Even though it seemed quiet, some interesting things happened this week. Activity alerts for Office 365 audit events appeared, Microsoft provided more guidance on how Stream relates to Office 365 Video, the push continued to make the new Office 365 network usable, and yet another company announced that they had dumped email. Only they hadn’t. Add in user photos, passwords, and HYOK, and enough happened to make the week interesting!
Activity (or audit) alerts
If you enable audit logging for your Office 365 tenant, a mass of audit data is accrued from that point forward. The audit data is extracted from the basic workloads, including Exchange Online, SharePoint Online, and Azure Active Directory. Although still incomplete, the audit data that’s gathered represents a pretty good swathe of the important activities that happen inside the average Office 365 tenant.
The audit log is searchable through the Office 365 Activity Log option in the Security and Compliance Center, or, if you like PowerShell, via the Search-UnifiedAuditLog cmdlet. Neither option is particularly thrilling, especially if you are waiting for a particular event to appear through the feed from a workload, so it’s good that Microsoft has added activity alerts to the mix. An activity alert is a request for nominated individuals to receive email notifications when specific events are recorded. Think of it as automatic flagging of certain activities, such as when people delete files from SharePoint Online document libraries. The alerts are not immediate because they depend on the feed into the Office 365 audit log, but even so, they’re a welcome addition. For more information, read this Microsoft article or even better, read this insightful article by Office 365 MVP Vasil Michev.
More on Stream
The announcement about the new Microsoft Stream video service took many by surprise, including me. After thinking about the situation for a while, I think it’s a good idea to have a single service that can meet the needs of both businesses that subscribe to Office 365 and those who do not. It will obviously take Microsoft some time to figure out how to transition and rebrand the current Office 365 Video service to Stream, but it will happen.
Some have expressed fears that they work they did to set up Office 365 Video for their tenant will be negated by the move. Mark Mroz, a program manager on the Microsoft Office 365 Video team, attempted to quell these concerns, and said:
“Sorry the initial announcement didn't convene our intent to make this [the move to Stream] as seamless as possible. We'll have a new blog post (and maybe an admin message center post) that makes it clearer that all content, links, embed codes, etc., will persist into the new converged solution. It's more like we are going to be rebranding and improving O365 Video than anything else.”
Vishal Sood, Microsoft’s program manager for Stream, also followed up (appropriately) with a video blog to explain. All is well and your video content will be happy in its new home, or so it is promised.
The ongoing move to network.office.com
Microsoft continues to press ahead with its plan to transition the Yammer-based Office 365 Network to the new Lithium-powered Office 365 Network (Figure 1) by September 1, 2016. On that date, the old network is due to be shut down and the new network will remain shiny, bright, and hopefully better used than it is today.
Figure 1: The new Office 365 Network
I remain unconvinced by the change. It very much seems that traffic of contributions has dropped on the old network and I don’t think the new network has yet taken up the strain, possibly because persistent difficulties are encountered by people when they attempt to follow guidance and move over. Despite efforts by Microsoft to improve matters, network users cite the interface as poor and difficult to use; the network is slow and unresponsive at times; users are logged out and have to sign in more regularly than in the old network; pasting content into contributions works intermittently; no mobile app is available; and it’s much harder to see new threads in the new network than it is in the old. Add to all that, when users connect to the new network and don’t have a Microsoft account they can use for authentication, they have to create an account. Some report that the permissions requested seem excessive.
Office 365 Network needs permission to:
- View your basic profile
- Sign in as you
- View your email address
- Access your data anytime
- Sign you in and read your profile
According to Jeff Medford, a Group Product Manager at Microsoft, the network uses OAUTH v2 with a scope of “User.Read openid email profile offline_access” to request the permission. If given, the network puts the user’s email address, first name, last name, and company name into their community profile to create their account. Even though the permissions include “access your data anytime,” it all sounds pretty innocuous and not something to worry too much about, which I don’t.
One of the big promises that Microsoft made in moving to the new Office 365 Network is that content would be searchable and discoverable by external search engines whereas the current Yammer-based Office 365 Network is closed and the information remains hidden unless you log in. I don’t see the promise of external search in the new network getting fulfilled yet as information I have posted remains stubbornly concealed despite the best efforts of Google, Bing, or DuckDuckGo.
The new Office 365 Network is too important an asset to fail. I hope that those who are driving this transition within Microsoft are able to succeed in delivering a network that meets the needs of the community on the new platform by September 1. If they don’t, an awful lot of people will be very unhappy, including me (for whatever that is worth).
Moving from email
I continue to scratch my head when I read articles that advocate ditching email, like this one describing how a small company “ditched their email addresses.” I’m sure that they achieved the amazing results claimed, even if the impact of the statement is undermined by the knowledge that their senior management had to retain email to communicate outside the company.
There’s no doubt that email can provide a constant stream of persistent interruption. Technology such as Clutter, now superseded by the Focused Inbox, help Outlook clients filter the dross from new mail, but after some 34 years of using email, it seems to me that it’s a lack of discipline on the part of the user that might be more to blame for time wasted processing email. In any case, there are tons of new interruptions to be dealt with ranging from questions from fellow workers to the cacophony of tones demanding attention from multiple apps, so distraction is not an issue confined to email.
I doubt email will fade away in the near future. Decried and derided by many, email remains the single biggest method for communication and collaboration in the business world. The depth and richness of functionality available in the email ecosystem, including in areas like compliance that are often overlooked by “snazzier” newcomers, makes it really difficult for organizations to dump the Inbox.
Have you ever wondered why the user photos displayed in Office 365 look great in one application and horrible in another? The problem is probably due to the resolution of the image that is available to the application, so it pays to understand where those images are held and retrieved. Paul Ryan, a SharePoint Technical Architect in the UK, has done a nice job of collating guidelines for those who struggle with the topic. It would be nice if Microsoft made it simple for everyone by allowing Azure Active Directory to store both high- and low-resolution images of user photos that are available to all applications.
Azure Active Directory conditional access policies for devices
On August 10, 2016, Microsoft announced the preview of device-based policies for Azure Active Directory conditional access. Basically, this feature allows you to implement a set of policies so that only known devices (managed by your organization) can connect to Office 365 and other applications. Exchange Online, SharePoint Online, and Yammer are among the applications for which you can enable policies. It’s a nice advance in the state of the art that should help some organizations achieve the level of control they desire over the devices that access important corporate applications.
Have Your Own Key (HYOK)
As part of its Azure Information Protection initiative, Microsoft announced the support for “Have Your Own Key” (HYOK), essentially the ability for organizations who have very complex requirements to protect information and have control over the encryption keys used to protect specific documents. As Dan Plastina (@TheRMSGuy, Partner Director for Threat Protection at Microsoft) notes, HYOK is not for every organization and there are some trade-offs that have to be made. The feature is worth considering by large organizations who operate hybrid environments, including on-premises Active Directory Rights Management Services.
Microsoft Research on passwords
Finally, if you’re struggling to come up with a cogent corporate policy for passwords that you need to communicate to users, you could do worse than to consult the short-but-sweet paper on the topic authored by Robyn Hicock of the Microsoft Identity Protection Team. The advice given is reasonable and precise. It would be good if other advice from the software giant was delivered with the same brevity.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.