Office 365 Enhanced with Admin Role, Templates and Security Controls

Microsoft announced last week that it is going live with some new Office 365 and Exchange Online improvements for IT pros.

The features include the ability to assign IT personnel roles for overseeing specific Office 365 workloads and the ability to use department templates to manage Microsoft Office file permissions. In addition, Microsoft rolled out some new e-mail security enhancements with its Exchange Online Protection service.

These new capabilities will show up sometime this month for Office 365 subscribers.

Admin Roles
One new feature is the ability to designate administrative roles for the IT pros that oversee particular Office 365 solutions, such as Exchange Online, SharePoint Online and Skype for Business Online. A global administrator can set up such permissions with just a few clicks.

In addition, it's now possible to specify more than one role per person, which is a new capability, according to Microsoft's announcement. The new admin role assignment capability will be rolling out to Office 365 subscribers sometime this month, Microsoft indicated.

Department Templates
Another new feature being turned on this month in Office 365 is the use of department templates when setting up the Rights Management Service for Office 2013 users. Microsoft's Rights Management Service is an Office 365-enabled service that adds restrictions to the sharing of Office 2013 files and the copying of information. File-restriction policies can be set by IT pros via Active Directory groups.

With this month's update, IT pros can now use department templates to set access policies for Office 2013 files. The templates specify who, at the departmental level, can access the documents. That capability is now "natively supported in Office 2013," Microsoft's announcement explained.

The use of Azure Active Directory is part of this document protection scheme.

"A departmental template can be assigned to anything that can be defined via a group or list of groups in Azure Active Directory," a Microsoft blog post explained.

Department templates are designed to protect Office 2013 files, but it's also possible to use them to set restrictions for Office 2010 files. However, doing so takes a few extra steps. Microsoft explained that Office 2010 "does not download policy templates itself." Instead, the templates have to be brought to Office 2010 through a script, such as the "Enhanced Template Deployment Script."

More information about the overall template customization process is described in this TechNet article.

Exchange Online Protection
Lastly, Microsoft added a few enhancements this month to Exchange Online Protection, a service that adds protections against malware and spam. Microsoft improved the service's reporting capabilities and added some backscatter spam protections.

Microsoft describes backscattter spam as the nondelivery receipts that end users typically get after spammers "forge" a person's e-mail address. The company has an improved solution, called "Boomerang," that it has rolled this month out to ward off backscatter spam for both hosted and premises-based mailboxes using Exchange Online Protection. Boomerang supplements an "NDR backscatter storm prevention" feature that Microsoft rolled out in May, which is specifically designed to address bulk spam campaigns, according to Microsoft's announcement.

On the reporting side, Exchange Online Protection now lets IT pros schedule the arrival of reports via e-mail, either weekly or monthly. They can specify the type of report to receive. Microsoft currently has four report types: spam detections, rule matches, data loss prevention policy matches and an overall traffic summary report.

For organizations with multiple domains to manage, Microsoft has added new PowerShell cmdlets to help with the reporting. IT pros can get traffic activity per domain by using the "Domain parameter with Get-MailTrafficReport and Get-MailTrafficPolicyReport" PowerShell cmdlets.

Microsoft also improved some controls with Exchange Online Protection. IT pros can now "block or allow emails from an individual sender or an entire domain" via the Spam Filter in the Office 365 Exchange Admin Center. Microsoft calls this capability "simplified block." The simplified block feature is currently available at the "preview" stage but it will get deployed worldwide by month's end.

Likewise, Microsoft expanded its "bulk release" feature. It can now handle "up to 500 quarantined messages." Quarantined messages now have a "message preview" capability that IT pros can use to see if a message is legitimate or not.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube