Secure mail providers like Zivver or Zorgmail actually offer point solutions that increase cost considerably and store messages outside your Office 365 environment. This makes compliance, security and discovery more complex – if at all possible.
With Office 365 Message Encryption, your organization can send and
receive encrypted email messages between people inside and outside your
organization. Office 365 Message Encryption works with Outlook.com,
Yahoo!, Gmail, and other email services. Email message encryption helps
ensure that only intended recipients can view message content.
The new My Profile (preview) portal helps you to manage your work or school account by setting up and managing your security info, managing your connected organizations and devices, and viewing how your organization uses your data.
In this video I show you around in the new portal, and also show you the My Sign-Ins functionality and the new My Applications portal.
A couple of weeks ago, the combined registration experience for Multi Factor Authentication and Self Service Password Reset was launched in public preview. This new registration experience enables users to register for MFA and SSPR in a single, step-by-step process.
A lot of organizations asked for
control over the conditions in which security sensitive MFA or SSPR information
can be registered, to ensure it’s the right user — not an attacker — registering
this security sensitive info.
Azure Information Protection helps your users make the right choices when it comes to data classification and protection. Exchange Online adds the power of Mail Flow Rules. Imagine you’d be able to combine those two tools… Indeed: you can!
Exchange Online can read classification labels created by Azure Information Protection. In Mail Flow Rules, you can define which actions should follow when a certain classification is detected.
See for yourself how to set this up in a few easy steps. And of course you will also see what the user experience will be like.
In some situations you may want to give access to your data, but not give up on control. Enabling your employees while at the same time making sure no data is leaked from the cloud app to the device used.
With Limited Access in Azure AD Conditional Access, it is possible to limit access within cloud applications. For example: allow access to SharePoint Online, but prevent downloading or printing of any documents.
In this video, we explore the possibilities of this Conditional Access capability for Outlook on the Web (aka Outlook Web Access or OWA). Find out how to configure limited access in a few simple steps and see for yourself what the end user will experience.
A long awaited feature in Azure AD B2B has become available in Public Preview: it is now possible to add Google as an identity provider for B2B guest users! This means, you can invite guest users from outside your company using their GMail-account.
Enabling Google federation makes your invited Gmail user’s experience more seamless. After you have set up B2B Google federation for your organization, invited Gmail users can use their Google identity to sign in and collaborate. They no longer need to create an Azure AD account or Microsoft Account to access the apps and resources you’re sharing with them!
To get this to work, there’s a number of steps that you need to take, which are thoroughly documented on Docs. Let’s see what it looks like:
Important note: at this moment there’s support only for Google ID’s with the @gmail.com extension.
Conditional Access it the most popular feature in Azure AD premium. To manage conditional access at scale, you need detailed visibility into how it’s actually working in your organization.
The addition of conditional access information in the Azure AD Sign-ins report is now in public preview. This new information will help you troubleshoot conditional access policies and understand the usage of conditional access in your organization.
There are four key scenarios for this new capability:
Quickly troubleshoot conditional access policies
Understand usage of conditional access policies
Understand legacy authentication usage in your organization
Identify gaps in your conditional access policies
In this video I show this new capability in combination with a Conditional Access policy assigned to the Global Admins-role in Azure AD:
Your employees use mobile devices for both personal and work tasks. While making sure your employees can be productive, you also want to prevent data loss, intentional and unintentional. In addition, you want to have the ability to protect company data accessed using devices even in the case where they are not managed by you.
You can use Intune app protection policies to help protect your company’s data. Because Intune app protection policies can be used independent of any mobile-device management (MDM) solution, you can use it to protect your company’s data with or without enrolling devices in a device management solution. By implementing app-level policies, you can restrict access to company resources and keep data within the purview of your IT department.
The majority of organizations using Azure AD, sync on-prem accounts using AAD Connect. For Authentication, password hash sync has since long been the recommended approach. It is secure since only the hash of the hash of the password is synced to the cloud. And it gives you all the advantages of Azure AD like Identity Protection.
However, historically many organizations have chosen for ADFS. The arguments were often: we don’t want passwords in the cloud, we want SSO and we want to do smart stuff with conditional access and password policies.
The downside of AFDS is the complexity of the solution and the amount of infrastructure it requires. Despite being free from a license perspective, operational cost of ADFS is relatively high.
With Conditional Access and Password Protection in Azure AD, some of the arguments for ADFS have become invalid. And with the introduction of Pass-through Authentication, it is also no longer necessary to sync password hashes to the cloud. The user password can be checked against your on-prem Active Directory, while the authentication and token service runs on the cloud. And it offers Seamless SSO.
Moving from ADFS to PTA is usually a big cost saver, so let’s see in today’s video how PTA is setup and used: