Password hash sync simplifies user management for Office 365

Recently, a new version of DirSync was released that includes synchronization of user password hashes. This avoids the need for users having separate passwords for on-premises login and cloud based login. Prior to this, having the same password required deployment of identity federation servers which is a more significant implementation project. The password hash which is synchronized to the cloud is a one way mathematical computation based on the users password which is not reversible to discover the users plaintext password. Synchronizing the password hash means the user can log into Office 365 using their on-premises password.

This blog post describes directory synchronization and password hash synchronization in the context of Office 365.

User Identity in the Cloud

For a moment let me take you back to a time before cloud computing and SAAS applications. Back when software predominantly ran on PCs connected to networks with Active Directory as the identity provider. When you ran software on a PC in this environment you are= already logged onto the PC. When the software needs to look up your name or do some other kind of personalization it just asks the PC who you are using API calls. There isn’t any additional login required to run new applications as all applications share the same identity provider (Active Directory).

SAAS applications are a little different. They are not installed on the local machine and they do not get access to the local Active Directory domain controller. Because of this, SAAS applications often use disjoint identity providers. As a result users will have to maintain separate usernames and passwords across multiple cloud based applications. Single Sign-On (SSO) is the common answer to resolving this. SSO is defined as the ability for two disjoint identity providers (IDP) to trust one another so that as a user, you log in once against your IDP, and then when you try to access resources secured by the second IDP, you don’t need to login again. This trust relationship is called federation. SSO is implemented using federation and provides the same benefit to users as when all software used to run on your PC and it inherently knew who is logged in.

Directory synchronization does not provide SSO because a user logged in on-premises will still have to log in separately to Office 365. But synchronization does provide that the username will be the same, and now with password hash synchronization also that the password will be the same. Since directory synchronization is much simpler to configure than SSO the benefit of having password hash synchronization makes this a great choice for many customer scenarios.

This diagram shows the three main identity provider options you can choose for Office 365.

Office 365 Cloud Identity

The simplest way that Office 365 provides for user authentication is with a Cloud Identity. This is provided for where your organization wants a new user directory with new usernames and passwords. This may be the case for a new organization, or a small organization that doesn’t have an existing dedicated on-premises directory. Using the Cloud Identity model means that users are not associated with any on-premises identity provider. They are instead fully managed in the cloud and the users will manage their own passwords in the cloud. Under the covers Office 365 will actually create a new instance of the user in Azure AD. Azure AD has always been the user directory behind Office 365. Just like your on-premises Active Directory stores user accounts for Exchange, SharePoint, Lync and your custom LOB Apps, Azure AD stores the information for Exchange Online, SharePoint Online, Lync Online and any custom applications you build in the cloud. All administration of Azure AD for Office 365 customers can be done through the standard Office 365 admin portal. Although Azure AD has been used for some time by Office 365, it was also made available for other web based applications in July 2012.

Directory Synchronization

Directory Synchronization is used when you have an existing on-premises Windows Active Directory infrastructure and you want those same users to have access to Office 365. After installing the DirSync tool on a member server in your domain it will periodically synchronize user profiles to Office 365 where synchronization is based on the user objects Source Anchor attribute. Directory synchronization avoids any need to manually create users into the cloud directory. Furthermore, it avoids the need to create yet another username and password. With the advent of password hash synchronization, it eliminates the need for users to manage passwords in two places. Note that if password hash synchronization is not enabled each user would be required to create a new password in the cloud. Office 365 admin center showing the users and groups page where you can configure Directory Synchronization.

 

Deploying DirSync is pretty straight forward. From the Office 365 admin center, select “Active Directory synchronization” to go through the six step process. The process is detailed in in the Office 365 admin center and includes the following steps:

1. Prepare for directory synchronization
2. Verify domains
3. Activate Active Directory synchronization
4. Install and configure the Directory Sync tool
5. Verify directory synchronization
6. Activate synchronized users

There is a little preparatory work and then you download and install the DirSync tool on a Windows Server that has connectivity to your Active Directory domain controllers. The actual download link for DirSync is contained within the six step process in the Office 365 admin portal. DirSync installs with a simple wizard installer and then is ready to go. It will run periodically on the server that it is installed on and synchronize user accounts (and other directory data) for you to Azure AD. It will synchronize user objects every three hours and password changes will be synchronized every two minutes. An Office 365 tenant can have a mix of cloud identities described above and synchronized identities from Active Directory on-premises.

With a few exceptions, all of the data is synchronized one way only from on-premises to the cloud. This means that a user identity is either managed in the cloud or it is managed on-premises but not both. Users who are managed on-premises can only be edited on-premises and this includes the ability of the user to change their password. A synchronized user would either need to go to their office, or connect over a VPN to their corporate network in order to change their password.

You can select which users are synchronized to Office 365 but you cannot select specific user attributes from the user profile as all are required.

The new password hash sync feature takes the one way hash result of your user passwords, applies additional security processing and synchronizes the result to Azure AD. The actual plaintext password is never sent to Azure AD. Prior to this release, the DirSync tool would not synchronize password hashes and users would need to enter a separate password for Office 365 to their on premises use. This new password hash sync feature is not the same as Microsoft Password Change Notification Service – Password Hash Sync is newer and more secure.

This screenshot shows the new screen added to the DirSync installation wizard to enable password hash synchronization.

 

There is only one configuration option to add password hash sync to the DirSync tool. This is done during the configuration wizard and is a checkbox where you choose to sync password hashes in addition to the users profile attributes. If enabled, password hash sync applies to all synchronized users.

Directory Federation

Directory federation means that Azure AD (and therefore Office 365) is federated with another directory – it trusts that other directory to handle user authentication requests. Simply put, this means that all login attempts are managed by the federated directory, and Office 365 does not see the password. The login form where you enter your password is actually part of the federated identity provider. Office 365 is known as the Relying Party (RP) in this case because it relies on the federated directory for authentication checks. Once the user authentication is successful, proof is provided by the federated directory in the form of a digital signature is provided to Office 365 that the user is authenticated. Federation on Office 365 is commonly done with on-premises Windows Active Directory using Active Directory Federation Services (ADFS). ADFS is implemented with additional servers that are deployed both inside the corporate directory and in the organization’s Internet-facing network or demilitarized zone. Directory synchronization is a required pre-requisite for directory federation since federation relies on Azure AD knowing that the user exists in the on-premises directory in the first place. Federation is used exclusively for authentication and authorization flows. Address book functionality, such as lookups when a user is looking for a recipient to send an email to, do not use federation.

Federation is also configured by walking through a step-by-step guide in the Office 365 admin portal.

Avoiding Federation Now That Password Hash Sync Is Available

A key driver for federation deployments with ADFS used to be that it enables users to use a single password across on-premises and cloud sessions. However, federation deployments take some effort due to the additional servers and network implementation. The on-premises servers also have to be Internet accessible through any corporate firewalls in a secure way, and they also have to be highly available since logins are not possible if they or their Internet connectivity are offline. Because password hash sync is a feature of directory synchronization, it is initiated from the on-premises server and doesn’t incur many of the infrastructure requirements and costs of federation. It only requires a single server and whilst that server requires outgoing access to the Internet in order to connect to Azure AD there is no requirement for inbound connections, custom firewall openings or highly available configurations.

There are still some reasons why some customers will still prefer ADFS and directory federation over DirSync and password hash synchronization. These include:

  • ADFS can be configured such that users who are already logged on to a domain joined and connected machine do not require any password re-entry to sign in at Office 365. This gives you true single sign-on since re-entry of the password is not required. With DirSync and password hash synchronization a user must still re-enter their password, although it will be the same password as they use on-premises.
  • ADFS allows for client access filtering, which restricts access to Exchange Online to users based on their IP address.
  • ADFS will honor Active Directory configured login time restrictions for users.
  • ADFS can include web pages for users to change their passwords while they are outside the corporate network.
  • With ADFS the authentication decision is always made on-premises and no password hashes are synchronized to the cloud. This may be obvious but can be sometimes a security policy requirement.
  • With ADFS an administrator can immediate block a user to remove access where-as DirSync synchronizes these changes every three hours. Only password changes are synchronized by DirSync every two minutes.
  • ADFS permits use of on-premises deployed multi-factor authentication products. Note that Azure AD supports multi-factor authentication but many third party multi-factor authentication products require on-premises integration.
  • Where Microsoft Forefront Identity Manger (FIM) is required for some other FIM capability. FIM directory synchronization does not include password hash synchronization so ADFS will still be required for SSO login.
  • Some on-premises to cloud hybrid scenarios require ADFS such as hybrid search.

If you need any of these then Active Directory Federation Services is still the best option.

 

Other Directory Integration Options with Office 365

Microsoft Forefront Identity Manager

Forefront Identity Manager is a more comprehensive identity management solution from Microsoft. It can also be used to synchronize user profiles from Active Directory to Azure AD for use by Office 365 when the customer has more than one Active Directory forest, or has a non-Active Directory service on-premises. This uses the FIM Connector for Office 365 which currently does not include support for password hash synchronization.

For identity federation purposes ADFS can still be used in a configuration with Forefront Identity Manager and this enables users to have a single password across the corporate network and Office 365. This provides for single sign on.

Both DirSync and Forefront Identity Manager require Microsoft Active Directory.

Third-party WS-* Based Identity Providers

WS-* includes WS-Federation for passive authentication from Office 365 web properties and also WS-Trust for active authentication from Office rich client applications accessing Office 365. Active authentication is required by rich client applications to access Office 365 and for Office 365 ProPlus licensing. Office 365 ProPlus is included with some Office 365 SKUs and it includes Office rich client applications such as Word, Excel, PowerPoint, Outlook and Lync. The connectivity required for licensing these products is active authentication and relies on WS-Trust.

Microsoft has a program called Works with Office 365 – Identity which qualifies third party WS-* based identity providers for use with Office 365. You may have an existing identity provider that is part of the Works with Office 365 – Identity program. Some of these providers support both WS-Federation and WS-Trust and some only support WS-Federation for only passive web based authentication.

Office 2010 and SharePoint 2010 Service Pack 2 available

Today, we released Service Pack 2 (SP2) for the Office 2010 and SharePoint 2010 set of products.  SP2 provides key updates and fixes across our servers, services and applications including security, stability, and performance enhancements and provides better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013.

OneNote for Android updated, fixes loading issues for most devices

Today we released an update to OneNote for Android which addresses an issue that some customers experienced where the app would not load correctly. This only happened on devices which had a NVIDIA Tegra 2 processor which is used in select Android devices. When we first heard from you about this problem we blocked those devices and now with this update the app should be available on most devices.

We appreciate all of your feedback.  We are reading the comments in Google Play as well as the in-app feedback button. Shipping frequent updates based on your feedback is important for us to continue to improve our experience, so please keep it coming and if you have any issues please let us know!

Have all your SkyDrive files with you – without using all your storage or bandwidth

This is an exciting time to be in the cloud-storage business. Industry trends suggest that even though devices have larger storage capacities (growing 25% per year), people’s data and files are growing significantly faster (around 50% per year).

 

This is especially true for mobile devices. Windows is used by a billion people across the world and with SkyDrive, our goal is to design cloud storage at the same scale so people can have their files with them on any of their devices.

With Windows 8.1, we’ve taken a big step towards that goal. SkyDrive is deeply integrated into Windows. Opening and saving files to SkyDrive is now as easy as saving to your hard drive, but with SkyDrive, your files are also available to you on your phone, tablet, desktop PC, and via SkyDrive.com. In addition to the basics, we’ve come up with some creative and unique ways to address the needs of the increasing number of people who have tons of files but relatively small device hard drives.

 

All your files with you

Because people’s data storage needs will continue to grow faster than storage capacity on their mobile devices, we asked ourselves how we could provide you with access to all your SkyDrive files without actually downloading them, using precious local disk space and Internet bandwidth. Our answer is what we often refer to as “placeholder files.” Placeholder files look and feel like normal folders and files. You can tap or click a folder and see all the folders and files inside it. You can tap or click a file and it will open, you can edit it and close it. You can move, delete, copy, or rename placeholder files just like you would any folder or file. But we only download the full file when you access it. What we have in its place is a placeholder file containing a thumbnail image along with some basic properties and file content. This means that the placeholder file is significantly smaller in size that the file in SkyDrive, but when you need to use it, we’ll download the full file for you.

 

For example, in the image below, I have a Pictures folder in SkyDrive that’s 5.6GB in size but it’s only taking up 185MB on the local disk.

 

SkyDrive1_thumb_2B36D627

 

For photos, flipping through lots of pictures in one go is a common scenario. We wanted to give you fast scrolling of photos without taking up a lot of local disk space. So we’re doing something even more special there. When you flip through photos, we download large thumbnail images instead of the actual files. And we pre-fetch thumbnails to enable fast scrolling. It’s only when you want to edit a photo that we download the full file to the local disk.

 

Combined, placeholder files and smart thumbnails allow you to see and interact with your entire SkyDrive without taking up much local disk space and only using your Internet connection when needed. Early data in the weeks since Windows 8.1 Preview was released suggests that this architecture is delivering on the goals we set out with and SkyDrive files are taking up less than 5% of the local disk space that they would have taken in the old system.

 

So to put a fine point on that, using placeholder files, someone who has 100GB of files in SkyDrive that have been built up across many devices and years, can now have all of those files available on their new Windows 8.1 device and will be using less than 5GB of storage for all those files on their local hard drive.

 

Providing access to all your files on devices of every size and shape helps ensure that you don’t have to make tough decisions about what subset of your SkyDrive files you want available, and provides complete cloud access that isn’t offered by anyone else.

 

Offline access

One of the biggest investments we’ve made for Windows 8.1 is a seamless experience across connectivity states. So, if you’re on the go and want the documents you’re working on to be there when you lose Internet connectivity, and you want all your edits to make their way back up to SkyDrive when you get connected, we do just that without any need for manual configuration and setup.

 

With the SkyDrive app, you’ll be able to mark any folders or files you want for offline access. Edits on this device or another device will be synchronized so that you’re always working with the latest file. This is an explicit, easy-to-understand way to have guaranteed offline access to the files you most care about.

 

SkyDrive2_thumb_76BB2540

 

When you’re offline, it’s easy to tell which files are available for offline access.

 

SkyDrive3_thumb_65D91201

 

In order to make things even more convenient, we always mark files for offline access if you’ve opened or edited them on this device before. We do that because most people tend to open the same files they recently opened, but the files they open often vary across different devices – so we remember those files and make this unique to the device you’re using. And of course, you can also choose to mark any individual file or folder for offline access – and of course, if you’re working on a device with a lot of local storage, you can choose to have your entire SkyDrive available for offline access.

 

SkyDrive4_thumb_0DA1A8D0

 

Opening, saving, and searching files

Any Windows Store app can use the Windows file picker to let you open, edit, and save any kind of file. In Windows 8.1, SkyDrive is built into the file picker – so every Windows Store app can save files directly to SkyDrive without any extra work. And the files will quietly get uploaded in the background so you don’t have to wait around. For example, if someone shares pictures with you in an email, you can save them to SkyDrive from the Mail app.

 

And you don’t have to worry if you happen to be offline when you save the file. We’ll just save it locally and upload it to SkyDrive when you do get connected.

 

SkyDrive5_thumb_72FCBEC9

 

SkyDrive6_thumb_5136079A

 

If you were working in a desktop app, you get the same functionality using the Windows common file dialog – opening and saving to SkyDrive is as easy as saving to your PC.

 

SkyDrive7_thumb_1CBCE765

 

And of course, SkyDrive shows up in the desktop File Explorer for all Windows 8.1 users (as long as you’ve signed in to Windows with a Microsoft account). You can drag folders and files from your PC or any other attached device to SkyDrive. If you turn off your device before everything gets uploaded, we’ll just resume uploading the next time you’re online.

 

SkyDrive8_thumb_6D901D2F

 

Many people use search to quickly access their files. So we’ve made search work just as you’d expect – SkyDrive files show up in search results just like your local files. For example, if you have a document in your SkyDrive, we extract a few lines of text from the document and provide that to the search indexer on your device so that it can return search results that are more relevant to you. It goes without saying that search works across your entire SkyDrive (including placeholder files). In the example below, “Alyssa’s birthday bash” and “Mom’s birthday cake” are both documents in SkyDrive that exist as placeholder files on the local device and are searchable whether you’re online or offline.

 

SkyDrive9_thumb_436AB20B

 

SkyDrive10_thumb_775C7513

Musto Limited experiences smooth sailing with Office 365

Retailers are using Office 365 to improve employee communications and collaboration, enabling them to move faster to share best practices, roll out promotions and launch new products. Most recently, we welcomed UK Sportswear retailer Musto Limited to improve the ability of its large mobile workforce to work with manufacturers all around the world.

Office 365 logoMusto thrives on the trust it has built with their customers – reliability is crucial, so having an email system that allows their global workforce to quickly communicate across channels was essential. To help employees improve their response time and productivity, telecom operator Vodafone helped migrate the company to Office 365, providing them with the stability and reliability they were looking to implement.

In addition to reliable email, Office 365 made it possible to easily implement additional applications with calendaring, collaboration, and web conferencing solutions. Moreover it offers world-class security, IT-level phone support, geo-redundancy, disaster recovery, and business-class privacy controls and standards.

New to Office 365 in March—co-authoring in Excel and more

Office 365 provides the broadest and deepest toolkit for collaboration between individuals, teams and entire organizations. Updates this month make the experience even better with co-authoring in Excel, the general availability of Microsoft Teams and more. We’ll also be announcing the latest roadmap for SharePoint and OneDrive at the SharePoint Virtual Summit on May 16th. Read on for the details.

Co-authoring is coming to Excel

We’re taking a significant step in completing the co-authoring story across Word, Excel and PowerPoint. Today, we’re enabling co-authoring in Excel on Windows desktops for Office Insiders Fast. This allows you to know who else is working with you in a spreadsheet, see where they’re working and view changes automatically within seconds. We’ll continue using feedback from Insiders to improve the experience before making it available more broadly. Co-authoring is already available in Excel Online, Excel on Android, Windows Mobile and iOS (for Office Insiders). We’re also working on co-authoring in Excel for the Mac—stay tuned for more!

Co-authoring is being shown in Excel. A dropdown in the top right explains that Alex is also working in the spreadsheet, and which cell he is in. A red box surrounds the cell Alex is in, with a red flag over it showing his name. Alex’s red indicator moves to another cell, and then a change which Alex made to the cell and a graph can be seen showing up a moment later.

Co-authoring in Excel on Windows desktops allows you to see where others are editing at the same time as you in a spreadsheet.

We’re also bringing AutoSave to Word, Excel and PowerPoint on Windows desktops, for files stored in SharePoint Online, OneDrive and OneDrive for Business. With AutoSave, you can stop worrying about hitting the Save button, whether you’re working alone or with others.

Availability: Co-authoring in Excel on Windows desktops is rolling out for Office 365 subscribers in Office Insider Fast. Co-authoring in Excel on iOS is currently available for Office Insiders, as well as for all customers in Excel Mobile on Windows, Excel on Android and Excel Online. AutoSave is rolling out to Word, Excel and PowerPoint on Windows desktops, for Office 365 subscribers in Office Insider Fast.

Microsoft Teams is now generally available

Earlier this month, we announced that Microsoft Teams—the chat-based workspace in Office 365—is now generally available in 181 markets and in 19 languages. Last week, we also made Teams available in Office 365 Education, free for faculty, staff and students. We’ve introduced over 100 new features and addressed top requests from over 50,000 organizations who have started using Teams since the preview began in November. The updates span all four of the core Teams promises: chat for today’s teams, a hub for teamwork, customizable for every team and security that teams trust. Notably, over 150 integrations with other apps, services and bots are either already available or coming soon. We are thrilled by the enthusiasm for Teams and look forward to seeing how customers build Teams into the way they collaborate every day. We’ll also continue updating Teams—along with our other Office 365 apps and services. Learn more about Microsoft Teams and start using Microsoft Teams today.

Availability: Microsoft Teams is now generally available for commercial and education customers on Windows desktops, Macs, Windows Mobile, iOS and Android, as well as the web.

Microsoft Bookings is rolling out worldwide

Last week, we announced the worldwide rollout of Microsoft Bookings to Office Setup 365 Business Premium subscribers. Bookings makes it easy for small businesses to schedule and manage appointments with their customers, and we’ve introduced several new capabilities based on feedback from last year’s initial release to customers in the U.S. and Canada. Now you can connect your Office 365 calendar to Bookings, add buffer time between appointments, customize your Bookings page, and stay connected on the go with iOS and Android apps. Read more about Microsoft Bookings.

A Microsoft Bookings page accessed on desktop and mobile.

Your Bookings page can be accessed on desktop or mobile.

Availability: Microsoft Bookings is rolling out to Office 365 Business Premium subscribers worldwide. It can be accessed on the web, iOS and Android.

OneNote inking and accessibility updates

We’ve made a number of improvements to OneNote this month, making inking more powerful and available in the browser, as well as helping you create more accessible notes.

  • Ink math assistant improvements—OneNote can now graph handwritten equations and even let you manipulate variables to see the visual effect of changes. It can also teach you the steps to solve systems of equations. This expanded built-in intelligence within OneNote makes it an even more powerful math coach to help you learn in context. Learn more in this blog, and give it a try today!

 The ink math assistant is being shown in OneNote. An equation is selected, the Math button is tapped and the Math pane expands. The Graph in 2D option is selected, and a graph appears. Then the variables in the equation are shown being manipulated with corresponding changes being updated in the graph.

OneNote can now graph handwritten equations, in addition to teaching you how to solve them.

Availability: Ink math assistant graphing and support for systems of equations are now available in OneNote for Windows 10, for all Office 365 subscribers.
  • Accessibility Checker now in OneNote—The Accessibility Checker, now available in OneNote for Windows 10, helps ensure your notes can be consumed without barriers by people with visual impairments. It analyzes your material and provides recommendations alongside your notes, which helps you understand how to fix errors and create more accessible notes over time. Simply select Check Accessibility under the View tab to get started. 

The Accessibility Checker is being shown in OneNote, specifically alerting the user to unclear hyperlink text in the notebook page.

The Accessibility Checker helps you find and fix issues that might make your content difficult for people with visual impairments to consume.

Availability: The Accessibility Checker is now available and easily discoverable for all customers in OneNote for Windows 10. It is also available in several Office applications on Windows desktops, Macs and Office Online.
  • Inking in OneNote Online—We’re bringing inking and the Draw tab to OneNote Online, so you can make your mark with ink or highlighter while taking, reviewing, or editing your notes in the browser.

  The new Draw tab with inking tools is being shown in OneNote Online, with ink annotations added to various parts of an image in a biology notebook page.

OneNote works the way you do, with new inking capabilities in the browser.

Availability: Inking is rolling out for all customers using OneNote Online in Microsoft Edge, Internet Explorer, Firefox, Safari and Chrome.

Visio integrates with Excel and PowerPoint in new ways

Visio, Excel and PowerPoint work better together than ever, helping you seamlessly generate flowcharts automatically from data then share them effortlessly as presentations. Create a flowchart directly from Excel in a few clicks using the new Data Visualizer templates. Then, use the new Slide Snippets pane to select specific diagrams or snippets, title them and export as slides in a new PowerPoint presentation. The Morph transition is even applied automatically to create cinematic transitions between overlapping snippets on different slides. Get started with Visio Data Visualizer templates and creating a PowerPoint presentation from Visio.

The new Data Visualizer templates and Slide Snippets pane are being shown in Visio. A Cross Functional Flowchart is shown being created from an existing Excel workbook. Then the Slide Snippets pane is shown being used to select multiple areas of the Visio flowchart to export as snippets on individual slides in PowerPoint.

Visio, Excel and PowerPoint work better together to help you seamlessly create flowcharts from Excel data and export diagram snippets to share as PowerPoint slides.

Microsoft Azure and Office 365 now available from United Kingdom datacenters

Today, we’ve taken a significant step forward to empower businesses to achieve more with the first complete cloud offering delivered from a global provider within the U.K. Built to power their digital transformation, Microsoft Azure and microsoft office setups 365 are now generally available from new datacenter regions.

Each new region adheres to our Trusted Cloud principles, including security, privacy, compliance and transparency. These new Microsoft Cloud regions will help businesses in industries such as banking, government, public sector and healthcare meet their customers’ needs, the regulatory requirements they are held to, and the need for local data residency and replication for business continuity.

A few of the customers moving to the Microsoft Cloud in the U.K. include the South London & Maudsley (SLAM) NHS Trust, the country’s largest mental health trust, and the Ministry of Defence (MoD). The MoD, which employs more than 250,000 people and will use Office 365 and Azure, citing both value for money and security as key reasons for the agreement.

Mike Stone, Chief Digital and Information Officer at the Ministry of Defence, said: “Microsoft’s secure and transparent cloud service in the UK fits perfectly with the MOD’s digital transformation agenda. This agreement, which is based on Microsoft’s world-class reliability and performance, will allow us to deliver cost-effective, modern and flexible information capabilities. It will ensure we are better-placed in our ever-changing, digital-first world.”

With the availability of our new U.K. regions, Azure now offers customers 28 regions — available today — with six more coming soon for a total of 34, more than any other major cloud provider. In addition, Microsoft Cloud services have earned the broadest set of compliance certifications and attestations of any public cloud provider. In the first half of 2017, Microsoft Dynamics CRM Online will join the currently available line up in the U.K.

Learn more about customers using the Microsoft Cloud in the United Kingdom at the UK News Centre and learn more about the benefits of our cloud services at Microsoft Azure and Office 365.

 

3 tips for how sales managers can use Office 365 to meet their goals

If you’re like Jenn Schaal, a busy sales manager for an international trade association, your day is filled with client connections, budgets to hit and leads to generate—on top of day-to-day fires to put out. Hitting the end goal—whether it’s a sales target or a client win—takes time and effort. Office 365 helps shave off time throughout the day, so sales managers can meet their goals.

Taking a note from her powerlifting hobby, Jenn wanted to carry over the sense of feeling strong and in charge into her job. She found three ways Office 365 helps her save time, work smarter and be more efficient on the go.

1. Take the hassle out of travel with OneDrive for Business

Travel is almost synonymous with sales, and while it’s invaluable for meeting clients or attending trade events, it can be challenging to stay in sync with reports and presentations being updated back in the office. Jenn knows this all too well. With most of her clients in different markets, she needs to have all the important info in one convenient spot while on the road. With OneDrive for Business, Jenn can pull up files or media kits to share and knows exactly where to find what she needs.

Plus, OneDrive for Business does more than let you view and edit your documents from anywhere. For example:

  • If your computer happens to die, get lost or is stolen on that important sales trip, you can use someone else’s device and sign in as yourself. Office 365 remembers your most recent documents, so you’ll always have access to client presentations or reports.
  • Stuck somewhere without internet access but want to get some work done? OneDrive for Business helps you get around your Wi-Fi troubles and work offline by syncing files and folders into your library.
  • For large ongoing projects, instead of sending specific files, it can be easier to share a whole folder with your client, so that they always have access to the latest reports on OneDrive for Business.

2. Stay on top of what matters with Outlook

Like many people, most of Jenn’s day is spent in Outlook emailing clients, setting up meetings, viewing the team calendar and sending and receiving the latest sales reports. She likes having the same functionality and rich features in the Outlook app, which is especially useful for travel and staying connected on the go.

Power-user tips for smarter emailing and calendaring with Outlook help you get even more done:

  • Sending a large presentation to a client and don’t want to overflow their inbox? Share as a OneDrive cloud attachment and not only free up space, but make last-minute tweaks without having to re-send the file.
  • Use Outlook Customer Manager to track customers and see all related info—email, meetings, calls, notes, files, tasks, deals and deadlines—in a convenient focused list view. Deals and even customers can be prioritized and then easily shared with other team members.

3. Stay in touch with your team or clients with Skype for Business

Whether you have a few remote team members, like Jenn, or multiple sales offices across the country, staying connected and aligned on business priorities is key. With Skype for Business, Jenn can easily turn a messaging chat into a call to quickly resolve a problem or close a deal.

There are other ways that Skype can help bridge the distance between teams or clients:

  • Want to have a call with a client not on Skype for Business? No problem! Meet with up to 250 people—all they need is a phone or internet connection to get started.
  • Don’t just talk, have a truly interactive meeting by sharing your screen and annotating PowerPoint for real-time collaboration. Then share it all with anyone who couldn’t make it via a recording. You can also use a whiteboard, polls, Q&A and built-in IM during your sales meetings for instant feedback.
  • Help build connections and relationships with remote clients through video calls. Enjoy industry-leading HD video for online meetings that feel top quality and trustworthy. Focus more on the people in your call, with added features like automatic cropping and head tracking.

Whether it’s storing, syncing and sharing files in OneDrive for Business; smarter emailing or calendaring with the Outlook app; or audio, HD video and web conferencing with Skype for Business; there are many reasons to become a champion for the latest productivity technology within your team or company. Learn how you can get more out of your day with Office Setup 365. Watch the full story of how Jenn simplified her job, and spread the word within your organization.

 

Organizing my band with OneNote: An inside look

Anyone who has seen my apartment, office, or rehearsal space generally picks up on one key theme– I’ve got a lot of computers and about as many musical instruments.  Computers and music have been the two most important things in my life for as long as I can remember.  Two years ago, I decided to combine these passions and started a band called Bright White Lightning that mixes guitars and drums with sounds from retro computers, video game systems, and synthesizers.  So, when I’m not at work shipping software here at Microsoft, I’m playing guitar, tracking a song on a Game Boy, booking a show, or soldering together a new piece of DIY hardware.

My bandmates and I use OneNote to keep everything organized and in sync and I’d like to give you readers an inside look on exactly how it works for us.

Keeping tabs on my gear

Here’s a screenshot of the sections in the band’s notebook as seen from the OneNote app on my Surface Pro:

As you can see, there are lots of sections dedicated to specific pieces of gear.  In each of these sections I keep things like printouts of product manuals, instructions I’ve typed, and occasionally, diagrams for hardware I’m building or repairing.  Here are a few examples:

A different kind of shopping list

I hear a lot of folks telling others to use OneNote for shopping lists and while I agree, I prefer to keep a page per item of gear I want to buy.  That way I can add details for each item, such as its average price on eBay, possible substitute items, or a collection of user reviews.  Here’s an example:

Brainstorms and scribbles

Writing songs, especially lyrics, is time consuming and requires a lot of revision.  Since OneNote syncs to my Windows Phone, I can make changes to work-in-progress lyrics on the bus to work or on the road to my next performance.  OneNote keeps an offline copy of all of my notes, so I can make edits without cell service or when roaming–then they’ll sync when I get back to home territory.

Here’s a screenshot of some lyrics I was tweaking while in Canada:

And while it hasn’t yet come to fruition, we’re working on a stage piece that’s been sketched in OneNote–engineering schematics, blueprints and all.  Here’s a sample:

Keeping the whole band on the same page

It’s great that OneNote syncs to my phone so I can use it on the go, but what’s really useful is my ability to share with the other band members.  Our bass player takes care of booking a lot of shows, so together we collect things like contact information, load-in times, and gear check lists in a section dedicated to gigging.

While our bass player uses OneNote on his Windows Phone, our drummer has an Android.  No problem-OneNote is available on Windows Phone and on iOS and Android devices.  Even when I’m occasionally recording tunes on a Mac, I can access the band’s notebook in a web browser from www.skydrive.com.  It looks something like this 🙂

That’s a bit on how I use OneNote…let us know how you use it in the comments below!

New Office 365 capabilities help you proactively manage security and compliance risk

Missing a key security signal could mean not catching a breach, but the number of security signals is increasing exponentially. It’s becoming impossible to manually prioritize them. That’s why Office 365 applies intelligence to help you proactively manage risk and ward off threats. Today, we’re pleased to introduce several new capabilities in Office 365 that help you manage risk and stay ahead of threats:

  • Office 365 Secure Score—A new security analytics tool that applies a score to Office 365 customers’ current Office 365 security configuration.
  • Office 365 Threat Intelligence Private Preview—Service that leverages billions of data points from the Microsoft Intelligent Security Graph to provide actionable insights to the global threat landscape and help customers stay ahead of cyber threats. Office 365 Threat Intelligence is now in private preview, with general availability planned for later this quarter.
  • Office 365 Advanced Data Governance Preview—Applies machine learning to help customers find and retain the most important data to them while eliminating redundant, obsolete and trivial data that could cause risk if compromised. Office 365 Advanced Data Governance is now in preview, with general availability planned for later this quarter.

Know your Office 365 Secure Score

Do you know how you’d be rated if someone were to evaluate your security configuration? To give you better visibility into your Office 365 security configuration and the security features available to you, we’re pleased to introduce Secure Score—a new security analytics tool. Secure Score helps you understand your current Office 365 security configuration and shows you how implementing additional controls can further enhance your security and reduce risk.*

Here’s how it works:

Secure Score Summary—Displays your Secure Score and provides access to view your Score Analyzer. Your Secure Score, the numerator, is the sum of the points associated with security configurations that you have partially or fully adopted. The total score, the denominator, is the sum of the points associated with all the security controls that are available to you through your Office 365 plan.

In this example, the Secure Score is 130 out of 273 points possible:

New Office 365 capabilities 1

Score Summary window showing your Secure Score.

Score Analyzer—Allows you to track and report on your score over time. The graph shows your Secure Score on any date in the past, what specific actions you completed and which actions were available to you. Your score results can also be exported to a CSV file for easy planning and communication with your organizations.

New Office 365 capabilities 2

Score Analyzer graph showing the Secure Score over time.

In append to providing perception, Secure Score provides suggestions regarding the realizable behavior you can take to include your security viewpoint. These suggestions are prioritized based once quotation to the order of the effectiveness of the fighting and level of impact to fade away users. Actions that are intensely in force as soon as low level of adherent impact are placed at the top, followed by measures that are less in force and more impactful to users. You can as well as filter happenings in the list when criteria such as those that have low fall fanatic impact or that apply to devotee accounts.

Secure Score can play an important role in a holistic security strategy, which encompasses how an organization strengthens its risk controls, mitigates potential losses and offsets some of the risk. To help businesses strengthen their security position, property and casualty insurer The Hartford will consider a customer’s Office 365 Secure Score as a part of the cyber insurance underwriting process.

We believe aligning the solutions between security and insurance can make a real difference. By encouraging the use of an innovative security analytics tool like Office 365 Secure Score and making it a part of the underwriting process, businesses have more information to make risk-based decisions around privacy and security, potentially reducing their exposure to loss.”
—Tom Kang, head of Cyber Insurance at The Hartford

This builds upon the endorsement of Office 365 made by insurance industry leader AIG last year.

Watch this Microsoft Mechanics video for an in-depth look at Secure Score:

To learn more about Secure Score, check out your score and see recommendations on how you can increase your security position in Office 365, go to securescore.office.com.

Office 365 Threat Intelligence—now in private preview

According to a recent Ponemon Institute study, the average cost of a data breach has risen to $4 million. These costs can include litigation, the effects of brand or reputation damage, potential lost sales, and in some cases, complete business closure. Organizations that are prepared for a breach by spending on appropriate staffing, security training and security products can ultimately reduce their long-term costs.

office setup 365 Threat Intelligence uses the Microsoft Intelligent Security Graph to analyze billions of data points from global datacenters, Office clients, email, user authentications and other incidents that impact the Office 365 ecosystem, as well as signals from our Windows and Azure ecosystems—to provide actionable insights to global attack trends.

It provides opinion more or less malware families inside and outdoor your handing out, including breach information surrounded by details, bearing in mind how much bitcoin the attackers typically request in ransomware attacks. Office 365 Threat Intelligence with integrates seamlessly previously added Office 365 security features gone Exchange Online Protection and Advanced Threat Protection, for that excuse youll be supple to see analysis, including the peak targeted users, malware frequency and security recommendations connected to your event.

Office 365 Threat Intelligence provides this visibility, along with rich insights and recommendations on mitigating cyber-threats, ultimately supporting a proactive defense posture, leading to long-term reduced organizational costs.

New Office 365 capabilities 3

The Office 365 Threat Intelligence Dashboard provides visibility into the global threat landscape.

To sign up for the private preview of Setup Microsoft Office 365 Threat Intelligence, please contact your Microsoft account representative.

Why data governance matters

Many organizations are exposing themselves to unnecessary risk because they don’t have a good grasp on all the data they have. Often, they retain data they no longer need, such as the personal information of former employees who have long since left the company. Should this personal data be compromised in a breach, the company could be liable for costly remediation, such as lifetime credit monitoring for these former employees.

Office 365 Advanced Data Governance helps you find and retain the data that is most important to you while eliminating redundant, obsolete and trivial data that could cause risk if compromised. Office 365 Advanced Data Governance applies machine learning to intelligently deliver proactive policy recommendations; classify data based on automatic analysis of factors like the type of data, its age and the users who have interacted with it; and take action, such as preservation or deletion.

We’re already receiving a great response from legal professionals who expect Office 365 Advanced Data Governance to enhance their data management practices.

“The machine learning designed into office setup Office 365 Advanced Data Governance’s suite has the potential to tame the ever-increasing growth and complexity of data types we deal with. Office 365 Advanced Data Governance can apply unified policies to data in place across all Office 365 applications, regardless of when the data was ingested, to intelligently retain high-value data while deposing of what isn’t needed or is obsolete. As organizations grasp its potential to reduce compliance and security risks, this will be a game changer in information governance.”
—Paul Meyer, eDiscovery and Data Management managing counsel at Willis Towers Watson

Watch this Microsoft Mechanics for an in-depth look at Office 365 Advanced Data Governance:

Visit Office 365 Advanced Data Governance to register for the limited public preview.

Availability

Office 365 Secure Score is now generally available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community clouds.

Office 365 Threat Intelligence and Advanced Data Governance are expected to be generally available by the end of March 2017, and will be included in the Office 365 Enterprise E5 plan, as well as in the Secure Productive Enterprise E5 offering.

Office Setup To get started with your Microsoft Office Installation you must need valid product key code & visit www.Officecom-Setup and we can also help you with your entire process to setup office product online. More Info Call Now:1-844-777-7886.