Wednesday 30 May 2018

Convert an RMS template to an AIP label

So you can convert an Azure Rights Management template into a an Azure Information Protection label in less than 30 seconds, but delving a little deeper does it keep the settings? Let's take a look.

Select 'Protection'

Let's look at the settings of the label

The original test RMS template allowed me to share contact with an external user - something that had to be managed using a custom template in Azure Rights Management unless you used the Azure RMS Sharing App. Anyhow - looking at the configuration of the label you can see it's succesfully converted my RMS template and carried over the settings I originally configured. I would of course advise you to check every single RMS template you convert to an AIP label and of course it needs user education on the productivity change.

Have fun!


Thursday 10 May 2018

An Introduction to Microsoft Teams

Just a heads up to join me on 11/05/2018 as I am hosting a webinar on Microsoft Teams: The New Way of Working.

See you there!


Friday 4 May 2018

Secure your Twitter account with Multi Factor Authentication and the Microsoft Authenticator App

Yesterday, Twitter notified it's followers and the press that a bug had potentially allowed some 330 million user accounts to have their passwords stored without encryption. They have advised users to change their passwords even though they believe no compromises of this data has occured. You can read the whole story via Twitter here and the BBC News story here

I have indeed changed my Twitter password this morning - and I also went one step further, by securing my Twitter account with Multi Factor Authentication.

Now there's primarily two ways you could do this.

You could have the app integrated with Office 365 by assigning it to users through the Azure Marketplace, but assigning multi factor authentication to gallery applications this way requires Azure AD Premum P1 or better licensing whether it is deployed by Administrators or available for users via self service. Plus it would also utilise your Azure AD identity for authentication and verification to Twitter.

The other way is to natively integrate it directly through Twitter. Microsoft has made great gains in ensuring the Authenticator app in the relevant app stores can provide both corporate, personal and third party app support through a single application pane.

So, now that you've woken up and changed your Twitter password this morning, here's how you protect your account with Multi Factor Authentication and the Microsoft Authenticator app.

Login to Twitter and go to 'Settings and privacy'

Select 'Set up login verification'

You will go through a process to get a verification code to your registered mobile device

Once you have entered the verification code and completed this process you'll be able to review your login verification methods for Twitter

From here you'll be able to select a 'Mobile security app' to protect your Twitter account

Select it and start the process

Twitter will provide a QR code which you can use with the Microsoft Authenticator app to add your Twitter account

Open the Microsoft Authenticator account on your mobile device and select 'Add account'

Select 'Other account (Google, Facebook, etc.)

Once you have scanned the QR code in, Twitter will be added to your Microsoft Authenticator app

Back at Twitter, you can now add the code for Twitter from the Microsoft Authenticator app to complete the process

And that's it. You're all set up!

You can now use the Microsoft Authenticator app for your Azure Active Directory MFA requests, and your personal accounts and personal apps like Twitter.

Have fun!


Thursday 3 May 2018

Help! Where's my Office 365 Message Encryption Encrypt Button in Outlook

Office 365 Message Encryption v2 based on AIP offers improved capability over the v1 release. Including automatic protection for documents and also encryption functionality.

However there are some user experience differences based on what client you are using if you are specfically looking to deploy the encrypt functionality OMEv2 provides.

If we take a look in Outlook Web App / Outlook on the Web for an Office 365 with AIP and OMEv2 capabilitites we will see the Encrypt is available in the Protect function

But the confusion lies in where that functionality is for Outlook. First of all you won't have any AIP functionality inside Office or integrated into your Windows experience unless you deploy Azure Information Protection.

        Outlook 2016 without Azure Information Protection

         Outlook 2016 with Azure Information Protection

 You can grab the installer here. There's both the executable and an MSI if you're looking to auto-deploy with Intune or another MSI deployment tool.

However, even with AIP installed there is no encrypt functionality that is availabine in OWA/OotW

I've seen some instances where users find the security properties for the message and try to utilise encryption this way.

But of course that's for certificate signed email S/MIME

So is there an OME configuration setting to expose it to Outlook clients? Well the answer is no. There's a universal setting in Get-OMEConfiguration that exposes the message encryption capability to clients, but by default this is set to $True

So where is the Outlook client encrypt button? Well the answer is it isn't availble yet. Expect an update to the AIP installer with integrated functionality into the Office suite coming at a later date - a bit like Rights Management already has been doing for some years to come pretty quick too.

So how can we help Outlook clients utilise this feature? Well the answer at this time is to create an OMEv2 capable Transport Rule in the Office 365 Exchange Admin Centre. We can create self service capability to any destination recipient, for example setting it up to auto-encrypt by putting the word encrypt into the subject line, or we could utilise domain enforcement to encrypt messages going to certain domains and/or email addresses.

Have fun!