So, for the next few hours, you troubleshoot and deal with bugs. By the time lunch break rolls around, half the day is gone and you have not completed a single item on your list. Worse, the end user's issue is still not resolved. Here's a no-brainer tip: Before you troubleshoot any issue related to services in Office 365, check out the Service Help page to see whether Microsoft engineers are working on advisories and incidents. You can waste a lot of time trying to figure out why someone's email is not synching only to find out that there's an Exchange Online outage you can't fix. You'll find the Service Health dashboard in Microsoft 365 Admin Center under the Health group in the left navigation. The dashboard displays incidents and advisories that Microsoft engineers are working, along with the status, the effect on end users, a description of the issue, and the steps Microsoft is taking to resolve the issue. If a service doesn't have any issues, a green mark appears next to the service name. At a glance, you'll be able to decide whether or not you should be troubleshooting an end user's issue.