The Garage Series for Office 365: Stop that smoking gun! The latest in eDiscovery and data loss prevention

Episode 3 out of a 6 part special filmed in New Orleans, our intrepid host Jeremy Chapman is joined by Microsoft SharePoint and Microsoft Exchange experts Mark Kashman and Bharat Suneja to share an overview the very latest in integrated Enterprise Search, eDiscovery and Data Loss Prevention to harden your data protection. See how these technologies work across both Office 365 Cloud implementations and your on-premises Office stack to help save users and organizations proactively and reactively from themselves while helping to reduce the complexity of discovery and high costs of legal review due to compliance audits.

Jeremy: So our last show got quite a reaction by way of offering an exclusive first look deep dive on the upcoming real-time co-authoring capabilities with Office Web Apps which we demonstrated in Word, Excel and PowerPoint. This was the first time that we had showed the pre-release code capabilities. You can continue to catch that show here or by visiting the Garage Series show channel.

For our latest New Orleans show special, I’m joined by SharePoint and Exchange experts Mark Kashman and Bharat Suneja to take a look at another important topic, the very latest in data protection with eDiscovery and Data Loss Prevention across Cloud and Hybrid environments.

Mark: That’s right, data lives everywhere and the foundation to any data hardening and compliance strategy is to be able to locate key sources of data wherever they may be and you’ll see that not only are we making it so you can quickly discover content through key word searches across the Office stack with integrated enterprise search (formally FAST), but we’ve also greatly enhanced your ability to preserve content versions with eDiscovery and the new eDiscovery Center in SharePoint which allows you to perform in-place holds on SharePoint content, email in Exchange, saved Lync conversations etc.. This means users cannot manipulate or change data from an earlier point in time, and while we can put a document version on hold, we can do this without impacting the ability for the user to continue to be productive.

SharePoint eDiscovery Center showing unified search, filters, statistics, on-hover previews, and tabs for the various sources and content type – from an example “Northwind Traders” case.

Jeremy: This is pretty game changing – I know that for a typical audit it could previously take months to discover the data sources and then you were at risk of the data source being obscured or changed.

Mark: Yes we can now get a real-time response but the other thing that is significant is when you go to export documents and assets we aim to help reduce the footprint. If you consider that the cost of legal review is sometimes $10,000 per GB, these advances mean you can now minimize the volume of what gets reviewed without having to first export everything, saving a ton of time and money in lawyer’s fees wherever there is a suspected issue.

Once you discover data in an audit and use an in-place hold, the original file is preserved in that state in the preservation hold library. Even a SharePoint Site Administrator cannot modify the file and edits made in the Preservation Hold Library will result in another instance of the file. That is why you see two links to what appears to be the same file in the demo on the show. Then once you narrow in on the required content, you export it in a standards based EDRM XML format once from across the entire Office stack – not multiple time from various silos.

Jeremy: So we had a bit of fun showing how this all works with SharePoint online and the eDiscovery center on the show. It was great to see what you can do reactively from a data compliance/protection perspective, so then we looked at what you can also put in place more proactively from a data protection perspective with the new Data Loss Prevention capability in Exchange.

As we were in New Orleans we did this New Orleans style and tested whether or not Exchange Online could stop a smoking gun email leaving the organization as our test study Mr. #dealwithit tried to send out his boss’s credit card details.

Before you get too trigger-happy in the comments section with other ways to communicate the credit card number, we all know he could have used a plethora of other means to succeed in his task – but this is an example of how Data Loss Prevention rules can be set up to work to prevent the worse from happening within the corporate domain. It not only helped train our user, but it also blocked the offensive message at the backend using the new transport rules enabled via Data Loss Prevention.

Bharat: Yes that guy definitely needed to be saved from himself, and in this particular case, he was behaving a little drunk and malicious and not using his best judgment.  Most users on the other hand, don’t try and send stuff out maliciously. That’s why we have Outlook Policy tips to focus users on going the right thing. But we can also set up custom policies which we demonstrate on the show.

This is pretty powerful as you saw it means that even where Outlook tips are overlooked by the user we can forcibly stop data leaving the organization by email via the Exchange back-end, by setting up custom rules, which are like transport rules but a lot more sophisticated and allows for deep content inspection. Exchange now in fact ships with thousands of templates to assist with this.

When you create DLP policies, you can include rules that include checks for sensitive information. The conditions that you establish within a policy, such as how many times something has to be found before an action is taken. Sensitive information rules are integrated with the transport rules framework by introduction of a condition that you can customize. Exchange also supplies policy templates that already include some of the sensitive information types. A list of what is supplied in-box is provided here.

Jeremy: So eDiscovery and Data Loss Prevention are two major advancements with the new Office, to help with data hardening and compliance. But there’s also a lot more to it such as Windows Azure Active Directory Rights Management Services for file-level security, and Exchange Active Sync for device management and security, both of which we’ll cover more on future shows. So what are next steps that our viewer/readers can take?

Mark: If you want to go deeper into eDiscovery, dive into this “What’s new in eDiscovery” article, and then I would suggest beginning to Plan for eDiscovery to understand how it can best serve the needs and compliance requirements of your organization.

Bharat: TechNet’s library for Data Loss Prevention is a great place to start – the important point though is that with templates and such we are making it a whole lot easier to implement policy and so this should be mostly a no-brainer for both seasoned and new Exchange administrators out there.

Jeremy: Great, thanks Mark and Bharat, I look forward to having you back on the show as we cover more topics on SharePoint and Exchange in future. Data Loss Prevention and eDiscovery along with Windows Azure Active Directory Rights Management Services (AD RMS) provide excellent proactive and reactive security for data. We’ll dig a bit deeper into Windows Azure AD RMS in a future show. Our next show will take a look at the new Fasttrack tools and process for speeding up time to value for Office 365 inside of your organization. If you think that it is slower or more complex to get the new Office tenant deployed inside of your organization – think again!

Office 365 now available in 38 new markets

Office 365 is expanding commercial availability in 38 new markets, 3 new languages, and 5 new currencies.  Office 365 is now available in 127 markets worldwide and it is easier for customers to pay with their method of choice.  For both the Philippines and Thailand all Office 365 plans are now available for customers to subscribe to.  The other new markets can now start a 120-day trial before paid subscriptions are made available.

The new languages include Vietnamese, Arabic, and Malay. This raises the number of Office 365 languages to 36, including English.

New markets include:  Philippines, Thailand, Vietnam, Lebanon, Jamaica, Bolivia, Brunei, Nicaragua, Honduras, Albania, Armenia, Bosnia and Herzegovina, Senegal, Côte d’Ivoire, Georgia, Ghana, Mauritius, Macao SAR, Iraq, Bermuda, Rwanda, Belize, Cameroon, Nepal, Moldova, Mongolia, Zimbabwe, Barbados, Cape Verde, Fiji, Kyrgyzstan, U.S. Virgin Islands, The Bahamas, Cayman Islands, Angola, Libya,[1]Bangladesh, Uzbekistan, Yemen.[2]

New currencies accepted for payment include:  Brazilian Real (BRL), Mexican Peso (MXN), Malaysian Ringgit (MYR), Hong Kong Dollar (HKD) and Indian Rupee (INR).

Tune and optimize performance of your Office 365 connection

We are pleased to announce new resources to help Office 365 customers receive optimal performance when connecting to Office 365. As a software as a service (SaaS) offering, Office 365 has a number of layers between the servers that Microsoft manages and the end user.

optimize performance 1

Microsoft runs Office 365 in datacenters around the world; these datacenters are connected by a network to over 1,500 Internet Service Providers (ISPs) at over 50 network peering points on the Internet. This network is one of the three largest networks in the world and provides a substantial benefit to Office 365 customers. Between the Microsoft infrastructure and end users there is the public Internet, the customer on-premises network and Internet connection, and important client application configuration steps. The two new content areas we have focused on are:

  1. Capacity and other planning for network connectivity to Office 365.
  2. Tuning and troubleshooting performance issues connecting to Office 365.

We have a new Network Planning and Performance Tuning landing page on TechNet. It includes new content on troubleshooting performance issues due to SharePoint Online page customization. It also has a new Internet bandwidth capacity planning tool for SharePoint Online.

We have published a new course on Office 365 Performance Management  at the Microsoft Virtual Academy, which contains 11 modules across planning and troubleshooting areas including:

  1. Office 365 Performance Management Course Introduction
  2. Office 365 Datacenters and Network
  3. Planning for Office 365 Internet Capacity – Exchange Online
  4. Planning for Office 365 Internet Capacity – Lync Online
  5. Planning for Office 365 Internet Capacity – SharePoint Online
  6. The Baselining Model for Internet Capacity Planning
  7. Best Practices & Real Customer Projects Planning Internet Capacity
  8. Planning for Office 365 Firewalls Whitelisting
  9. Performance Troubleshooting Process and Tools Used
  10. Performance Troubleshooting Tests
  11. Troubleshooting SharePoint Online Customizations

We have specific Office 365 engineering teams who focus on performance improvements and this is improving performance for all users. The Microsoft Global Network Services team is working to improve network peering with more ISPs and does continued work to manage and improve the global network between datacenters and ISPs.


office setup,,, office com setup

Introducing built-in mobile device management for Office 365

As more and more businesses adopt a bring your own device (BYOD) approach to phones and tablets, keeping corporate data secure on mobile devices is becoming a top challenge. As part of our commitment to making Office 365 the business productivity service suite with the most advanced security and compliance capabilities, we’re excited to announce new mobile device management (MDM) features built in to Office 365 that will help you meet this challenge.

These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, so you can:

  • Help secure and manage corporate resources—Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.
  • Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.
  • Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.
  • Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.
  • Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.

These capabilities will be included with all Office 365 commercial subscriptions, including Business, Enterprise, EDU and Government plans.

Advanced mobile device and application management with Microsoft Intune

These MDM capabilities built in to Office 365 are powered by Microsoft Intune, our comprehensive device management and app management solution for phones, tablets and PCs.  Organizations that need protection beyond what’s included in Office 365 can subscribe to Intune and get additional device and app management capabilities, including:

  • Mobile application management—Enable your workforce to securely access corporate information using Office mobile apps while protecting your company’s data by restricting actions such as copy/cut/paste/save in your managed app ecosystem. Intune also extends these capabilities to existing line-of-business apps with the Intune app wrapper and enables secure viewing of content using the Managed Browser, PDF Viewer, AV Player and Image Viewer apps.
  • Manage devices from the cloud, or integrate with existing System Center Configuration Manager on-premises—Intune can manage devices from the cloud, with no infrastructure required, or Intune can be connected to System Center 2012 Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers and mobile devices from a single management console.
  • Comprehensive mobile device management—Deploy certificates, Wi-Fi, VPN and email profiles automatically once a device is enrolled, enabling users to access corporate resources with the appropriate security configurations. You also have the ability to bulk enroll corporate devices to set policies and deploy applications on a large scale and can provide your users with a self-service Company Portal where they can enroll their own devices and install corporate apps.

The built-in MDM for Office 365 service we announced today, the advanced protection available with Microsoft Intune, or a combination of the two may be right for your organization depending on your needs.

Mobile computing is changing the world we live in. Microsoft is committed to delivering the best and most secure mobile productivity experiences on the planet. This includes creating great Office experiences across today’s mobile platforms and providing you with the tools to help keep your corporate data and apps secure.

For a deeper look into MDM for Office 365, watch this week’s Garage Series hosted by Jeremy Chapman:

— Zohaib Haider Ali


office setup,,

Office 365 news round-up

Humans have always longed to know the future, to see what lies ahead and just out of sight. In ancient days, we consulted oracles or shamans. Today, we may seek the advice of futurists, who analyze current patterns and trends to predict future events. At Microsoft, however, we agree with legendary management consultant Peter Drucker, who said, “The best way to predict the future is to create it.”

That’s exactly what we’re doing with Office 365 and our other cloud services—creating the future—and we recently offered our customers two new opportunities to lend a hand.

First, we expanded the Office for Android tablet preview that we initially introduced in November. Now anyone can go to Google Play to download the Word, Excel and PowerPoint preview apps and then provide feedback that will help us deliver a world-class Office experience on a range of different Android tablets when we launch the official apps. Second, we broadened our preview program for Sway, the intelligent app that can help you organize, format and share your content in more expressive and interactive ways. Although we initially released Sway for iPhone in New Zealand only, we have since made it available to customers in the United States, Canada, the United Kingdom, India, Australia and many other countries where English is an official language.

We’ve also continued to improve Office in a number of ways. For example, the big news of the week coincides with recent announcements for Windows 10 and how Office has been redesigned for touch on Windows tablets and phones.

You can now save your email attachments to OneDrive with one click and send email directly from your Access 2013 apps. We’re also using IP throttling in Office 365 to reduce spam. In addition, we’ve introduced several new improvements to make Office Online even more accessible to people with disabilities.

And that’s not all. Our recent acquisition of Equivio will enable us to bring the power of machine learning to Office 365, strengthening its eDiscovery capabilities for customers who face the significant legal and compliance challenges that come with managing enormous amounts of data every day. We’re also transforming education technology by integrating Moodle and Office 365 to provide a more productive experience for teachers and students.

At Microsoft, we’re always looking ahead and working toward a brighter future for the millions of businesses and individual users worldwide to rely on Office 365 and our other products.

Below is a round-up of some key news items from the last couple of weeks. Enjoy!

Korvac Holdings migrates to Office 365 for improved employee collaboration—Discover how Singapore-based Korvac migrated to Office 365 to improve employee collaboration.

Maryland and Microsoft partnership provides free Office 365 for students—Learn how Maryland became the first state school system to receive free Office 365 and IT Academy Programs from Microsoft.

Rail solutions provider gets everyone on board quickly—Discover how Wabtec Corporation saved money and increased efficiency with Office 365.

Building a digital workplace with Office 365—Learn how Office 365 is transforming the way people work and businesses operate.

Electrosteel leverages Microsoft Cloud to halve IT costs—Find out how Electrosteel Limited of India cut IT costs in half by adopting Office 365.

Stanford University moves to Office 365 and Exchange—Discover why Stanford University chose Office 365.

Share and collaborate in the Enterprise with Office 365 Delve—Find out more about Office Delve and how organizations are making it work for them.

Introducing Skype document chat in Office Online

The Office Online real-time co-authoring feature makes it easy for you to work together with others on a document from your browser. Whether you are putting the final touches on a contract with your business partner or collaborating on an essay for a school project, Office Online lets you work seamlessly with others no matter where they are.

Today we are happy to announce upcoming improvements to the Office Online co-authoring experience:

  • Document chat is available when collaborating with others in real-time in Word and PowerPoint. Simply click the Chat button to begin chatting with everyone working in the document.
  • Continue to chat with those same people after leaving the document via Skype on your desktop or phone. Know when your team is working on the document and chime in.

Introducing Skype document chat in Office Online 2



Introducing Skype document chat in Office Online 1 v2


We’ll begin rolling this out over the coming weeks at!

Garage Series: Bringing Data Loss Prevention to SharePoint and first look at new Office 365 Message Encryption Viewers for iOS and Android

On this week’s show we invite back Asaf Kashi, a lead engineer on the information protection team. We introduce the information protection updates coming to Office 365 and demonstrate the upcoming Data Loss Prevention capabilities in SharePoint and OneDrive for Business, the upcoming Office 365 compliance center, one-time passcodes for viewing encrypted email and the just-released Office 365 Message Encryption Viewers for iOS and Android. 

Last time we invited Asaf Kashi on the show was in May this year where we presented updates to information security and protection. At the time Asaf shared that Data Loss Prevention (DLP) was coming to SharePoint and OneDrive for Business and today we actually go deeper to take a first look and show DLP in action – both the user and admin experiences. This capability will allow you to define policies in one place in the forthcoming Compliance Center where you will be able to control Exchange, SharePoint and OneDrive for Business, so you only need to author compliance rules in one place and those will apply across the services. Asaf and his team are in the process of building DLP for SharePoint now, so we give you a sneak peek of what’s coming soon.

Beyond DLP though, we’ve recently added new ways to view encrypted Office 365 email. In October, we announced one-time passcodes for Office 365 Message Encryption (OME) protected emails. That means recipients of your encrypted Office 365 emails do not need to have an Office 365 or Microsoft account to securely view email from their browser. Instead they receive a time-limited passcode to securely view messages. We also recently implemented a 12-hour window for one-time passcodes; so if you receive multiple OME messages daily, you don’t need to keep entering the passcode if you’re within the 12-hour window.

Today, we have new Office 365 Message Encryption Viewer apps for iOS and Android. These apps enable secure, encrypted email communication to these platforms.  At 11:40 into the show, I demonstrate the experience of receiving an email using in my case Yahoo Mail – but it could be any email service – and viewing an encrypted message via the Office 365 Message Encryption Viewer for Android. You can find out more or download the apps today:


Experience in Office 365 Message Encryption Viewer for iPhone

Be sure to check out the show to see everything in action. This will be the last Garage Series of 2014 and next year we’ll be back with more inside information for Office 365 tech enthusiasts.

Office 365 now available from datacenters in Japan

In October, we announced the availability of Microsoft Azure from Australia.  Then we showcased new productivity experiences for the iPhone, iPad and Android tablets.  Last month I shared our plans to move forward with delivering locally hosted versions of our cloud productivity suite, Office 365, and our cloud business application, Microsoft Dynamics CRM Online, from Japan.  Today, I’m excited to announce that Office 365, from Japan, is generally available.

Offering Office 365 services from local datacenters helps customers in sectors such as financial services, healthcare and central and local government better comply with regulations that require data to be kept in Japan.  Of course it also delivers the ubiquitous collaboration, personalized insight and people-centric compliance that customers have come to expect from Office 365.

As a result, customers such as, Kameda Medical Center, Sony Life Insurance Co., Ltd. and local governments including, Toshima-ku and Satsumasendai City, have signed up to use Office 365—getting all the benefits of the world’s leading productivity suite—while storing their data in Japan to address data sovereignty concerns and providing improved reliability.  Our existing Japanese Office 365 customers will have their data moved from Asia-Pacific (APAC) to Japan so they can enjoy these benefits, more information can be found here.