Ignite – some of the news I got first day

So! Day one at Ignite is over and what a day! A lot of new features, services and everything.

But Imust say, arriving from Norway – EVERYTHING IS SO BIG here in USA!

Anyhow – Here is a short summary from me of some (few) new features and services that where unvailed at the keynotes and some sessions

There are much more also that I did not cover in this post!

Azure Arc

Azure Synapse Analytics

Power Automate (Flow)

  • MS Flow is getting new name
  • Gives you ability to create autmations against applications which are missing API`s

Power Virtual Agents

  • Bot or “Chat” agent on websites
  • Together with Power Automate you can fill contacts schemes from a chat on a website directly into your on-prem crm system (which are missing API)

Microsoft 365

  • Project Cortex
    • Based on AI
    • Creates a Enterprise wiki automatically with the use of AI
    • Creates a “Knowledege” card on word shortnings and links you to the “Knowledge Center”
    • Greate for new employees or just as a company wiki
  • MS Stream uses AI to remove background noice on videos
  • MS Teams uses AI to remove backgrouds or bluring them
  • Fluid Framework
    • Collaboration between Outlook, MS Teams chat, PowerPoint ++
  • is more important for end-users than ever – a onestop for all services
  • gets ability to be customized with themes, company branding etc.
  • OneDrive gets filesize increased to 100GB pr. file
  • All files in OneDrive now has Delta-sync


  • In Search you now can edit resultspage and configure how the result is presented
  • SharePoint Homesites is in GA
  • Content Auditing
    • Highligt of changes in versions
    • Scheduled publishing of pages
    • Multi-lingual support
  • SharePoint Spaces goes Public preview arround q1 2020 (somehow togheter with Edge Chromium)
  • Modern term-store

Security & Compliance

  • Unified labes is even more unified
    • Labeled Teamsites, MS Teams and files are now the same
    • Auto labeling si based on content on a complete site
  • Information barrier
    • Based on classifications (labels) you can block out a whole department or group of people from certain areas
    • That said, Finance investors can get blocked out from the auditors filespaces for exapmle.

Edge Chromium

  • Browser in GA Q1 2020
  • Will get a Fast Track “track” to help companies embrace it

Managed Meeting Rooms

  • Monitoring of equipment in the rooms like monitors, cameras, microphones etc.
  • In Private preview right now!

On my way to Ignite!

Enroute! I`m on my way to Orlando as we speak (write). I`m so exited to meet the HUGE community which are present at Microsoft Ignite and can`t wait to meet friends and new people in the community. That said there are mucho to-do this week!

I`m arriving my hotel late Sunday and preparing to head into OCCC EARLY to try to get a space for Sataya`s keynote in The Hub at OCCC.

Game plan!

  • Get my luggage
  • Check in at MS Ignite at Orlando airport (rumors says there is almost no queue there)
  • Grab an Uber straight to the hotel
  • Go to sleep fast
  • Get up early and head directly over to OCCC
  • Enjoy Ignite! 🙂

That said – i have thought about how to store, use and structure all the information and knowledge i get this week.

My plan is to use One Note for taking notes on stuff from sessions and all over – Use Microsoft To-Do to add task that i need to follow up on and LinkedIn for connecting with all the great community people and ofcourse use Twitter to follow the great speakers and people i meet at the conference.

Ignite is 7 days away – it’s a problem!!

Well.. it’s not that big of a problem, or yes it is! There is to many sessions I want to be at at the same time. As a first timer at Ignite this will be alot of fun and i’m looking forward to meet alot of people and learn much new stuff!

So over to the problem, I have added all the sessions i want to experience and i now have up to 8 sessions at the same time at almost all hours theough out the week. So now the work of fixing my schedule for the week. Good thing is that we can watch almost all content on video on demand after the conference 🙂

Even tho its my frist time to ignite, i have some tips!

  1. Arrive early to your sessions
  2. Have some break time between your sessions.
  3. Wear good and comfy shoes
  4. Keep hydrated
  5. Meet people and have fun!

Hope to you at ignite this year!

Sensitivity labels available in Outlook Web

The first step into enabling the use of Unified labels in Office Web apps is here! Today i got the “Sensitivity” bar enabled in my tenants.

Sorry for the Norwegian text in the picture, as “Følsomhet” is the Norwegian word for “Sensitivity”

To get started with Sensitivity labels – head over to Microsoft 365 Security portal and open the “classification” menu.

From there head in to “Sensitivity” and create a label.

Next – choose the tab for Label Policies and publish the label you created.

When testing the feature, remember to only publish the label to your self so that you not enable all users in your company to use and test it. 🙂

5 tips to get more secure in Office 365

So if you are using Office 365 you should consider use/enable these 5 features which you have free of charge within your Office 365 subscription.

These tips are the first thing i enable for my customers (if they are not enabled already of course)

So let`s dig into the features! – All of the features are FREE!

1. Enable MFA for your user

This is a simple thing to do and in 5 steps it`s enabled both for your end-users and for your admin accounts.


2. Block malicious files types

The next one is almost as simple as the first one and is enabled in just a few minutes.

Navigate to “” and authenticate, go to “Threat Management” and “Policy” then click “Anti-malware”. Edit the default policy and og to settings, under “Common Attachment Types Filter” set the toggle to “On” – your done! 🙂

3. Use a separate account for administrative tasks

A simple thing to do – if you have administrative privilege’s on your account you should create a separate admin account which is protected with MFA of course. This can also be mitigated using the paid service Azure AD Privileged Identity Management – more on that service i a later blogpost

4. Block Auto-forwarding on email accounts

By blocking auto-forwarding on email accounts you mitigate the attack vector which is when a account is breached and the bad guys setting up forwarding of emails to gain information about the company and how people collaborates. This is the start of a advanced phishing attack.


5. Use Secure score to improve security

Secure Score is a simple and fun way to fix and improve your company security. The results are tailored to your Office 365 implementation and you`ll get scored on how many improvements you configure.

So to wrap up this blog post – All these features are free! It will take you under 1 hour to implement and your company is a lot more secure!

Automated Investigation & Response

The Automated Investigation & Response feature under Threat management in Security & Compliance admin portal is a pritty new and amazing feature in Office 365.

To use this feature you need to have “Office 365 Advanced Threat Protection Plan 2” licenses witch you can purchase standalone or it`s included in the Office 365 E5 license and yes – you need to be a “Global Administrator” or “Security Administrator” to configure the service. Once configured you can also use “Security Reader” or “Security Operator” to see whats happening.

Have a look here to see all capabilities within “Advanced threat protections”.

So over to Automated Investigation & Response (AIR) – have a look at this screenshot

As we see her we have two detection on-going which waiting on user action. The first one in the picture is automatically found by the system and the second one is a email which I reported through the “Message Report” add-in for Outlook which are deployed to all users (Both Outlook and Outlook Web).

In the overview of the case (the one i reported) we see what`s going on with the message, the Trigger alert, what threats  who where found, how many emails are “infected” and which users that have the infected email in their mailbox (could be a mass-phishing attack)

When we navigate to the Email tab we see what section of the email that are found malicious and in this case the Advanced Threat Protection has matched the URL to a malicious URL

Moving to the Action tab – we are given several a big tool belt meaning that we can do a soft delete from the users mailboxes (in this case only one user, but if this malicious email was delivered to 100 users we can in one click remove the email from the users mailboxes) and block the URL in Safe Links.

So this was very short on how to easily use AIR in your tenant if you have the right license.

Get started with MFA – part two

So in the previously post I went through how to activate MFA for Administrator roles i a really simple and effective way.

In this post we will focus on activating MFA for all regular users. And first off all we need to evaluate who should be activated first or should we activate on all users at the same time and do a evaluation on service accounts! If we enable MFA on for example a serivce account used for scan to email on “multi functional printers” or on a mailbox account witch are used on a thirdparty ticketingsystem (POP/IMAP) we could break those service by just enabling MFA on all users.

My recomandation is when you are more then 30 users in your company you should select a few ambasadeurs who is getting the MFA activated first and can therefore be the power users who can help others with the registration if there is any hick-ups (should not be many).

And to activate MFA for end users I highly recomend to use Conditional Access for

  • all users and exclude a AzureAD Group which contains a “Break the glass Admin” and other service accounts.
  • All cloud apps (no exeptions)
  • Grant Access – but require MFA

Easy like that! And It`s a realy quick solution for your company.

Drawback here is that you need “Azure AD Premium P1” licenses to use Conditional Access and a second drawback is that it`s not scored at the Microsoft Secure Score.

Get started with MFA – part one

You problably heard about multifactor authentication by now, but have you enabled it in your environment?  

If not! Please do so at once! I will in this short blogpost give you the direction to get started with MFA in Azure AD. 

So let`s just jump right into it.  

First things first – protect your admin accounts!  

With admin accounts i mean a account who has a additional role assigned other then beeing a regular user and to mitigate these users we will enable a Conditional Access who is requires MFA for all administrator accounts 

So navigate to Azure Active Directory in 

Dive into “Security” -> “Conditional Access”  

Click the “Baseline policy: Require MFA for Admins (Preview) and choose to use it immidiatly 

So now you have successfully enabled MFA for all your admins! Great work 😊 

To make it easier for yourself you can now change the MFA verification from the default SMS to Authenticator app by visiting and add the Authenticator app as a preffered method. 

Next up is to enable it for all your users and that i will cover in the next blog post – Stay tuned for “Get started with MFA – Part two” 🙂

Microsoft Intune

Når vi snakker om skyen er «Device management» for mange et “glemt” kapittel, i alle fall for små og mellomstore bedrifter i Norge. Device management i skyen ble tidligere omtalt som MDM (Mobile device management), og mange tenkte nok at det bare gjaldt for Mobiler og nettbrett, – men tiden har endret seg og MDM omfavner nå PC og Mac`er også!

Microsoft sin Intune-løsning har støtte for både Windows, MacOS, Android og iOS pr. dags dato. Dette betyr at de støtter de største operativsystemene som brukes ute i norske bedrifter.

Men hvorfor trenger akkurat du dette? Er det ikke greit at de ansatte selv har kontroll på maskinene? Jo, kanskje, men hvordan håndterer vi da bedriftens data som lagres på de ansattes telefoner eller pc`er?

Med Office 365 er bedriftens data veldig enkel å få tilgang på, det holder at man logger seg inn på “” med brukernavn og passord (+ MFA selvsagt) så har man derfra tilgang til epost, felles dokumenter i SharePoint, hjemmekatalogen i OneDrive for business eller andre sky-tjenester som er tilgjengeliggjort igjennom portalen.

Ok, så hva skal Intune hjelpe til med?

Overordnet i en cloud only konfigurasjon vil det se slikt ut:


Registrering av enheter som kan få tilgang til bedriftens data

Ved at brukernes enheter registreres i firmaportalen (Intune-app) eller i Azure AD så vil man få kontroll på hvilke enheter brukerne har og får tilgang til bedriftens data med.

Sette krav til enheten

Man kan lage samsvars krav til enhetene, som for eks. krever at maskinen har Antivirus, er oppdatert med siste oppdateringer og har kryptering av harddisken, før den blir markert som en “godkjent enhet”. For Windows 10-maskiner kan man konfigurere opp til 28 sjekker, for MacOS opp til 18 sjekker. Man kan virkelig sette krav til enheten man skal dele alle bedriftshemmelighetene med.

Slippe inn ansatte basert på hvilken enhet de kommer fra

– Ved bruk av Conditional Access sammen med Intune kan man kreve at enheten skal være “Compliant» i henhold til samsvarskravene vi konfigurerte i punktet over, om man skal kunne logge på “” og starte SharePoint.


Når man nå har registrert de mobile enhetene, som brukerne også bruker for personlige filer, får man et skille på bedriftsdata og personlige data i applikasjonen. Dette betyr at dersom enhetene blir stjålet, eller at den ansatte slutter i firmaet, kan man ved et par klikk slette bedriftens data (dokumenter, epost osv.)
Man vil kunne blokkere datakopiering mellom den private delen av applikasjonen og den bedrifts-eide delen.


Nye sikkerhets tjenester i Microsoft 365 Business

Denne uken ble Microsoft 365 Business-lisensene oppgradert med en rekke nye sikkerhetstjenester som kan bidra til at ditt selskaps enheter og dokumenter blir håndtert på en forsvarlig og sikker måte. Funksjonene som fra og med denne uken er inkludert i Microsoft 365 Business er følgende:

  • Azure Information Protection P1
  • Azure Rights Management
  • Office 365 Advanced Threat Protection
  • Exchange Online Archiving for Exchange Online
  • Intune

Office 365 Advanced Threat Protection

Advanced Threat Protection (ATP) hjelper bedriften din mot sofistikerte og avanserte phishing og ransomware-angrep designet for å kompromittere ansattes eller kunders informasjon. Funksjoner inkludert:

  • Sofistikert skann av vedlegg ved bruk av Microsofts AI-drevne analyse for å oppdage og stoppe mistenkelige eposter.
  • Automatisk sjekk av URL/Web-linker i eposter for å analysere om de benyttes i et phishing- angrep. Hjelper alle ansatte med å stoppe tilgang mot utrygge nettsteder.

Exchange Online Archiving

Exchange Online Archiving-tjenesten muliggjør arkivering av e-poster. All epost blir arkivert ved denne tjenesten, også slettede elementer og sendte eposter. Bevaringsregler satt sentralt fra Exchange admin senteret, håndterer dataene dersom det er behov for å kjøre Litigation holds eller eDiscovery og er gjerne en funksjon som kreves for å møte samsvarskrav i større bedrifter.

Azure Information Protection (AIP)

Information Protection hjelper deg med å kontrollere tilganger til sensitiv informasjon i eposter eller dokumenter med ekstra kontroller som «Do not foward» eller «Do not copy». Du kan altså klassifisere sensitiv informasjon som «konfidensielt» og spesifisere hvordan klassifiseringen kan deles både innad i selskapet eller med eksterne. Azure Rights Management gir Azure Information Protection enterprise gradert kryptering enkelt etablert på dokumenter og eposter for å holde kontroll på klassifisert informasjon. Microsoft 365 Business innehar alle funksjoner som Azure Information Protection Plan 1 har.

Alle funksjoner av Intune

Ved å ta i bruk Intune med Microsoft 365 Business kan man fra nå av ta i bruk funksjoner som kan ta kontroll over MacOS enheter, iPhone og Android telefoner og avanserte enhets kontroll or Windows. Dette er tjenester som ikke har vært tilgjengelig i Microsoft 365 Admin grensesnittet. Funksjonene når man ved å aksessere Intune Admin senteret.

© 2019 IdefixWiki

Theme by Anders NorénUp ↑