New blog articles in Microsoft Tech Community

Virtualizing Skype for Business with VMware Horizon to improve mobility, security, and management

Sheldon DPaiva — Tue, 06 Jun 2017 22:46:00 GMT

What if you could enable your users to access their Skype for Business enabled desktops from any location, and on any device? See what delivering Skupe for Business in a virtual desktop through VMware Horizon can do for you.

Microsoft at Digital Workplace Experience 2017 Chicago (June 19-21)

Chris McNulty — Tue, 06 Jun 2017 21:35:30 GMT

Join Microsoft at the inaugural Digital Workplace Experience conference (#DWEXP17) at the Radisson Blu Aqua Hotel, June 19-21 in Chicago.

Sharing is now available in MyAnalytics!

Nick Robinson — Tue, 06 Jun 2017 20:47:16 GMT

You can now select a portion, summary or full overview of your personal productivity insights from MyAnalytics and share it with others in your organization. Whether a peer, mentor or manager – sharing can help drive change with others, help you get support for your goals, or drive critical conversations around priorities, load balancing and work life balance.

New Guide: Switch to Excel from Sheets

Olaf Hubel — Tue, 06 Jun 2017 17:04:27 GMT

Are you or your company switching to Microsoft Excel from Google Sheets? We have your go-to guide to help you get up and running in Office 365 with minimum disruption.

New Videos: New OneDrive Admin Controls, Sharing Dialog, Files On-Demand and Admin Center

Stephen Rose — Tue, 06 Jun 2017 16:22:08 GMT

Ready to catch up wityh the lastest features and functionality? Here are some of the newest Microsoft Mechanics videos on new admin controls for OneDrive, new sharing dialog, OneDrive Files On-Demand and our Admin Console.

Accessibility Updates in Access

Michal Bar — Tue, 06 Jun 2017 21:53:50 GMT

Over the past year, our engineers have been working hard towards meeting the Office accessibility standards outlined in this 2016 accessibility roadmap.

This blog post describes some of these improvements that are available to all Office 365 subscribers.

New Office 365 Switch Guides: OneDrive for Business from Google Drive or Box

Stephen Rose — Mon, 05 Jun 2017 21:31:01 GMT

OneDrive for Business is included with Office 365, so you can access, upload, and share your files from anywhere you use Office—on your desktop, the web, and your mobile devices.

Skype for Business: PSTN Calling Preview for Germany and Belgium

Sara Zolezzi — Mon, 05 Jun 2017 21:04:08 GMT

Cloud PBX with PSTN Calling service for Skype for Business will be expanding its offering to Germany and Belgium!

SIEM connector now available for Office 365 Advanced Security Management

Anthony Smith (A.J.) — Mon, 05 Jun 2017 18:15:35 GMT

A year ago we announced a way for you to get greater visibility and control over Office 365 with Advanced Security Management (ASM).

New feature: Per Group Sharing Controls

Stephen Rose — Fri, 02 Jun 2017 20:14:45 GMT

The per-group sharing controls are a new Office 365 feature that allows SharePoint Online administrators to limit the ability to share with external users to those in specified security groups. These controls affect OneDrive for Business and SharePoint Online in Office 365.

Enhanced Reporting, Quarantining, and Safe Links Capabilities for Office 365 EOP and ATP Services

Debraj Ghosh — Fri, 02 Jun 2017 18:42:03 GMT

Office 365 Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) were designed to keep your organization protected against cyber-attacks while supporting end-user productivity. We continue to enhance both EOP and ATP by offering deeper insights and more flexible controls.
This month we are introducing advanced threat reporting, new quarantine capabilities for malware emails, and additional controls to the ATP safe links feature. These features are currently being deployed and would be available for all the users by end of May.

Advanced Threat Reporting
Threat Protection Status is a new advanced threat report that visibility into all malicious mails detected and blocked for your organization – both those caught by standard EOP features such as anti-malware engines and Zero-hour auto purge (ZAP), as well as those caught by the advanced protection provided by ATP Safe Attachments and Safe Links. It augments the recently introduced detailed reports in the Security And Compliance Center (SCC) reporting dashboard for ATP safe attachments. Threat Protection status report could be accessed from this link.

Figure 1. Advanced Threat Report - Threat Protection Status

The ATP safe attachment section of this report identifies all malicious emails detected by routing attachments to a hypervisor (sandbox) environment where content behavior is analyzed for malicious intent. -It provides the detailed observed behavior from the hypervisor environment, as well as details on Command aand Control (C2C) servers that content interacts with, malicious files downloaded, scripts executed, and system changes to registry or files.

Figure 2. ATP Content Behavior Analysis from Sandbox

The ATP safe links section of the report identifies mails with malicious URLs that were blocked at the time of click based on the mail’s reputation. As you may know, ATP safe links reroutes URLs at the time of click for validation of the URL reputation. This guards against exploits where attackers redirect URLs to malicious websites after mail is delivered.

Enhanced Quarantine Capabilities
This month will also see significant feature enhancements to quarantine capabilities, extending support for EOP and providing new support in ATP for emails classified as malware. We are also enhancing the existing quarantine experience by allowing administrators to review and delete emails from quarantine. The new features will be enabled in SCC Quarantine interface which could be accessed from this link.

Now, all emails classified as malware from both EOP and ATP will be quarantined. In the event of a mail getting misclassified as malware and placed in quarantine, admins will have the ability to easily release the email to an end-user, thus preventing any unnecessary disruption to end user productivity. Administrators can understand the details of a mail from Quarantine by double click of a specific message and clicking on the “Preview message”.

Figure 3. Malware Quarantine

New ATP Safe Links Policy Features

The Safe Links in ATP is getting three new features that can be utilized when creating a Safe Links policy:

The ability to customize per-tenant block lists for URLs that should be blocked from reaching end-users. While ATP leverages a very large set of reputation filters, we realize that there are instances when organizations wish to designate a set of URLs to always block, which is now enabled by and this new block list feature.

Email wildcard blocking for both domains and handles to make it simpler to block a sender without the need to write in each individual email address.

Increased character limit for URLs, providing greater flexibility of configuration for both the block and allow lists.

Figure 3. Safe links Block URL List

We value your feedback, as it helps us continue to improve and enhance our services. Please check out these new features in EOP/ATP and let us know what you think. If you’re interested in trying ATP, reach out to your account rep, or learn more about ATP here.

How to use Office 365 threat protection services to help prevent WannaCry related attacks

Debraj Ghosh — Fri, 02 Jun 2017 01:51:17 GMT

Many organizations were impacted by a ransomware attack known as WannaCry. While Microsoft’s threat analysts have found that thus far WannaCry spreads mostly over local networks and the Internet, and while we are not seeing the campaign propagating via email, the attacks have the potential of leveraging common email phishing tactics and or emails which include malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources.

In March, Microsoft released a security update which addresses the vulnerability that these attacks are exploiting. Customers who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010. Additionally, Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack.

For our customers using Office 365, please note how the following services can help protect you against WannaCry attacks:

Exchange Online Protection (EOP): While we are not currently seeing a WannaCry email campaign in Office 365 EOP, we have updated anti-virus signatures to block WannaCry to help protect our customers. We will continue making updates to our anti-virus signatures in EOP based on known file hashes for this malware.

Advanced Threat Protection (ATP): ATP should catch new variants of WannaCry if email is leveraged as an attack vendor. We’ve confirmed this by analyzing the WannaCry malware in ATP. When we detect any new variant in ATP, we will subsequently update the signatures in EOP. Office 365 ATP also works with Windows Defender ATP to help protect users and systems from attacks.

To ensure optimal performance of EOP/ATP it is very important to check that EOP is properly configured. Follow these EOP configuration guidelines and these best practices.

Office 365 Threat Intelligence (TI) can help show emails that were part of the WannaCry campaign. While some early reports used common phishing techniques, masquerading as wire transfer requests, invoices and delivery notifications,. Office 365 Threat Intelligence can be used to search for the malware family “Win32/WannaCrypt” in the event that any emails related to WannaCry targeted your tenant. To identify messages that were involved in the WannaCry campaign:

1. Go to the Office 365 Security and Compliance center

2. Under “Threat Management” click on the “Threat Explorer” option
3. Once in Threat Explorer search for the malware family “Win32/WannaCrypt”
4. If an instance of WannaCry entered your tenant through Office 365, it will show up in the graph

Office 365 Advanced Security Management: You can create an activity policy that can detect if a user renames/syncs/uploads multiple files with the file extension .wncry (or any other extension) to Office 365, and automatically suspend the user’s account to help stop further encrypted files from being transferred. For more details, please review “Detect ransomware activity” section of the Advanced Security Management Use Case and Usage Guide.

1. On the Policies page, click Create activity policy
2. In the Policy Template field, choose Potential ransomware activity
3. Optional: check the Suspend user
4. Click on Create

To simulate an alert, simply rename the file extension for one or more files per the policy configuration above. The alert should be trigger shortly.

If you suspect that any WannaCry emails have landed in your users’ inbox, go to the Microsoft Malware Protection Center for instructions on how to submit samples so that we can further investigate and provide recommendations and next steps.

For more details about WannaCry please read our posts at the Microsoft Security Response Center and Microsoft Malware Protection Center.

SharePoint filters pane updates – filtering and metadata navigation for lists and libraries

Chris McNulty — Wed, 31 May 2017 23:55:39 GMT

We are pleased to announce the inclusion of metadata-driven filtering to the filters pane, originally introduced in late 2016. The filters pane provides a powerful way to automatically use the fields you had previously configured for library and list metadata navigation and key filters. The pane uses machine learning to suggest the most likely columns to be used for filtering.

Deploy custom business applications with ease with the Office 365 Centralized Deployment service

Sonal Pardeshi — Thu, 01 Jun 2017 16:59:44 GMT

We are delighted today to announce the general availability of the Centralized Deployment service!

Centralized Deployment enables you as the Office 365 admin, to deploy Office web add-ins to individual users, groups and the organization.

What's New for Developers

Richard Moe — Tue, 30 May 2017 21:57:59 GMT

The Microsoft Teams Developer Platform folks were pretty busy at the Build Developer Conference in May. Did you miss any of big news we talked about? Here's a little recap just in case.

Welcome to the new Skype Academy page

Thomas Binder — Tue, 30 May 2017 16:23:30 GMT

Request for feedback: Using Slide Snippets and Data Visualizer in Visio.

Declan Coughlan — Mon, 29 May 2017 12:52:54 GMT

The Office team has recently released two features for Visio and we'd like to understand how the features are working for you in your market, focusing on the User Interface, the Enhanced ScreenTips and the support articles.

IT Agility to Realize Full Cloud Value - Evergreen Management

Brian Levenson — Mon, 05 Jun 2017 23:12:55 GMT

An always-evolving and continuously improving cloud service brings additional functionality, as well as new challenges, to an enterprise or government. This is a paradigm shift for IT organizations and an opportunity to drive value for business and mission goals.

Update on Custom Policies in Skype for Business Online

Zoran Cvetkovic — Fri, 26 May 2017 15:16:52 GMT

SOF / Skype Academy Blog Articles will soon be moved

Laurie Pottmeyer — Tue, 23 May 2017 21:41:03 GMT

All Skype for Busienss blogs will now be found in a single location.