Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal
✇SharePoint & Products Technologies

Les directives NIS2 et DORA

Comprendre les Nouveaux Cadres Réglementaires pour les Entreprises

La Directive NIS2 et le Règlement DORA représentent des avancées majeures dans la réglementation de la cybersécurité et de la résilience opérationnelle numérique au sein de l’Union Européenne. Ici nous allons explorer ces deux cadres réglementaires, les opportunités qu’ils offrent pour les entreprises, les bénéfices potentiels, les risques associés, et proposer une feuille de route pour assurer la conformité. L’entrée en vigueur de NIS2 est prévu pour Octobre 2024 et l’application à partir de Janvier 2025, cependant il n’est pas exclu que les sanctions prévues par les textes soient appliquées avant l’été 2025. Ce qui laisse “très” peu de temps à la mise en conformité.

Directive NIS2

La Directive NIS2 (Network and Information Security 2) est une mise à jour de la Directive NIS originale de 2016. Elle vise à renforcer la cybersécurité à travers l’Union Européenne en étendant le champ d’application aux secteurs et services critiques supplémentaires et en imposant des exigences de sécurité plus strictes.

Objectifs de la Directive NIS2

  • Amélioration de la cyber-résilience : Renforcer les capacités des États membres en matière de prévention, de détection et de réaction aux incidents de cybersécurité.
  • Harmonisation des réglementations : Établir un cadre commun pour la cybersécurité afin de réduire les disparités entre les États membres.
  • Renforcement de la coopération : Améliorer la collaboration entre les différents acteurs au niveau national et européen.

Règlement DORA

Le Règlement DORA (Digital Operational Resilience Act) est conçu pour garantir que les entreprises du secteur financier puissent résister, répondre et se remettre des perturbations opérationnelles liées aux TIC (Technologies de l’Information et de la Communication).

Objectifs du Règlement DORA

Sensiblement similaire mais avec quelques nuances

  • Résilience numérique : Assurer que les entreprises financières disposent de systèmes robustes pour résister aux cyberattaques et autres interruptions numériques.
  • Gestion des risques : Mettre en place des mesures de gestion des risques informatiques, y compris la surveillance, l’identification et la réponse aux incidents.
  • Harmonisation et supervision : Fournir un cadre réglementaire uniforme pour la résilience opérationnelle numérique et établir des mécanismes de supervision au niveau européen.

Opportunités pour les Entreprises

Amélioration de la Sécurité et de la Résilience

  • Renforcement des systèmes de sécurité : En adoptant les exigences de NIS2 et DORA, les entreprises peuvent améliorer leur posture de cybersécurité et résilience numérique.
  • Réduction des risques : Une meilleure gestion des risques informatiques et une préparation aux incidents peuvent réduire les coûts liés aux cyberattaques et aux interruptions.

Avantages Compétitifs

  • Confiance accrue : Les entreprises conformes peuvent gagner la confiance des clients, des partenaires et des investisseurs en démontrant leur engagement envers la sécurité et la résilience. Et par conséquent gagner en valeurs
  • Accès aux marchés : La conformité peut devenir un prérequis pour opérer dans certains marchés ou pour collaborer avec certaines entreprises.

Risques Associés

Coûts de Mise en Conformité

  • Investissements initiaux : Les entreprises devront investir dans des technologies, des processus et des compétences pour répondre aux nouvelles exigences. La suite 365 est une des réponses possibles offrant un bundle de produit permettant de répondre économiquement à ces enjeux.
  • Coûts opérationnels : La maintenance continue des mesures de conformité peut entraîner des coûts supplémentaires. Mais cela dépend aussi des sécurités mise en place en termes d’identité, de gestion des données, des serveurs, des data, des réseaux, etc. … et de l’approche ZeroTrust (ZTA) que vous pouvez avoir.

Complexité de la Mise en Œuvre

  • Adaptation des processus : Les entreprises doivent adapter leurs processus internes pour se conformer aux nouvelles réglementations, ce qui peut être complexe et chronophage. La mise en place de nouveau processus peut prendre du temps, mais permet également aux utilisateurs d’assurer la sécurité de leur donnée, leur identité, leur appareil aussi
  • Formation et sensibilisation : Former le personnel et sensibiliser toutes les parties prenantes aux nouvelles exigences est crucial mais peut être un défi. Effectivement, nous l’avons déjà vu, l’application d’étiquettes de données à la main des utilisateurs est un réel défi, l’application de ces dernières de manière autonome peut nécessité un control des données, mais dans ce cas là, les modèles étant de plus en plus performant, et, entrainer, les controls deviennent moins fréquents. Pensez ici à toujours commencer avec quelques label plutôt que 12… plus simple à comprendre pour les utilisateurs.

Proposition de feuille de route pour la conformité

Concrètement la démarche est connue mais il peut être bon de la rappeler et l’adapter si besoin à votre contexte. Certains produit du marché permettent de vous faciliter la vie, mettant en exergue et corrigeant automatiquement les dérives potentielles des utilisateurs (je pense à des partages sauvages externes – car mal configurés, des règles de redirection de mail également non forcée, etc. …)

Évaluation Initiale

  1. Analyse des écarts : Évaluer les différences entre les pratiques actuelles et les exigences de NIS2 et DORA.
  2. Évaluation des risques : Identifier les risques actuels et potentiels en matière de cybersécurité et de résilience numérique.

Planification et Mise en Œuvre

  1. Développement d’un plan d’action : Élaborer un plan détaillé pour combler les écarts identifiés, avec des étapes claires et des échéances et même des responsables, sponsors moteurs.
  2. Mise à jour des politiques et procédures : Adapter les politiques de sécurité et de résilience pour répondre aux nouvelles exigences.

Renforcement des Capacités

  1. Investissement en technologies : Acquérir et déployer des technologies de sécurité avancées pour protéger les infrastructures critiques. On peut par exemple parler de SIEM (Microsoft ou non) et de produit tiers.
  2. Formation et sensibilisation : Mettre en place des programmes de formation pour le personnel afin de garantir une compréhension et une adhésion complètes aux nouvelles réglementations. Afin de palier pour le cas des étiquettes, au cas de figure de l’utilisateur qui ne va pas savoir si son document est interne ou externe (en grossissant le trait) ou bien si les données contenues sont sensible ou non.

Surveillance et Amélioration Continue

  1. Supervision continue : Mettre en place des mécanismes de surveillance pour assurer la conformité continue et détecter rapidement les incidents.
  2. Révision et mise à jour régulière : Réviser régulièrement les politiques et les procédures pour s’adapter aux nouvelles menaces et exigences réglementaires.

Et concrètement ?

Dans un environnement Microsoft 365, voici quelques exemples

1. Authentification Multifacteur (MFA)

  • Technologie: Utilisation de l’authentification multifacteur via Azure Active Directory (AAD) pour renforcer la sécurité des accès utilisateurs.
  • Implémentation:
    • Activez MFA pour tous les utilisateurs.
    • Configurez des options MFA telles que les notifications push, les SMS ou les applications d’authentification comme Microsoft Authenticator.

2. Etiquetage des Données

  • Technologie: Utilisation de Microsoft Information Protection pour classifier et protéger les données sensibles.
  • Implémentation:
    • Créez des étiquettes de sensibilité pour classer les documents en fonction de leur niveau de confidentialité (Public, Interne, Confidentiel).
    • Appliquez des étiquettes automatiquement en fonction du contenu ou manuellement par les utilisateurs.

3. Gestion des Identités et des Accès (IAM)

  • Technologie: Azure Active Directory pour gérer les identités et les accès.
  • Implémentation:
    • Utilisez les rôles basés sur les accès (RBAC) pour limiter les permissions aux seules nécessaires pour les utilisateurs.
    • Mettez en place des politiques d’accès conditionnel pour renforcer la sécurité.

4. Protection Contre les Menaces

  • Technologie: Microsoft Defender for Office 365 pour protéger contre les menaces telles que les malwares, le phishing et les attaques de ransomwares.
  • Implémentation:
    • Configurez les politiques anti-phishing et anti-spam.
    • Activez les fonctionnalités avancées de détection et de réponse aux menaces (ATP).

5. Sauvegarde et Récupération des Données

  • Technologie: OneDrive for Business et SharePoint Online pour la sauvegarde et la récupération des données.
  • Implémentation:
    • Configurez les stratégies de sauvegarde automatique pour les fichiers critiques.
    • Utilisez la fonctionnalité de restauration des fichiers pour récupérer les données en cas de perte ou de corruption.

6. Gestion des Appareils

  • Technologie: Microsoft Intune pour la gestion des appareils mobiles et des points de terminaison.
  • Implémentation:
    • Déployez des politiques de conformité pour assurer que tous les appareils accédant aux ressources de l’entreprise répondent aux critères de sécurité.
    • Configurez l’accès conditionnel pour restreindre l’accès aux appareils non conformes.

7. Surveillance et Audit

  • Technologie: Microsoft 365 Compliance Center pour la surveillance continue et l’audit des activités.
  • Implémentation:
    • Configurez les journaux d’audit pour suivre et enregistrer les activités des utilisateurs et les modifications des fichiers.
    • Utilisez les alertes de conformité pour être informé des activités suspectes ou des violations de politique.

8. Cryptage des Données

  • Technologie: Azure Key Vault et BitLocker pour le cryptage des données au repos et en transit.
  • Implémentation:
    • Stockez les clés de chiffrement dans Azure Key Vault.
    • Activez BitLocker pour chiffrer les disques sur les appareils Windows.

9. Gestion des Risques

  • Technologie: Microsoft Cloud App Security pour la gestion des risques et la surveillance des applications cloud.
  • Implémentation:
    • Détectez et évaluez les risques liés à l’utilisation des applications cloud.
    • Appliquez des politiques de sécurité pour contrôler les accès et protéger les données sensibles.

En conclusion

La Directive NIS2 et le Règlement DORA représentent des opportunités d’amélioration significatives pour les entreprises pour leur cybersécurité et leur résilience opérationnelle. En suivant une feuille de route structurée (et avec un bon accompagnement), vous pourrez non seulement assurer votre conformité mais aussi renforcer votre position sur le marché et réduire vos risques opérationnels. Adopter ces nouvelles réglementations est un investissement dans la sécurité et la pérennité de l’entreprise.

Stay tuned !

✇Office 365 for IT Pros

Microsoft Removes Remote PowerShell for Compliance Sessions

No Remote PowerShell Connections for Compliance Endpoint

Following the December 15, 2022 announcement to deprecate Remote PowerShell connections to Exchange Online, the news in MC541649 (April 14) that the connection to the compliance endpoint with Connect-IPPSSession cmdlet will follow suit is no surprise. The only surprise is that the text of the announcement is quite so confusing.

Connect-IPPSSession establishes a PowerShell connection to what used to be called the Security and Compliance endpoint (SCC). Microsoft also refers to EOP in the announcement because some cmdlets loaded (like Get-PhishSimOverridePolicy) are associated with Exchange Online Protection.

Today, the endpoint might be called the Microsoft Purview endpoint or compliance endpoint because the cmdlets loaded after establishing the connection allow access to objects like retention labels, sensitivity labels, and their respective publishing policies.

REST Rather than Remote PowerShell

Microsoft says that “in line with our vision to enhance the security of our cloud,” the compliance cmdlets will now use a REST API instead of the traditional (established in Exchange 2010) Remote PowerShell approach. Once you install V3.2 of the Exchange Online management module (apparently available on May 1, 2023), the REST-base cmdlets are available and Remote PowerShell is no longer required. You won’t see this kind of message when connecting to the endpoint:

WARNING: Your connection has been redirected to the following URI:
"https://eur01b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.22621.963"

Existing scripts don’t need to be updated. As Microsoft says “Simply using the new module will ensure REST is used rather than RPS.”

Part of the confusion in this announcement is the need to use a version of the Exchange Online management module that is currently unavailable. The current version doesn’t support the UseRPSSession parameter mentioned by Microsoft in their text:

Connect-IPPSSsession -UseRPSSession:$false

Microsoft says that Remote PowerShell connections to the compliance endpoint will not be available after July 15, 2023. This is a tad ahead of the announced schedule for the depreciation of Remote PowerShell for the main Exchange module (due on October 1, 2023).

Using a REST API instead of Remote PowerShell should make cmdlets more reliable and better performing. Remote PowerShell is very much a mechanism rooted in a period when Microsoft needed to support management of Exchange servers from workstations without the need to log into the servers. It worked well for Exchange 2010 and 2013 but its deficiencies are obvious with cloud services when connecting to a service is more important than connecting to a server.

More to Do

Welcome as it is to see the compliance cmdlets transition to a REST-based endpoint, there’s still more to do to fully modernize these cmdlets. Adding support for Azure managed identifies is a big step that needs to happen. It can be argued that the compliance cmdlets are less heavily accessed than those in the main Exchange module, but this ignores the fact that many of the tasks that you might want to run on a scheduled basis using an Azure Automation runbook might need to access compliance elements, like the list of sensitivity labels defined in a tenant (Figure 1).

Listing sensitivity labels after connecting to the compliance endpoint
Figure 1: Listing sensitivity labels after connecting to the compliance endpoint

Good Change

There’s no doubt that moving the compliance endpoint away from a dependency on Remote PowerShell is a good thing. Throwing away the baggage of on-premises implementations to make things work smoother in the cloud is always positive for those who need to automate Microsoft 365 operations. This is especially so when discussing compliance because the range of compliance functionality available in Microsoft 365 is so much wider and deeper than in the on-premises servers.

At this point, we don’t have the V3.2 release of the Exchange Online management module available so it’s hard to verify Microsoft’s assertion that nothing needs to be done to move the compliance cmdlets from Remote PowerShell to REST-based APIs. However, given the progress seen in the main Exchange Online management module, Microsoft is progressing down a well-known path and the change should be smooth. At least. I hope it will be.

✇Office 365 for IT Pros

Microsoft Releases Cmdlet to Retrieve Disposition Review Items

Export Details of Disposition Review Items

Message Center notification MC521457 (Microsoft 365 roadmap item 106102) might have passed you buy on February 27 when Microsoft announced a new PowerShell cmdlet for disposition review. Relatively few people are concerned with Microsoft Purview Data Lifecycle Management to care that a new cmdlet is available to export (not just “to support”) disposition review items, so it’s entirely natural that you might have gone on to read about other announcements occurring around the same time, like Exchange Online’s improved message recall feature.

Roll-out of the new Get-ReviewItems cmdlet is now complete. The cmdlet is available after loading the latest version of the Exchange Online management module.

Disposition Items

Microsoft 365 retention labels often result in the deletion of items after the lapse of their retention periods. This is enough for most organizations, but those that want oversight over the final processing of selected items can configure retention labels to invoke a disposition review, part of the Microsoft Purview records management solution. Disposition reviews are often used to retain messages and documentations such as those for project documentation until the organization is absolutely sure that it’s safe to remove individual items.

Using a disposition review with retention labels requires advanced licenses, like Office 365 E5. An organization can put items through a single-stage or multi-stage review (Figure1) leading to final deletion, retention for another period, or assignment of a new retention label. The reviewers who decide on the disposition of content are selected by the organization because they have the expertise and experience to know if items are still needed or can progress to final disposition. It’s also possible to configure a custom automated disposition process using Power Automate.

Viewing disposition review items for a retention label
Figure 1: Viewing disposition review items for a retention label

Exporting Disposition Review Items

The Get-ReviewItems cmdlet doesn’t affect disposition outcomes. It’s a utility cmdlet to export details of disposition review items for a specific retention label in a pending or disposed (processed) state. The reason why the cmdlet exists is that the Purview GUI (Figure 1) supports export of up to 50,000 items. Although it’s unlikely that an organization will have more than 50,000 items awaiting disposition review, it is possible that they might have more than 50,000 disposed (processed) items. The Get-ReviewItems cmdlet can export details of all those items.

Microsoft’s documentation for Get-ReviewItems includes examples of using the cmdlet. One in particular is noteworthy because it explains how to fetch pages of review items until all items have been recovered. Fetching pages of data is common practice in the Graph API world and it’s done to reduce the strain on the service imposed if administrators requested very large numbers of items at one time.

I expanded the example to create a report of all disposition review items for a tenant (all items for all retention labels with a disposition review). Here’s the code:

Connect-IPPSSession

[array]$ReviewTags = Get-ComplianceTag | Where-Object {$_.IsReviewTag -eq $True} | Sort-Object Name
If (!($ReviewTags)) { Write-Host "No retention tags with manual disposition found - exiting"; break }

Write-Host ("Looking for Review Items for {0} retention tags: {1}" -f $ReviewTags.count, ($ReviewTags.Name -join ", "))

$Report = [System.Collections.Generic.List[Object]]::new() 

[array]$ItemsForReport = $Null
ForEach ($ReviewTag in $ReviewTags) {
 Write-Host ("Processing disposition items for the {0} label" -f $ReviewTag.Name)
 [array]$ItemDetails = $Null; [array]$ItemDetailsExport = $Null
 # Fetch first page of review items for the tag and extract the items to an array
 [array]$ReviewItems = Get-ReviewItems -TargetLabelId $ReviewTag.ImmutableId -IncludeHeaders $True -Disposed $False  
 $ItemDetails += $ReviewItems.ExportItems
 # If more pages of data are available, fetch them and add to the Item details array
 While (![string]::IsNullOrEmpty($ReviewItems.PaginationCookie))
 {
    $ReviewItems = Get-ReviewItems -TargetLabelId $ReviewTag.ImmutableId -IncludeHeaders $True -PagingCookie $ReviewItems.PaginationCookie
    $ItemDetails += $ReviewItems.ExportItems
 }
 # Convert data from CSV
 If ($ItemDetails) {
   [array]$ItemDetailsExport = $ItemDetails | ConvertFrom-Csv -Header $ReviewItems.Headers 
   ForEach ($Item in $ItemDetailsExport) {
     # Sometimes the data doesn't include the label name, so we add the label name to be sure
     $Item | Add-Member -NotePropertyName Label -NotePropertyValue $ReviewTag.Name }
   $ItemsForReport += $ItemDetailsExport
 }
}

ForEach ($Record in $ItemsForReport) {
  If ($Record.ItemCreationTime) {
   $RecordCreationDate =  Get-Date($Record.ItemCreationTime) -format g 
  } Else {
   $RecordCreationDate = "Unknown" }
 
   $DataLine  = [PSCustomObject] @{
     TimeStamp       = $RecordCreationDate
     Subject         = $Record.Subject
     Label           = $Record.Label
     AppliedBy       = $Record.LabelAppliedBy
     RecordType      = $Record.RecordType
     'Last Reviewed' = Get-Date($Record.ItemLastModifiedTime) -format g
     'Review Action' = $Record.ReviewAction
     Comment         = $Record.Comment
     'Deleted Date'  = $Record.DeletedDate
     Author          = $Record.Author
     Link            = $Record.InternetMessageId
     Location        = $Record.Location
   } 
   $Report.Add($DataLine)
}

Everything works – until you meet an item with a comma in its subject or the comment captured when a reviewer decides upon a disposition outcome. After discussing the issue with Microsoft, its root cause is that the export is in CSV format and the comma in these fields causes problems when converting from CSV format. Microsoft is working on a fix which might be present as you read this.

The Lesson of Export

The Get-ReviewItems cmdlet will be a useful tool for those involved in disposition processing. They can extract details of items and report that information in whatever way they wish. The comma issue proves that documentation is not always perfect. It’s important to test examples to make sure that they work as they should.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

✇SharePoint Maven

How to determine which retention policies are applied to a given SharePoint site

I had an interesting dilemma a few weeks ago with one of my clients. They created several retention policies and applied them to various SharePoint sites in their tenant. They now had a business need to delete one of the sites as they no longer used it. However, by design, they could not delete it because there was a compliance policy applied to that site. So they needed a way to determine which retention policies were applied.

Since they had so many different site and label retention policies created and applied, they wanted a quick way to find which policy affected a given site so they could exclude the site from it. Here is how we got to the bottom of this.

  1. Navigate to the Compliance Center (Microsoft Purview)
  2. In the menu on the left-hand side, click Policiesdetermine which retention policies
  3. On the Policies/Data lifecycle management page, click Policy lookup tabdetermine which retention policies
  4. In the search wizard below, choose Site in the Find policies that include drop-down, then paste the URL of a site and click Searchdetermine which retention policies
  5. You will now get the search results that match the above criteria. They will show all the policies applied to a given site.determine which retention policies
  6. You can then edit a policy and exclude it from a given site as necessary. By the way, this Policy lookup will find both site retention and label retention policies.

The post How to determine which retention policies are applied to a given SharePoint site appeared first on SharePoint Maven.

✇Office 365 for IT Pros

Sensitivity Bar Appears in Office Desktop Apps

Sensitivity Bar Informs Users About the Labeling Status of Office Documents

I guess I was surprised when I saw message center notification MC515530 appear on February 15 all about the new sensitivity bar (or sensitivity labeling bar) for the Microsoft 365 apps for enterprise (the subscription version of the Office desktop apps). The surprise didn’t come from not knowing about the bar, because I’ve been using it for months as it’s in the Current Channel Preview release. It’s more that it seems to have taken forever to get a relatively simple (and good) change to general release. The update is Microsoft 365 roadmap item 88517 and will appear in the standard release of Word, PowerPoint, and Excel in March 2023. The Microsoft 365 Insider blog (September 20, 2022) explains how the sensitivity bar works.

It makes sense to show users details of the sensitivity label applied to a document. Office apps show the information shown in Figure 1 when a user clicks on the file name in the application window. You can update the file name, choose a different sensitivity label, save the file to a different location, or see the version history. This functionality is available even if you choose to hide the sensitivity bar (see below). What we’re concerned about here is the addition of the sensitivity label name and the colored shield in what’s displayed.

The name of the assigned sensitivity label appears in the sensitivity bar
Figure 1: The name of the assigned sensitivity label appears in the sensitivity bar

The display of the sensitivity label name in the sensitivity bar now means that Office apps display sensitivity labels in three separate places in the UI: the bar, the sensitivity button, and in the information bar at the bottom of the screen. The lock icons shown in the sensitivity and information bars are visual indicators that the sensitivity label protects the document with rights management.

Eliminating the Unified Labeling Client

Introducing the sensitivity bar is part of Microsoft’s ongoing effort to eliminate the unified labeling client (also known as the Azure Information Protection client). This add-on client was the original software installed to allow users to label Office documents and it included an information bar to display label properties.

The Office apps include native labeling capabilities, meaning that they include the necessary Microsoft Information Protection code to interact with labels, apply rights management encryption, and so on. Native protection means that there’s no need for an add-on client, but before it’s possible to transition all customers off the unified labeling client, Microsoft needs to provide equivalent functionality in the Office apps. Microsoft has been working to give the Office desktop apps equivalent functionality to that gained by installing the unified labeling client since at least 2018. A big step forward happened in 2019 when the Office apps gained native protection support. Now we’re in the final stages of the process when tweaks to the UI like this one and the introduction of colors for sensitivity labels apply the final fit-and-finish.

Hiding the Sensitivity Bar

If you don’t want the Office apps to display sensitivity label names, you can amend the label policy that publishes sensitivity labels to users to add a setting to hide the sensitivity bar. Microsoft’s documentation suggests that this might be appropriate if people use very long file names and want to see that information displayed (they can always see information about labels through the Sensitivity button).

In any case, you can’t disable the sensitivity bar through the Purview compliance center. Instead, run these PowerShell commands to connect to the compliance endpoint, select all label policies, and add the setting:

Connect-ExchangeOnline
Connect-IPPSSesssion
[array]$LabelPolicies = Get-LabelPolicy
ForEach ($Policy in $LabelPolicies) { 
  Set-LabelPolicy -Identity $Policy.Name -AdvancedSettings @{HideBarByDefault="True"}
}

To check the setting, run:

Get-LabelPolicy | Format-List Name, PolicySettingsBlob

You should see the setting shown like this:

<setting key="HideBarByDefault" value="True" />

Figure 2 shows the effect, which is quite subtle. Everything that was there before is still present but the label is now represented by a colored shield (meaning it’s a protected document) instead of the shield and label name.

Sensitivity bar hidden means no sensitivity label name alongside the shield
Figure 2: Sensitivity bar hidden means no sensitivity label name alongside the shield

To reverse the setting, set its value to False. The Office apps pick up changes made to label policies the next time they refresh their label cache, so it might take several hours before apps hide the sensitivity bar.

Useful Change for Those Interested in Sensitivity Labels

For most users, the addition of the sensitivity bar is a minor improvement that I find useful (but maybe only because I label every document). The bar serves a useful purpose in highlighting the presence of a sensitivity label (which might have been applied automatically by a label policy), and might help to raise awareness about the need to exercise care when handling confidential information. On the other hand, the sensitivity bar might fade into the background like many other elements of the Office GUI that people only access when they really need to. Of course, if your organization doesn’t use sensitivity labels, you don’t need to worry about the sensitivity bar.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

✇SharePoint Maven

How to enable Alert Policies to monitor for unusual activities in SharePoint Online

When you store your company’s documents in SharePoint, a valid concern is data integrity. Is my data in SharePoint Secure? was one of the articles I wrote a while back. It addressed the concern of whether or not the data stored in SharePoint and OneDrive is safe and secure. The data loss can occur in one of two scenarios: security compromise at Microsoft data centers or a human (employee) factor (by accident or intentional). Most likely, each organization, large or small, is concerned about data loss due to rogue employees or inadvertent mishandling of its files and folders due to user error.

While user errors or intentional mishandling of documents can happen as a result of the mass download of company documents or external sharing to unauthorized users, probably the worst offense is when the files and folders are deleted in bulk from a given SharePoint site, which can eventually result in irreversible damage if there is no backup in place.

Luckily, there is a way to set up alert policies for such behaviors, so you are notified immediately after such issues occur.

How to enable Alert Policies to monitor for unusual activities in SharePoint Online

Policy alerts are available within the Microsoft Purview (Compliance Center). So you need to be either a Global Microsoft 365 Admin or be given a direct role to access the Compliance Center.

  1. From the Microsoft 365 App Launcher, click Compliance
  2. Once in Microsoft Purview (Compliance Center), click Policies > Alert policies
  3. You will now be on a screen where you can create alert policies. You will probably note that some default policies for most common scenarios already exist. For example, you will notice two policies that could be of interest to you: Unusual volume of file deletion and Unusual external user file activity
  4. However, those are built-in/default policies, and you will not be able to alter their logic/triggers. For example, the Unusual volume of file deletion policy assumes that the “unusual” number is based on AI/your company’s SharePoint usage, and you can’t really control it. You will be able to turn it off, if necessary.
  5. To create a new custom alert policy, click New alert policyAlert Policies
  6. Next, give it a Name. You can then choose its Severity and Category (those have nothing to do with the trigger and are just ways for you to categorize a given policy for your own benefit). Click Next.Alert Policies
  7. On the next screen, you will set up a trigger. You can choose from a list of available triggers/activities; in our case, the activity is file deletion.Alert Policies
  8. Just below triggers, you will need to choose the conditions for the alert. Please note that if you do not see this option, that means you do not have the proper license and will need to purchase a more expensive license to customize these settings. In my case, I am setting up an alert when a user deletes 15 or more files within 1-hour span. Alert Policies
  9. On the final setup screen, you can specify to who the alert will be emailed to. You can also limit how many of these alert emails you want to get within a day. Click Next.
  10. Finally, you can review the settings and enable the alert policy immediately by clicking Finish
  11. You will now see the policy created, and it will be part of a table where the other alert policies are stored (default or custom)

Important Notes

  • It does take up to 24 hours for the alert policies to take effect. (Image below courtesy of Microsoft)
  • Some settings I describe might not be available in your tenant due to licensing. Make sure you have proper licensing assigned to the Admins. (Image below courtesy of Microsoft)
  • As mentioned above, Default policies cannot be altered and are based on internal logic. (Image below courtesy of Microsoft)

Policy Alert in action

Once the suspicious activities match the trigger you specified in policy alerts, the recipients you specified during alert policy creation will receive an email similar to the one below

Example of the email received by an Administrator or designated recipients when the alert policy is triggered

Alert Policies

Clicking Alert Details from the email above provides additional details on the Activity (in the use case above, it notified the Administrator that the user shared a document externally – this was another alert policy I set up in my tenant).

Alternatives to Alert Policies

The above-mentioned policy alert might be an excellent mechanism to be notified as soon as destructive activities occur in your tenant. However, you can also be a bit more proactive and set up other mechanisms that complement (or replace) the policy alerts.

Retention policies

Setting up proper retention or record policies will prevent content from being deleted in the first place. I explained this in a previous post.

Security and permissions

Quite often, things happen on a given site or team simply because users have access to the content when they should not have. So avoid oversharing and make sure proper security and permissions are set up.

Training

Finally, do not forget Training. Many things happen not because of bad intentions, but rather by accident and lack of knowledge and understanding of what happens due to certain actions in SharePoint and Teams. So do not ignore some basic training for your staff.

The post How to enable Alert Policies to monitor for unusual activities in SharePoint Online appeared first on SharePoint Maven.

✇TechGenix

How to Perform an Audit Using Microsoft 365 Defender

Image of a magnifying glass on a blue surface.
Audits can help you find out who and what was involved in any incident!
Source: Unsplash

If any security or compliance-related incident occurs in your Microsoft 365 environment, it’s important to find out the source of the issue. Fortunately, Microsoft provides a very nice audit interface within the Microsoft 365 Defender portal that can help you research any event in your Microsoft 365 environment.

In this article, I’ll show you how you can perform an audit using Microsoft 365 Defender. Let’s get started. 

Performing an Audit

I’ve broken down the process of performing an audit into 4 steps. Let’s start by accessing the audit interface.

1. Accessing the Audit Interface

As mentioned earlier, if you want to audit your Microsoft 365 environment, you’ll need to use the Microsoft 365 Defender portal. You can access the Audit interface by completing the following steps:

  1. Log into Microsoft 365
  2. Click on Admin to open the Microsoft 365 Admin Center
  3. Click Security to open the Microsoft 365 Defender portal (depending on your Microsoft 365 license type, you may need to click All Admin Centers and then click Security)
  4. Select the Audit tab

You’re now ready to perform an audit search.

2. Performing an Audit Search

Auditing events through Microsoft 365 Defender essentially involves querying Microsoft 365 audit logs. The Audit interface, which you can see in the screenshot below, includes numerous query options.

Screenshot of the Audit interface in Microsoft 365 Defender.
This is the interface to query the Microsoft 365 audit logs.

The first thing that you’ll typically want to do is specify a date and time range. Microsoft 365 can produce an overwhelming number of log entries, so specifying a date and time range can help you narrow down the results. This makes it much easier to find what you’re looking for.

Next, you need to specify the type of activity you’re looking for. The Activities drop-down, as shown in the screenshot below, contains dozens of activities you can choose from. You can select one or multiple, depending on your needs. You can also search for a specific activity using the handy search box.

Screenshot of several activity types used to create an audit in Microsoft 365 Defender.
Lots of activity types to choose from!

Then, you can specify the users whose logs you wish to examine. Also, under the Users field, you can specify individual files, folders, or sites. Lastly, you can use the keyword field to search for any logs containing a specific keyword.

When you finish entering your search criteria, click the Search button. This will queue your audit as a job (as shown in the screenshot below). You can also click the Refresh button to get updates on the job’s status.

Screenshot of Microsoft 365 Defender queuing a search job.
Microsoft 365 Defender will queue your search job.

When the search completes, the Job Status column will indicate a status of Completed. Clicking on the word Completed will cause Microsoft 365 Defender to display the search results. You can see an example of a completed job in the screenshot below.

Screenshot of a generated audit report in Microsoft 365 Defender.
This is what a typical audit report looks like.

Let’s review your results!

3. Reviewing the Audit Results

As you review the audit report (as shown in the previous screenshot), you can click on any of the log entries to see additional details. These details vary widely in scope depending on the type of log entry that you click on. If you’re overwhelmed with the excessive number of entries listed, you can use the Filter button to narrow down the results.

You can also export the search results to a file by clicking on the Export button shown in the previous screenshot. Again, you’ll have to refresh the display before the download link appears.

One final thing to mention involves audit retention policies. Let me briefly explain this point before we wrap up.

4. Configuring the Audit Retention Settings

Audit reports pull results from Microsoft 365 audit logs. Due to this, you’ll only see a search result if whatever you’re looking for appears in a log entry. Therefore, it’s worth taking a moment to examine your audit retention policies.

At the top of the Audit interface, you can see the Audit Retention Policies tab. Clicking on this tab takes you to a screen (shown in the screenshot below) where you can create an audit retention policy. To create one, simply follow these steps:

  1. Click the Create Audit Retention Policy link
  2. Enter a name and an optional description for the new policy
  3. Choose the users or the record types for which the policy should apply
  4. Enter the policy duration (you can save logs for a minimum of 90 days and a maximum of 10 years)
  5. Enter a policy priority (the priority is just a number that determines policy precedence in case you want to create multiple, contradictory policies; lower priority numbers have higher precedence)
  6. Click Save
Screenshot of the audit retention policy creation interface in Microsoft 365 Defender.
This is the interface to create a new audit retention policy.

Alright, time to recap.

Final Words

In essence, a security or compliance-related issue can cause a lot of problems if not rectified immediately. Microsoft 365 auditing can help you identify the source of these incidents. Through the Audit interface, you can create detailed logs that can help you quickly identify the issues at hand. The interface itself is also comprehensive, offering a lot of criteria to help you in your search. 

Overall, I hope this article helped you out in some way. As always, feel free to save it as a point of reference for the future.

Do you have more questions about Microsoft 365 auditing or other related topics? Check out the FAQ and Resources sections below!

FAQ

What is the difference between New Search and Classic Search?

New Search is the preferred audit search method because it gives you a few extra options that Classic Search doesn’t. Specifically, these options include the ability to search by record type, keyword, or search name.

I can’t access the Microsoft 365 Defender Portal. Why not?

Microsoft 365 Defender isn’t included with all Microsoft 365 subscriptions. Generally speaking, you’ll need an enterprise subscription such as Microsoft 365 E5 or A5, or E3 with an add-on such as Microsoft 365 E5 Security, Enterprise Mobility + Security, or A5 Security. You can also get Microsoft 365 Defender with Windows 10 or 11 Enterprise E5 or A5, or as a separate add-on. You can find the full licensing requirements here.

How do I know which Microsoft 365 license I have?

If you want to know what Microsoft 365 license you have, log in as a global administrator or billing admin. After that, go to the Microsoft 365 Admin Center and click on Billing, followed by Licenses. 

I only have a vague idea of what I am looking for. What are my options?

It’s fine if you don’t know exactly what you’re looking for. Microsoft provides various query fields for your convenience, but you don’t need to use them in your search. You can populate as many or as few of the query fields as you like. Normally though, the more fields you populate, the fewer results you’ll receive.

What is the downloadable file format when I export an audit report?

The audit report file will be in comma-separated values (CSV) format. You can natively open it in Excel or any text editor. It’s also possible to write a PowerShell script to parse the contents of a CSV file.

Resources

TechGenix: Article on Internal Audits

Read more on how to conduct an internal audit for your organization.

TechGenix: Article on the Importance of Internal Security Audits

Find out why internal security audits are so important.

TechGenix: Article on Microsoft 365 and Multi-Factor Authentication (MFA)

Discover why MFA is now more important than ever for Microsoft 365.

Microsoft: Article on Searching the Audit Log

Educate yourself on how to search the audit log in the compliance portal.

Microsoft: Article on Managing Audit Log Records

Learn how to export, configure, and view your audit search results.

The post How to Perform an Audit Using Microsoft 365 Defender appeared first on TechGenix.

✇Office 365 for IT Pros

How the Teams Report a Concern Feature Works

Report a Concern about a Message in a Teams Personal or Group Chat

Communication Compliance policies are part of the Microsoft Purview suite designed to help organizations monitor the content of messages. Originally known as supervision policies (which gives an indication of their purpose), communication compliance policies could only process email until Microsoft introduced support for Teams in early-2020.

Communication Compliance Basics

The basics of communication compliance revolve around the analysis of messages captured in special supervision mailboxes against conditions defined in policies. Settings include:

  • The accounts that come within the scope of the policy (the monitored mailboxes).
  • Direction of message traffic (inbound, outbound, or both).
  • The percentage of traffic captured for analysis. Although it’s possible to examine every message sent and received by the accounts within a policy scope, it’s more usual to examine a percentage. Purview extracts messages at random to meet the selected percentage.
  • Whether to use Optical Character Recognition (OCR) to examine attachments and images sent in email and Teams.
  • The classifiers and conditions used to select messages for further review. Microsoft Purview includes a default set of trainable classifiers such as Profanity and Threat to detect these conditions in messages. Organizations can train their own classifiers as required. Conditions (like those used in DLP and mail flow rules) can focus the review to specific messages such as those coming from certain domains.
  • The supervisors responsible for reviewing messages detected by the policy.

Exchange Online redirects copies of messages needed for communication compliance as email passes through the transport service. Purview uses the compliance records created by the Microsoft 365 substrate to process Teams messages.

Teams Report a Concern

In mid-2022, Microsoft introduced the ability for Teams users to report a concern with messages sent in personal and group chats. By August 31, 2022, the feature reached all tenants with Office 365 E5 or Microsoft 365 E5 compliance licenses who had communication compliance policies. It can take up to 30 days before the feature appears in tenants after they start to use communication compliance policies.

Visibility of the Report a Concern option (Figure 1) is controlled by the AllowCommunicationComplianceEndUserReporting setting in the Teams messaging policy for an account. The setting is available in the Teams admin center or PowerShell. By default, the setting is enabled. To see the setting for all messaging policies, run:

Get-CsTeamsMessagingPolicy | Format-Table Identity, AllowCommunicationComplianceEndUserReporting
The Teams Report a Concern option in a Chat
Figure 1: The Teams Report a Concern option in a Chat

When a user reports a concern (Figure 2), Teams tags the message and up to five messages preceding the reported messages and five messages afterward (if available). Many messages sent in Teams chats are short and concise. The extra messages provide the context to allow a reviewer to decide if a problem really exists.

Reporting a Concern about a Teams chat message
Figure 2: Reporting a Concern about a Teams chat message

Reviewing Reported Messages

Apart from exposing the Report a Concern option in Teams chat, the other major piece of functionality is the automatic creation of the User-reported messages policy. The only change an organization can make to the User-reported messages policy is to update the supervisors responsible for reviewing reported messages.

As with all communication compliance policies, to review reported messages, head to the communication compliance section of the Purview compliance portal (Figure 3) and select the policy to review. The policies available to a user depends on the communication compliance administrative role assigned to their account.

The Teams User-Reported messages policy in Communication Compliance
Figure 3: The Teams User-Reported messages policy in Communication Compliance

Select the policy and open the Pending tab to see the messages requiring investigation. The default view is to see the summary, meaning the message reported by the user. The conversation view exposes the messages before and after the reported message to give context to the reviewer (Figure 4).

Reviewing a message reported from a Teams chat
Figure 4: Reviewing a message reported from a Teams chat

Like any other message detected by a communication compliance policy, the role of the investigator is to decide if the content violates the acceptable norms for communication. Because individual users make a subjective decision to report a message, the variation in content is likely broader than in the set of messages selected using a trainable classifier. This underlines the need to understand the tone and flow of the conversation within which the problem message occurred.

After reviewing the message, the investigator can resolve the problem (for instance, decide that the user overreacted when they reported the concern), notify the user (and others) about their assessment, or escalate the issue for further investigation. The Remove message in Teams option (available through the down arrow menu in Figure 4), replaces the reported message with a notification that the message “was blocked due to organizational policy” for the recipient and “This message was blocked” for the sender (Figure 5).

Teams blocks a reported message
Figure 5: Teams blocks a reported message

This action, which is similar to the way that Teams handles messages blocked by DLP policies, allows the organization to withdraw a problem message during an investigation. However, there’s no way to withdraw the block and expose the message again if it’s deemed acceptable.

Keeping Things Clean

Report a Concern is a useful feature (Teams Free has a similar feature where Microsoft takes care of investigations) if you have the right licenses. Then again, if the organization needs something like communication compliance, the cost probably doesn’t matter. In which case, it’s nice to have a way to keep everyone polite in their Teams chat.

Keep up to date with developments like the app support for sensitivity labels by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure that our subscribers understand the most important changes happening across Office 365.

✇ITProMentor

Selling the Digital Transformation Journey: Security & Compliance

When I talk to customers about their Digital Transformation Journey, I always like to give them the “10,000 foot view” so to speak. I suggest that we explore two different angles or “big pictures”  in order to paint an image that customers can then imagine themselves into. The first picture is Security & Compliance, and the second is Productivity & The Modern Workplace. Let’s start by examining the first.

With regard to Security & Compliance, we have to set the stage a bit: why should customers care about this stuff? After all, cybersecurity initiatives typically struggle to get funding and other traction, especially in the small and mid-sized business where resources are more scarce to begin with.

The structure of your pitch

You will often see security vendors at conferences begin their presentations with scary statistics about how many breaches occur each year, and how the cost of an average breach has been steadily increasing year-over-year; I find this type of information to have a very limited effect on people. If something like that is going to be your angle, it is far more effective to relate real-life stories, and the “closer to home” each story hits, the better (yet some orgs will refuse to act until it is their own home which is hit, and they become one of those stories you end up telling to others).

But selling customers on the importance of security & compliance should not be based on scare tactics, anyway. You also have to paint a picture of value. Give them a preview of what it looks like to live in the new world you want to guide them into. Remember that all changes are going to be met with some resistance (this is only natural), yet these changes are ones that must take place sooner or later. Plus, you can highlight new features such as Sensitivity labels, which grant users new superpowers they’ve never had before. In general, it is much more difficult to prod people from behind into the darkness than it is to coax them into the light, leading from the front. In other words, carrots are better than sticks.

The corollary in this message which you must communicate explicitly is that you have already walked this path yourself, and you have no regrets about doing so. You will also take them down this path, and it will go just as smoothly, or even better, since you already know the pitfalls and dangers that lie along the way. As you paint this canvas, also be sure to highlight how the new tools or capabilities would have prevented or mitigated the problems you shared earlier in your anecdotal stories.

In addition to sharing relatable anecdotes and painting the preview or picture I want them to inhabit, I normally make it very clear that this past decade has seen such a radical shift in the cyber landscape, that I can no longer afford to waste my time with customers who will not take this journey seriously. If they cannot even be bothered to implement a basic level of cyber hygiene such as CIS Implementation Group 1, then they are essentially begging to be compromised, and simply I cannot give my precious attention to folks who will not even address the most essential of risks, and therefore any further engagement is off the table. This is also why I suggest beginning your new engagements from Security & Compliance rather than Productivity & The Modern Workplace.

Let me be clear: this might mean you have to fire some existing customers, even long-standing ones. But that’s okay: you are going to replace them with better ones (the ones who will actually listen to you and trust your recommendations). Notice this is different from either a stick or a carrot. It is more like a “filter” or disqualifier.  Holding up this barrier is only fair to them, and enormously helpful for you, plus it sends a very strong message (it projects confidence in your own practice).

So let’s review: you should plan your Security & Compliance pitch using these key components:

  1. Relatable anecdotes from the wild (and the closer to home the better)
  2. A preview or “picture” of where your customer is heading and the new capabilities you will bring to them
  3. An ultimatum / disqualifier

So what does good look like?

Once you have a prospect’s attention, you will need a simple and engaging way to explain your Security & Compliance offering to them. If you are primarily selling solutions built on top of Microsoft 365, as I am, then I suggest leveraging the concepts, marketing and language that Microsoft themselves have already produced. For example you will see them speak and write frequently about “Zero Trust,” and what that phrase means to them.

They have also published some detailed documentation such as the Zero Trust Deployment Plan, which is targeted for Enterprise (read: E5) customers. You can simplify this for SMB a bit further, as I have done here:

Follow our simple 3-tiered approach to Zero Trust

There is no need to reinvent the wheel (that’s what Microsoft’s materials are there for). Plus, if a customer decides to “spot check” your pitch, they would find solid validation with a quick Google search.

Aren’t Security and Compliance different things? Why not two offerings?

You can sell separate offerings if you want to, sure. Remember that a “compliant” environment is not necessarily a secure one. On the other hand, the items that are generally called for in a high-regulation, compliance-intensive scenario most often exist because of concerns around data security. For this reason, I always suggest that you approach your engagements from a “Security-First” mindset. When you build a good, secure foundation, you will very often find that compliance is a breeze thereafter, and this is because most compliance requirements will map back to common cybersecurity frameworks such as NIST anyway.

And yes, I am aware that in some cases “compliance requirements” actually contradict the latest cybersecurity guidance. The most common example I see thrown around is password complexity & rotation requirements, which are moot after the implementation of a good Zero Trust baseline including Multi-Factor Authentication and other identity protection systems. Look, I have gotten into with auditors before: I have found that the spirit behind the law is more important than meeting the letter of the law itself. So with regard to this particular example, the point is not to put people through the discomfort of changing passwords every 90 days, the point is to protect them from credential theft and identity compromise. We have better, more sophisticated ways of doing that now which are more comfortable, so why would we go backwards? I have fought this battle and won on more than one occasion (so that we could end password rotations), and I won because I supported my claims with reputable references.

Anyway, my original point is that you can splinter off a cybersecurity essentials baseline offering, and then have “compliance” add-ons for helping organizations meet more specific requirements such as PCI, HIPAA, GDPR, etc. as needed. Some service providers will specialize around a particular vertical, and get to know their requirements really well, and then just focus on those (then a single, flat-rate Security & Compliance offering makes a lot of sense). How you bundle this stuff and sell it to your customers is largely up to you. I would not say there is just one right answer here.

Conclusion

Once your customer has committed to the Security & Compliance journey, then you are off to a very good relationship indeed. From here, you can begin to explore the next big picture, which is improving productivity and modernizing outdated, tired business practices. This will require a new change of frame, so to speak, and another pitch. But this second journey is going to be taking place against a more secure background than what you had before (this actually makes life easier and less stressful for both you and your customer). Without the first journey, you could jeopardize all of your subsequent efforts in the second: the modern workplace transformation should be undergirded by that Security-first foundation.

If you enjoyed this blog post and would like to see more content like it, which goes into greater detail and gives you an opportunity to work with myself and other peers who are implementing these solutions for customers, I would suggest you check out our SquareOne Practice Development Group.

After you get your customers onboarded to your “Security-First” services, the next step is helping them to complete their digital transformation and maximize the value they invested into the modern workplace. But that is a topic for another day.

The post Selling the Digital Transformation Journey: Security & Compliance appeared first on ITProMentor.

✇Jean-Sébastien DUCHENE Blog's

Les nouveautés de décembre 2022 autour de la gouvernance, conformité et protection de données (MIP, PurView, etc.)

Je vous propose un petit aperçu des nouveautés en décembre 2022 autour de la gouvernance, de la conformité et de la protection de données proposé via Microsoft PurView (MIP, etc.). On retrouve notamment&nbsp...(read more)
✇Jean-Sébastien DUCHENE Blog's

Les nouveautés de novembre 2022 autour de la gouvernance, conformité et protection de données (MIP, PurView, etc.)

Je vous propose un petit aperçu des nouveautés en novembre 2022 autour de la gouvernance, de la conformité et de la protection de données proposé via Microsoft PurView (MIP, etc.). On retrouve notamment : Clas...(read more)
✇SharePoint Fire

Export & Import Office 365 and Azure configuration

In two weeks I’ll be starting at a new company as an Information Security specialist. In order to prepare for this new endeavor I’ll be updating my developer tenant for testing purposes. All best practices I know and found on the internet will be added to the configuration. I want to configure for example Teams, SharePoint, Endpoint, MCAS and Microsoft Information Protection. Developer tenants are auto renewable every 120 days if there has been activity detected on the tenant. The next couple of blogs will be focused on exporting and importing configuration settings using PowerShell so I can get quickly up and running again should my developer tenant expire. For each topic I’ll create a new post. The PowerShell scripts and configs will be stored in GitHub. Bear with me as content will be updated when ready.

Exporting & Importing topics

This is the first blog which will outline my ambition to create a post for the below topics. I’m not yet sure if all best practices and configurations are PowerShell/Graph ready but I’ll learn that on the way.

  • Azure Active Directory
  • Azure Active Directory Identity Protection
  • Security Center
  • Compliance Center
  • SharePoint & OneDrive
  • Teams
  • Exchange
  • Endpoint (Intune)
  • Stream
  • Conditional Access
  • Office 365 General
  • Power BI
  • Yammer
  • Defender for Endpoint
  • Defender for Office 365
  • Microsoft Cloud App Security
  • Microsoft Information Protection

Microsoft 365 developer program

I was contemplating adding one Microsoft 365 E5 license for testing and updating the configuration for my personal tenant. A Microsoft 365 developer subscription doesn’t have Defender for Endpoint and I really want that functionality in my test environment. I decided to add the Defender for Endpoint add-on to the developer tenant as a trial which is active for 3 months. The developer tenant also has 25 licenses which will make testing easier between users. I’ve created my developer tenant the first moment we were able to create an E5 tenant as it was E3 previously and I’ve got 68 days remaining until Microsoft will verify my activity and decide if I can use it for 120 more days. Interested in a Microsoft 365 E5 tenant to test your solutions for the Microsoft 365 platform? Go to Developer Program – Microsoft 365 and join now with your personal Outlook account or a business account.

image

The post Export & Import Office 365 and Azure configuration appeared first on Cloud Security | Office 365 | Azure | SharePoint.

❌
❌