Author Archives: Sathish Veerapandian

Microsoft Teams – Enable data loss prevention,ATP safe attachments,retention of files and conversations

Microsoft Teams, Retention Policies, Security December 17, 2019 Leave a comment

Security is considered one of the success factor for any implementations.With Office 365 security and compliance there are lot of options to enforce the security across Office 365 suite of products.We can enforce DLP on Microsoft Teams based on our requirement. ATP can be turned on for all file upload activities in Microsoft Teams. The best part is that now we do have option to enable retention as lesser as 1 day in Microsoft teams channel messages and chats.

Microsoft Data Loss Prevention have been protecting sensitive information across all Office365 platforms. The easiest part is that we already have more custom built-in templates which will be easier for us to create,test,evaluate the results and finally create one for the production.

DLP Policy in Teams:

To create a dedicated DLP policy for Teams navigate to security and compliance center – Create a new policy.

In our example we are creating a new policy which will block the sharing of PAN card number via teams channels and chats.

Continue reading

Microsoft Teams – Enforce Multifactor Authentication on guest accounts

Azure, Microsoft Teams, Security December 9, 2019 Comments: 10

Post the ignite sessions last month on Microsoft Teams, we have enhancements on security perspective that can be enabled which adds extra protection in any organization.

Inviting the external guest users to the teams channel have been a welcoming option for all of us which increases the communication between them and surges the productivity. However, there are few security guidelines that needs to be followed to ensure that our data is always secure even when they are shared outside the boundary. For instance, a guest account getting compromised where he is a member of a finance team will become a major security incident in any organization.

This article outlines the steps that can be carried over to enhance the security on Microsoft Teams guest accounts by enforcing the multi factor authentication.

Below are the steps to enforce the MFA on guest accounts:

First create a dynamic distribution group and target the guest account

Login to Azure AD Tenant with Admin privilege’s- Go to Groups – Create new group – make them security – membership type make them dynamic.

Continue reading

Use Azure Automation accounts, Run Books and Schedules to start stop VMs automatically running in Azure

Automation, Azure November 20, 2019 Leave a comment

By using this article, we can start/stop VMs during off-business houses.This greatly benefits the customers especially in cost optimization and manual task overhead of performing this action manually. But we need to make sure that the VMs that we are selecting is present in the same subscription where the automation account and this schedule is created by selecting only the required VMs and excluding the other VMs.

Login to Azure portal

Go to ALL Services and Type Automation Account and Create Automation Account.

Continue reading

Extend local AD extension attributes to Azure AD in a non-hybrid exchange online only environment

Active Directory, Azure November 19, 2019 Leave a comment

There might be a scenario where the environment has Azure AD synced users from local Active Directory. The mailboxes will be created directly in exchange online with no hybrid configured from the underlying time as a rule for new businesses.

Usually developers for customizing the login experience for different business units in their application consume the local extension AD attributes and its usually fine for fully on premise environments.

If we have exchange installed in the environment , the active directory schema will be extended to include user extensionattributes in the exchange mailbox properties.

There is another option of Using the Exchange Server install media, extend only the local Active Directory schema. Usually this option is not recommended. Doing this would add Exchange attributes to the local Active Directory. These attributes could then be set, and Azure AD Sync would then be configured to sync these attributes to Office 365.This option requires much testing, and there is always risk associated with AD schema changes.

Even in hybrid setup these values gets populated in Exchange online via exchange hybrid configuration for all users.

In the third scenario where we do not own a exchange hybrid and if the developer is using Azure AD via graph API and expecting these values on azure AD for the customization. In this case we have a better option of extending these values from the Azure AD connect by running them again and selecting only the required AD extension attributes.

Continue reading

Loads of exciting new features announced for Microsoft Teams on ignite 2019

Ignite 2019, Microsoft Teams November 15, 2019 Leave a comment

With Microsoft ignite sessions that happened last week there are lots of new end users functionalities, meeting room enhancements and better enhanced administration facilities were announced for Microsoft Teams. Below are the summary of the features .

Watch out more from the Ignite Session videos.

End user functionalities –
1)Ability to create Private Channels – Secure Private channels can be created and shared only with few audiences.This eliminates the need of creating multiple teams for secure communication. We can further restrict the Private Channels creation and visibility from the admin center.
2)Multi window experience between the chats – Ability to chat with multiple people at the same time and switch windows which was much requested feature in the user voice.
3)New Tasks experience in Teams – Helps better tracking of the tasks and have great option to view the stats on charts, schedule, boards and filter.
4)Yammer app in Teams – Allows to jump in yammer communities.Beneficiary especially on larger organizations and useful for employees to join and collaborate in a bigger communities and keep upto date on the new content.
5)Outlook addin for Teams – With the new addin it makes easier for sending the content of the email with all the context body and attachments. Sharing from channels have also been seamless.
6)Background Blur to the next level- We can add customize background blur with our custom images and change the background experience either to show as sitting on a beach or in a hotel etc.,
7)Turn on live captions – It makes easier to follow up on the team meetings. This is a live voice to text translation and helps especially in broadcast meetings as well.

Continue reading

Configure SendGrid in Microsoft Azure for email campaigns and smtp relay

Azure, Relay, SendGrid November 6, 2019 Comments: 4

With Microsoft Azure and SendGrid sending email campaigns for the organization will be a lot simpler. The SMTP relay configuration on applications for developers will be hassle free and much secure. We can go up to two SendGrid subscriptions on every azure account. Sendgrid gives a lot of adaptability towards utilizing either webapi on the application sending messages or to utilize the normal SMTP relay configuration.

This article outlines the steps carried over to create send grid accounts in Microsoft Azure.
Login to azure portal – Search for SendGrid and create SendGrid account.

We must select the pricing tier. Good thing is that we get F1 free with Azure subscription of 25000 emails per month which has custom API integration with advanced tracking mechanism.

Continue reading

Analyze the office 365 adoption with Microsoft 365 usage analytics

Office 365 October 20, 2019 Leave a comment

Office 365 adoption preview helps to have insights of the Office 365 utilization trends for the whole organization.This helps organization on identifying the departments who needs training and places where there is real success on office 365 aquisition.

With Microsoft 365 usage analytics integrated with Power BI , we get much visibility on how Office365 is been utilized.It is a pre built content pack and do not need to create any customization on getting the reports.

This content pack is free of charge and works well with powerBI free service and can customize the dashboards with reports.We do not need to have a powerbi pro or premium license to utilize this service.Once we connect this content pack it can be shared with anybody. However if the user attempts to share, export the report then powerbi pro license is required. For viewing only the data powerbi free license is much sufficient.

The moment when we connect the data pack it provides the data for last 12 months. Later it refreshes in a weeks time. We do have an option to customize the refresh schedule.

Continue reading

Script to generate office 365 groups created on last 30 days

Office 365, Scripts October 16, 2019 Leave a comment

By default it is enabled for users to create the office365 groups. There are few organizations where they do not need to restrict this group creation because these groups are heavily influenced on utilizing the office365 services Sharepoint,Yammer, Microsoft Teams, PowerBI , Outlook, Planner and Road Map which in turn might decline the office 365 user adoption rate.

The below script can be used to run in task scheduler on a monthly basis for reviewing the Office 365 groups which have been created in last 30 days and will email us the report.

Below is the sample output of the script which will provide us the below details.

Continue reading

Configure Exchange Online to reject emails that fail DMARC validation with organizations having policy of reject

DMARC, Office 365, Security October 8, 2019 Comments: 6

By default Office 365 DMARC validation for internet emails that fails for policy P=Reject will make the email to land in junk folder of the recipient mailbox. Microsoft 365 will treat DMARC policies of quarantine and reject in the same way, which means that if the sender’s DMARC policy is set to reject or quarantine, the emails that fail DMARC will be sent to the junk folder of the recipient mailbox which is by design as of now and can be found in the Microsoft Article.

Microsoft believes that the main agenda of doing this is to ensure that any legitimate emails which misses in DMARC alignment shouldn’t be lost and its better either to quarantine them or to get them delivered recipient’s junk mail folder. There are few cases wherein few organizations would still need the DMARC policy to be stringent due to their security regulations.

Microsoft validates DMARC and overrides the failure with a header value for a domain whose DMARC TXT record has a policy of p=reject oreject. Instead of deleting or rejecting the message, Office 365 marks the message as spam.

To test it further we are publishing SPF, DKIM and DMARC record for the domain ezcloudinfo.com as below:

Continue reading

Readiness and steps to Configure Direct Routing in Microsoft Teams

Microsoft Teams, Office 365, PSTN October 2, 2019 Comments: 2

Earlier to enable enterprise voice with calling plan on skype for business online we would need to install cloud connector locally on a virtual machines as a separate appliance which requires complex configuration for integrating with the certified session border controllers.

Now Microsoft have made it easier to configure them with direct routing where we do not need to deploy the cloud connector agent locally in the on-premise systems.

When paired with Microsoft Calling plans or direct routing with local ISP calling plan, they provide a full enterprise experience for office 365 users in Teams on a global scale. With Direct Routing we can Connect Existing Telephony Infrastructure to MS teams with the help of  local session border controllers. A SIP connection is created between the cloud call controllers and our local session border controllers.

In this article we will look at the options , readiness and steps  to Enable users for Direct Routing from the Microsoft office 365 perspective.

Readiness for Direct Routing:

Decide on Session Border Controller (Self or hosted SBC):

Session border controller connects Teams call to PSTN next hop or to the configured sip trunk with the local ISP. Here we have two options either to have own session border controllers on premise or to have this functionality hosted to a managed service provider who will host the session border controller for your organization to perform the SIP proxy and the PSTN routing for Microsoft Teams.

Make sure to select the supported session border controllers by Microsoft to configure direct routing in Microsoft Teams.

Figure out licenses based on deployment: Decide on media bypass Configuration

We need to figure out licenses on Microsoft office 365 to utilize the full enterprise functionality of Microsoft Teams.

Option1: Full Microsoft License

In this case no direct routing is required unless there is coexistence required with existing telephony system because we will be having the full calling plan with Microsoft and will utilize the Microsoft call controller, PSTN, Media controllers and Media processor.

Continue reading