Advanced eDiscovery in Microsoft 365 — or Office 365, depending on your subscription — is a powerful tool that can index data sets and make it easily searchable.
This tool also supports the import and analysis of external data. This is a useful feature for legal and human resources positions or any other job in which you need to search through data for keywords and use the AI features of the platform to weed out undesirable information. Before we look at Office 365 Advanced eDiscovery, let’s start with some basics.
The standard eDiscovery feature is available to any Business or Enterprise licensed customer of the Microsoft 365 or Office 365 suite. It provides several functions, including:
Once you configure the data set, the data will be indexed for review. More searches, known as queries, can be run and the results exported for use outside of eDiscovery.
What is Office 365 Advanced eDiscovery?
Office 365 Advanced eDiscovery is more of an end-to-end product for eDiscovery requirements. Advanced eDiscovery follows the Electronic Discovery Reference Model framework, which provides more granularity to the settings you can control over a case.
Advanced eDiscovery requires licensing above the common Microsoft/Office 365 E3 license such as the E5 compliance add-on, the eDiscovery and Audit add-on or just a switch to the Microsoft/Office 365 E5 tier.
Some of the Advanced eDiscovery highlights include:
search and analytics functionality thread emails, rather than dealing with each email separately;
optical character recognition to convert images to text-searchable documents;
built-in ability to analyze, query, review, tag and export content as a group, rather than individual files;
better visibility of long-running tasks to check progress;
predictive coding allows you to train the system to determine which data is relevant; and
detecting files that are the same or almost the same to avoid a review of the same content.
Organizations can benefit from the import feature
Another key feature for Advanced eDiscovery is the ability to import non-Microsoft 365 content.
To start, create a review set which is only available in Advanced eDiscovery. A review set is a defined group of data sets, which can be used with the group functionality listed above.
You can add external data to a review set with the Manage review set option. Clicking the View uploads link in the Non-Office 365 data section takes you to a page with an Upload files button, which starts a wizard after it is clicked.
The wizard asks you to prepare the files you want to upload. You’ll need to create a top-level folder with a subfolder for each custodian you have data for in User Principal Name UPN format for the account, such as [email protected] Upload the data in those user-named folders.
Click on this link to see the file types you can import into Advanced eDiscovery. Microsoft supports several archive and container formats such as PST mailbox files that you can upload in a batch and run searches against.
To upload the files, you will need to install the AzCopy utility. When you have all the files ready, input the path in the wizard to the user folders, which will generate a command to paste into a command prompt that will trigger the upload using AzCopy. The utility will show statistics, such as the progress, time elapsed and the upload speed during the transfer process.
Once finished, you can go back to the webpage and click the Next: Process files button. Do not click this button until the upload completes or you’ll start a one-time processing of the incomplete data that you can’t cancel or run again.
The time it takes to process depends on the amount of data uploaded. When the transfer completes, the Manage review sets page will show a summary report of the data, allow you to train the system for relevant information, and manage tags to help identify and discover data based on your search criteria.
You need to apply the license to the account(s) you are searching; administrators and staff reviewing the data do not need this extra license, so for occasional ad-hoc Advanced eDiscovery requirements, your organization might only need a few licenses that you can move as required — assuming you don’t want the other benefits that come with each license.
Advanced eDiscovery takes some time to understand from both the administrator’s point of view and from the perspective of the user with access to a case. But it’s a powerful — and relatively inexpensive — tool for an organization that might have access as part of the E5 license. It’s still very cost-effective if you only need a few add-on licenses compared to any other eDiscovery product on the market.
Hi, reasonable condition SG06 Black SFF case used as office PC for a few years. Would suit HTPC or other SFF use. Looks fine from the outside, a few small scratches on the inner surfaces but nothing major. Also what looks like a tiny bit of corrosion in one of the top ventilation holes, not visible unless you look – I’ve tried to show in the pics.
I’ve left a Sony AD 7700S DVD-RW drive in there, which I mainly used for CD ripping and works fine with dbpoweramp, Accurip and so on.
Internal hard drive, SSD carrier and (obviously) DVD drive carrier are present, as is the PSU bracket and the expansion card bracket on the rear of the case (you can see it above the expansion card slots). I don’t have the slot blanks – they are just standard full height ones though so any old ones will do if needed.
No PSU – pretty sure it needs an SFX PSU.
Front USBs dodgy/not working, there’s a small controller board that screws onto the rear of the fascia – I expect the board could be replaced but I never bothered and just used the motherboard USB ports. Front power button and LEDs work fine, as does the front fan.
Part one of this two-part series on Microsoft 365 (formerly Office 365) security weaknessesexamined some of main misconfigurations that cause problems when trying tosecurely operate or migrate to the cloud-based Microsoft 365 suite of services. While knowing the challenges is half the battle, what about addressing those challenges? Based on our work with clients, our research data and a review of available information, Nemertes recommends the following 12 best practices to secure Microsoft 365.
Implement a Microsoft 365 cybersecurity task force. To address known concerns with Microsoft 365, we recommend enterprises form a cybersecurity team focused specifically on Microsoft 365 cybersecurity. This team should be responsible for the following:
educating itself on the known issues;
recommending remediations and best practices;
developing a security-based project plan for the Microsoft 365 migration;
working directly with any third-party providers to ensure migration and implementation align with best practices; and
working directly with Microsoft’s technical experts if issues arise.
Review Microsoft documentation. Microsoft has an extensive library that grows daily, documenting security vulnerabilities — particularly those related to configuration issues. As a regular practice, the task force should review the library. Earlier this year, for example, Microsoft added a recommendation to the repository that businesses should use Domain-based Message Authentication, Reporting and Conformance (DMARC) to validate and authenticate mail servers to ensure destination email systems trust messages sent from company domains to help companies fortify their systems.
Using DMARC with Sender Policy Framework (SFP) and DomainKeys Identified Mail (DKIM) provides additional protection against spoofing and phishing emails. The library has hundreds of recommendations like this. As a result, the task force should familiarize itself with the library’s documentation and, as a regular practice, continue reviewing the library on a regular basis.
Enable and use DMARC, SPF and DKIM. When used together, these three protocols dramatically reduce the risk of spoofing and phishing. Use Microsoft Exchange as your email service provider in this configuration.
Enable multifactor authentication (MFA) by default, at the very least for administrator accounts and, ideally, for all accounts. The May 2019 U.S. Cybersecurity and Infrastructure Security Agency (CISA) report noted that MFA for administrator accounts isn’t enabled by default, yet Azure Active Directory (AD) global administrators in a Microsoft 365 environment have the highest level of administrator privileges at the tenant level. Modifying this configuration to require administrator MFA is a huge step toward ensuring security.
Enable mailbox auditing by default. The CISA report also revealed Microsoft didn’t enable auditing by default in Microsoft 365 prior to January 2019. The Microsoft 365 task force should ensure this step is enabled by default.
Determine if password sync is required. By default, Azure AD Connect integrates on-premises environments with Azure AD when customers migrate to Microsoft 365. In this scenario, the on-premises password overwrites the password in Azure AD. Therefore, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs. If password sync is required, the team should carefully think through the implications of a premises-based attack on cloud systems, or vice versa.
Move away from legacy protocols. Several protocols, including Post Office Protocol 3 and Internet Mail Access Protocol 4, don’t effectively support authentication methods such as MFA. CISA recommended moving away from all legacy protocols.
Upgrade all software and OSes prior to migration. Earlier versions of Microsoft software, such as Office 2007, have known security vulnerabilities and weaker protection thresholds. Upgrade all software to current versions prior to migrating to Microsoft 365.
Test all third-party applications before integrating them into Microsoft 365. If you are using Microsoft 365 in conjunction with third-party applications — developed in-house or by outside companies — be sure you conduct solid cybersecurity testing before integrating them with Microsoft 365.
Develop and implement a backup and business continuity plan. Many organizations wrongly assume that, because Microsoft 365 is cloud-based, it is automatically backed up. That’s not the case; Microsoft uses replication rather than traditional data backup methods. As a result, it can’t guarantee an organization’s files will remain available if files are compromised through ransomware or accidental deletion.
Implement cloud-based single sign-on (SSO). Known vulnerabilities in Microsoft 365’s security protocols involve using cross-domain authentication to bypass federated domains. The best approach to mitigating these issues is to deploy SSO as a service from a provider such as identity and access management company Okta or identity security company Ping Identity.
Assess your Microsoft Secure Score and Compliance Score. Microsoft has developed two registries for Microsoft 365: Secure Score and Compliance Score. These registries list hundreds of steps customers should take to improve their overall scores and include a way to indicate whether they’ve done it, not done it yet or accept the risk. Secure Score is aimed at traditional security, such as “Did you enable MFA?” Compliance Score offers a general assessment, as well as regulation-specific assessments, such as GDPR and the California Consumer Privacy Act.
Microsoft 365 security effort requires focus
In summary, Microsoft 365 is peppered with cybersecurity vulnerabilities, in its architecture and design and in the default configuration. The known vulnerabilities and best practices discussed here are just a start. What’s more important is that enterprise technology pros maintain a focused and ongoing cybersecurity effort to protect their environments.
Organizations are facing a lot of pressure to migrate to Microsoft 365. Nemertes believes the platform’s cybersecurity challenges can be overcome with effort and attention. In particular, it is vital to have a Microsoft 365 cybersecurity task force. This is not an optional component of any migration to Microsoft 365. That means companies need to consider the cost and effort involved in creating and maintaining an ongoing Microsoft 365 task force when computing the ROI of migrating to the platform. If the perceived benefit of agility and a cloud-based environment exceeds the cost of maintaining a focused internal group, a move to Microsoft 365 is warranted.
Microsoft will make several changes to the Office 365 platform this year that will affect enterprise users. Email client changes and new features in the Office suite and subscriptions can increase support calls, but administrators can help themselves through training and engagement.
Microsoft, which was once tolerant of customers on older products, is pushing customers to adopt the latest Windows 10 build and Office suite to take advantage of new Office 365 functionality and capabilities. At time of publication, the Office 365 roadmap shows nearly 250 features in development with nearly 150 rolling out. Some of the changes include:
After October 2020, only Office 2019 and Office Pro Plus will be allowed to connect to Office 365 services, such as email on Exchange Online and SharePoint Online;
Microsoft Outlook will receive several changes to its user interface throughout 2020;
Office Groups and Microsoft Teams will be the focus for collaboration tool development;
Office ProPlus is no longer supported in Windows 8.1, Windows 7 or older on the client operating system and Windows Server 2012, 2012 R2 and 2016 on the server side.
Given the number of updates in the works, many administrators realize that the wave of change will affect many of their users, especially if it requires upgrading any legacy Office suite products such as Office 2013, 2016 and even 2010. To ensure a smooth transition with many of the new Office 365 tools and expected changes, IT workers must take several steps to prepare.
Develop an Office 365 or Office 2019 adoption plan
One of the first steps for IT is to plot out a strategy that outlines the upcoming changes and what needs to be done to complete the adoption process. During this step, the IT team must detail the various software changes to implement — upgrades to the Office suite, introduction of Microsoft Teams and other similar items. The adoption plan can define the details around training material, schedules, resources and timelines needed.
Identify platform champions to help encourage adoption
To be more effective when it comes to gaining the trust of their end users and keeping them invested with the upcoming Office 365 roadmap features, administrators must identify a few platform champions within the business to help build support within the end-user groups and outside of IT.
Build excitement around the upcoming changes
Changes are generally met with some resistance from end users, and this is especially the case when it comes to changing tools that are heavily used such as Outlook, Word, Excel and certain online services. To motivate end users to embrace some of the new applications coming out in 2020, administrators must highlight the benefits such as global smart search, a new look and feel for the email client and several enhancements coming in Microsoft Teams.
Be flexible with training materials and methods
Everyone learns differently, so any training content that administrators provide to the end users must come in several formats. Some of the popular delivery mechanisms include short videos, one-page PDF guides with tips and tricks, blog postings and even podcasts. One other option is to outsource the training process by using a third-party vendor that can deliver training material, tests and other content through an online learning system. Some of the groups that offer this service include BrainStorm, Microsoft Learning and Global Knowledge Training.
Monitor progress and highlight success stories
Once IT begins to roll out the adoption plan and the training to the end users, it is important to monitor the progress by performing frequent checks to identify the users actively participating in the training and using the different tools available to them. One way for the administrators to monitor Office activation is through the Office 365 admin portal under the reports section. Some of the Office usage and activation reports will identify who is making full use of the platform and the ones lagging behind who might require extra assistance to build their skills.
Stay on top of the upcoming changes from Microsoft
End users are not the only ones who need training. Given the fast rate that the Office 365 platform changes, IT administrators have a full-time job in continuing to review the new additions and changes to the applications and services. Online resources like Microsoft 365 Roadmap and blog posts by Microsoft and general technology sites provide valuable insights into what is being rolled out and what upcoming changes to expect.
Share stories and keep the door open for continuous conversations
Microsoft Teams and Yammer are highly recommended for administrators to interact with their end users as they are adopting new Office 365 tools. This gives end users a way to share feedback and allows others to join the conversation to help IT gauge the overall sentiment around the changes in Office 365. They also provide IT with an avenue to make some announcements related to major future changes and evaluate how their end users respond.
With Office 365 becoming Microsoft 365, administrators are wondering what this evolution changes regarding their data protection needs.
As it stands right now, not much has changed from a backup and recovery standpoint. The tools and best practices used for backing up Office 365 are still valid for Microsoft 365 backup.
So, what are some of those best practices? No. 1 is to simply make sure that you are backing up 365. Microsoft only provides infrastructure-level protection for 365. It is up to you to make sure that your data is protected. It’s a similar story with other popular software-as-a-service applications — you must back up your data and not rely on the SaaS providers.
While Microsoft presumably takes steps to prevent data loss related to a catastrophic failure within its data center, the company doesn’t protect you from data loss related to the accidental deletion or overwriting of your data. Therefore, it’s up to you to make sure that you have Microsoft 365 backup.
Periodically check that your backup tools can back up all the requiredMicrosoft 365 data. Early on, a lot of the Office 365 backup products focused solely on Exchange Server, with some also supporting SharePoint. However, there are other data sources that need protection, such as OneDrive and Azure Active Directory.
Choose a Microsoft 365 backup product that will enable you to recover data at a granular level. At a minimum, you need to be able to restore individual files, email messages and SharePoint sites. You shouldn’t have to restore an entire Exchange mailbox just to recover a single message.
Your Microsoft 365 backup product should enable you to restore your data to a location of your choosing. In most cases, you will probably be restoring data back to the Microsoft 365 cloud. Certain circumstances may require you to restore to a different Microsoft 365 subscription, or perhaps even to a server that is running on premises.
Finally, backup and restore operations are often tightly intertwined with an organization’s compliance initiatives. Make sure that your backup software meets the requiredservice-level agreements and that it provides the level of reporting needed to satisfy compliance auditors.
Microsoft 365 (formerly Office 365) provides a wide set of options for managing data classification, retention of different types of data, and archiving data. This article will show the options a Microsoft 365 administrator has when setting up retention policies for Exchange, SharePoint, and other Microsoft 365 workloads and how those policies affect users in Outlook. It’ll also cover the option of an Online Archive Mailbox and how to set one up.
There’s also an accompanying video to this article which shows you how to configure a retention policy, retention labels, enabling Archive mailboxes, and creating a move to archive retention tag.
Before we continue, we know that for all Microsoft 365 admins security is a priority. And in the current climate of COVID-19, it’s well documented how hackers are working around the clock to exploit vulnerabilities. As such, we assembled two Microsoft experts to discuss the critical security features in Microsoft 365 you should be using right now in a free webinar on May 27. Don’t miss out on this must-attend event – save your seat now!
How To Manage Retention Policies in Microsoft 365
There are many reasons to consider labeling data and using retention policies but before we discuss these let’s look at how Office 365 manages your data in the default state. For Exchange Online (where mailboxes and Public Folders are stored if you use them), each database has at least four copies, spread across two datacenters. One of these copies is a lagged copy which means the replication to it is delayed, to provide the option to recover from a data corruption issue. In short, a disk, server, rack, or even datacenter failure isn’t going to mean that you lose your mailbox data.
Further, the default policy (for a few years now) is that deleted items in Outlook stay in the Deleted Items folder “forever”, until you empty it, or they are moved to an archive mailbox. If an end-user deletes items out of their Deleted Items folder, they’re kept for another 30 days (as long as the mailbox was created in 2017 or later), meaning the user can recover it, by opening the Deleted Items folder and clicking the link.
Where to find recoverable items in Outlook
This opens the dialogue box where a user can recover one or more items.
Additionally, it’s also important to realize that Microsoft does not back up your data in Microsoft 365. Through native data protection in Exchange and SharePoint online they make sure that they’ll never lose yourcurrentdata but if you have deleted an item, document or mailbox for good, it’s gone. There’s no secret place where Microsoft’s support can get it back from (although it doesn’t hurt to try), hence the popularity of third-party backup solutions such as Altaro Office 365 Backup.
Litigation Hold – the “not so secret” secret
One option that I have seen some administrators employ is to use litigation or in-place hold (the latter feature is being retired in the second half of 2020) which keeps all deleted items in a hidden subfolder of the Recoverable Items folder until the hold lapses (which could be never if you make it permanent). Note that you need at least an E3 or Exchange Online Plan 2 for this feature to be available. This feature is designed to be used when a user is under some form of investigation and ensures that no evidence can be purged by that user and it’s not designed as a “make sure nothing is ever deleted” policy. However, I totally understand the job security it can bring when the CEO is going ballistic because something super important is “gone”.
Litigation hold settings for a mailbox
If the default settings and options described above doesn’t satisfy the needs of your business or regulatory requirements you may have, the next step is to consider retention policies. A few years ago, there were different policy frameworks for the different workloads in Office 365, showing the on-premises heritage of Exchange and SharePoint. Thankfully we now have a unified service that spans most Office 365 workloads. Retention in this context refers to ensuring that the data can’t be deleted until the retention period expires.
There are two flavors here, label policies which publish labels to your user base, letting users pick a retention policy by assigning individual emails or documents a label (only one label per piece of content). Note that labels can do two things that retention policies can’t do, firstly they can apply from the date the content was labeled, and secondly, you can trigger a disposition / manual review of the SharePoint or OneDrive for Business document when the retention expires.
Labels only apply to objects that you label; it doesn’t retroactively scan through email or documents at rest. While labels can be part of a bigger data classification story, my recommendation is that anything that relies on users remembering to do something extra to manage data will only work with extensive training and for a small subset of very important data. You can (if you have E5 licensing for the users in question) use label policies to automatically apply labels to sensitive content, based on a search query you build (particular email subject lines or recipients or SharePoint document types in particular sites for instance) or to a set of trainable classifiers for offensive language, resumes, source-code, harassment, profanity, and threats. You can also apply a retention label to a SharePoint library, folder, or document set.
As an aside, Exchange Online also has personal labels that are similar to retention labels but created by users themselves instead of being created and published by administrators.
A more holistic flavor, in my opinion, is retention policies. These apply to all items stored in the various repositories and can apply across several different workloads. Retention policies can also both ensure that data is retained for a set period of time AND disposed of after the expiry of the data, which is often a regulatory requirement. A quick note here if you’re going to play around with policies is that they’re not instantaneously applied – it can take up to 24 hours or even 7 days, depending on the workload and type of policy – so prepare to be patient.
These policies can apply across Exchange, SharePoint (which means files stored in Microsoft 365 Groups, Teams, and Yammer), OneDrive for business, and IM conversations in Skype for Business Online / Teams and Groups. Policies can be broad and apply across several workloads, or narrow and only apply to a specific workload or location in that workload. An organization-wide policy can apply to the workloads above (except Teams, you need a separate policy for its content) and you can have up to 10 of these in a tenant. Non-org wide policies can be applied to specific mailboxes, sites, or groups or you can use a search query to narrow down the content that the policy applies to. The limits are 10,000 policies in a tenant, each of which can apply to up to 1000 mailboxes or 100 sites.
Especially with org-wide policies be aware that they apply to ALL selected content so if you set it to retain everything for four years and then delete it, data is going to automatically start disappearing after four years. Note that you can set the “timer” to start when the content is created or when it was last modified, the latter is probably more in line with what people would expect, otherwise, you could have a list that someone updates weekly disappear suddenly because it was created several years ago.
To create a retention policy login to the Microsoft 365 admin center, expand Admin centers, and click on Compliance. In this portal click on Policies and then Retention under Data.
Retention policies link in the Compliance portal
Select the Retention tab and click New retention policy.
Retention policies and creating a new one
Give your policy a name and a description, select which data stores it’s going to apply to and whether the policy is going to retain and then delete data or just delete it after the specified time.
Retention settings in a policy
Outside of the scope of this article but related are sensitivity labels, instead of classifying data based on how long it should be kept, these policies classify data based on the security needs of the content. You can then apply policies to control the flow of emails with this content, or automatically encrypt documents in SharePoint for instance. You can also combine sensitivity and retention labels in policies.
Since there can be multiple policies applied to the same piece of data and perhaps even retention labels in play there could be a situation where conflicting settings apply. Here’s how these conflicts are resolved.
Retention wins over deletion, making sure that nothing is deleted that you expected to be retained and the longest retention period wins. If one policy says two years and another says five years, it’ll be kept for five. The third rule is that explicit wins over implicit so if a policy has been applied to a specific area such as a SharePoint library it’ll take precedence over an organization-wide general policy. Finally, the shortest deletion policy wins so that if an administrator has made a choice to delete content after a set period of time, it’ll be deleted then even if another policy applies that requires deletion after a longer period of time. Here’s a graphic that shows the four rules and their interaction:
Policy conflict resolution rules (courtesy of Microsoft)
As you can see, building a set of retention policies that really work for your business and don’t unintentionally cause problems is a project for the whole business, working out exactly what’s needed across different workloads, rather than the job of a “click-happy” IT administrator.
It all started with trying to rid the world of PST stored emails. Back in the day, when hard drive and SAN storage only provided small amounts of storage, many people learnt to “expand” the capacity of their small mailbox quota with local PST files. The problem is that these local files aren’t backed up and aren’t included in regulatory or eDiscovery searches. Office 365 largely solved part of this problem by providing generous quotas, the Business plans provide 50 GB per mailbox whereas the Enterprise plans have 100 GB limits.
If you need more mailbox storage one option is to enable online archiving which provides another 50 GB mailbox for the Business plans and an unlimited (see below) mailbox for the Enterprise plans. There are some limitations on this “extra” mailbox, it can only be accessed online, and it’s never synchronized to your offline (OST) file in Outlook. When you search for content you must select “all mailboxes” to see matches in your archive mailbox. ActiveSync and the Outlook client on Android and iOS can’t see the archive mailbox and users may need to manually decide what to store in which location (unless you’ve set up your policies correctly).
For these reasons many businesses avoid archive mailboxes altogether, just making sure that all mailbox data is stored in the primary mailbox (after all, 100 GB is quite a lot of emails). Other businesses, particularly those with a lot of legacy PST storage find these mailboxes fantastic and use either manual upload or even drive shipping to Microsoft 365 to convert all those PSTs to online archives where the content isn’t going to disappear because of a failed hard drive and where eDiscovery can find it.
For those that really need it and are on E3 or E5 licensing you can also enable auto-expanding archives which will ensure that as you use up space in an online archive mailbox, additional mailboxes will be created behind the scenes to provide effectively unlimited archival storage.
Click on a user’s name to be able to enable the archive mailbox.
Archive mailbox settings
Once you have enabled archive mailboxes, you’ll need a policy to make sure that items are moved into at the cadence you need. Go to the Exchange admin center and click on Compliance management – Retention tags.
Exchange Admin Center – Retention tags
Here you’ll find the Default 2 year move to archive tag or you can create a new policy by clicking on the + sign.
Exchange Retention tags default policies
Pick Move to Archive as the action, give the policy a name and select the number of days that has to pass before the move happens.
Creating a custom Move to archive policy
Note that online archive mailboxes have NOTHING to do with the Archive folder that you see in the folder tree in Outlook, this is just an ordinary folder that you can move items into from your inbox for later processing. This Archive folder is available on mobile clients and also when you’re offline and you can swipe in Outlook mobile to automatically store emails in it.
Now you know how and when to apply retention policies and retention tags in Microsoft 365, as well as when online archive mailboxes are appropriate and how to enable them and configure policies to archive items.
Finally, if you haven’t done so already, remember to save your seat on our upcoming must-attend webinar for all Microsoft 365 admins:
Is Your Office 365 Data Secure?
Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they’re not. Secure your Office 365 data today using Altaro Office 365 Backup – the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs.
Microsoft just made sweeping changes to the Office 365 ecosystem, both for personal subscriptions (Office 365 Personal and Home) and Office 365 for Business, sunsetting the Office 365 brand and replacing it with Microsoft 365. This was put in place as of April 21, 2020.
This article will look at what these changes mean, explore the differences between Office 365, Microsoft 365 and Office 2019 and the subscription model underlying these offerings as well as make some predictions for the enterprise services that are still under the Office 365 name.
Office 365 Home and Personal
Let’s start with the home and family subscriptions. Over 500 million people use the free, web-based versions of Word, Excel etc. along with Skype and OneDrive to collaborate and connect. Then there are 38 million people who have subscribed to Office 365 Home or Office 365 Personal. Both provide the desktop Office suite (Word, Excel etc.) for Windows and Mac, along with matching applications for iOS and Android and 1 TB of OneDrive space. These two plans are changing name to Microsoft 365 Personal ($6.99 per month) and Microsoft 365 Family ($9.99 per month) respectively. Personal is for a single user whereas Family works with up to six people (and yes, they each get 1 TB of OneDrive storage for a maximum of 6TB). Otherwise, they’re identical and provide advanced spelling, grammar and style assistance in Microsoft Editor (see below), AI-powered suggestions for design in PowerPoint, coaching when you rehearse a PowerPoint presentation and the new Money in Excel (see below). Each user also gets 50 GB of email storage in Outlook, the ability to add a custom email domain and 60 minutes worth of Skype calls to mobiles and landlines.
Picking a plan for home use is easy
Microsoft Editor is Microsoft’s answer to Grammarly and is available in Word on the web, and the desktop Word version, along with Outlook.com as well as an Edge or Chrome extension. It supports more than 20 languages and uses AI to help you with the spelling, grammar, and style of your writing. The basic version is available to anyone, but the advanced features are unlocked with a Personal or Family subscription. These include suggestions for how to write something more clearly (just highlight your original sentence), plagiarism checking and the ability to easily insert citations and suggestions for improving conciseness and inclusiveness.
Settings for the Microsoft Editor browser extension
Money in Excel connects Excel to your bank and credit card accounts so you can import balances and transactions automatically and provides personalized insights on your spending habits. Money isn’t available yet and will be US only in the first phase when it rolls out over the next couple of months.
Outlook on the web will let you add personal calendars, not only marrying your work and home life but also providing clarity for others seeking to find appointment times with you – of course, they won’t see what’s penned in your calendars, only when you’re not available. Play My Emails is coming to Android (already available on iOS), letting Cortana read your emails to you while you’re on the go. The Teams mobile app is being beefed up for use in your personal life as well. Finally, Microsoft Family Safety is coming to Android and iOS devices, helping parents protect their children when they explore and play games on their devices.
You’ll have noticed that nearly all of these new features and services are on the horizon but not here yet. If you’re already an Office 365 Home or Personal subscriber your subscription just changed its name to Microsoft 365 Family or Personal but nothing else changed and until these new goodies are available – nothing has changed, including the price of your subscription.Note that none of these changes applies to the perpetual licenses Office 2019 which is Word, Excel etc. that you can purchase (not subscribe to) and that Office 2019 doesn’t provide any cloud-powered, AI-based features, nor gets the monthly feature updates that its Office 365 based cousin enjoys.
Microsoft 365 Business Basic, Apps, Standard and Premium
Of more interest to readers of Altaro’s blogs are probably the changes to the Office 365 SMB plans (that top out at 300 users). As a quick summary, (for a more in-depth look at Office & Microsoft 365, here’s a free eBook from Altaro) Microsoft 365 Business Basic (formerly known as Office 365 Business Essentials at $5 per user per month) gives each user an Exchange mailbox, Teams and SharePoint access, the web browser versions of Word, Excel etc. and 1TB of OneDrive storage.
Microsoft 365 Apps for Business (old name Office 365 Business, $8.25 per user per month) provides the desktop version of Office for Windows, Mac, Android, and iOS devices and 1TB of OneDrive storage.
Microsoft 365 Business Standard (prior name Office 365 Business Premium which is a name change that won’t confuseanyoneweighs in at $12.50 per user per month) gives you both the desktop and web versions of Office.
Finally, Microsoft 365 Business Premium (formerly known as Microsoft 365 Business, again not confusing at all, at $20 per user per month) gives you everything in Standard, plus Office 365 Advanced Threat Protection, Intune based Mobile Device Management (MDM) features, Online Archiving in Exchange and much more.
Microsoft 365 Management Portal
In a separate announcement, Microsoft is bringing the full power of AAD Premium P1 for free to Microsoft 365 Business Premium. This will give SMBs cost-effective access to Cloud App Discovery which provides insight and protection for users in the modern world of cloud services, including discovering which applications your staff are using. It’ll also bring Application Proxy to be able to publish on-premises applications to remote workers easily and securely, dynamic groups make it easier to make sure staff are in the right groups for their role, and password-less authentication using Windows Hello for Business, FIDO 2 security keys and Microsoft’s free authenticator app.
Note that none of the Enterprise flavors of Office 365, E1, E3 and E5, F1 for first-line workers, the A1, A3 and A5 for education, nor the G1, G3 and G5 varieties for government organizations are changing at this time. My prediction is that this will change and before long, all of these will be moved to the unifying Microsoft brand.
Philosophically there are a few things going on here. As a consultant who both sells and supports Office / Microsoft 365 to businesses, as well as a trainer who teaches people about the services, there’s always been a pretty clear line between the two. Office 365 gives you the Office applications, email and document storage. If you wanted mobile device management (Intune), advanced security features (Azure Active Directory, AAD), Windows 10 Enterprise and Information Protection you went for Microsoft 365. These features are all available under the moniker Enterprise Mobility + Security (EMS) so essentially Microsoft 365 was Office 365 + EMS.
Adding Microsoft 365 licenses
This line is now being blurred for the small business plans which can make it even more difficult to make sure that small and medium businesses pick the right plans for their needs. Remember though that you can mix and match the different flavors in business, just because some users need Microsoft 365 Business Premium doesn’t mean that other roles in your business can’t work well with just Microsoft 365 Business Basic.
And this isn’t a surprise move, even Office 365 administrators have been using the Microsoft 365 management portal for quite some time, here’s a screenshot of the old, retired Office 365 portal.
Office 365 Admin Center
More broadly though I think the brand changes are signalling that Office 365 is “growing up” and using the same name across the home user stack as well as the SMB stack (with the Enterprise SKUs to follow) provides a more homogenous offering.
Just as with the name changes to the personal plans there’s nothing for IT administrators to do at this stage, the plans will seamlessly change names but all functionality remains the same (including the lack of long term backup, something that Altaro has a remedy for).
A migration from on-premises Exchange to Office 365 is more than just a matter of putting mailboxes into Microsoft’s cloud. There are several factors that can slow this type of project, and some issues won’t arise until you thought the project was done.
There are quite a few organizations still running an Exchange Server platform, but many of them are looking at migrating to Exchange Online and hand over some of the administrative burden to Microsoft. In my experience, I see four common problems for organizations that can be avoided. With a little preparation, you can avoid these stumbling blocks and make the experience a positive one for both IT and the end user.
Active Directory, on-premises Exchange, Outlook, Windows clients and servers all need to be up to date to give your organization the best possible migration experience. At one time, Microsoft’s organizational posture was more forgiving and would support older software, but today, the company wants all software that touches Exchange to be on the latest version. Some of the older Office suites will still work but only with basic functionality and end users will miss out on newer features, such as Focused Inbox.
That many enterprises struggle with keeping their software current isn’t a surprise, because it’s difficult to patch and deploy updates in a timely fashion. In some cases, organizations depend on third-party software that is rarely updated and may have compatibility issues with a frequent update schedule. There is no easy solution for these problems. But as IT pros, we need to sort through the updates and find a way to get all that software on the latest release.
Understand mail flow scenarios
The next area that hinders a lot of organizations migrating to Exchange Online is not understanding the different ways to set up mail flow into and out of Microsoft’s hosted email platform.
Microsoft designed Office 365 and Exchange Online to be very flexible with regards to the support of different mail flow scenarios. Email can go to on-premises Exchange first, then into Exchange Online. Mail can also go to Exchange Online first, then flow to the on-premises Exchange servers.
During a hybrid migration, the most common scenario is to leave the mail flow configuration to reach the on-premises Exchange Server first, then use hybrid configuration to forward email to mailboxes in the Microsoft cloud via the hybrid routing address. This hybrid routing address, which looks something like [email protected], is an attribute of the on-premises Active Directory account.
When you set up an Exchange hybrid deployment and move mailboxes properly, that address is automatically added to the user’s account. This mail flow arrangement tends to work very well, but if that address is not added to the users account, mail flow won’t work for that user.
Another popular option is to route email through Office 365 first, then to your on-premises mailboxes. This option puts Exchange Online Protection as the gatekeeper in front of all your organization’s mailboxes.
Ultimately, your decision comes down to what other services your organization has in that mail flow path. Some organizations use third-party antivirus products, some use a vendor’s encryption services, while others depend on a particular discovery application. Any of those third-party services may be cloud-based or installed on premises. Some of the services need to be placed before your end-user mailboxes in the transport flow, while others need to be at the end of the transport flow. There is no one-size fits-all configuration. Only when you fully understand all the pieces in your organization’s transport stack can you set up a mail flow that meets your needs.
A move to the cloud means added complexity to your end-user authentication process. Microsoft provides a wide range of authentication options for Office 365 and Exchange Online, but that flexibility also means there are many choices to make during your migration.
Active Directory Federation Services, password hash sync and pass-through authentication are where the authentication options start, but any of those options can be deployed with multifactor authentication, conditional access and a whole load of Azure Information Protection options. Add in some encryption and the migration process gets complicated quickly.
All these choices and security add-ons help protect the business, but it’s a complex undertaking. It takes some effort not only to settle on a particular authentication but to implement it properly and do thorough testing to avoid an avalanche of help desk calls.
Understand accepted domains
Over time, many on-premises Exchange organizations tend to collect multiple accepted domains. Accepted domains are the part of the email address after the @ symbol.
I see many customers have issues when they move mailboxes to the cloud because they forgot to verify all the accepted domains used on those mailboxes. This problem is simple to avoid: Review the accepted domains in your on-premises Exchange organization and make sure they are verified in your Office 365 tenant before migrating the mailboxes.
A move to the cloud can be confusing until you get your bearings, and learning how to manage Office 365 ProPlus updates will take some time to make sure they’re done right.
Office 365 is a bit of a confusing name. It is actually a whole suite of programs based on a subscription model, mostly cloud based. However, Office 365 ProPlus is a suite inside a suite: a subset collection of software contained in most Office 365 subscriptions. This package is the client install that contains the programs everyone knows: Word, Excel, PowerPoint and so on.
Editor’s note:Microsoft recently announced it would rename Office 365 ProPlus to Microsoft 365 Apps for enterprise, effective on April 21.
For the sake of comparison, Office 2019, Office 2016 and older versions are the on-premises managed suite with the same products, but with a much slower rollout pace for updates and fixes. Updates for new features are also slower and may not even appear until the next major version, which might not be until 2022 based on Microsoft’s release cadence.
Rolling the suite out hasn’t changed too much for many years. You can push out Office 365 ProPlus updates the same way you do other Windows updates, namely Windows Server Update Service (WSUS) and Configuration Manager. Microsoft gave the latter a recent branding adjustment and is now referring to it as Microsoft Endpoint Configuration Manager.
The Office 365 ProPlus client needs a different approach, because updates are not delivered or designed in the same way as the traditional Office products. You can still use Configuration Manager, but the setup is different.
Selecting the update channel for end users
Microsoft gives you the option to determine when your users will get new feature updates. There are five update channels: Insider Fast, Monthly Channel, Monthly Channel (Targeted), Semi-Annual Channel and Semi-Annual Channel (Targeted). Insider Fast gets updates first, Monthly Channel updates arrive on a monthly basis and Semi-Annual updates come every six months. Users in the Targeted channels get these updates first so they can report back to IT with any issues or other feedback.
You can configure the channel as part of an Office 365 ProPlus deployment with the Office Deployment Toolkit (ODT), but this only works at the time of install. There are two ways to configure the channel after deployment: Group Policy and Configuration Manager.
Using Group Policy for Office 365 ProPlus updates
Using Group Policy, you can set which channel a computer gets by enabling the Update Channel policy setting under Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016 (Machine)Updates. This is a registry setting located at HKLMSoftwarePoliciesMicrosoftoffice16.0commonofficeupdateupdatebranch. The options for this value are: Current, FirstReleaseCurrent, InsiderFast, Deferred, FirstReleaseDeferred.
A scheduled task, which is deployed as part of the Office 365 ProPlus install called Office Automatic Update 2.0, reads that setting and applies the updates.
You can use standard Group Policy techniques to target policies to specific computers or apply the registry settings.
Using Configuration Manager for Office 365 ProPlus updates
You can use Configuration Manager, utilizing ODT or Group Policy, to define which channel a client is in, but it also works as a software update point rather than using WSUS or downloading straight from Microsoft’s servers. With this method, you will need to ensure the Office 365 ProPlus channel builds across all the different deployed channels are available from the software update point in Configuration Manager.
Office 365 ProPlus updates work the same way as other Windows updates: Microsoft releases the update, a local WSUS server downloads them, Configuration Manager synchronizes with the WSUS server to copy the updates, and then Configuration Manager distributes the updates to the distribution points. You need to enable the Office 365 Client product on WSUS for this approach to work.
It’s also possible to configure clients just to get the updates straight from Microsoft if you don’t want or need control over them.
Caveats for Office 365 ProPlus updates
When checking a client’s channel, the Office 365 ProPlus client will only show the channel it was in during its last update. Only when the client gets a new update will it show which channel it obtained the new update from, so the registry setting is a better way to check the current configuration.
When an Office 365 ProPlus client detects an update, it will download a compressed delta update. However, if you change the client to a channel that is on an older version of Office 365 ProPlus, the update will be much larger but still smaller than the standard Office 365 ProPlus install. Also, if you change the channel multiple times, it can take up to 24 hours for a second version change to be recognized and applied.
As always with any new product: research, test and build your understanding of these mechanisms before you roll out Office 365 ProPlus. If an update breaks something your business needs, you need know how to fix that situation across your fleet quickly.
Hoping to speed research that results in a COVID-19 cure, the White House Office of Science and Technology Policy has launched a consortium of high tech, academic and government agencies that will work in concert on a number of projects coordinated by IBM and the Department of Energy.
The technology heart of these projects will be over a dozen or more supercomputers, most notably the IBM Summit system housed in Oak Ridge National Laboratory. IBM had already been working with the Lab’s researchers along with the DOE and the University of Tennessee (UT) to narrow down from 8,000 to 77 the number of compounds that are likely to bind to what is called the main “spike” protein of the coronavirus.
“Those 77 compounds are now being investigated with classical chemistry and biology techniques are being examined by people at Oak Ridge and University of Tennessee,” said Dave Turek, vice president of HPC and cognitive systems at IBM. “This is the power of accelerating discovery through computation.”
But the newly formed COVID-19 High Performance Computing Consortium(HPC), which includes 14 members, will largely build on the work IBM, Oak Ridge and UT had done. Other tech companies in the group include AWS, Google Cloud and Microsoft.
“What we are bringing together is a very broad public-private partnership to provide COVID-19 researchers from around the world with access to the world’s most powerful high-performance supercomputer resources that can significantly advance the pace of scientific discovery in the fight to stop the virus,” said Paul Dabbar, undersecretary for science at DOE, in a media briefing on Tuesday.
Dabbar added that all researchers are invited to submit COVID-19 research proposals to the consortium via the online portal, which will then be reviewed and matched with computing resources from all the participating public and private partners.
The consortium members working with the White House Office of Science and Technology Policy and the DOE will have access to 16 systems with 330 petaflops, 775,000 CPU cores and 34,000 GPUs. IBM and the national labs will offer their computing resources for free.
Tech companies aim to lower COVID-19 test costs
Earlier this week, AWS unveiled a new diagnostic development unit that will work with 35 business partners to create a less expensive test for the COVID-19 virus. The company said it will pour $20 million for those customers working on diagnostic tools. The intent of the effort, called the AWS Diagnostic Development Initiative, is to strengthen collaboration among customers that will be funded with AWS “in-kind” credits and technical support.
AWS officials added that the program will not support administrative workloads in terms of running everyday IT operations, but added the program is open to all medical researchers and privately held companies that also will have access to AWS research workloads and diagnostic development tools.
“We’re proud to support this critical work and stand ready with the compute power of AWS to help accelerate research and development efforts,” said Teresa Carlson, vice president of worldwide public sector at AWS, in a prepared statement. “Working together, government, business and academic leaders can utilize the power of the cloud to advance the pace of scientific discovery and innovation and help combat the COVID-19 virus.”
AWS has something of an ulterior motive in launching the program as Amazon needs significantly more COVID-19 tests for its workforce and mammoth warehouses to keep the e-commerce part of the business up and running.
The AWS initiative comes on the heels of programs from Google Cloud and Microsoft. Like IBM, Microsoft launched a program that offers free high-performance computing resources to other vendors and organizations working to develop test kits and vaccines for COVID-19. The company’s AI for Health program makes grants available that ensures access to the company’s Azure cloud along with high-performance computers.
Google Cloud has established a 24-hour incident response team that will stay in constant contact with the World Health Organization, and Google’s senior leadership team in order to make vital decisions about its offices spread around the world.
Private-public alliance key to finding a COVID-19 cure
Some analysts and consultants are encouraged by the newly formed consortium, along with the AWS initiative, saying it is a much-needed step in the right direction.
Frank DzubeckPresident, Communications Network Architects
“IBM and the government, which have 20 computing data centers, are now set up to have open access to look for vaccines and other cures through simulation and analysis,” said Frank Dzubeck, president of Communications Network Architects, consultants in Washington, D.C. “And along with the AWS announcement addressing another important issue — inexpensive and quick testing — maybe technology gives us all a better chance to get through this.”
The goal of the IBM-DOE led consortium is to pool the supercomputing capacity under all 14 of the partners in the consortium and offer “extraordinary supercomputing power” to scientists, medical researchers and a number of government agencies, said Dario Gil, director of IBM Research.
“So, now we have to work with the consortium partners to evaluate proposals from researchers around the world for the projects that could have the most immediate impact,” Gil said.
Among the 14 members of the COVID-19 HPC Consortium are academic institutions MIT and Rensselaer Polytechnic Institute; national laboratories that include the Argonne National Laboratory, Lawrence Livermore National Laboratory (which houses IBM’s Sierra supercomputer, the second fastest computer in the world), Los Alamos National Laboratory and Sandia National Laboratories; and NASA and the National Science Foundation, among federal agencies.