It's nearly here. The big day. My 5 year old is still building his Christmas list and wanting half of the things he sees on TV. It's fingers crossed that the turkey will still be there when we go to pick it up at Mark's and Spencer's on Thursday. And of course we all hope that we'll get to see our loved ones over the festive season given what's happening with Omicron here in the UK. But for now, let's put all the worries aside and focus on something we can control and do something about pretty quickly: which is implementing Safe Links for Microsoft Teams. It's something easy to do, and the security benefits are 101. It's all about protecting users from clicking on malicious URL's directing them to sites aiming to instigate a data breach, or triggering the download of a payload onto their device. Given that Teams has open federation by default its pretty much a no brainer. I tend to think of it this way: what if someone who you regularly chat with in private from another organisation sends a link which you don't recognise? How do you know that person hasn't been breached? So how do you respond to someone you don't know? What if someone who has been breached within your organisation sends you a document link within Teams with a malicious URL inside of it which to all extents looks like a legitimate business document? Now, I would love to say that everyone I know - myself included - exercises good judgement in these matters one hundred percent of the time. However, let's be honest this just isn't true. This is why zero trust is so important to everything we do moving forward. Chances are, someone will click the link. And it's not because they are stupid. It's often because they are busy, or under pressure, or the attackers are very good at making the URL look legit. How many of us ask somebody to ratify a URL before clicking on it? It could be a combination of those things and it could happen to any of us. Safe Links is included in Defender for Office 365 Plan 1. It's in E5 but also a standalone SKU which could be added, for example to Microsoft 365 Business Premium. It's important to note that everyone who you intend to protect with this needs to be licensed. If the licence isn't on, it won't work even if you add the user to the policy.
Christmas has seemed to come around mega fast this year. It's three weeks today. Hopefully, you've already done your shopping by now and have a week or two off to enjoy the festivities. I had some time today to sit down and watch Elf with my son. This'll begin a marathon of Christmas movies which will include The Santa Clause, Miracle on 34th Street, Home Alone and my personal favorite It's a Wonderful Life. I'm also pretty sure we'll all see the time honored question-slash-poll go up on social - 'Is Die Hard a Christmas movie?' or gif's of John McClane - 'yippe ki yay mother...'. Of course, I hope it all goes well for you this year. One present which has arrived early for all us Microsoft Teams fans is End to End Encryption (E2EE). Announced at Ignite back in the spring, the public preview is finally here. However, before we suddenly break out the eggnog and get a bit rowdy on those calls we have to understand a few things right off the bat.
course updates. I am also back on the circuit courtesy of aMS Germany and Power Platform France. As always, thank you to the organisers for having me. Yet, despite all this good stuff I am also acutely aware that I haven't done any technical writing on the blog since the day before I got Covid - and as my good friend Vesku Nopanen released one today on the new Whiteboarding features in Teams, the situation demands I write. So where to start? Having effectively had two months off I can certainly say I am not in short supply of subject matter - but one that I thought I would start on since I am really interested in it is adaptive scopes for retention and label policies.
Last week I was in a bit of a funk. I just couldn't think of something to write about Teams. I mean, sure, at this point I've pretty much been writing about Teams weekly for over two years so it's probably not a surprise that the well runs dry occasionally. But there's also times where subject matter for blogs simply spring out of thin air. This was one. I was doing something like making my son's sandwich in the kitchen for lunch last Monday and there it was. You see the thing about me is I don't plan blogs. I don't have a list or an excel on my machine indexing what I am going to write about over the course of next few months. I'm much more clandestine and transactional. Basically I sit down and make something up on the spot, or if my memory is working as it should be take something I have thought about during the week and go with that. Sometimes it's easy. Sometimes I absolutely stitch myself up if the subject matter ends up being long. Overall? It kind of works out. So this week the thought was on Teams items in Secure Score. Secure Score is concerned with the measurement of an organization's security posture; a higher number indicating more improvement actions taken. In other words, the higher score you get, the more secure you should be through actions you have taken in your Microsoft 365 tenant such as enabling MFA or disabling legacy auth. Some people love it and see it as a great assessment tool which provides quantifiable measurements which can be used for continuous improvement and managed services. The more skeptical amongst us have viewed it as a way to work up the SKU's especially in the early days when you couldn't reach high scores without purchasing things like E5 or Azure AD P2 licences. Throughout 2021 (I had to look this up to confirm the dates), Teams was added as a new category in Secure Score and 6 items fell into this category. 1 in January, and 5 recently in July. All are to do with securing meetings. Let's go take a look at these six and how to implement each of them. Let's go get you 100% on Teams items in Secure Score. The completionist in me is looking forward to this one
We have previously explored the implementation of DLP and Supervision policies to the Team. We will now look at applying Sensitivity Labels - currently in Public Preview. By definition, Sensitively Labels allow Teams admins to regulate access to sensitive organizational content created during collaboration within teams. In other words, it can keep Teams private (removing the ability to be set as public) and block Guests from being added. The best thing is that labels can be set at a tenant label and easily applied when creating the Team. It gives administrators so much more control over the Team in terms that users cannot simply join the Team and Owners cannot simply add guests which are not authorised to access it's content. It's another layer of protection which should be added in any Teams roll-out. It's also an answer for blocking guest access on a Team by Team basis: this works well if the creation of Teams are regulated.