European Collaboration Summit 2018

Page content

It was time again for the European Collaboration Summit. After the success of last year, I attended again. This time it was a bit closer to home in Mainz.

We started on Tuesday with a keynote from Dan Holme (@DanHolme) with a recap of the SharePoint Conference in Las Vegas from last week. The take a way’s for me were

  • OneDrive can handle over 300 different filetypes with a preview; this works in the browser and on the mobile clients.
  • The Scan feature will be placed more centered in the app so that you can scan receipts or whiteboards a lot quicker. No need for the separate app Office Lens anymore
  • Text recognition for images so you can search for the content of the images.
  • @Mentions in Word Document will send a notification to that user. If that user does not have access to that document, a share request is displayed.
  • In Microsoft Teams there will come full support for SharePoint document libraries.
  • Modern pages will get the ability to have extra metadata that can be used for user targeting
  • Microsoft Training services will be available around the summer. This can help with the user adoption of Office 365
  • Search extensibility will come to Office 365; this means search suggestions and SPFx extensions for search
  • Modern Teams and Communication sites will be in SharePoint 2019

After the keynote, I went to the session “Enabling the protection, detection, and response to cyber-threats” of Martina Grom (@magrom)

This session was all about the securing your environment and your users. You can technically secure your whole environment, but when your user is compromised, you still have a security breach. It is fairly easy to get a comprised user with social engineering. Martina showed some numbers around this

  • 100 users receive a phishing email
  • 23 of them opens it
  • 11 of them will open the attachment
  • 6 of them will do that within 1 hour of receiving

So, the biggest take a way here is that awareness of your users is a very important part of your security. You can build the best security possible, but when your users leave the door unlocked they still get in.

Quick wins here are:

  • Turn MFA on for all users
  • Enable mobile application policies
  • Have password self-service reset configured
  • Disable password policy renewal, educate your users to create one strong password and only use it for that single account

After a short break, it was time for a network session “Modern Enterprise networking connectivity architecture for SaaS Services” from Paul Collinge (@PCollingemsft).

This session explained what you could do to have the best performance in Office 365 and even get the same performance as you can get in an on-premises environment. The key here is to get from the user’s computer as fast as possible on the Microsoft Network. For a small business, this is usually already the case because they do not have the big infrastructure as the larger companies. The larger companies usually have some firewalls, proxy servers and other protection at the edge of the network. These appliances inspect or reroute the traffic, and this can cause some delays.

There are some changes needed in the way we setup these WAN networks since there are more SaaS services used. These SaaS services have huge benefits on getting the traffic as fast as possible. So the security should be on the application and not on the network for these services. So, do we need to do the full scanning of traffic at the edge of our network for these trusted services?

He suggested to do these things for Office 365:

  • Local egress
  • Differentiate traffic; check out https://aka.ms/o365ip for the endpoints of Office 365
  • Optimize route length
  • Assess network security

There are 8 URLs that are responsible for 75% of all traffic to Office 365

After this session, I went back to a session of Dan Holme about “Working as a team.”

In this session, he showcased the features of working with Microsoft Teams and how this can benefit the collaboration. He was stating that sharing a document is a good start but discussing a document works much better. Microsoft Teams is the hub for teamwork in Office 365 where you can communicate and collaborate. The admin pages for Skype for Business and Microsoft Teams will be combined to a single admin page. Here you can also see that the functionality of Skype for Business will be integrated into Microsoft Teams. The labels that you can select for a Microsoft Team and a team site is there for information purpose only; the will give the user the awareness on what they can or should do on that site. These labels can be customized to your business needs The setting of public and private on an Office 365 Group signals that on a private group a new member needs to be approved to gain access, on a public group the user gets access when they want to be added.

Then I went to a session with Christina Wheeler (@cwheeler76) about Modern team sites and communication sites. She showed what you get with these new templates and what the pros and cons are.

Modern team sites have the purpose of collaboration and are connected to an Office 365 group. These groups are private by default. On every page in a modern team site, there is an option to leave comments; this can be turned off at the page level and on tenant level. When disabled on tenant level it can take about one hour or more for it to take effect.

Communication sites have the purpose of giving information to the user. This template has three templates to choose from. Showcase, Topic, and blank

You can use this link to get assistance on what to choose when http://bity.ly/comm-or-ream

It is possible to transform a classic team site to a modern team site, more on that later in the post.

The last session of the first day was from Dan Holme again; now he had a session on “connecting and engaging employees.” He started with some statistics on the importance of employee engagement. The best companies have an employee engagement of 70% while the average company only has an employee engagement of 15%.

There are four areas of attention for employee engagement

  • Leadership connection
  • Better internal communication
  • Foster open sharing and learning
  • Insights into your workplace

There are a few ways of communication that Microsoft supports

  • Email; targeted and pervasive. It is private
  • Teams; Inner Loop, people you work with regularly on core projects
  • Yammer; Outer loop, people you connect with openly across the organization

The last session of the day was from Bert Jansen (@O365Bert). His session was about transforming classic team sites to modern team sites.

He started with stating that the classic sites are not going away. The major investment is on modern. All information can be found on this site https://aka.ms/sppnp-modernize

There are four steps to take to get from classic to modern

  1. Maximize use of modern lists and libraries
  2. Rework solutions / optimize branding
  3. Connect your site to an Office 365 Group
  4. Transform your classic wiki/site pages into modern site pages with a tool

On the mentioned page above are scanners available to find out what you have on your sites and what you need to do.

To connect a classic team site to an Office 365 group, you have several options

  • By clicking the button on the classic team site
  • OOB SharePoint PowerShell; Set-SPOSiteOffice365Group
  • PnP PowerShell; Add-PnPOffice365GroupToSite
  • Rest API
  • CSOM

We ended the day with a SharePoint. A great networking opportunity to meet all the sponsors and attendees.

Day 2 started with a deep dive session of Paul Collinge (@PCollingemsft) on “Office 365 Enterprise Network Connectivity Using published office 365 URLs & IPs”.

This session was a follow up from the session of day 1. He went deeper where you could get the IP’s for Office 365 services that you can use to bypass your firewall and proxies to make sure that traffic is on the Microsoft network as fast as possible.

On the page, https://aka.ms/o365endpoints are all the IPs for every service.

Here you can also download an XML file, but Microsoft is going to update this to a JSON file. This way you can script it for the services you need and update your firewall and proxies with ease.

The new page for this can be found on https://aka.ms/ipurlblog. There are three pages

  • /endpoints; provides the endpoints required for firewall ACLs or proxy servers
  • /version; can be polled to identify the latest version
  • /changes; returns specific changes that are made

There will be some change coming over the next few months on the number op IPs because they are relocating them.

After this deep dive session, I went to a session called “Securing Exchange Online” from Dave Stork (@dmstork)

He went over the option in Exchange online that can be used to make your Exchange Online environment more secure and what tools Microsoft has for you

He started with pointing out that from October 1st Exchange only accepts TLS 1.2, so if you have solutions that do not support this, you need to update them. But also think about applications that use SMTP like multi-functional devices.

The first thing to make it more secure is to disable all the protocols that you do not need like POP and IMAP. This can be done per mailbox with Set-MailboxPlan or on tenant level with Set-CasMailboxPlan.

Another approach is to use Client Access Rules, grant access only when certain conditions are met, these conditions are tested per session and can only be set with PowerShell. This can also be done with Azure Active Directory Conditional Access; the downside is that this is done only on the authentication

Use EOP; this is available for every mailbox, to extend this you have the option of Office 365 ATP.

  • ATP Safelinks; coming soon is that the original URL will be visible on hover over the link
  • ATP anti-phishing

Next, to this, you can configure SPF, DKIM, and DMARC.

DKIM will sign every email, and the receiver can check the origin

DMARC will let the receiver know what to do with an unauthorized email, sends reports what happens with your email

Make sure you have a process in place when a thing changes in your mail flow, so you can update the DNS records accordingly

Office 365 does not send any reports; you need a third party for this or an email address that you do it yourselves.

Next up was a session from Tony Redmond called “Managing Groups and Teams with PowerShell.”

A great session on what you need and could do with PowerShell and what modules you need when

There is a module for Teams but is limited, most of the tasks need to be done with the Exchange Online modules

Michel de Rooij has a great script that will let you connect to all services (https://github.com/michelderooij/Connect-Office365Services)

Microsoft Teams depends on Office 365 groups, and Azure Active Directory is the master of it all.

Use the Microsoft Teams modules where possible to update the Group otherwise, use the Exchange online modules

Another great advice he gave is to use server-side filtering instead of client side. It is much faster, and it does not need to send all the data back that is not used. When you need the GUID of a Group, use the ExternalDirectoryObjectId, this is the GUID from Azure AD.

This next session was amazing. It was by Dux Raymond Sy (@meetdux) and was called “How to develop your Office 365 Information Governance Strategy”.

He started with stating that 80% of the content is unstructured and the 20% that is structured is in HR-systems and similar products

With the boundaries fading where our data is, the need for an information governance strategy is becoming even more crucial

The biggest threat is the sent-folder, what data is sent around?

An average breach event costs $5.4Billion and $180 per record

There are four steps to developing your strategy

  1. Discover and classify your information
  2. Define Data Governance Policies
  3. Proactively enforce policies
  4. Report and Audit

He has great slides explaining it, so go thru them, I will link all the presentations at the end of this post

The next session was one from Gilles Pomier and Joelle Ruelle (@RuelleJoelle) about “Auditing and analysis methodologies for your Office 365 Tenant.”

They had some more reasons why you should use auditing besides having a Governance Strategy. You can:

  • Monitor activity
  • Detect Misuse
  • Improve resource allocation
  • Security
  • Measure & enhance adoption

Within Office 365 you have native tools

  • Activity reports
  • Security and compliance center
  • Cloud App security (E5)

Custom Tools

  • PowerShell and Power BI
  • Office 365 management Activity API

The default retention of the logs in Office 365 is 90 days, if you need more, query the data that you need and save it in and Database or Table Storage that you can use later

The last session of this event was from Brett Lonsdale (@brettlonsdale) about Column formatting in SharePoint Lists & libraries

He showed how it worked and did this by demoing most of the option.

These can be found on http://github.com/SharePoint/sp-dev-column-formatting

Because all the formatting is done in JSON, Chris Kent created a web part where you can select what you need and will give the JSON you can pass in the column

This can be found on his blog: https://thechriskent.com/2018/03/22/whats-new-in-column-formatter-1-2/

The conference ended with a closing party; here all the sponsors came on stage to select a winner for their price and some photo’s where taken of all the speaker.

And they announced that there will be one next year, this will be from June 3rd to June 6st 2018.

Presentations

At the end they said that all the presentation would be available on SlideShare. https://www.slideshare.net/collabsummit