Office 365 Enhanced with Admin Role, Templates and Security Controls

Microsoft announced last week that it is going live with some new Office 365 and Exchange Online improvements for IT pros.

The features include the ability to assign IT personnel roles for overseeing specific Office 365 workloads and the ability to use department templates to manage Microsoft Office file permissions. In addition, Microsoft rolled out some new e-mail security enhancements with its Exchange Online Protection service.

These new capabilities will show up sometime this month for Office 365 subscribers.

Admin Roles
One new feature is the ability to designate administrative roles for the IT pros that oversee particular Office 365 solutions, such as Exchange Online, SharePoint Online and Skype for Business Online. A global administrator can set up such permissions with just a few clicks.

In addition, it's now possible to specify more than one role per person, which is a new capability, according to Microsoft's announcement. The new admin role assignment capability will be rolling out to Office 365 subscribers sometime this month, Microsoft indicated.

Department Templates
Another new feature being turned on this month in Office 365 is the use of department templates when setting up the Rights Management Service for Office 2013 users. Microsoft's Rights Management Service is an Office 365-enabled service that adds restrictions to the sharing of Office 2013 files and the copying of information. File-restriction policies can be set by IT pros via Active Directory groups.

With this month's update, IT pros can now use department templates to set access policies for Office 2013 files. The templates specify who, at the departmental level, can access the documents. That capability is now "natively supported in Office 2013," Microsoft's announcement explained.

The use of Azure Active Directory is part of this document protection scheme.

"A departmental template can be assigned to anything that can be defined via a group or list of groups in Azure Active Directory," a Microsoft blog post explained.

Department templates are designed to protect Office 2013 files, but it's also possible to use them to set restrictions for Office 2010 files. However, doing so takes a few extra steps. Microsoft explained that Office 2010 "does not download policy templates itself." Instead, the templates have to be brought to Office 2010 through a script, such as the "Enhanced Template Deployment Script."

More information about the overall template customization process is described in this TechNet article.

Exchange Online Protection
Lastly, Microsoft added a few enhancements this month to Exchange Online Protection, a service that adds protections against malware and spam. Microsoft improved the service's reporting capabilities and added some backscatter spam protections.

Microsoft describes backscattter spam as the nondelivery receipts that end users typically get after spammers "forge" a person's e-mail address. The company has an improved solution, called "Boomerang," that it has rolled this month out to ward off backscatter spam for both hosted and premises-based mailboxes using Exchange Online Protection. Boomerang supplements an "NDR backscatter storm prevention" feature that Microsoft rolled out in May, which is specifically designed to address bulk spam campaigns, according to Microsoft's announcement.

On the reporting side, Exchange Online Protection now lets IT pros schedule the arrival of reports via e-mail, either weekly or monthly. They can specify the type of report to receive. Microsoft currently has four report types: spam detections, rule matches, data loss prevention policy matches and an overall traffic summary report.

For organizations with multiple domains to manage, Microsoft has added new PowerShell cmdlets to help with the reporting. IT pros can get traffic activity per domain by using the "Domain parameter with Get-MailTrafficReport and Get-MailTrafficPolicyReport" PowerShell cmdlets.

Microsoft also improved some controls with Exchange Online Protection. IT pros can now "block or allow emails from an individual sender or an entire domain" via the Spam Filter in the Office 365 Exchange Admin Center. Microsoft calls this capability "simplified block." The simplified block feature is currently available at the "preview" stage but it will get deployed worldwide by month's end.

Likewise, Microsoft expanded its "bulk release" feature. It can now handle "up to 500 quarantined messages." Quarantined messages now have a "message preview" capability that IT pros can use to see if a message is legitimate or not.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus