Introduction: Many of the organizations are using  SharePoint Online in Office 365 as their content management system and it is essential to protect data so that the sensitive data does not slip into false hands. It is here we can use Multi-Factor Authentication and we can do this through Azure AD for that tenant by creating a Dynamics group for ‘External users’ and then create a conditional access policy and apply it to SharePoint Online. Creating a Group for External Users: Login to Azure AD Portal, and go to Azure AD > Users and Groups > All Groups and click New Group. Provide a name and description to this group and  select membership type (Dynamic User). Click Add query -> Create to make the group dynamic. It will take some time for the group to populate. After Group is created, you need to provide Conditional access to this Group. Create a Conditional Access Policy for SharePoint Online: Login to Azure AD Portal, go to Enterprise Application > Conditional Access and click on New Policy. Provide the name to the policy. Under Assignment > Users and Groups, select Include > Select Users and groups > Select, and then chose the group whom you want to provide the policy (External users). Under Assignment, go to Cloud Apps >Include > Select, and then choose the application (Office 365 SharePoint Application). Under Condition, select Condition if you want. Under Access Control, go to Grant and select Grant access and then choose Require multi-factor authentication. At last, toggle the Enable policy switch to ON and click Create. To verify if the policy is created, navigate to Conditional Access and check the policy name and if it is enabled. Wait for few minutes for the policy to take effect, after that you can check by sharing a document from SharePoint to external user. It will ask for authentication (see below image). Conclusion: In this way, you can create a conditional access policy and protect the sensitive data in your SharePoint Online. Hope this will be useful.

Introduction: You can use alert features in Office 365 to view and manage alerts for your Office 365 organization, including managing advanced alerts as part of Advanced Security Management. Advanced Security Management is available with Office 365 Enterprise E5, if your organization is using another Office 365 subscription, Advanced Security Management can be purchased as an add-on. After purchasing this add-on, you will be able to see Manages Advance Alerts under Alerts in office 365 security and compliance. In Office 365 Security & Compliance, go to Alerts > Manage advance alerts. Choose Go to Advance Security Management.In Advance Security Management portal, you can: Define policies and set up alerts and actions. Know about cloud usage across your organization through reports. Manage third party apps that people in your organization are using with Office 365. Create a new activity policy: From the Control menu of Advance Security management portal, select Policies. Click Create policy, and then select Activity policy. On the Create activity policypage, type the Policy name and Description. You can base a new policy on one of the default templates, if you like, by choosing one in the Policy template drop-down menu. Choose a policy severity and category for this policy. This can help you filter and sort alerts that have been triggered. Choose Activity filtersto set up other actions that will trigger an alert based on this policy. Check Create alert to receive notifications from this policy. Choose Actionsthat should be taken when an alert is triggered to suspend the user or require the user to sign in again to Office 365. When an activity matches a policy, alerts will be generate and notification will be sent to the mail ID enabled for getting alerts (see below screen shot) Email will be coming from this mail id. You can also receive SMS, for the same you must provide contact number. After you got the email notification, you can also view the details and take necessary actions on alert in Portal. You will able to see all the alerts under Alert By clicking on Alert which you got, you can see the details, activity log and take necessary actions on the alert. Conclusion: It is a good practice to set advance alerts which helps in monitoring the user activities by getting alert notifications.  

Introduction: Missing Registration For Location Error Can come when we are trying to publish the web application on azure from Visual studio. Solution: There are many blogs which says updating your  visual studio or Upgrading Azure SDK will resolve your problem but this solutions did not work for me. So I used alternative approach for publishing. Steps: Publish your web application using visual studio. It gives this  error. but It creates App Service Plan and App Service in Azure.  sign in to portal.azure.com Select the App Service which you have created. Click on Get Publish Profile. Now Again Go to Visual studio and Publish. This time while publishing select Import. Select the file which you have downloaded from azure. Click Ok. Click On Publish. 10. Your Application will get Publish. I hope this solve your issue also.

Introduction: When content reaches the end of its retention period, there are many reasons that you might want to review that content. You might need to assign a different retention period, suspend the deletion, etc. A disposition review includes only content in SharePoint sites, OneDrive accounts, and sites for Office 365 groups. A disposition review can’t include content in Exchange Online, Skype, public folders, or mailboxes for Office 365 groups. Sign in with Office 365 credentials, go to Admin Center > Security & Compliance > Data Governance > Disposition. Permission for Disposition: Reviewers must be the member of Disposition Management role and the View-only Audit Logs role. Setting up the Disposition review by creating a Label: Disposition review option is only available when you create a Label with retention settings. This option is not available in a retention policy. For creating a Label, navigate to Office 365 Security & Compliance, go to Classification > Labels. With Labels, you can classify data across your organization for governance, and enforce retention rules based on that classification. Switch toggle button to ON for applying Retention. Tick Trigger a Disposition review for setting up Disposition. When a content (to which this label is applied) reached retention period, reviewer is notified by email that content is ready to review. Reviewer can then go to Disposition page and select one or more item. The reviewer can: Apply a different Label. Extend the retention period. Permanently delete the item Export the Disposition item: In addition, you can export the items in .csv file that you can open in excel. Conclusion: It is important to review content when it reaches it’s retention period so if it requires you can assign different retention tag or label.

Introduction: Supervision lets you define policies that capture email and 3rd-party communications in your organization so they can be examined by internal or external reviewers. For creating Supervision policy, one must made add himself to the Supervision review role group so that they can set up policies. Go to Office 365 admin center > Security & Compliance > Permissions. Or Sign in to https://protection.office.com with your Office 365 credentials. Create Policy for Supervision: Go to Office 365 Security & Compliance > Data governance > Supervision. Click Create and then follow the wizard to set up the following pages of the policy. Enter a name and description for your policy. Choose users to supervise, here you can provide list of users or you can make Group in Office 365 and provide the Group name. If you provide Group, then you can exclude any user from Supervision by providing that user name under Exclude these users. Choose communications to review. If you want to scope the review further, click Add a condition. You can specify multiple conditions. Specify percentage to review. If you want to reduce the amount of content to review, specify a percentage. If you want reviewers to review all items, enter 100%. The users and groups you choose will use the Supervision app in Outlook web app to examine the communications that are returned by this policy. You can include email addresses for internal and external reviewers. After you have completed all sections of Supervision policy, review your settings and click Finish. Reviewers will use the Supervision add-in for Outlook web app to review communications. The add-in is installed automatically in Outlook web app for all reviewers you specified in the policy. Conclusion: It is good practice to create Supervision policy to capture email communication in your organization.

Introduction: Auditing in Exchange Admin Center means troubleshooting the configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements. Exchange provides two types of audit logging: Administrator audit logging. Mailbox audit logging. Note: You must enable mailbox audit logging for each mailbox so that audited events are saved to the audit log for that mailbox. Enabling Mailbox Audit Logging You need to use Remote PowerShell connected to your exchange, you can’t use EAC. Connect to Exchange Online using PowerShell. Open Windows PowerShell and run command. $UserCredential = Get-Credential In Windows PowerShell credential request, enter your Office 365 global admin account username and password. Run the following command. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Run the following command. Import-PSSession $Session To verify that you’re connected to your Exchange Online organization, run the following command to get a list of all the mailboxes in your organization. Get-Mailbox This command enables mailbox audit logging for all user mailboxes in your organization. Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditEnabled $true You can see in above image AuditEnable is showing True, means mailbox audit logging has been enables for the mailboxes. Run a non-owner mailbox access report. In the EAC, go to Compliance Management> Auditing. Click Run a non-owner mailbox access report. Click Run a non-owner mailbox access report, you can specify dates and select mailbox for whom you want to view edit log. Run the admin audit log report – Administrator auditing logging is enabled by default. In the EAC, go to Compliance Management > Auditing and choose Run the admin audit log report. Choose Start date and End date. And then choose Search. All configuration changes made during the specified time are displayed. Similarly, you can run audit report for In-Place eDiscovery & hold, Litigation hold report, administrator role group report & external admin audit log report. Also, you can export the log report for Mailbox and the admin. Exporting the admin audit log report In the EAC, go to Compliance Management > Auditing > Export the admin audit log. Mention Start date and End date and select the User  whom you want to send the audit log. Click OK and Export. Audit log entries are saved to an XML file that is attached to a message and sent to the specified recipients within 24 hours. Conclusion: You can enable mailbox audit logging, generating reports and audit logs in Exchange Online using Exchange Admin Center.  

Introduction: Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. Steps: The process to setup and enable Office 365 Message Encryption is easy. There are three main steps that need to be followed: Activate Azure Rights Management. Setup Azure Rights Management for Exchange Online. Setup transport rules to enforce message encryption in Exchange Online. Step 1: Activate Azure Rights Management for O365 Message Encryption. Sign in to Office 365. In O365 Admin Center, go to Settings > Services & Add-ins and select Microsoft Azure Information Protection. Click on Manage Microsoft Azure Information Protection settings and you will be redirected rights management Activate the Rights Management. Step 2: Set up Azure Rights Management for O365 Message Encryption. In this step we will use PowerShell to connect to Exchange Online, Open PowerShell as Administrator and enter the following commands to connect and import the session Set-ExecutionPolicy RemoteSigned $cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection Import-PSSession $Session Verify your IRM is not already configured Get-IRMConfiguration Configure RMS with the online key-sharing locationfor Exchange Online with PowerShell (locations below). Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sprms.ap.aadrm.com/TenantManagement/ServicePartner.svc  Location RMS key sharing location North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc Import the Trusted Publishing Domain(TPD) from RMS Online Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online” Verify successful setup of IRM in Exchange Online. Test-IRMConfiguration –sender admin@domain.com Disable IRM templates in OWA and Outlook.  Set-IRMConfiguration -ClientAccessServerEnabled $false Enable IRM for Office 365 Message Encryption. Set-IRMConfiguration -InternalLicensingEnabled $true Viewthe IRM Configuration. Get-IRMConfiguration Step 3: Create transport rule to encrypt message. In Office 365 Admin Center, go to Exchange Online Admin Center. Go to Mail Flow > Rules. Click the + and create your transport rule. This rule will encrypt anything that is sent external. Make sure the rules are active. Testing that the transport rule applies Office 365 Message Encryption. Conclusion: Its easy to encrypt your mail and secure it in Office 365.

Introduction: Across your organization, you probably have different types of content that require different actions taken on them to comply with industry regulations and internal policies. Labels in Office 365 can help you take the right actions on the right content. With labels, you can classify data across your organization for governance, and enforce retention rules based on that classification. With labels, you can: Enable people in your organization to apply a label manuallyto content in Outlook, OneDrive, SharePoint, and Office 365 groups. Users often know what type of content they’re working with, so they can classify it and have the proper policy applied. Apply labels to content automatically if it matches specific conditions, such as when the content contains: Specific types of sensitive information. This is available for content in SharePoint and OneDrive. Specific keywords that match a query you create. This is available for content in Exchange, SharePoint, OneDrive, and Office 365 groups. The ability to apply labels to content automatically is important because: You don’t need to train your users on all your classifications. You don’t need to rely on users to classify all content correctly. Users no longer need to know about data governance policies – they can instead focus on their work. Note that auto-apply labels require an Office 365 Enterprise E5 subscription. You create and manage labels on the Labels page in the Office 365 Security & Compliance Center. Create a Label. Sign in to Office 365. In Office 365 Admin Center, go to Admin Centers > Security & Compliance. In Security & Compliance, go to Classifications > Labels. Click on Create a label. Provide a name for Label and description. In Label settings, there is Retention option apart from Retention policy. You can turn this on if you want to apply retention settings to that label and if not, you can simply click on Next. If you turn this On, a various parameter will be shown (as shown in below image). Retain the content – Select the retention period that for how the data will be preserved. What do you want to do after this time – Here we need to select the action which will be taken after the retention age has reached. Label classification – If this is selected, users won’t be able to edit or delete the content or change or remove the label. After providing Label settings, click Next. Review your settings and click on Create this label. Publish labels in Office 365. The primary purpose of the label policy is to group a set of labels and specify the locations where you want those labels to appear. Sign in to Office 365. In O365 Admin Center, go to Admin Centers > Security & Compliance > Classification > Label Policies. Click Publish labels and choose the labels you want to publish for this label policy. A single label can be published in many policies. After adding label, you need to choose the location where you want to publish these labels. Name your policy. Review your settings. Click on Publish labels, it will take up to 1 day to publish these labels in the location you chose, so after clicking on Publish labels you will see the below screen. As it takes normally 1 day to publish the status will be in Pending till then. Applying Labels to the documents in SharePoint and OneDrive. From Office 365 Home tab, click the SharePoint tile. On the new SharePoint tab in your browser, click a site that needs an O365 label assigned. You can assign label to the whole document library at once or you can select the document for which you want to assign label. Applying label to individual document, select the document and apply label. Applying label to a document library, select that Document library > Library settings > Apply label to items in this list or library. Click on Apply label to items in this list or library and select the label you want to apply. Similarly, you can also apply labels to OneDrive document. Conclusion: This is how we can create Label and Label policy, then publish it so that users can classify data across organization for governance and enforce retention rule based on the classification.

Introduction: Messaging records management (MRM) helps organizations to manage email lifecycle and reduce legal risks associated with e-mail and other communications. MRM in exchange online is accomplished by using retention tags and policies. Retention Tags: Retention tags are used to apply retention settings to folders and individual items such as e-mail messages and voice mail. This specify how long a message remains in a mailbox and the action to be taken when the message reaches the specified retention age. When a message reaches its retention age, it’s moved to the user’s In-Place Archive or deleted. Types of Retention tags: Retention tags are classified into the following three types based on who can apply them and where in a mailbox they can be applied. Default policy tags – Applied automatically to entire mailbox. Retention policy tag – Applies automatically to a default folder. Personal tag – Manually to items and folders. Personal tags are available to Outlook web app users as a part of their retention policy. Creating retention tags: In EAC, go to Compliance center > Retention tags, and then click +. Retention tags are classified into three types, select one of the option. The New retention tag page title and options will vary depending on the type of tag you selected. Enter a name for tag, chose retention actions and period, click Save. Retention Actions: Delete and allow recovery – Allow the user to recover deleted items until the deleted items retention period for the mailbox has not reached. Move to archive – Move the message to user’s archive folder, this is applicable only for tags that are automatically applied to the entire mailbox (default) and applied by users to items & folders (Personal). Permanently delete – Purges the item from the mailbox database. Retention Policies: To apply one or more retention tags to a mailbox, you must add them to a retention policy and then apply the policy to mailboxes. A mailbox can’t have more than one retention policy. Retention tags can be linked to or unlinked from a retention policy at any time, and the changes automatically take effect for all mailboxes that have the policy applied. Creating a Retention Policy: In EAC, go to Compliance center > Retention policies, and then click +. In New Retention Policy, provide a name for the policy and click + to add retention tags. After click +, list of all the retention tags will shown and you can select from that. After linking retention tags to policy, click Save. A retention policy can contain the following tags: One DPT with the Move to Archive action One DPT with the Delete and Allow Recovery or Permanently Delete actions One DPT for voice mail messages with the Delete and Allow Recovery or Permanently Delete actions One RPT per default folder such as Inbox to delete items Any number of personal tags Default Retention Policy: Exchange Setup creates the retention policy Default MRM Policy. The Default MRM Policy is applied automatically to new mailboxes in Exchange Online. You can modify tags included in the Default MRM Policy. Place a mailbox on Retention Hold: Placing a mailbox on retention hold suspends the processing of a retention policy. Retention hold is designed for situations such as a user being on vacation or away temporarily. To set a mailbox on Retention Hold, you need to use Powershell. For placing a mailbox on Retention Hold: Command – Set-Mailbox “Uday Mane” -RetentionHoldEnabled $true To check whether the Retention Hold in enabled on a Mailbox: Command – Get-Mailbox “Uday Mane” | Select RetentionHoldEnabled To remove retention, hold from a mailbox: Command – Set-Mailbox “Uday Mane” -RetentionHoldEnabled $false Conclusion: So, this is how we can use MRM to manage email lifecycle and reduce legal risks associated with email and other communications.  

Introduction: Sharing policies enable users to share calendar information with different types of external users. Sharing polices are assigned to mailboxes and allow users to share their free/busy information with recipients in external Office 365 organizations. Creating a sharing policy in Exchange Online. Allow users to share calendar information and contacts with external organizations. Navigate to EAC Organization > Sharing. Under Individual Sharing, click+. In new sharing policy, type a name for the sharing policy in the Policy name. Click + to define the sharing rules for the policy. In sharing rule, select one of the following options to specify the domains you want to share with (as shown below): Sharing with all domains Sharing with a specific domain If you select Sharing with a specific domain, type the name of the domain. To specify the information which can be shared, select Share your calendar folder check box, and then select one of the following: Calendar free/busy information with time only Calendar free/busy information with time, subject, and location All calendar appointment information, including time, subject, location and title Click save to set the rules. If you want to set this sharing policy as the default sharing policy in your organization, select the Make this policy my default sharing policy check box. Click save to create the sharing policy. After creating the policy, User can share their calendar from Outlook. The person to whom you have allowed to share calendar will receive an email (as shown below). By clicking on Add this calendar, the calendar of yours will be shared with that person. Create an organizational relationship. Set up an organization relationship to share calendar information with an external business partner Navigate to Organization > Sharing in Exchange Admin Center. Under Organization sharing, click +. In new organization relationship, in the Relationship name  box, type a name for the organization relationship. In the Domains to share withbox, type the domain for the external Office 365 organization. In Enable calendar free/busy information sharingcheck box to turn on calendar sharing with the domains you listed. To set the free/busy access level, select one of the following: Calendar free/busy information with time only. Calendar free/busy with time, subject, and location. To set which users will share calendar free/busy information, select one of the following: Everyone in your organization. A specified security group – You can browse and select the group for whom you want to enable the sharing. Click save to create the organization relationship. For users to share calendar: Go to Outlook > Calendar. Click Share. Send a sharing invitation in email. Conclusion: So, in this way we can share the calendars between organizations and external users.