Microsoft Teams Global Availability

Today on March 7th, 2017, Microsoft has announced the Microsoft Teams Global Availability. Per Microsoft announced, Microsoft Teams global availability celebration will start on Tuesday, March 14th at 8:30am PDT. The celebration agenda is going to be the Microsoft Teams Global Availability.

Microsoft will host an online event to celebrate Microsoft teams global availability and Microsoft Corporate Vice President Kirk Koenigsbauer and a special guest will share perspectives around new stuff in Microsoft Teams and how customers are leveraging Microsoft Teams in Office 365 to collaborate and be more productive.

You can register for online event by from here 

Microsoft Teams Global Availability

 

 

Office 365 Email Protection with DKIM and DMARC

Introduction

Email spoofing is the most common challenge that every organization is facing in current digital world regardless of the size of the organization. Office 365 email protection with DKIM and DMARC helps organization to protect against spoofing that tend to have increased number of spam emails. DomainKeys Identified Mail (DKIM) and Domain-based Messaging and Reporting Compliance (DMARC) checks trusted authenticated sender to prevent untrusted senders from sending spoofed emails.

Inbound validation of DKIM and DMARC is supported in Office 365

What is DKIM?

Domainkeys Identified Mail (DKIM) is a method to validate a digitally signed messaged that appears in the DKIM Signature header in the message headers. It ties an email message to the organization responsible for the message.

Office 365 Email Protection with DKIM and DMARC

More details on DKIM can be found on TechNet.

What is DMARC?

Domain-based Messaging and Reporting Compliance (DMARC) is designed to protect email spoofing when the phisher has spoofed the 5322.From email address that is the email address displayed in email clients like outlook. Sender Policy Framework (SPF) protect the phisher to spoof the emails from 5321.MailFrom. DMARC catches the case that is more deceptive. DMARC results are stamped in authentication header of email.

DMARC evaluate both DKIM and SPF and ensure that the domain matches the domain in 5322.From address. SPF does not protect against 5322.From spoofed emails.

Q: Helo woodgrovebank.com
Q: Mail from: phish@phishing.contoso.com  <– 5321.MailFrom
Q: Rcpt to: astobes@tailspintoys.com
Q: data
Q: To: “Andrew Stobes” <astobes@tailspintoys.com>
Q: From: “Woodgrove Bank Security” security@woodgrovebank.com  <– 5322.From
Q: Reply-To: “Woodgrove Bank Security” <phish@phishing.contoso.com>
Q: Subject: Woodgrove Bank – Action required
Q: Greetings User,
Q: We need to verify your banking details. Please click the following link to accomplish this.
Q: http://short.url/woodgrovebank/updateaccount/12-121.aspx
Q: Thank you,
Q: Woodgrove Bank

The end user will see this information as below.

This email can pass SPF check if the phisher has published the SPF check for woodgrovebank.com but as we know the phisher has spoofed the email using 5321.MailFrom and DMARC will fail on this email. DMARC configurations are already in place in Office 365 for inbound emails and you don’t have to configure anything. In next blog article, we will look into how we can configure DMARC for outbound emails in Office 365.

For more information on office 365 email protection with DKIM and DMARC, please go through the following posts.

Customized Office 365 OWA URL

When you are working with your customers to transition them to Office 365One of the most important ask is to have customized Office 365 OWA URL to ease end users and have them not to remember something that is not related or company branded like outlook.office.com. I received these type of requests almost on all of my engagements when customers are moving to Office 365 from on-premises messaging environment to Office 365 or a 3rd party messaging system.

This blog post is not applicable when you have Exchange hybrid deployment. Exchange hybrid deployment has a lot of different things and scenario’s.

Office 365 OWA can be accessed by users by visiting the known URL of Office 365 i.e. http://portal.office.com and click on the Outlook icon to access the mails in Office 365. Users can also access their emails on OWA by visiting http://outlook.office.com URL but for users to have it customized Office 365 OWA URL to visit for accessing the emails is something that can be company branded like mail.msexperttalk.com?

In order to setup the OWA URL redirection for your organization’s customized Office 365 OWA URL, you need to create a CNAME entry in your public DNS to point to outlook.office.com. 

Create CNAME record with the name of Mail and point it to outlook.office.com 

Once the CNAME records are in place for both public and private DNS of the company, your users now can access OWA by using customized Office 365 OWA URL by visiting http://mail.domain.com and in my case it’s http://mail.msexperttalk.com. You can visit the Office blog site to see the details of other DNS records requirements for Office 365.

 

Whitelist Senders and domains in office 365 to bypass Spam filters

Introduction

Office 365 provides  number of tools to maximize the security to secure corporate information based on unique business and technical needs. When built-in Office 365 filters over qualify suspected SPAM, there are a few simple steps administrators can take to whitelist senders and domains in Office 365 to bypass spam filters. It can be a bad experience for end users when legitimate email is being quarantined or blocked as spam and landing in a quarantine folder.

It’s recommended that you being an admin should review your filters so that critical messages bypass the spam folder and reach their intended recipients

You can leverage a safe sender list or a custom transport rule to bypass spam filtering and prevent legitimate email messages from getting marked as junk. Marking a legitimate message incorrectly as spam by the spam filter is known as false positive.

Whitelist Senders and Domains in Office 365

To whitelist senders and domains in office 365 to bypass the spam filter requires you to perform the following steps.

Whitelist Senders and domains in office 365 to bypass Spam filters

  • Scroll down to the bottom and expand “Allow List

Whitelist Senders and domains in office 365 to bypass Spam filters

 

  • Click on “Edit” button to add the Allow Sender and Allow Domain list

Whitelist Senders and domains in office 365 to bypass Spam filters

  • Once the users email address is added, click on button to add the users to the safe sender list

Whitelist Senders and domains in office 365 to bypass Spam filters

Emails from safe sender list users will not be checked for spam filters and be delivered to recipients

  • Once the safe sender list of users is configured, next step is to configure the safe sender domain list.
  • Click on “Edit” button to add domains to allowed domain list

Whitelist Senders and domains in office 365 to bypass Spam filters Whitelist Senders and domains in office 365 to bypass Spam filters

  • Once the domains are added, emails from these domains will not be checked by spam filters and delivered to users

It’s important to understand that when you add a safe user or domain to the list, you must know the user or domain is legitimate and will not send you a spam email that can harm business operations. Mostly these lists are being configured for business partners or internal applications when sending an email leveraging another media to deliver the emails to mailboxes hosted on Office 365 or systems leveraging exchange online protection to scan the emails before those are being delivered to end user mailboxes.

Bulk Assigning Customized licenses in Office 365 using Powershell

Introduction

Bulk assigning customized licenses in office 365 using PowerShell is one of those rare asked that customer can ask you to do based on their business and technical requirements. I have been working with many enterprise customers and many of them come up with the same request to only assign the license for specific workloads in Office 365 as they do not prefer to assign the license of any workload for which they haven’t done the planning and implementation according to their business angod security requirements. I do support and highly recommend this approach and it’s a best practice to make your services highly secure and controlled. If you have a customer with few thousand licenses than it’s not feasible to assign them a license via office 365 GI and bulk assigning customized license in office 365 using PowerShell is the optimal method to achieve your goal.

This blog post is focused on customizing the E3 license to only assign Exchange online, Skype for Business, Azure Rights Management and Office ProPlus license to user population

Bulk Assigning Customized licenses in Office 365 using PowerShell

Bulk assigning customized licenses in Office 365 using PowerShell requires you to perform the following steps in PowerShell.

  • Login to a machine that has Windows Azure PowerShell module installed and launch the powershell console
  • Run the following cmdlet and enter your Office 365 Global Admin credentials in the prompt

$creds = Get-Credential

Bulk Assigning Customized licenses in Office 365 using Powershell

  • Enter the following cmdlet to connect to Office 365 PowerShell

Connect-MsolService -Credential $creds

Bulk Assigning Customized licenses in Office 365 using Powershell

  • Once you are connected with Microsoft Online Services, run the following cmdlet to get the AccountSkuId and SkuPartNumber

Get-MsolAccountSku |ft AccountSkuId,SkuPartNumber

Bulk Assigning Customized licenses in Office 365 using Powershell

  • Make a note of AccountSkuId and SkuPartNumber as we need these for our next step
  • Run the following cmdlet to get the status of your services provisioned. Use the SkuPartNumber that you received in previous cmdlet. As we are only working on E3 license, our SkuPartNumber is “EnterprisePack”

$ServicePlan = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “EnterprisePack”}

Bulk Assigning Customized licenses in Office 365 using Powershell

 

  • Run the following cmdlet to check the status of service provisioning

$ServicePlan.ServiceStatus

Bulk Assigning Customized licenses in Office 365 using Powershell

Ignore the status of PendingActivation for Intune_O365 as we are not leveraging Intune in our infrastructure.

All service plans that are available as part of your EnterprisePack will be returned that comes with E3 license. As you can see, we have received the following services as part of our E3 license

  • FLOW_O365_P2
  • POWERAPPS_O365_P2
  • TEAMS1
  • PROJECTWORKMANAGEMENT
  • SWAY
  • INTUNE_0365
  • YAMMER_ENTERPRISE
  • RMS_S_ENTERPRISE
  • OFFICESUBSCRIPTION
  • MCOSTANDARD
  • SHAREPOINTWAC
  • SHAREPOINTENTERPRISE
  • EXCHANGE_S_ENTERPRISE
  • Now we have all the services plans available as part of our E3 license, next step is to create a custom license SKU based on your requirements. In our current scenario, i was required to only allow Exchange, Azure Rights Management, Skype and Office ProPlus to end users. This is done by disabling the plans that we do not want to make available to end users. Run the following cmdlet to disable the undesired plans

$LicOptions = New-MsolLicenseOptions -AccountSkuId “365talk:ENTERPRISEPACK” -DisabledPlans FLOW_O365_P2,POWERAPPS_O365_P2,TEAMS1,PROJECTWORKMANAGEMENT,SWAY,YAMMER_ENTERPRISE,SHAREPOINTWAC,SHAREPOINTENTERPRISE

Bulk Assigning Customized licenses in Office 365 using Powershell

  • Once the license options are customized, you can proceed to apply the licenses to users

$AccountSkuId = “365talk:ENTERPRISEPACK”

$UsageLocation = “PK”

$Users = Import-Csv “C:\Temp\users.csv”$Users | ForEach-Object {
Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $AccountSkuId -LicenseOptions $LicOptions
}

Bulk Assigning Customized licenses in Office 365 using Powershell

  • Once the license is assigned, login to Office 365 and navigate to users > User active users and search for the user account to which you have assigned a custom license. You will see a customized E3 license with desired workloads is being assigned to the user with the usage location set to Pakistan

Bulk Assigning Customized licenses in Office 365 using Powershell

This script and the sample CSV file is being uploaded to TechNet Gallery. You can download the script and modified the workloads based on your need to bulk assign licenses users leveraging PowerShell.

 

1 2 3