Office 365 Security – Capabilities & Planning

Moving to the Cloud can introduce new concerns. In this post, i’ll help you address your unique organizational security standards, framed against the products and capabilities of your Office 365 services.

While Microsoft has invested heavily in securing their platforms against cyber attacks, they operate with a shared responsibility model in which the customer is responsible for ensuring their users take precautions to protect information. Many organizations have an information gap where the IT security team does not have visibility into everyday high-risk activity occurring within these services. They often do not know about misuse until it escalates into a major data loss incident.

As a result, many IT security teams need actionable intelligence around a wide range of internal and external threats and security vulnerabilities that can lead to data loss including:

  • Employees downloading sensitive corporate data with the intention of taking that data with them when they leave to join a competitor
  • Malicious administrators accessing data out of policy or data not related to their role, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • High-risk user behavior such as downloading data from company-sanctioned cloud services and uploading it to high-risk shadow IT services
  • Third parties logging into cloud service accounts using stolen or guessed login credentials in order to steal sensitive data
  • Dormant administrator accounts belonging to former employees that can be de-provisioned to eliminate the latent risk of account compromise
  • Data leakage from users due to improper configurations/permission management

The information gathered in this report can help mitigate those types of scenarios, based on Microsoft’s own best-practice foundational security goals:

  • Simplify and protect access​
  • Allow collaboration and prevent leaks
  • Stop external threats​
  • Stay compliant​
  • Secure administrative access​

Introduction to Office 365 Security

Let’s assess risk and implement the most critical security, compliance, and information protection controls to protect your Office 365 tenant. The goal is to prioritize threats, translate threats into technical strategy, and then take a systematic approach to implementing features and controls.

At core to Office 365 Security:

Data Loss Prevention

  • Malware and targeted attacks can cause data breaches; however, user error is a much greater source of data risk​
  • DLP identifies, monitors and protects sensitive data and helps users understand risks​

Auditing and Retention Policies

  • Allow logging of events including viewing, editing and deleting content such as email messages, documents and calendars​

eDiscovery

  • A single experience for searching and preserving email & documents​

Data Deletion

  • Clear commitments and procedures for end-of-life and data destruction​

Data Spillage Management

  • Hardware with your data is locked down

Question: “What are the main differences between security on-premises and security in the public cloud?”​Answer: “You still need to do most of what you’re doing now.

Ensuring that the data and its classification is done correctly, and that the solution will be compliant with regulatory obligations is the responsibility of the customer. ​Physical security is the one responsibility that is wholly owned by cloud service providers when using cloud computing.

The remaining responsibilities are shared between customers and cloud service providers​.

Responsibility Zones

Security Responsibilities Managed by Office 365

Threats Managed by Office 365

Implications

Considering the aforementioned Security Responsibility & Threat patterns, a key conclusion can be drawn as to what your Organizational security focus with Office 365 should be:

  • Authentication Security is critical
  • Tenant Security Configuration is critical

Security Capabilites Plan

Start with a set of standards that can be applied across your organization. Here is an example of what this can look like.

Set Information Protection Standards

Start with a set of standards that can be applied across your organization. Here is an example of what this can look like:

Goal Description
Establish information protection priorities The first step of protecting information is identifying what to protect. Develop clear, simple, and well-communicated guidelines to identify, protect, and monitor the most important data assets anywhere they reside.
Set organization minimum standards Establish minimum standards for devices and accounts accessing any data assets belonging to the organization. This can include device configuration compliance, device wipe, enterprise data protection capabilities, user authentication strength, and user identity.
Find and protect sensitive data Identify and classify sensitive assets. Define the technologies and processes to automatically apply security controls.
Protect high value assets (HVAs) Establish the strongest protection for assets that have a disproportionate impact on the organizations mission or profitability. Perform stringent analysis of HVA lifecycle and security dependencies, establish appropriate security controls and conditions.

Classify Data by Sensitivity Levels

Four levels is a good starting point if your organization doesn’t already have defined Data Sensitivity standards:

Sensitivity Level Description
Confidential Only those who need explicitly need access must be granted it, and only to the least degree in order to do their work (the ‘need to know’ and ‘least privilege’ principles).
Restricted Subject to controls on access, such as only allowing valid logons from a small group of staff. ‘Restricted’ information must be held in such a manner that prevents unauthorised access i.e. on a system that requires a valid and appropriate user to log in before access is granted
Internal Use Can be disclosed or disseminated by its owner to appropriate members of your organization, partners and other individuals, as appropriate by information owners without any restrictions on content or time of publication
Public Can be disclosed or disseminated without any restrictions on content, audience or time of publication. Disclosure or dissemination of the information must not violate any applicable laws or regulations, such as privacy rules.

 

Map Service Capabilities to Data Sensitivity Levels

This table is an example of how capabilities can be mapped to data sensitivity levels:

Service Capability Description
Data is encrypted and available only to authenticated users Provided by default for data stored in Office 365 services. Data is encrypted while it resides in the service and in transit between the service and client devices.
Additional data and identity protection applied broadly Capabilities such as multi-factor authentication (MFA), mobile device management, and Exchange Online Advanced Threat Protection increase protection and substantially raise the minimum standard for protecting devices, accounts, and data.
Sophisticated protection applied to specific data sets Capabilities such as Azure Rights Management (RMS) and Data Loss Protection (DLP) across Office 365 can be used to enforce permissions and other policies that protect sensitive data
Strongest protection and separation Customer Lockbox for Office 365, eDiscovery features in Office 365, and use of auditing features to ensure compliance to policies and prescribed configurations.

 

Office 365 Secure Score

Secure Score analyzes your Office 365 organization’s security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security.

Anyone who has admin permissions (global admin or a custom admin role) for an Office 365 Business Premium or Enterprise subscription can access the Secure Score at https://securescore.office.com. Users who aren’t assigned an admin role won’t be able to access Secure Score. However, admins can use the tool to share their results with other people in their organization.

Secure Score figures out what Office 365 services you’re using (like OneDrive, SharePoint, and Exchange) then looks at your settings and activities and compares them to a baseline established by Microsoft. You’ll get a score based on how aligned you are with best security practices.

Using Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365 (many of which you already purchased but might not be aware of). Learning more about these features as you use the tool will help give you piece of mind that you’re taking the right steps to protect your organization from threats.

If you want to improve your score, review the action queue to see what you can do to help increase security and reduce risks.

Expand an action to learn about what threats it’ll help protect you from and how you’ll get the job done.

To see the impact of your actions on your organization’s security, go to the Score Analyzer page and review your history.

Click any data point to see a breakdown of your score for that day. You can scroll down to see which controls were enabled and how many points you earned that day for each control.

Add Secure Store to Office 365 Security and Compliance Center Dashboard

Office 365 Secure Score is a great security analytics tool that you can access at https://securescore.office.com. However not everyone knows how to access Secure Score. You can make it easier to discover and quickly review your security position by adding a Secure Score widget to the home page of the Office 365 Security and Compliance Center.

The widget will show your latest score and the maximum points you can obtain. To get more information about your score you can click the “Go to Secure Score” link and it will take you directly to Secure Score to review the additional details.

References

Offerings
Office 365 Secure Productive Enterprise

Getting Started

New technologies and services enhance Microsoft’s unique approach to cybersecurity
Address your CXO’s top five cloud security concerns
Take control of your security and compliance with Office 365
Learn how Office 365 security and compliance leverages intelligence in a cloud first world
Secure Office 365 like a cybersecurity pro—assessing risk and implementing controls
Own your data with next generation access control technology in Office 365
General Data Protection Regulation (GDPR)

How Does Microsoft IT Secure Office 365?

Keep calm and automate: How we secure the Office 365 service

Office 365 Secure Score
Introducing the Office 365 Secure Score
An introduction to Office 365 Secure score
New Office 365 capabilities help you proactively manage security and compliance risk

Advanced Threat Analytics

Learn how Microsoft Advanced Threat Analytics combats persistent threats
Plan and deploy Microsoft Advanced Threat Analytics the right way

Advanced Security Management

Overview of Advanced Security Management in Office 365
Get started with Advanced Security Management
Gain visibility and control with Office 365 Advanced Security Management

Advanced Threat Protection
Introducing Office 365 Advanced Threat Protection
Advanced threat protection for safe attachments and safe links
Learn about advancements in Office 365 Advanced Threat Protection

Data Loss Prevention

Protect your sensitive information with Office 365 Data Loss Prevention
Customize and tune Microsoft Office 365 Data Loss Prevention

Customer Lockbox
Announcing Customer Lockbox for Office 365
Office 365 Customer Lockbox Requests

Developer

Building security and compliance solutions with the O365 Activity API – a Microsoft IT case study

Exchange
Implement Microsoft Exchange Online Protection
Get an edge over attackers – what you need to know about email threats
Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails
Learn about advancements in Office 365 Advanced Threat Protection

Advanced eDiscovery

Office 365 Advanced eDiscovery
Video: Office 365 Advanced eDiscovery
Reduce costs and challenges with Office 365 eDiscovery and Analytics

Azure Information Protection

What is Azure Rights Management?
Collaborate confidently using Rights Management
Adopt a comprehensive identity-driven solution for protecting and sharing data securely

Mobile Devices
Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune
Deliver a BYOD program that employees and security teams will love with Microsoft Intune
Manage BYOD and corporate-owned devices with MDM solutions

Encryption

Introducing Office 365 Message Encryption: Send encrypted emails to anyone!
Encryption in Office 365
Challenge cloud encryption myths and learn about Office 365 BYOK plans

Advanced Data Governance

Advanced Data Governance overview
Take control of your data with intelligent data governance in Office 365
Applying intelligence to security and compliance in Office 365

Office 365 Internet Zone Settings

This is a follow-up to my 2015 post about the recommended IE Internet Security Zone settings for maximum user authentication happiness.

On the post https://tuomi.ca/2014/06/23/overcoming-sticky-logouts-office-365-azure-windows-intune-web-browser/, I tried to rationalize IE security settings relating to Office 365.

Here’s a good explanation of why we should care, as quoted from the more recent MSFT post:
“Starting with Windows Vista , Internet Explorer has a new security zone protection feature, called protected mode, and that is set up by default for Internet, Intranet and Restricted Security zones.

Understanding and Working in Protected Mode Internet Explorer

The effect of the protected mode is that the sites in these zones will not have access to the folders available to other application (i.e. data available in other zones). This means the cookies available for one session for a site in a Protected mode zone will not be accessible to a site that resides in a separate zone (and the other way around), which will trigger behind the scene repeated authentication attempts.”

Net result: persistent login prompts, hair pulling, annoyances. The fix? Either manually or through group policy, apply the following settings to your Windows workstations:

Trusted Sites Zone:
https://*.microsoftonline.com
https://*.sharepoint.com
https://*.sharepointonline.com
https://*.outlook.com
https://*.lync.com
https://*.office365.com
https://*.office.com
https://*.microsoftstream.com
https://*.sway.com
https://*.powerapps.com
https://*.yammer.com

Intranet Zone:

*.microsoftonline.com
*.sharepoint.com
*.sharepointonline.com
*.outlook.com
*.lync.com
*.office365.com
*.office.com
*.microsoftstream.com
*.sway.com
*.powerapps.com

 

 

References:
https://blogs.technet.microsoft.com/victorbutuza/2016/06/20/o365-internet-explorer-protected-mode-and-security-zones/
– Latest new URL’s added e.g. PowerApps.com
https://support.microsoft.com/en-us/help/2507767/problems-when-signing-out-of-office-365–azure–or-intune-in-a-web-bro – Original official reference.

 

Troubleshooting MS Office Install issues (MSI & Click-to-Run)

Here’s a shortlist of some useful troubleshooting techniques, divided into two sections according to the two main types of MS Office Installations:

MSI: “Traditional” Windows installer
Click-to-Run: Office 365 installed MS Office

MS Office MSI Install Troubleshooting

“Verbose logging” is a setting that exposes more information during the installation process. It will capture “warning” as well as “error” messages that provide us with clues to your problem. To do onetime verbose logging:

Diagnosing When Setup Stops Responding At times, Office Setup stops responding (hangs), and you do not receive any error message. The best thing to do in this situation is to restart your computer, and run Office Setup again with complete verbose logging turned on (with one additional option). To do this, start Office Setup. To do so, follow these steps:

  1. Click Start, and then click Run.
  2. In the Open box, type the following command line, and then click OK:

pathSetup.exe /L*v! C:Verboselog.txt

Note that Path is the full path of your Office source location.

To enable Windows Installer logging yourself, open the registry with Regedit.exe and create the following path and keys:

HKEY_LOCAL_MACHINE\SoftwarePolicies\Microsoft\WindowsInstaller

Reg_SZ: Logging Value: voicewarmupx

The letters in the value field can be in any order. Each letter turns on a different logging mode. Each letter’s actual function is as follows for MSI version 1.1:

v – Verbose output
o – Out-of-disk-space messages
i – Status messages
c – Initial UI parameters
e – All error messages
w – Non-fatal warnings
a – Start up of actions
r – Action-specific records
m – Out-of-memory or fatal exit information
u – User requests
p – Terminal properties
+ – Append to existing file
! – Flush each line to the log
x – Extra debugging information. The “x” flag is available only on Windows Server 2003 and later operating systems, and on the MSI redistributable version 3.0, and on later versions of the MSI redistributable.
“*” – Wildcard, log all information except for the v and the x option. To include the v and the x option, specify “/l*vx”.

Note This should be used only for troubleshooting purposes and should not be left on because it will have adverse effects on system performance and disk space. Each time you use the Add/Remove Programs tool in Control Panel, a new Msi*.log file is created.

When looking through the MSI logs we will typically want to look for a value 3 entry in the logs. Windows installer returns codes during the install which will indicate if a particular function was successful or not.

Value 1 = Success
Value 2 = Cancel
Value 3 = Error

Note: make sure to turn off verbose logging after you are done.

Enable verbose logging before collecting the log files.

  1. Click on Start -> All Programs
  2. Accessories -> RUN
  3. Type reg add HKLMSOFTWARE\Microsoft\ClickToRun\OverRide /v LogLevel /t REG_DWORD /d 3
  4. Click on OK.

Now try to install Microsoft Office 2016 to get the error message so that the log files get created.

Follow the steps below to access the ‘Temp’ folder.

  1. Click on Start -> All Programs
  2. Accessories -> RUN
  3. Type %temp%  -> Click on OK

The following are the log files that may be present in the %windir%temp folder (c2r is for Click to Run):

Bootstrapper*.log
c2r_*.log
C2RIntegrator*.log
Firefly*.log
Integratedoffice.exe_c2r*.log
Interceptor*.log
*.exe.log
*_c2rdll*

For MSI, “Normal”, installations the log files will look like MSI****.LOG

Further References:
http://support.microsoft.com/kb/2545723 – “Fix Its” to turn logging on and off
http://blogs.technet.com/b/odsupport/archive/2010/12/30/trouble shooting-office-installation-failures.aspx Office 2003-2010, analyse log
http://support.microsoft.com/kb/223300 – “Fix It” enable XP, Server 2003-8
http://support.microsoft.com/kb/826511 – help interpretting logs
http://technet.microsoft.com/en-us/library/cc978342.aspx

MS Office Click-To-Run Install Troubleshooting

The following steps show you how to enable verbose logging to help you troubleshooting Office 365 install/update failures.

To enable verbose logging, launch cmd as administrator and run the following command:

reg add HKLM\SOFTWARE\Microsoft\ClickToRun\OverRide /v LogLevel /t REG_DWORD /d 3

ULS log file is created both in the %temp% folder and the %windir%\temp folder.  The file name is of the following format:

<machinename>-<date>-<time>.log

For example Keith-201420141610-1434.log.  Once these logs have been retrieved and analyzed, verbose logging should be disabled by running the following command from an administrative command-prompt:

reg delete HKLM\SOFTWARE\Microsoft\ClickToRun\OverRide /v LogLevel /f

The log output is in ULS format.  Opening the log file in Excel will help you with filtering the data.  First, you want to look for is the term “unexpected”.  You can look for “Fail” and /or “Error”

When Attempting to Install Office 365 Directly from the Office Portal

Most end user issues with installing/activating Microsoft Office 365 from the Office Portal are proxy/firewall related.  Follow the steps above to review log files.

Process Monitor and Fiddler are also great tools to use for troubleshooting Office 365 ProPlus installation and activation errors. If possible, try to test using a less restricted proxy/firewall.  If the activation is successful on another network, you may need make adjustments to your proxy/firewall settings.

The following article can help you with determining the IP address and URL exceptions you might need to add:

Start by white listing or adding exceptions for the IP addresses and URLs under “Office 365 ProPlus”.  If you continue to have problems, add the URLs under the “Office 365 portal and identity” section.

If still have problems, try the following:

MS Office MSI Install Troubleshooting

“Verbose logging” is a setting that exposes more information during the installation process. It will capture “warning” as well as “error” messages that provide us with clues to your problem.

To do onetime verbose logging:

Diagnosing When Setup Stops Responding At times, Office Setup stops responding (hangs), and you do not receive any error message. The best thing to do in this situation is to restart your computer, and run Office Setup again with complete verbose logging turned on (with one additional option). To do this, start Office Setup. To do so, follow these steps:

  1. Click Start, and then click Run.
  2. In the Open box, type the following command line, and then click OK:

pathSetup.exe /L*v! C:Verboselog.txt

Note that Path is the full path of your Office source location.

To enable Windows Installer logging yourself, open the registry with Regedit.exe and create the following path and keys:

HKEY_LOCAL_MACHINE\SoftwarePolicies\Microsoft\WindowsInstaller

Reg_SZ: Logging Value: voicewarmupx

The letters in the value field can be in any order. Each letter turns on a different logging mode. Each letter’s actual function is as follows for MSI version 1.1:

v – Verbose output
o – Out-of-disk-space messages
i – Status messages
c – Initial UI parameters
e – All error messages
w – Non-fatal warnings
a – Start up of actions
r – Action-specific records
m – Out-of-memory or fatal exit information
u – User requests
p – Terminal properties
+ – Append to existing file
! – Flush each line to the log
x – Extra debugging information. The “x” flag is available only on Windows Server 2003 and later operating systems, and on the MSI redistributable version 3.0, and on later versions of the MSI redistributable.
“*” – Wildcard, log all information except for the v and the x option. To include the v and the x option, specify “/l*vx”.

Note This should be used only for troubleshooting purposes and should not be left on because it will have adverse effects on system performance and disk space. Each time you use the Add/Remove Programs tool in Control Panel, a new Msi*.log file is created.

When looking through the MSI logs we will typically want to look for a value 3 entry in the logs. Windows installer returns codes during the install which will indicate if a particular function was successful or not. Value 1 = Success Value 2 = Cancel Value 3 = Error

Note: make sure to turn off verbose logging after you are done.

Enable verbose logging before collecting the log files.

  1. Click on Start -> All Programs
  2. Accessories -> RUN
  3. Type reg add HKLMSOFTWARE\Microsoft\ClickToRun\OverRide /v LogLevel /t REG_DWORD /d 3
  4. Click on OK.

Now try to install Microsoft Office 2016 to get the error message so that the log files get created.

Follow the steps below to access the ‘Temp’ folder.

  1. Click on Start -> All Programs
  2. Accessories -> RUN
  3. Type %temp%  -> Click on OK

The following are the log files that may be present in the %windir%temp folder (c2r is for Click to Run):

Bootstrapper*.log
c2r_*.log
C2RIntegrator*.log
Firefly*.log
Integratedoffice.exe_c2r*.log
Interceptor*.log
*.exe.log
*_c2rdll*

For MSI, “Normal”, installations the log files will look like MSI****.LOG

Open the command prompt (run as administrator), and use the following command to import the manual proxy settings from IE:

netsh winhttp import proxy source=ie

Now rerun the install/update

To reset winhttp back, run the following command:

netsh winhttp reset proxy

Most failed installs directly from the Office portal that are proxy related, usually fail pretty quick and usually with an error like this:

“Sorry, we ran into a problem Go online for additional help. Error Code: 30174-4.”

Or When attempting to update a client that is looking to the Office portal for updates will get something like this:

“Something went Wrong: We’re sorry, we ran into a problem while downloading updates for Office. Please check your network connection and try again later. Error Code: 30088-28 or 30088-27”

Use Microsoft Flow to grab image of the day for SharePoint

The default Search Center in SharePoint is quite minimalist- just an empty page layout with a search box. This post will show you how to use the workflow logic of Microsoft Flow to grab a reference to the Bing image of the day, copy it’s URL to a SharePoint list, and then use clientside scripting to set the image as a background to your search center or use elsewhere in your portal.

There’s been plenty of tutorials posted over the years in terms of SP image rotaters, jazzing up search centers, etc. – the focus of this post is really more about using Flow to parse external RSS data into a SharePoint list on an ongoing basis, and then do something with that data.

1. Create the SharePoint List

In order to not have to query an external RSS feed every time a user hits a page where we want to display referenced images, we’re going to use a SharePoint list as a repository for the image links as they come in each day.

  • In your SharePoint site collection of choice (in this case, i’m using the root site collection), create a new Custom List with the name “Daily Images”. There’s no extra columns or tweaks needed for this List, we’re just going to be using the OOTB Title field to store our daily image URL and that’s it.
    Need help creating a List?:
    -If you’re using the new SharePoint UI style (Lists, Libraries & Subsites listed on “Site Contents” page are text links), these are the instructions.
    -If you’re using the legacy SharePoint UI style (Lists, Libraries & Subsites listed on “Site Contents” page are square, “metro”-style icons), follow these steps.

2. Create the Flow

  • You haven’t checked out Microsoft Flow yet? Come on, get on it – it’s the future of workflow! Head on over and sign up with your Microsoft or organizational Office 365 account.
  • Browse the Templates and locate the “RSS to SharePoint” template by Craig Stanley (thanks Craig!). Click “Use this template”.
  • For the “When a feed item is published” URL, input your image RSS feed URL, e.g. http://feeds.feedburner.com/bingimageswhen-a-feed-item-is-published-microsoft-flow
  • A particularity of this specific RSS feed, is that some image URL’s it was outputting (with “feedproxy” in the URL) we’re not rendering when linked to, so I used the “Add a Condition” link to create a Flow Condition that only registered image links in the RSS feed, that do not contain the string “feedproxy”. For the true part of the Condition, you’re going to have it run the Create SharePoint List Item action, using the URL of the image from the RSS feed for the Title field:
    add-a-condition-create-list-item-microsoft-flow
  • It’ll take the flow a bit to pick up some data, so if it’s a daily RSS feed check back the next day. When it’s working and there’s no problems reported in the log, you should see some RSS image URL links showing up like so:
    daily-images-list-items

3. Add some script to render the images

We’re going to use Jquery and some of the SharePoint REST API to query our Daily Images list, and grab the latest image. We’re going to run with the assumption you already have your Jquery reference set up. If you don’t have Jquery in there already, you can either bake it into your page layouts (if you’re using custom branding) like this, or add a one-off reference on the page where you’re embedding this Daily Image code, like in this example.

Go to your Search Center homepage (https://yourTenant.SharePoint.com/Search by default), Edit the page, and add a Script Editor web part with the following code. It renders the latest image of the day as the CSS background image of the #DeltaPlaceHolderMain div. Note that we are doing a string replace to change the original image URL’s provided via the RSS feed, which just happened to be non-SSL http://. Since we’re displaying this image on a secure SharePoint Online page, we’re changing the http:// to https://. Bing, in this case, serves both versions happily- not all image sources may play along like this so double-check they can render https:// before committing.

<script type="text/javascript">
var Module = {} || Module;

Module.GetImages = (function () {
    var pub = {},
        _images = [],      
        _options = {
            listName: "Daily Images"
        };

    pub.init = function () {
        var url = "https://yourTenant.sharepoint.com/_api/lists/getbytitle('" + listName + "')/items?$top=1&$orderby=Created desc"
        $.ajax({
            url: url,
            type: "GET",
            headers: {
                "accept": "application/json;odata=verbose",
            },
            success: function (results) { createImageView(results, listName); },
            error: function (error) { 
                console.log("Error in getting List: " + listName); 
                $(_options.container).html("Error retrieving your " + listName + ".");
            }
        });   
    };

    function createImageView(results, listName) {
        _images = results.d.results;

        $.each(_images, function (index, task) {
			var imageURL = task.Title;
			imageURL = imageURL.replace("http:","https:");
			$('#DeltaPlaceHolderMain').css('background-image', 'url(' + imageURL + ')');
			$('#DeltaPlaceHolderMain').css('background-repeat', 'no-repeat');
			$('#DeltaPlaceHolderMain').css('background-position', 'center');	
        });
    }

    function _onQueryFailed(sender, args) {
        alert('Request failed. \nError: ' + args.get_message() + '\nStackTrace: ' + args.get_stackTrace());
    }

    return pub;
}());

$(document).ready(function () {
    SP.SOD.executeFunc('sp.js', 'SP.ClientContext', function () {
        Module.GetImages.init();
    });
});
</script>

When all is working, you’re going to get a new Bing image of the day each day, as the background to your search center page:
search-center

This technique could be applied to any instance where there’s a list of images delivered by an RSS feed, for example:
NASA Image of the Day
Flickr daily interesting image
Wikimedia Image of the Day
..etc.

For the Bing Image and any other source, make sure to check that you’re obeying the copyright & author attribution & usage requirements of the image provider – the above technique implies nothing about such nuances, it’s only intended as a technical proof of concept/demo.

What is Office 365? Two simple & current Infographics

You just know you’re in a complex business when even having a good oversight of the major tangents of what you do, is hard to come come by. In Office 365, we have a lot of new services being added on to plumbing/infrastructure backbone of the already massive SharePoint framework.

Conversely, recent changes to SharePoint itself have consolidated some of the user experience scenarios, addressing BIG day to day problems for information workers – file collaboration, CMS-style content publishing and getting away from a “one-size fits all” intranet scenario.

So what IS the mile high perspective? Naming the services is one thing, but showing their intended relationship with each other is crucial. It’s said you don’t really understand something unless you can explain it in simple terms-  here’s two awesome takes on it:

 Image provided by Christophe Fiessinger Office 365 product manager, you can find him on Twitter at https://twitter.com/cfiessinger

..and here’s a different perspective, from Ben at ShareGate:

What's in Office 365 infographic

Crafted by: Sharegate, The SIMPLEST Office 365 and SharePoint Security & Management tool suite.

How to output the Office 365 Roadmap as a spreadsheet

If you want to stay on top of what’s coming soon for Office 365, the Office blog will be the source for major announcements, but you’ll also want to keep an eye on the Office 365 roadmap – which also covers Office Online and Outlook.com. If the Office blog is going to cover a feature, the news will be there first, but smaller features may only be covered in the roadmap.
roadmap-650-80

A bit of a friction I’ve run into quite a bit, is that because there’s so much goodness in the pipeline that it’s kind of clunky to try and advise people as to what’s on deck, what’s been launched and everything in between – clearly some of the major new feature sets getting launched are pretty hard to miss as there will generally be a major post on the Office blogs about it. However, often the peripheral improvements are useful to have good optics on.

Everyone loves tabular data, so let’s get this sucker into a spreadsheet so we can crunch the data easier!

Due to the number of features in the mix, it’s kind of essential to get the info from those two sources into a spreadsheet to be able to crunch it and also track it in the long term (monitor for changes).

I used a few Chrome Extensions, primarily “Data Scraper”, whipped up the XPath formulas required and exported as CSV.

Chrome Extensions Used:
Data Scraper: https://chrome.google.com/webstore/detail/scraper/nndknepjnldbdbepjfgmncbggmopgden?utm_source=chrome-app-launcher-info-dialog
Recipe Creator: https://chrome.google.com/webstore/detail/recipe-creator/icadidhenmiokjlmpdgjikdoknhfgkhg?utm_source=chrome-app-launcher-info-dialog
Xpath Helper: https://chrome.google.com/webstore/detail/xpath-helper/hgimnogjllphhhkhlmebbmlgjoejdpjl?utm_source=chrome-app-launcher-info-dialog

Here’s the Data Scraper rules I used – the XPath pattern used is to define the main repeating container of info, then divvy up the contents as they will be added as columns in Excel:

Container: //article/div[2]/div/div/div[1]/div
Status: ../../../div[1]/div[1][contains(@class, “feature-group”)]/div[1]
Title: ./div[1]/div[1]
Description: ./div[2]/div[1]
Link: ./div[2]/div[2]/div[1]/div[contains(@class, “feature-item__more-info”)]/a[1]/@href
Category 1: ./div[2]/div[2]/div[1]/div[contains(@class, “feature-item__tag”)][1]
Category 2: ./div[2]/div[2]/div[1]/div[contains(@class, “feature-item__tag”)][2]
Category 3: ./div[2]/div[2]/div[1]/div[contains(@class, “feature-item__tag”)][3]
Image: ./div[2]/div[3]/div[contains(@class, “feature-image clear-fix col-md-12”)]/img[1]/@data-original

Note:
This article does not advocate automatically polling the Office 365 Roadmap page. No one likes bots hammering their pages – you are obligated to play nice according to Microsoft.com’s terms of use. This extensions/scripts described here work on the clientside browser only. Please manually download an offline copy of the page and do your work on that.

Office 365 Custom App Launcher Tiles feature being deployed now

The ability to create custom tiles in your Office 365 tenancy has just been pushed to a much wider audience as of July 22.

From https://support.office.com/en-us/article/Add-custom-tiles-to-the-My-apps-page-and-app-launcher-1136115a-75af-4497-b693-640c4ce70bc6

In Office 365, you can quickly and easily get to your email, calendars, documents, and apps using the Office 365 app launcher (learn more). The tiles in the app launcher are those that have been promoted, or pinned, from the My apps Page (learn more). The My apps page includes all of the apps you get with Office 365 as well as custom apps that you add from the SharePoint Store or Azure AD.

In addition to these, you can add your own custom tiles to the My apps page that point to SharePoint sites, external sites, legacy apps, and more. Once there, you can pin them to your app launcher and instruct your users to do the same. This makes it easy to find the relevant sites, apps, and resources to do your job. In the below example, a custom tile called “Contoso Portal” is used to access an organization’s primary SharePoint site.

Custom tile on Office 365 app launcher

Tip   To perform these steps, you must be an administrator with access to the Office 365 admin center.

Add a custom tile to the My apps page

  1. Sign in to Office 365 with your work or school account.
  2. Select the app launcher icon App launcher button and choose Admin.
  3. Choose Company Profile in the left navigation.

    Company profile in Office 365 admin center

  4. Choose Custom tiles.
  5. Choose Add custom tile plus button to create a new custom tile.

    This opens the Add or edit a custom tile window.

    Add custom tile window

  6. Enter a Tile name for the new tile. The name will appear in the tile.
  7. Enter a URL for the tile. This is the location where you want your users to go when they select the tile.

    Tip   If you’re creating a tile for a SharePoint site, navigate to that site, copy the URL, and paste it here. The URL of your default team site looks like this: https://<company_name>.sharepoint.com

  8. Enter a Description for the tile. You see this when you select the tile on the My apps page and choose App details.
  9. Enter an Image URL for the tile. The image appears on the My apps page and app launcher.

    Tip   The image should be 50×50 pixels, stored in SharePoint Online, and shared with everyone. You can, for example, put it in a library on your team site then generate an anonymous guest link and use that as the URL. If you can’t generate an anonymous link, make sure external sharing is enabled in SharePoint Online.

  10. Choose Submit to create the custom tile.

Your custom tile now appears on the My apps page for you and your users..

To add the custom tile to the app launcher

  1. Select the app launcher icon App launcher button and choose My apps.
  2. Select the ellipsis and choose Pin to app launcher.

    Pin tile to app launcher

Important   Both you and your users need to perform these steps to promote custom tiles from the My apps page to the app launcher.

Edit a custom tile

  1. In the Office 365 admin center, choose Company Profile in the left navigation.
  2. Choose Custom tiles.
  3. Select a custom tile and choose Edit tile.

    Edit custom tile for app launcher

  4. Update the Tile name, URL, Description, or Image URL for the custom tile (see earlier description).
  5. Choose Submit.

To delete a custom tile, follow steps 1-3, choose Remove tile and then Delete.

What’s next?

In addition to adding tiles to the app launcher, you can add app launcher tiles to the Office 365 navigation bar (learn more). To customize the look and feel of Office 365 to match your organization’s brand, see Customize the Office 365 theme.

Microsoft Ignite Conference 2015 Roundup

Here is my presentation from last weeks Victoria Office 365 User Group in Victoria, BC.

“Microsoft’s Ignite Conference in Chicago last month was a huge event- 23,000+ attendees -and a lot of genuinely interesting technology news came out of it . I’ll share with you here my take on the big items of the event, flavoured through my lens of SharePoint/Office 365.

The core concepts: Microsoft is taking a mobile-first, cloud-first approach with three top priorities: to usher in an era of more personal computing, to reshape work and productivity with enhanced products and processes, and to build trust in a reliable, extensible cloud service offering.

What’s more, for us here in Canada, a lot of these announcements take on huge new relevance as Microsoft just announced on June 2 (http://reimagine.microsoft.ca/en-ca/) that they are opening data centers located on our soil. This opens up the doors to a Government and Private industry base that previously had been not able to leverage these services.

I will talk a bit on the upcoming on premise version of SharePoint 2016, the latest in Office 365 (including Delve/Office Graph), and more. ”

Speaker:  Keith Tuomi, FCV Interactive
Duration: 30 minutes
Audience: Business Professionals (Managers, Project Managers, etc.)
Technical Level: 200

Microsoft Ignite Conference: Day 4 Round-Up

Last day of the MS Ignite conference for me. Let’s take it to the bridge:
Bridge

Another metaphor? You betcha:

– Cloud vs on-premise
– Microsoft as Service Provider vs Shrink Wrapper
– Unified experiences vs Diversified devices
– People-driven Intranets vs Intranet-driven people
– Windows OS as a true personal & biz life and productivity platform vs Windows OS as a 900 pound gorilla

My top picks for Day 4 in the SharePoint/Office 365 realm (with a little .NET 5 in there to maintain my Dev street cred):

My last-day sessions:

JEA: A PowerShell Toolkit to Secure a Post-Snowden World

When asked what to do about corporate hacking, Ex NSA Director Michael Hayden replied, “Man up and defend yourselves.” Edward Snowden then rocked the world by disclosing privileged NSA information. JitJea stands for “Just In Time, Just Enough Admin.” It’s a Windows PowerShell toolkit that admins use to perform functions without giving them admin privileges.

MVP Panel: SharePoint On-Premises, Online and Everything in Between
Imagine five great minds coming together to talk about Microsoft SharePoint across the board, be it within Microsoft Office 365, in Microsoft Azure, on-premises and certainly hybrid. Via a panel Q&A format, these MVP experts expose how online and hybrid improvements increase both deployment scenarios and value. This session is designed to help ITIs and ITDMs find the right cloud formula to deploy based on practical business and technical considerations. This is a must-not-miss session for any IT pro!

How to Decide When to Use SharePoint and Yammer and Office 365 Groups and Outlook and Skype
Your users may struggle with these questions: Should I share a message via Skype for Business instead of Yammer, Office 365 Groups, or Exchange? Should I collaborate on data using an Excel sheet or a SharePoint list? Should I share a file in Outlook, in a meeting, from OneDrive for Business, on Yammer, in a Group, or in a SharePoint site? This session is the ‘How To’ user’s guide What happens when your users can’t decide what technology or feature to use? They use what they know, or what’s easy; even if better options exist. In this session, Richard and Kanwal help you maximize the value of your Office 365 investment by providing the guidance you need to help your users make better, more effective decisions on how they get work done.

Experts Unplugged: Office 365 Security

OneNote for OneLife: From Notes to Productivity and Platform
OneNote is awesome. Really. Knowledge, learning and info on the bleeding edge benefits from structure – but not too much structure. We all need a place to inscribe understanding, without having to go overboard on the word-processing end of things.  I’m always thrilled to hang out with the OneNote crew as I sometimes wonder if they know they have the future of Education and Wikis in their hands.

Microsoft OneNote gives you one place for your notes and other content with you, anywhere now that OneNote is across all platforms and devices. Write by hand, type, record, snap a picture, clip from the web, or use a growing number of other partner apps and devices and OneNote saves it. Organized or not, you can easily find your notes in any form (text, writing, picture, or audio) with OneNote search. This session demonstrates end-user productivity scenarios at work to give you a clear understanding of how OneNote can help drive adoption of Office 365 with cross-platform, real-time collaboration, and extensibility with OneNote API. You’ll walk away wanting to use, evangelize, and build on OneNote personally or for your organization.

  • 1
  • 2
  • 5