Post-Ignite 2017 Reflections About Office 365
Winding Down from Ignite
Like any major technology conference, it is important to separate out what is available today and the future functionality announced at the event. I have already covered some of the major Office 365 announcements in other others (like multi-geo capabilities, upgrades for Office 365 Admin, the transition of Skype for Business Online to Teams, and some new hybrid features for Exchange Online). This post is a collection of other random updates from the conference.
Inner and Outer Loops
Office 365 offers a spectrum of collaboration technology from plain old email to Microsoft Teams. Although an impressive range of capabilities are available in the tools, it can be confusing for users to sort out which tool is best in any situation. In terms of communication alone, should I send an email, chat with someone in Teams (or Skype for Business), or post something in Yammer or a SharePoint site?
Well, Microsoft introduced the notion of “loops” to the discussion in a way that reminded me of “the circle of trust” from the movie “Meet the Fockers” (Figure 1).
Apparently, the people you communicate with through Teams are your inner loop because you work with them regularly in a way that does not need email. On the other hand, Yammer is the outer loop where you broadcast your thoughts to the entire community. I can see how you can make the case for the chat-based “high-velocity” communications found in Teams and Yammer is a good choice for large-scale communication, but I have my doubts about the positioning of email.
The problem is that Teams is the flavor du jour, just like Yammer was in 2014-15. And when that happens for a product, Microsoft throws a lot of marketing love its way. I like Teams and I use Teams, but it still has a way to go, even when it takes over from Skype for Business Online, but there are just too many gaps today for me to regard email as anything other than my go-to tool for most communications – not just “targeted communications” as Microsoft puts it. I shall return to this topic in the future.
What is fair in the positioning is that SharePoint is central to a lot of what happens inside Office 365. Microsoft has done a nice job of making SharePoint more approachable and useful through Groups and Teams than the product often is on-premises deployments.
I have criticized Microsoft in the past for requiring Office tenants to license features in Office 365 Groups that are free in Exchange. Dynamic groups and naming policy are good examples of what I mean. Well, that debate goes on, but I was happy when Microsoft clearly spelt out when you need an Azure AD Premium P1 license to use features in Office 365 Groups (Figure 2).
The most recent iteration of the documentation now includes the licensing requirement, so you have been warned. Microsoft does not block features if you do not have the required license, but they could do so at any time.
Microsoft 365 Everywhere
Microsoft took every opportunity to hammer home the Microsoft 365 message at Ignite. It was noticeable that many slides used Microsoft 365 where Office 365 is more appropriate. The titles in both Figures 1 and 3 are examples. If you take the Office 365 elements away from Figure 3, not much is left (we’ll leave the Graph). No trace exists of Windows 10 Enterprise or the Enterprise Mobility & Security suite, the other parts of Microsoft 365.
Of course, Microsoft will say that it is reasonable to bring the advantages of the Microsoft 365 bundle to the attention of customers, but sometimes the way they push marketing messages do not sit well.
The Shame of MFA
Factoid: According to Microsoft, only 0.73% of Office 365 administrative accounts are protected by multi-factor authentication. Excuses like PowerShell modules that don’t support MFA are now invalid. Why would people want their most privileged accounts to be so badly protected? It’s a mystery.
PowerShell for Teams
No PowerShell module is available for Teams, but apparently one is on the way and should be available “soon.” In addition, Microsoft said that they are working on upgrading the PowerShell cmdlets for Groups so that you will be able to distinguish whether a group is connected to Teams, Planner, or Yammer.
Outlook Mobile for On-Premises Exchange (TAP)
Given the flood of announcements made at Ignite, you would be forgiven if you missed the announcement that the Outlook for iOS and Android clients will soon use the new mobile architecture to connect to Exchange on-premises server. In other words, instead of Outlook using AWS connections to Exchange, the clients use the Microsoft Cloud.
Microsoft has a Technology Adoption Program (TAP) for customers who want to plunge into the new world early and is inviting sign-ups now. Apart from running the necessary versions of on-premises server, you need to have Intune or EM+S licenses for each user.
Groups Expiration and Activity
The current implementation of the Office 365 expiration policy is based on the creation dates for groups. Microsoft admits that this is a crude measure and takes no account of whether any activities occur in an associated workload like Teams or Planner. They are working on a new version that will take activity into account, which seems like the right thing to do.
No More Safe Links
You’re probably familiar with the wrapper that Exchange Online Protection puts around embedded links in email. Essentially, EOP wraps links with redirects through safelinks.protection.outlook.com to make sure that it is safe for the user to click. Well, people don’t like the appearance of the safe link, so Microsoft is making them less obvious. You’ll still be safe, but you won’t know as much about it.
Settings in Exchange Mailbox Plans
You might know that Exchange mailbox plans exist to dictate default settings for different classes of Exchange mailboxes when they are created. You might also know that you can update these plans with the Set-MailboxPlan cmdlet. But did you know that the Set-CASMailboxPlan cmdlet exists to update protocol settings for new mailboxes?
Take a simple example. POP3 and IMAP4 are now very old (archaic) protocols. In most cases, users do not need to even think about using these protocols to connect to Exchange Online. You can disable these protocols for existing mailboxes by running the Set-CASMailbox cmdlet.
[PS] C:\> Set-CASMailbox -Identity Jim.Smith -PopEnabled $False -IMAPEnabled $False
But if you want to disable these protocols for all new mailboxes, you can do this:
[PS] C:\> Get-MailboxPlan | Set-CASMailboxPlan -PopEnabled $False -IMAPEnabled $False
To check the settings:
[PS] C:\> Get-MailboxPlan | Format-Table Name, ProtocolSettings
You will see a 0 (zero) against POP3 and IMAP4 and 1 against the enabled protocols, like MAPI.
Client Access Rules
Another tidbit revealed at Ignite was the existence of the New-ClientAccessRule cmdlet (and its associated cmdlets) to manipulate client access rules for Exchange Online. By default, a tenant has no rules, so anyone with a valid mailbox can access Exchange Online from any IP address using any protocol. You can define up to 20 rules per tenant to control what protocols clients can use over what connections. You can even create a filter based on some Azure Active Directory account properties to control the scope of a rule (for instance, only apply this rule to users in Dublin).
Exchange evaluates the rules in priority order. But as Microsoft’s Jeff Kizner said, it is easy to block all access for a tenant if you are not careful (Microsoft can get you out of this situation), so some careful testing is necessary if you want to explore this functionality. Here’s a link for more information about client access rules.
Paul Robichaux and I taped episode #9 of our “Office 365 Exposed” podcast at Ignite and had a blast doing so. If you want more details about how to access the audio and video recordings for the podcast, head here.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.