Introducing the integrated Microsoft Threat Protection solution (public preview)

Introducing the integrated Microsoft Threat Protection solution (public preview)


Every day, attackers compromise endpoints, identities, and email to infiltrate and quickly expand their foothold in an organization. Customers need protection across these attack vectors to defend against evolving threats. Microsoft Threat Protection is an integrated solution that’s built on our best-in-class Microsoft 365 security suite: Microsoft Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration tools, Azure ATP for identity-based threats, and Microsoft Cloud App Security (MCAS) for SaaS applications.  


Within the suite we’ve been expanding our threat detection and automated investigation and response capabilities, as well as adding cross-product visibility, with additions such as automated incident response in Office 365 ATP, integration of MCAS and Microsoft Defender ATP for deep insight into cloud app usage, integration of Azure ATP with Microsoft Defender ATP, and more.  


Starting today, across the threat landscape security teams can correlate alerts to focus on what matters most, automate investigation and response and self-heal affected assets, and simplify hunting for indicators of attack unique to an organization. They can also use Microsoft Threat Protection to centrally view all detections, impacted assets, automated actions taken, and related evidence. 


Move from alerts to incidents

We are introducing the concept of “incidents, previously available only for endpoints. These incidents correlate alerts across threat vectors to determine the full scope of the threat across Microsoft 365 products.


For example, we can correlate the following attack sequence: Office 365 ATP observes a malicious email attachment. That attachment contains a weaponized Word document that is opened on the endpoint and observed by Microsoft Defender ATP. The attack then launches queries to the domain controller in search of user accounts to abuse, which is observed by Azure ATP. And, finally, corporate data is exfiltrated to a personal OneDrive account, which is observed by Microsoft Cloud App Security.   



All related alerts across the suite products presented as a single incident (alerts view) 


Cross-product incident (Incident overview) 


Automate threat response

Critical threat information is shared in real time between Microsoft Threat Protection products to help stop the progression of an attack. The central Microsoft Threat Protection logic orchestrates and triggers actions on the individual products. This includes blocking malicious entities and initiating automatic investigation and remediation. 


For example, if a malicious file is detected on an endpoint protected by Microsoft Defender ATP, it will instruct Office 365 ATP to scan and remove the file from all e-mail messages. The file will be blocked on sight by the entire Microsoft 365 security suite. 


Self-heal compromised devices, user identities, and mailboxes

Leveraging the capabilities of the suite products, the integrated solution uses AI-powered automatic actions and playbooks to return all impacted assets to a secure state. Within the portal security teams can use the Action Center to centrally view results of all automated investigations and self-healing actions and approve or undo specific actions.


MTP3.pngAction Center – see pending and historical actions taken by analysts 


Cross-product threat hunting

Security teams can leverage their unique organizational knowledge like proprietary indicators of compromise, orgspecific behavioral patterns, or freeform research to hunt for signs of compromise by creating custom queries over raw data. Microsoft Threat Protection provides query-based access to 30 days of historic raw signals and alert data across endpoint and Office 365 data.  


MTP4.pngQuery-based hunting on top of email and endpoint raw data 


Security professionals and customers with the Microsoft 365 E5 license are invited to explore the integrated Microsoft Threat Protection solution public preview. (Eligibility Requirements).  


Visit today to learn more. 

SharePoint Dev Weekly – Episode 63

SharePoint Dev Weekly – Episode 63

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:


In addition to drawing attention to the latest advancements being delivered by the SharePoint Community and Microsoft, Vesa and Waldek’s discussion this week focused on: The continued necessity for code analysis – server-side and browser-side. Fortunately, the job is made easier with the great contributions being delivered by the SPFx community that help drive solid coding projects. Thank you. In the coming week there are more events, fine tuning 1.10 release, CLI updates, and work on Fluid Framework capabilities sure to save users many hours of time.


This episode was recorded on Monday, December 9, 2019.


The above is kindly provided by the Microsoft Tech Community!

SharePoint Development Community (PnP) – December 2019 update

SharePoint Development Community (PnP) – December 2019 update

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:


Latest monthly summary of SharePoint Development guidance for SharePoint Online and on-premises is now available from the SharePoint Dev Blog. Check the latest news, samples and other guidance from this summary.


The above is kindly provided by the Microsoft Tech Community!

A behind the scenes look at how we secure the Microsoft 365 platform

A behind the scenes look at how we secure the Microsoft 365 platform

Hey everyone, and welcome to this first post on a topic that we will be talking a lot more about over time!


Microsoft 365 is one of the world’s largest enterprise and consumer cloud services, and customer trust is the foundation of our business: customers and people all around the world rely on us to securely operate and maintain some of their most critical assets. To maintain that trust, we invest heavily in securing the infrastructure that powers our services and hosts this data on behalf of our customers – keeping customer data private and secure is THE top priority for our business. This post, and the other ones we’ll share in this series, will shed light on what we do behind the scenes to secure the infrastructure powering the Microsoft 365 service.


As we think about how to secure our infrastructure, we recognize that the service continues to grow and evolve, both in terms of our user base and in terms of the products and experiences we provide to our customers, and so we must constantly work to stay on top of an ever-increasing surface area. Meanwhile, bad actors are not sitting still, either. Attacker groups seeking to exploit enterprise and consumer data continue to evolve, and customers looking to secure their most sensitive data are going up against the most sophisticated and well-funded adversarial organizations in the world, including nation state attackers with seemingly limitless resources.


To secure the service for our customers given these challenges, we focus on these three areas:

  • Building tools and architecture that protect the service from compromise
  • Building the capability to detect and respond to threats if a successful attack does occur
  • Continuous assessment and validation of the security posture of the service


In the rest of this post we will briefly explore each of these areas, or if you’d like to go deep, you can check out the full whitepaper here.


Designing for Security

Before getting into each of these areas, we wanted to touch on some of the major principles that guide our approach to service security. Here are some of the concepts that form the foundation of what we do to secure service infrastructure:

  • Data Privacy: We strongly believe customers own their data, and that we are just custodians of the service that hosts their data.  Our service is architected to enable our engineers to operate it without ever touching customer data unless and until specifically requested by the customer. 
  • Assume Breach: Every entity in the service, whether it is personnel administering the service or the service infrastructure itself, is treated as though compromise is a real possibility. Policies governing access to the service are designed with this principle in mind, as is our approach to defense in depth with continuous monitoring and validation.
  • Least Privilege: as above, access to a resource is granted only as needed and with the minimal permissions necessary to perform the task that is needed.
  • Breach Boundaries: The service is designed with breach boundaries, meaning that identities and infrastructure in one boundary are isolated from resources in other boundaries. Compromise of one boundary should not lead to compromise of others.
  • Service Fabric Integrated Security: Security priorities and requirements are built into the design of new features and capabilities, ensuring that our strong security posture scales with the service. At the scale and complexity of Microsoft 365, security is not something that can be bolted on to the service at the end.
  • Automated and Automatic: We focus on developing durable products and architectures that can intelligently and automatically enforce service security while giving our engineers the power to safely manage response to security threats at scale. Again, the scale of Microsoft 365 is a key consideration here as our security solutions must handle millions of machines and thousands of internal operators.
  • Adaptive Security: Our security capabilities adapt to and are enhanced by continuous evaluation of the threats facing the service. In some cases, our systems adapt automatically through machine learning models that categorize normal behavior (as opposed to attacker behavior which would represent a deviation from the norm). In other cases, we regularly assess service security posture through penetration testing and automated assessment, feeding the results of that back into product development.


The next sections will look into how we put these principles into practice to protect the service, mitigate risk if compromise does occur, and validate our security posture to make sure all of this works.


Minimizing the Risk of Compromise

Our favorite attack is the one that never gets started because we prevented it from happening in the first place. Broadly speaking, protecting the service from attack focuses on two vectors: people (making sure that the Microsoft employees who build and manage the service cannot compromise or damage it), and the technical infrastructure of the service itself (making sure that the machinery running the service has integrated defenses and is architected and configured in a most-secure default configuration).


When it comes to securing the infrastructure from internal operators, our motto here is Zero Standing Access (ZSA). This means that, by default, the teams and personnel charged with developing, maintaining, and repairing core Microsoft 365 services have no elevated access to the service infrastructure, and any elevated privileges must be authorized as shown in the flow below.


Illustration of the Lockbox JIT request process. No account has standing administrative rights in the service. Just in time (JIT) accounts are provisioned with just enough access (JEA) to perform the action that is needed


It is important to keep in mind that even with the approved elevated privileges, a specific restrictive account is provisioned just for that activity. This account is bound by time, scope and approved actions.  Ultimately, this is all about making sure that the blast radius for a single account is minimized: even if an internal operator’s account is compromised, it is by design prevented from doing any damage unless additional steps are taken.


Our protections go beyond restricting the blast radius of accounts. Network controls restrict the types of connections that can be made into our services, we also restrict the types of connections permitted between service partitions. This reduces the surface area for attackers to target for initial entry, and it also makes it harder for attackers to move around the service to find what they’re looking for.


Mitigating Risk if the Worst Happens

The assume breach model goes beyond designing architectural protections and access control policies: it means that no matter how effective those protections are, we cannot trust that they will always hold. We must assume a non-zero probability of successful attack, no matter how confident we are in our defenses. We need to have the ability to detect and mitigate these attacks against the service infrastructure before they result in a compromise of customer data.


Our work in this space spans security monitoring and incident response:

  • Security Monitoring: this is about building systems and processes to catch compromise to the infrastructure in real time and at scale, allowing us to respond to and stop attacks before they propagate throughout the service
  • Incident Response: we need tools and processes to mitigate risk and evict attackers, also in real time and at scale, in response to the alerts raised by our monitoring systems


Incident response is cloud-powered and service-aware. It can be triggered autonomously for basic actions, or manually for more complex scenarios. Remediation can take effect on a small number of machines, or across a service partition if necessary


As the diagram illustrates, automation and scale are priorities for us in this area. For us to catch and stop attacks against a service the size of Microsoft 365, our systems need to be intelligent enough to proactively and accurately alert us to potential issues, and we need the ability to respond quickly and at scale. Anything less simply won’t do given the scale of the service.


Constant Validation

Our assume breach principle is all about planning for the worst – given how seriously we take this philosophy, we would be remiss if we did not have a plan for mitigating potential gaps in our security posture. Indeed, we validate our security posture regularly, automatically, and through cloud-based tools (we hope that you notice a trend here).


We have two primary forms of validation:

  • Architectural and configuration assessment: verifying that promises we make about our service architecture (for example, that specific networks are correctly segmented or that machines are up to date with required patches) hold and do not regress.
  • Post-exploitation validation: simulating attacks directly against our infrastructure, with the goal of verifying that our monitoring and response systems work as expected in the production environment.


Both forms of validation run directly against the service infrastructure, and they do so continuously. If any regression in security posture does occur, we want to learn about it as quickly as possible so that we can repair it before it gets exploited by attackers.


Learn More

Securing the infrastructure of one of the world’s largest cloud services requires us to stay ahead of attackers while also keeping up with constantly increasing service scale and complexity. Maintaining customer trust in Microsoft 365 requires us to design our services to a robust set of core security principles and to make sure those principles are embedded deeply into service design and operations.


We have written a whitepaper that looks deeper into what this means, and we will expand on this and other security topics critical to our business in future papers. We hope you find this interesting and informative and look forward to hearing any feedback.


Thank you

@Adam Hall on behalf of the entire Datacenter Security team

New enhancements to Office 365 Message Encryption

New enhancements to Office 365 Message Encryption

We are excited to announce a few new enhancements to Office 365 Message Encryption that help broaden protection and simplify reading protected messages. Updates include:


  • Support for PDF attachments
  • Support for Shared Mailboxes
  • Mac prelicensing


Please read further for more details.


Support for PDF attachments

Office 365 Message Encryption enables users to seamlessly apply protection to the email and its attachments. That means the attachment inherits the same protection applied to the email – further protecting the sensitive content.


Previously only Office document  (e.g. Word, PowerPoint, Excel) were supported, but we are excited to share that Office 365 Message Encryption now also supports PDF attachments.




Recipients will be able to preview the protected PDF directly from Outlook on the web by end of December.  


 You can learn how to enable this setting here.

Preview PDF.PNG



Support for shared mailbox

We are happy to announce support for viewing protected content sent to a shared mailbox. Enterprise users who have been directly assigned access to a shared mailbox can now open and view protected content in that shared mailbox. Viewing of protected emails in  is now supported cross-platform (e.g. Outlook on the web, Outlook Desktop, Outlook for Mac, and Outlook for iOS and Android) with opening of supported protected attachments on Office in Windows and Mac, and Outlook on the web. Supported attachments include PowerPoint, Excel, and Word files. This functionality is now Generally Available, and no additional configuration is required to enable this. You can learn more here.


Outlook pre-licensing for Mac

In order to allow authorized users to view protected emails and attachments, Exchange automatically attaches a pre-license to protected messages. This eliminates the need for the client to make a service call to retrieve a use license and enables offline viewing of protected content. This functionality has been available on Windows Outlook by default for some time, and we are happy to announce that this has now also been enabled for Outlook on Mac and is Generally Available.


Get started


All these updates are available today. Please review documentation for further details. For any questions you can refer to our documentation.


Thank you!


Office 365 Groups @ Ignite – Recap

Office 365 Groups @ Ignite – Recap

Office 365 Groups is the membership service that drives teamwork and powers collaboration across Microsoft 365. With Office 365 Groups, a group of people can access and share a collection of collaboration resources, such as a shared Outlook inbox, calendar, SharePoint document library, a Planner, a Team, and more.


Recently, at Microsoft Ignite 2019 in Orlando, FL, the Office 365 Groups team delivered several session that included announcements of enhancements and new innovations for Office 365 Groups, such as new user activity-based expiration policy for Office 365 Groups, and the Groups Admin role, and best practices, such as creating a governance plan, enabling self-service, and leveraging analytics to understand usage.


The Office 365 Groups breakout sessions highlighted innovations across Outlook Mobile, Outlook Desktop, Outlook on the Web, Microsoft Teams, Microsoft 365 admin center, SharePoint Site URL Rename, Identity Governance, Yammer, and more. In case you missed it, you can view the Office 365 Groups sessions on-demand, and download the slide decks, as well.


Session Code Description
ADM20 Addressing top management issues with users and groups
BRK2052 What’s new and what’s next: SharePoint and OneDrive administration
BRK2056 Embrace Office 365 Groups: What’s new and what’s next
BRK2058 Deploy Office 365 groups at scale to power Microsoft Teams, Outlook, Yammer, and SharePoint
BRK2210 Finding your collaboration sweet spot with Office 365 Groups, SharePoint, Teams, and Yammer
BRK2233 The future of Yammer: Share knowledge, engage leaders, and build communities in Microsoft 365
BRK3264 Transform collaboration and fight shadow IT with Office 365 groups
THR2091 Master sharing and permissions of Office 365 in 20 minutes
THR2251 How Microsoft empowers employees through self-service collaboration while still protecting the company in Office 365
THR3043 Microsoft Teams and Office 365 Groups PowerShell MasterClass
THR3083 Office 365 Groups: Ask us anything


We’re also taking the learning path session for Office 365 Groups (Embrace Office 365 Groups: What’s new and what’s next) on the Microsoft Ignite The Tour, so if you would like to see it live, and interact with Office 365 Groups experts, register now for a city near you.




–The Office 365 Groups Team


Microsoft Ignite The Tour 2019/2020 guide to SharePoint, OneDrive, Yammer and Stream sessions

Microsoft Ignite The Tour 2019/2020 guide to SharePoint, OneDrive, Yammer and Stream sessions

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:

Our industry-leading conference is hitting the road—and coming to a city near you. You don’t want to miss the very latest in cloud technologies and developer tools with guest speakers, industry experts, and more. Get on the list today! This blog covers all the related sessions and content to learn more about SharePoint, OneDrive, Yammer and Stream – aka, SOYS.


“If learning is an act of exploration, then technology equips the explorer for the journey of a lifetime.”
– Anonymous.


If you were unable to attend Ignite in Orlando, FL last week, fear not. Now is your chance to soak up all the benefits of Ignite near your own back yard. Microsoft is bringing Ignite The Tour to a city near you.


Ignite-The-Tour_SOYS-sessions_002.jpgDive into the SharePoint, OneDrive, Yammer and Stream (SOYS) session at Microsoft Ignite The Tour.

In the SharePoint, OneDrive, Yammer, Stream (SOYS) and related tech space, keep a look out for the “Content collaboration, Communication, and Engagement in the Intelligent Workplace” learning path that consists of the below four 45-minute sessions in every city listed further below in the next “schedule” section:


  1. Content collaboration and protection with SharePoint, OneDrive and Microsoft Teams” [SOYS10]
    • Abstract: SharePoint connects the workplace and powers content collaboration. OneDrive connects you with all your files in Office 365. Teams is the hub for teamwork. Together, SharePoint, OneDrive and Teams are greater than the sum of their parts. Join us for an overview of how these products interact with each other and learn about latest integrations we are working on to bring the richness of SharePoint directly into Teams experiences and vice versa. We’ll explore new innovations for sharing and working together with data using SharePoint lists, and no-code productivity solutions that streamline business processes. Finally, we’ll explore how to structure teams and projects with hub sites.
  2. Connect the organization and engage people with SharePoint, Yammer and Microsoft Stream” [SOYS20]
    • Abstract: Company leaders recognize the need to transform their workforce, and organizations where employees are truly engaged report improved employee retention, customer satisfaction, sales metrics, and overall profitability. Microsoft 365 delivers the modern workplace and solutions that help you engage employees across organizational boundaries, generations and geographies, so you can empower your people to achieve more. Learn how SharePoint, Yammer and Stream work together to empower leaders to connect with their organizations, to align people to common goals, and to drive cultural transformation. Dive into the latest innovations including live events, new Yammer experiences and integrations, the intelligent intranet featuring home sites.
  3. The intelligent intranet: Transform communications and digital employee experiences” [SOYS30]
    • Abstract: The intelligent intranet in Microsoft 365 connects the workplace to power collaboration, employee engagement, and knowledge management. In this demo-heavy session, explore the latest innovations to help you transform your intranet into a rich, mobile-ready employee experiences that are dynamic, personalized, social and actionable. The session will explore new innovations for sites and portals, showcase common intranet scenarios, and provide actionable guidance toward optimal intranet architecture and governance.
  4. Harness collective knowledge with intelligent content services and Microsoft Search” (includes #ProjectCortex) [SOYS40]
    • Abstract: Join us to learn about the most significant innovations ever unveiled for knowledge management and intelligent content services in Microsoft 365. Get the latest updates on Project Cortex, Microsoft Search and other experiences that connect you with knowledge, insights, expertise, answers and actions, within your everyday experiences across Microsoft 365.

+ Microsoft Intelligent Intranet Accelerator Workshop (offered in 16 of the 30 Ignite The Tour cities)

  • Join us for an exclusive and interactive half-day event, targeted toward IT Decision Makers and Implementors around the world, ready to make a change to their intranet. Participate in deep technical sessions and immersive hands-on workshops. And explore real-world applications you can implement today to connect, succeed, and engage – faster.
  • Learn more, find a city near you and register for one of our FREE interactive workshops today.


As a primer for all things SOYS, we encourage you to view CVP Jeff Teper’s general session on-demand before attending The Tour, “The latest innovations in SharePoint, OneDrive, and Office for content collaboration in Microsoft 365” – from Ignite 2019 in Orlando, FL.


Upcoming 2019/2020 cities schedule nearest/best for you…


Below, find the upcoming city and date nearest/best for you, review the local SOYS learning path and individual sessions, and follow all the action throughout the year with #MSIgniteTheTour on Twitter.





  • Toronto, Canada (Jan.8-9): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Shenzhen, China (Jan.13-14): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • London, England (Jan.16-17): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Seoul, South Korea (Jan.21-22): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Osaka, Japan (Jan.22-23): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Milan, Italy (Jan.27-28): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Johannesburg, South Africa (Jan.30-31): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
    [note | links are not yet available for cities beyond this date; we will update as soon as they are available]
  • Washington D.C., USA (Feb.6-7): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Dubai, United Arab Emirates (Feb.10-11): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Sydney, Australia (Feb.13-14): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Taipei, Taiwan (Feb.17-18): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Singapore (Feb.20-21): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Prague, Czech Republic (Feb.24-25): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Copenhagen, Denmark (Feb.27-28): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Zurich, Switzerland (Mar.4-5): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Amsterdam (Mar.11-12): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Shanghai, China (Mar.18-19): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Hong Kong (Mar.25-26): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Madrid, Spain (Mar.25-26): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Mexico City, Mexico (Mar.30-31): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Mumbai, India (Apr.2-3): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Bangalore, India (Apr.7-8): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Chicago, USA (Apr.15-16): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Tel Aviv, Israel (Apr.22-23): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40
  • Berlin, Germany (Apr.29-30): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop
  • Stockholm, Sweden (May.5-6): Full SOYS learning path = SOYS10 | SOYS20 | SOYS30 | SOYS40 | Intelligent Intranet Accelerator Workshop


Microsoft Ignite The Tour 2019/2020 (Worldwide)

Microsoft Ignite The Tour brings the very best of Microsoft Ignite to a city near you. The tour provides technical training led by Microsoft experts and your community. You’ll learn new ways to build solutions, migrate and manage infrastructure, and connect with local industry leaders and peers.


100+ deep-dive sessions and workshops, 350+ experts. 
Learn | Connect | Explore.


Learn more at and follow the action on Twitter: @MS_Ignite, @SharePoint, @OneDrive, @Yammer, and @MicrosoftStream.  


Join in | Microsoft Ignite | The Tour, a global series of two-day tech events bringing Microsoft experts to a city near you.


Safe non-traveling, Mark

The above is kindly provided by the Microsoft Tech Community!

SharePoint Dev Weekly – Episode 60

SharePoint Dev Weekly – Episode 60

Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:



In this session of SharePoint Dev Weekly, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), discuss the latest news and topics around SharePoint development.


In addition to drawing attention to the latest advancements being delivered by the SharePoint Community and Microsoft, Vesa and Waldek’s discussion this week focused on:  Just because you can develop it, should you? 


This episode was recorded on Monday, November 18, 2019.



The above is kindly provided by the Microsoft Tech Community!

New functionality to make it easier to customize, manage, and secure Office 365 ProPlus

At Microsoft, we’re committed to protecting your data and helping your organization stay current and secure in today’s fast-moving, complex technology environment. And we’ve designed new innovations for Office 365 ProPlus to do just that. As announced at Microsoft Ignite 2019 last week, we introduced:

  • An update to the Office cloud policy service.
  • Deeper integration for managing Office 365 for Mac using Jamf Pro.
  • New tools for Configuration Manager to better plan Office deployment projects.
  • New security features for the Office client.
  • New Group Policy setting to enable users to install Insider builds.

Together, these new functionalities help you more efficiently adopt, deploy, and manage Office 365 ProPlus—regardless of the size of your organization and the platform you choose.

Cross-platform support* for the Office cloud policy service

The Office cloud policy service—initially announced for Windows earlier this year—is a cloud-based service that enables IT admins to enforce policy settings for Office 365 ProPlus users. The settings are enforced across devices, whether domain-joined, Azure Active Directory (AAD)-joined, or completely unmanaged. In short, the policy settings roam with the user.

Today, we’re introducing an update to add cross-platform support for Office on the web, Android, Mac*, and iOS* devices, giving administrators the ability to manage Office policies from a single portal for all their Office users. To learn more, read this article


Easier Office 365 for Mac management using Jamf Pro

Today, we’re announcing deeper integration for managing Office 365 using Jamf Pro. Our integration with the new Application and Custom Settings experience, which was demonstrated at the Jamf Nation User Conference (JNUC), allows IT admins to easily set Office 365 policies using a familiar forms-based interface. Mac administrators can centrally configure security, privacy, and update policies to deliver the very best Office 365 experience to their users, including:

  • Enabling friction-free sign-on to Office 365
  • Controlling privacy and telemetry options
  • Reducing the attack surface for sensitive devices
  • Increasing compliance levels through feature enablement
  • Lowering support costs by implementing desired update workflows


Pilot health and inventory tools to deploy faster

We’ve brought a pair of updates to the Microsoft System Center Configuration Manager—you probably know it as Config Manager—to help IT admins streamline parts of the device upgrade process. The first of these shows the health of pilot devices as it relates to a forthcoming upgrade. Pilots are a subset of devices you’ve selected to validate before deploying. With this update, that subset will also show the upgraded health of selected devices, including which are ready to upgrade right now. For those not ready, you can see what issues are blocking the upgrade and remediate those for faster deployment.


The second update, which enhances your existing inventory tools, leverages device telemetry to determine which devices running Office 365 ProPlus are ready to update to newer release. This update also provides insight into issues that are blocking an immediate upgrade, giving you the information needed to remediate problem areas.


Pilot health and enhanced inventory tools are just the beginning. With 80% of Office 365 ProPlus admins using Config Manager, we’re continuing to prioritize upgrades for the Config Manager console—including features like recommended configurations.


Safe Documents and Application Guard for enhanced file protection

On Tuesday, we shared Safe Documents, a new capability that brings the power of Microsoft Defender Advanced Threat Protection (ATP) to Office 365 ProPlus.  When a user has a document in Protected View and wants to consider that document “trusted”, the field will be automatically checked against the ATP threat cloud before release. Admins will have advanced visibility and response capabilities, including alerts, logs, and visibility into similar threats across the enterprise.


We also showed an early, live demo of Application Guard capabilities integrated with Office 365 ProPlus. When available in mid-2020, Microsoft 365 customers will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container instead of Protected View. From there, users will be able to view, print, edit, and save changes to untrusted Office documents—all while benefiting from hardware-level security. If the untrusted file is malicious, the attack is confined to the isolated container and the host machine is untouched. Users will be able to leverage Safe Documents to “trust” a document securely, and full reporting and audit trails will be available through ATP.


Group Policy to allow users to experience Office Insider builds  

Enabling your users to self-select into the Office Insiders program is as simple as delivering a policy.  This can be done by using the Office Cloud Policy service which is available in and via group policy. This policy makes it easy for you to enable which users can self-select their device to receive the Office Insider builds as they become available in order to try new features. Read more in this article.

Microsoft Teams deployed with Office 365 ProPlus

As a quick reminder, when you update to Version 1908 of Office 365 ProPlus in January, Microsoft Teams will be rolled out to existing installations on the Semi-Annual Channel. Learn more about deploying Teams as part of Office 365 ProPlus in this article.

Office 2010 End of Support

Finally, support for Office 2010 is ending in October 2020—but with Office 365 ProPlus, you can continue to stay current with the latest Office tools and security features, like the ones we described above. Read more in this blog.


Catch up on all other Office 365 ProPlus deployment content recorded at Ignite by following this guide. As always, learn what’s new in Office 365 ProPlus, watch our YouTube Deployment Insider channel, and join Office Insider Program.

You may also find the following additional resources useful:

*Office cloud policy service support for Mac and iOS devices is expected to roll out soon.

Your OneNote

From your flashes of inspiration at 2:00 AM to the list of funny things your children say, or that brilliant idea you had in the conference room, and your ever-growing list of household chores  OneNote holds the notes to your life to track all the things you need to keep in mind, but simply don’t have room for in your overworked brain. 


We enjoy the privilege of serving millions of customers like you, who each have unique needs and who use OneNote in unique waysOver the past year, we’ve been listening to your passionate feedback and are humbled by your consistent love for OneNote. We hear you loud and clear — you want to keep your notes your way! 


With that in mind, we’re pleased to announce that we are continuing mainstream support for OneNote 2016 beyond October 2020, so that you can continue using the version of OneNote that works best for you. New support dates for OneNote 2016 now align with Office 2019 (October 10, 2023 for mainstream support and October 14, 2025 for extended support). We also want to make deployment and installation easier for organizations and individuals, so for Windows users, starting in March 2020, when you deploy or install Office 365 subscriptions that include the Office desktop apps or Office 2019, the OneNote desktop app will be installed by default alongside Word, Excel, and PowerPoint. If you’d like to install OneNote 2016 earlier, you can get it here: 


And, of course, OneNote should look the way you want it to. That’s why this week we are rolling out Dark Mode for OneNote 2016This will be available for Office 365 subscribers and non-volume licensing Office 2019 customers. Dark Mode changes the app’s interface elements from light to dark. Using OneNote in this mode can improve readability in low light environments, increase legibility of the user interface as well as your notes, provide better contrast, and reduce eye strain. You might also use OneNote in Dark Mode simply as a personal preference. The choice is yours! 


We’re excited about today’s announcements and we’ll keep listening to your feedback to make your OneNote better and better! Please continue requesting features and telling us what you think via the in-app feedback. 


For more information check out our OneNote FAQ!