Security

This week I had the privilege to speak at DIWUG about securing your Office 365 environment. This time I started from a governance point of view. So what policies do we have and do we need before we can set up the security in Office 365. Also what licenses are available and do we need additional licenses to satisfy our security needs.

In the demos I showed how Conditional Access can help securing the environment and how Terms of use can be used for certain user groups or applications.

Today I had the privilege to speak at SharePoint Saturday Genève. I did a session about security in a cloud environment when you are moving from an on-premises environment to the cloud. The security then moves from your perimeter network to the user’s identity. The session gave an overview of the tools in Azure AD to secure the cloud identity.

[slideshare id=125157044&doc=20181206-spsgenevewearemovingtothecloudwhataboutsecurity-181206131838]

At my customer we are using Privileged Identity Management (PIM) for all admin related tasks, no employee has standing access within the company.

What is PIM

Let’s first start by explaining Privileged Identity Management. It is a service that is available in Azure AD and is part of Azure AD Plan 2. For a user to use it, they need this plan enabled. PIM makes it possible to give a user the privilege to elevate his or her access rights for a preset amount of time to a higher role such as User Administrator or SharePoint Administrator. PIM gives access to about 35 different roles in Office 365 and Azure resources where the user is by default a reader and can elevate it to be an owner of a resource (group).

This week I had the privilege to speak at Office 365 connect.

My session was scheduled on the second day at 9 am. My session was about Protecting your data in Office 365 and had the big room where the keynote was yesterday.

For me, this was the first time on a big event speaking and was a bit excited on doing this. After just a few minutes it felt good and had a great presentation with good feedback from the audience.

This weekend I had the privilege to speak at SharePoint Saturday in Leicester. Here I did a session on Protecting your data in office 365. I talked about how we did security before the cloud and what Microsoft provides to keep your data safe in Office 365. I showed Multifactor authentication with Conditional Access, disabling legacy authentication, Privileged Identity Management, Identity Secure Score and Password less Authentication.

See my deck below

It was that time of the year again to visit Belgium for their SharePoint Saturday. An excellent day organized by BIWUG.

This year was a tribute to an amazing SharePoint teacher who passed away too soon, Patrick Tisseghem. I did not know him but heard and read about him, I only was working 1 year with SharePoint when he passed away. During the day there were videos and photos about the things he did for the community.

In the week of September 24th, Microsoft held their biggest tech event of the year and I had the privilege to be there again. This post will give you a summary of my journey thru this week.

The official conference starts on Monday but on Sunday evening I got invited to the welcome party of Microsoft Netherlands to meet all Dutch participant, get to know the others and meet all we already know. This is a great way to start the conference.

In this post, I want to take you with me how you can use app credentials in an Azure Automation script to connect to SharePoint Online. Many PowerShell scripts use a username and password, but these are less secure than using an app credential and can also be used to login to SharePoint Online in the browser. By default, connecting to SharePoint uses basic authentication and many companies are on route to disable this to make use of conditional Access and MFA.

It was time again for the European Collaboration Summit. After the success of last year, I attended again. This time it was a bit closer to home in Mainz.

We started on Tuesday with a keynote from Dan Holme (@DanHolme) with a recap of the SharePoint Conference in Las Vegas from last week. The take a way’s for me were

• OneDrive can handle over 300 different filetypes with a preview; this works in the browser and on the mobile clients.
• The Scan feature will be placed more centered in the app so that you can scan receipts or whiteboards a lot quicker. No need for the separate app Office Lens anymore
• Text recognition for images so you can search for the content of the images.
• @Mentions in Word Document will send a notification to that user. If that user does not have access to that document, a share request is displayed.
• In Microsoft Teams there will come full support for SharePoint document libraries.
• Modern pages will get the ability to have extra metadata that can be used for user targeting
• Microsoft Training services will be available around the summer. This can help with the user adoption of Office 365
• Search extensibility will come to Office 365; this means search suggestions and SPFx extensions for search
• Modern Teams and Communication sites will be in SharePoint 2019

After the keynote, I went to the session “Enabling the protection, detection, and response to cyber-threats” of Martina Grom (@magrom)

There are various ways of security in office 365, this time I walk you thru the security possibilities for Email. As we start with the basics, we have the option to use an SPF record to protect us from spam on a very basic level. This is so basic and a requirement when you add the domain to Office 365.

As we go deeper into the security of the mail flow we see DKIM and DMARC. These two are not often used, but useful and easy to set up. So easy that it should be a requirement like SPF in my opinion.