Office 365 – Naming convention for Office 365 Groups is available in preview

We already had a group naming policy available for Exchange security mail-enabled or distribution groups BUT this did not apply to Office 365 Group name. Starting today, and in preview, a group naming policy is available for Office 365 Groups; this will apply to Office 365 Groups AND Teams NOTE this functionality requires to have Azure AD Premium and the Azure AD Preview module (version 2.0.0.137 or later) To implement…

Read More

Office 365 – You can simulate an attack on your Office 365 (preview)

UPDATE March 10, 2018 – I have been informed the invitation code to join the preview portal is no longer valid Even if we all know Office 365 is quite secure by design, you may want to evaluate by yourself the security level of your tenant. While you already have the Secure Score (https://securescore.office.com/) functionality available, this will basically just help you to identify best practices to implement. Today, you…

Read More

Intune – Enable Windows Redeployment from logon screen

Starting with Window 10 build 1709, it is possible for administrators to re-initialize Windows 10 devices to remove personal files and settings and revert the device to an original state, while keeping the device enrollment. Enable the policy To make Windows Automatic Deployment available from the logon screen, you must first enable the policy; which can be done either with Intune (or any MDM supporting CSP) or with a Windows…

Read More

Azure – Hybrid Cloud Print service

Hybrid Cloud Printer Service is a new feature available on Windows Server 2016 allowing you to setup a print server/service available not only to AD Joined devices but also to Azure AD Joined devices. Using corporate print servers while using an Azure AD Joined device can be challenging for both end-users and IT staff. With this new feature, any Azure AD Joined devices will be able to easily setup and…

Read More

Azure – New role available in Azure AD for Azure Information Protection management

A new Directory Role is now available (in preview) to delegate Azure Information Protection management. This new role – Information Protection Administrator – allow you the delegation of the AIP management, granting permissions to configure policies labels and settings, configure and manage AIP templates or activate/deactivate AIP functionality. As usual you can grant this role from the Azure AD\Users management blade or even better using the Azure AD Privileged Identity…

Read More

Exchange Online – You can now manage calendar delegation with PowerShell

The MailboxFolderPermission cmdlet for Exchange Online is getting improved with the adding of a new parameter (SharingPermissionFlags) to let you manage calendar delegation. With this parameter, which only applies to Calendar folder when using the Editor access right, you can set the user as a delegate (as you do when using the Delegate Access from Outlook client). Below 2 commands using this new parameter: Set the delegate to view private…

Read More

Azure – You can now use PowerShell to create Azure App Proxy

As you may already know, Azure Application Proxy (AAP or Azure App Proxy) is an Azure feature allowing you to publish internal web application without opening any ports on your firewall. Until then, the only way to publish and manage Azure Application Proxy was to use the Azure administration portal, which could make it time consuming (and potentially open for mistake) when you had to publish multiple applications. Now, you…

Read More

Azure – Azure Information Protection Scanner management

Following my post to install and configure Azure Information Protection Scanner (AIP Scanner) (see https://t.co/RIvT261b7O) here are few thoughts when you come to manage AIP Scanner: All management operation for AIP Scanner are done with PowerShell. That said you need to logon as the service account you used to configure AIP Scanner, otherwise you will get a login failed for the current user If you try the run as another…

Read More

Azure – Use Azure Information Protection Scanner to automatically apply label and protect on-premises files

You may already Azure Information Protection (AIP) is used to protect and classify your data. You may aware you can also automated classification and protection for your data hosted online. Now, you can use Azure Information Protection Scanner to automatically classify and protect your files hosted on-premises, either on file servers or SharePoint (2013 or 2016). In a nutshell, we could say this is the replacement of the previous Azure…

Read More

SharePoint Online – New SharePoint Online administration portal

A new SharePoint Online administration portal is being deployed; as usual available first for First Release tenants. A link (Try the new SharePoint admin center preview – pointing to https://<your tenant>-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx) to the new SharePoint Online administration portal will be shown (when available) from the current SPO administration portal If you want to give a try to the new portal, just hit this link. This portal will then gives you…

Read More

Intune – You can now assign mobile app to all users

A new option has been his apparition on the Intune management portal when assigning applications. You can now assign an application as available to all users with enrolled devices; you do not need anymore to assign it to a group At the time of writing this post, this option is only available for Microsoft Store for Business app (I’m sure this will come too to Apple and Google stores) In…

Read More

Azure – Azure Application Proxy now supports wildcards

You may already know the Azure Application Proxy (or Azure App Proxy or AAP), used to publish internal web applications to the external world without opening communication ports on the firewall and which can be used to leverage Azure AD for authentication and SSO. Now, Azure App Proxy supports wildcards to publish multiple web application at once. This means you do not need anymore to publish each on-premises web applications…

Read More

Azure/Office 365 – Azure AD is now getting Administrative Units capabilities

An update is currently being deployed (first for First release tenant) to provide Administrative Units (AU) capabilities to Azure AD. AU capabilities are basically the equivalent of the Organizational Unit on Active Directory. This is going to deliver better delegated administration experience, like delegating administration to specific set of users/groups instead of delegating full Azure AD. This means you will be able to delegate administrative users/groups management to your regional…

Read More

Exchange Online – Get notified when users report Junk/Phishing emails

If you are using Exchange Online, you may already know the ‘Report message’ add-in to report junk or phishing emails But as an administrator, do you know where to get these reports, and do you know you can also get notified? I’m sure not, so here it is: Access Users Reported Message first, you can get all these reports and review them to take appropriate actions from the Security and…

Read More