Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Webinar: You made the move to Office 365—now what?


Published on

In this webinar, Benjamin Niaulin explains how to leverage your Office 365 subscriptions to keep pace with the evolving workplace.

It’s not just SharePoint that needs to go from classic to modern—the way our IT departments think about and use technology in the workplace needs to be updated, too.

Published in: Technology
  • Be the first to comment

Webinar: You made the move to Office 365—now what?

  1. 1. Webinar: You made the move to Office 365—now what?
  2. 2. @bniauli n Head of Product Benjamin Niaulin
  3. 3. Webinar:YoumadethemovetoOffice365—nowwhat? Ok, so you’ve gone through the checklist
  4. 4. Webinar:YoumadethemovetoOffice365—nowwhat? And moved to Office 365, but stayed like before
  5. 5. So now, what? Webinar:YoumadethemovetoOffice365—nowwhat?
  6. 6. Webinar:YoumadethemovetoOffice365—nowwhat? The Modern Workplace
  7. 7. Fundamental change in how we work Webinar:YoumadethemovetoOffice365—nowwhat?
  8. 8. From IT team to Product Team Cross- Product Governance Intent-Driven vs Technology- Driven Classic to Modern Adopting the modern workplace Webinar:YoumadethemovetoOffice365—nowwhat?
  9. 9. Webinar:YoumadethemovetoOffice365—nowwhat? What do we mean by Classic SharePoint?
  10. 10. Webinar:YoumadethemovetoOffice365—nowwhat? What do we mean by Modern SharePoint?
  11. 11. Webinar:YoumadethemovetoOffice365—nowwhat? What do we mean by Modern SharePoint?
  12. 12. Webinar:YoumadethemovetoOffice365—nowwhat? What’s gone? • Most Popular Items • Tree View • Publishing* • Ribbon • “Get Started with your site” • RSS Feed • Content Organizer • Tags and Notes
  13. 13. Complicated to Simple sites SharePoint Customizations I • SharePoint Designer • InfoPath • SharePoint Workflows • Sandbox Solutions • Custom Actions Classic Modern • SharePoint Framework (SPFx) • PowerApps • Microsoft Flow Webinar:YoumadethemovetoOffice365—nowwhat?
  14. 14.
  15. 15. Webinar:YoumadethemovetoOffice365—nowwhat? Going FLAT to go Modern Subsites & Modern O365 Groups only work with Top Level sites Rethink architecture with Hub Sites
  16. 16. Intent-Driven
  17. 17. Webinar:YoumadethemovetoOffice365—nowwhat? Microsoft’s vision is not a top down architecture
  18. 18. Webinar:YoumadethemovetoOffice365—nowwhat? Changing how you do Governance From product focused:
  19. 19. Webinar:YoumadethemovetoOffice365—nowwhat? Changing how you do Governance To intent-focus:
  20. 20. So I started asking the question: on or off? Webinar:YoumadethemovetoOffice365—nowwhat?
  21. 21. So I looked at my data Webinar:YoumadethemovetoOffice365—nowwhat?
  22. 22. Naming conventionsLifecycle management for Office365 Groups Prevention of content duplicationClassification Content location for hybrid environments Ownership regulations/Permission management Webinar:YoumadethemovetoOffice365—nowwhat?
  23. 23. Webinar:YoumadethemovetoOffice365—nowwhat? Creation permissions Naming policy Expiration policy Soft delete and restore Guest access Reporting Policies and information protection Azure AD access reviews Upgrade DLs to groups in Outlook Managing and governing Office 365 groups at scale
  24. 24. Group creation policy Webinar:YoumadethemovetoOffice365—nowwhat? • Originally created as a setting in an OWA mailbox policy • OWA mailbox policy is still used for OWA and Outlook 2016 • New implementation as an Azure Active Directory settings object • Used to control the ability to create groups through Planner, Dynamics CRM, Power BI and the Outlook Groups app • Will eventually control the ability to create groups everywhere • Basic idea: • Decide to implement a block on general group creation • Define a list of users who are permitted to create groups (in an AAD distribution group or Office 365 Group) • Create directory setting object and update settings to implement block by restricting creation to permitted list • Clients and integrations access AAD to retrieve directory settings and implement block/permitted list
  25. 25. Group creation policy Webinar:YoumadethemovetoOffice365—nowwhat? Connect to Azure AD Retrieve template id Prepare new setting object Update settings to block creation and assign permitted list Create the directory setting object [PS] C:> Connect-MsolService [PS] C:> $Policy = Get-MsolSettingTemplate –TemplateId 62375ab9-6b52-47ed-826b-58e47e0e304b [PS] C:> $Setting = $Policy.CreateSettingsObject() [PS] C:> $Setting[“EnableGroupCreation”] = "false" [PS] C:> $Setting[“GroupCreationAllowedGroupId”] = "a3c13e4d-7083-4448-9224-287f10f23e10" [PS] C:> New-MsolSettings –SettingsObject $Setting This is the object id of the group that contains the permitted list
  26. 26. Group creation policy Webinar:YoumadethemovetoOffice365—nowwhat? Retrieve ID for current settings Retrieve existing settings Set new values Update directory setting object [PS] C:> $SettingID = (Get-MsolAllSettings –TargetType Groups).ObjectID [PS] C:> $ExistingSettings = Get-MsolSettings -SettingId $SettingID [PS] C:> $Values = $ExistingSettings.GetSettingsValue() [PS] C:> $Values[“UsageGuidelinesUrl”] = “" [PS] C:> $Values[“ClassificationList”] = “General Usage, External Access, Internal Only, Confidential” [PS] C:> Set-MsolSettings -SettingId $SettingID - SettingsValue $Values Include usage guidelines and Group classifications in the directory setting object
  27. 27. Group naming policy Webinar:YoumadethemovetoOffice365—nowwhat? • Stored in Exchange organization configuration setting • Also used by email DLs • Common implementations: • Include prefix in name “GRP – group name” • Include department in name “ Operations – group name” • Set through EAC or PowerShell • Administrator can override to create a group named according to their requirements • Set-OrganizationConfig -DistributionGroupNamingPolicy “GRP - <Department> <GroupName>" Warning: Use the same policy on both sides of a hybrid deployment!
  28. 28. Identifying Inactive Groups Webinar:YoumadethemovetoOffice365—nowwhat? • Check audit records for SharePoint file activity in document library with Search-UnifiedAuditLog • Check the number and last date of conversations in group mailbox with Get- MailboxFolderStatistic See script at for-obsolete-Office-c0020a42
  29. 29. Office 365 Groups and Compliance Webinar:YoumadethemovetoOffice365—nowwhat? • Use functionality delivered through Security & Compliance Center rather than individual workloads • Exchange eDiscovery and in-place hold can include group mailboxes • Exchange retention policies don’t process group mailboxes • SharePoint eDiscovery cases support group document libraries • SCC Content searches • Can search both group mailboxes and document libraries • SCC Preservation policies • Can place holds on group mailboxes and document libraries • SCC eDiscovery • Cases can use group mailboxes and document libraries as sources • Unified DLP policies
  30. 30. Webinar:YoumadethemovetoOffice365—nowwhat? • Sensitive Groups can be hidden (from GAL and membership) • Set-UnifiedGroup -HiddenFromAddressListsEnabled $True –HiddenGroupMembershipEnabled • Caveat: Make sensitive groups private to avoid casual searches for confidential documents • Good idea for users to mark secret groups as favorites so they are easily accessible in all clients • The CalendarMemberReadOnly flag can be set with Set-UnifiedGroup to stop members deleting calendar items in sensitive groups Secret Groups
  31. 31. Webinar:YoumadethemovetoOffice365—nowwhat? • Dynamic Office 365 Groups are implemented through queries executed against Azure Active Directory • The queries defining group membership can only be created and maintained through AAD console • Requires AAD Premium license for every account that comes in scope for a query used by a dynamic Office 365 Group • E.g. “All Company” group for 10,000 user company = $60,000/month cost • Cost is not an issue if the organization uses AAD Premium licenses for other reasons (like writeback for hybrid synchronization, password self-service, or the Enterprise Mobility Suite) Dynamic Groups
  32. 32. Webinar:YoumadethemovetoOffice365—nowwhat? • Requires PowerShell • Default Domain + Primary SMTP + Group ID • Email address templates dictate the form of email addresses assigned to new groups • Not retrospectively applied Multi-domain support [PS] C:> New-EmailAddressPolicy –Name MarketingGroups –IncludeUnifiedGroupRecipients –EnabledEmailAddressTemplates "", "" -ManagedByFilter {Department –eq "Marketing"} –Priority 1
  33. 33. Webinar:YoumadethemovetoOffice365—nowwhat? • Restricted version of browser “Files” view can be accessed by guest users • Can access cloudy attachments • Can’t see full tenant GAL • Can’t access conversations • Restricted view of group members • No mobile access • No access from Outlook • No way to block specific guest users • Design issue: should you allow guest users access to “full” groups or “special” groups Guest user access
  34. 34. User managed • Guest inviter role - Setup a policy so that users with this role can only invite guest • This can be set using user AD properties such - Title, Job Description Policies for Guest Access - Best Practices Webinar:YoumadethemovetoOffice365—nowwhat? Reach Title = manager Guests Domain managed • Admins can create an allow/deny list of external partner domains that can be added as guests. User Guests IT approved list of domains Group level • Manage guest access at Group Level Only IT Admin Guests
  35. 35. I recommend you: I Figure out what your provisioning cycle looks like to be ready for self-service later on. Plan Provisioning Webinar:YoumadethemovetoOffice365—nowwhat? What is your Office 365 Groups expiry and retention policy? Keep visibility on growing environment. Modernize This is bigger than Classic to Modern SharePoint. It’s the architecture, going flat and using Office 365 Groups. Modernize The self-service nature of Microsoft Teams can only be successful if you planned accordingly. Enable Microsoft Teams They create, collaborate and distribute. They also need to validate all is ok. Activity, Sharing and other things happening in their group. Make Owners Accountable Beyond individual products, make sure the right Classifications, Labels, External Sharing, etc… policies are in place. Cross-Product Governance
  36. 36. But I also recommend you re-evaluate how IT is done IWebinar:YoumadethemovetoOffice365—nowwhat? Stop looking into how to do IT, rather look up how Product Teams work in the software world. IT in the Modern Workplace is about the service (product) you give to them and them buying into it. Become a Product Team A framework that focuses on the customer, in your case it might be your end user. What are they trying to achieve beyond their ”ask for a site”. Free book : https://jobs-to-be-done- Jobs-to-be-Done
  37. 37. Webinar:YoumadethemovetoOffice365—nowwhat? Curated content to help you get there
  38. 38. @bniauli n Thank you
  39. 39. Deploy Microsoft Teams and stay in control Register now