Tony’s Random Office 365 Updates
Many Changes inside Office 365
As is now the norm, far too much change happens to Office 365-related technology in a single month to cover in long pieces. Some important things did go past me in April 2018 that I felt deserve mention, so here’s a set of short snippets to bring everyone up to date.
The arrival of Version 1.26.6 of the Azure Information Protection (AIP) client brings some new ways to mark documents, presentations, spreadsheets, and messages with labels. Figure 1 shows a custom footer inserted into a Word document by an AIP label.
AIP labels can also stamp files with protection templates. I like this client a lot and will like it even more when Microsoft integrates AIP labels with Office 365 classification labels later this year.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Group Access Reviews
Another preview item covered late last year was Azure Active Directory Access Reviews. These allow you to set up a mechanism to have group membership reviewed by owners to decide whether members should stay in the group. The feature is now generally available, and while it needs Azure Active Directory Premium P2 licenses, I think this is a price worth paying for the functionality.
Multi-Geo Goes Live
Another capability launched into general availability is Multi-geo for Exchange Online and OneDrive for Business. SharePoint Online and Office 365 Groups are next, and Microsoft is “considering” other workloads. As expected, this capability comes with a cost, but at $2/user/month it is lower than was first rumored. You need to have at least 5,000 eligible Office 365 subscriptions (like E3 or E5) before Microsoft will enable your tenant for multi-geo. The table stake for multi-geo is a minimum of $10,000 before you negotiate with your friendly Microsoft salesperson.
Sovereign Clouds Not as Functional as Multi-Purpose
An interesting factoid is that the multi-geo capabilities are unavailable for the sovereign clouds (U.S. Government, China, and Germany). I guess this is logical because if your company was interested in multi-geo distribution of work, you probably wouldn’t have chosen to use a sovereign cloud.
I also hear that some customers don’t like the German sovereign cloud too much. It’s more expensive to license seats (someone must pay for T-Systems to act as the data trustee) and many interesting pieces of Office 365 functionality don’t work, like Azure Information Protection and Teams. Sometimes it’s nicer to be in a general-purpose cloud.
Problems Converting Distribution Groups
Microsoft allows tenants to convert distribution groups to Office 365 Groups through the Exchange Administration Center or with PowerShell. However, in a problem that I didn’t know exist because it’s not documented anywhere, if you use email address policies to assign SMTP email addresses from a specific domain to newly created groups, you cannot convert distribution groups to Office 365 Groups.
EAC accepts distribution lists for conversion and never do anything thereafter. Any attempt through PowerShell throws the error that the distribution group cannot be migrated “due to an email policy set by your IT administrator.”
The only solution is to convert the distribution group through a multi-step manual process to create the new Office 365 Groups, populate it with members, update its settings, and move the email address from the old distribution group over to the new Office 365 Group. Painful!
20x Increase in Per-User SharePoint Online Storage
Friday’s announcement that Microsoft is increasing the per-user storage allocation for SharePoint Online from 0.5 GB to 10 GB is very welcome. In thinking why Microsoft would suddenly be so generous, one obvious factor is the influence Teams and Office 365 Groups have on driving usage for SharePoint Online document libraries. After all, with so many document libraries in use, the old (minuscule) allocation was simply too small.
Connecting Traditional SharePoint Sites to Office 365 Groups
Microsoft has started to roll out the necessary components to allow the connection of traditional team sites to Office 365 Groups (a process involving a new verb “Groupify“). A new PowerShell cmdlet (Set-SPOSite
Microsoft Secure Score
Office 365 Secure Score is now Microsoft Secure Score, which I guess is nice. The logic is that the dashboard now includes Windows data as well as Office 365 data. Nice as the concept of calculating a secure score against known benchmarks is, the implementation suffers somewhat through the detail of some recommendations. For example, the measurement shown in Figure 3 tells me that I have some work to do in terms of deploying MFA to users. However, the count of users (177) includes guest user accounts. Including guest accounts in the count is confusing because surely priority must be given to tenant users?
In any case, you can enforce MFA for guest user accounts created by Azure B2B collaboration (as used by Teams, Planner, and Groups). The process of authenticating as a guest to another Office 365 domain works exactly like signing in to your own tenant.
If you want to read more about Secure Score and the steps you can take within Office 365 to improve a tenant’s score, you could do worse than reading this free ebook by Jethro Seghers.
Those who don’t read and reread my articles avidly might have missed the update I posted on April 12 to say that Microsoft revisited their method to hide Office 365 Groups from Exchange clients by changing the parameter name from HideFromExchangeClients to HiddenFromExchangeClientsEnabled. But it’s the kind of detail I like to follow because it might be useful someday in an argument.
One interesting side-effect of hiding a group from Exchange clients discussed in the Microsoft Technical Community is that it removes the ability of team owners to create a tab to display the group calendar with OWA. When you think about it, the logic is impeccable. OWA is an Exchange client. You’re hiding the group from Exchange clients, so it follows that you then cannot access the group calendar with OWA.
Office 365 SLA
Microsoft tells me that the performance against SLA for Office 365 for Q1 CY18 is 99.993%, which is well above the 99.9% level that Microsoft backs with a financial guarantee.
As noted previously, the number of Office 365 users and the distributed nature of its services makes it difficult for any outage to drive SLA performance down. Sure, outages will happen (like the Azure Active Directory problem that affected users in the UK and Europe for several hours on April 6), but overall, the massive infrastructure keeps on trucking along and delivers a service of a quality that few expected when Office 365 launched in June 2011.
Office 365 Backup to PST?
I am amused at the increasingly fervent attempts by companies to emphasize Office 365 outages to sell their products, especially those who advocate that you should backup Exchange Online mailboxes to PST files. I could tell you what I really think of these products, but their supporters might sue me, so I won’t.
European Collaboration Summit
Finally, the European Collaboration Summit (ECS) takes place in Mainz, Germany on May 28-30. Unlike many other conferences, ECS is user-led and not-for-profit, which is why the conference fee is a miserly Euro 140. Some 1,400 people will attend sessions covering a broad range of Office 365 topics.
Although the conference fee is great value, I feel that ECS focuses too heavily on SharePoint, a mistake commonly made by other conferences that allege they cover Office 365. SharePoint is only one of the basic workloads inside Office 365. Its role in the cloud is very different to the on-premises product, where the influence of Office 365 Groups and Teams in terms of driving SharePoint usage does not exist. It would be nice if conferences that set out to cover Office 365 include more sessions to help people exploit the full breadth of Office 365.
In any case, now that I’ve complained, I should say that I’ll be at ECS to present two sessions (focusing on Office 365 as a whole) and chair a panel session. Hopefully, I won’t disappoint. If you’re at EC, come by and chat.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.