Enable your remote workforce to work with Microsoft 365 and Teams with enhanced security

by Contributed | Sep 30, 2020 | Uncategorized

This article is contributed. See the original author and article here.

Microsoft 365 enabled all its consumer to use Microsoft 365 workloads from everywhere/anywhere. Microsoft has built data center in almost all the regions which help customers to connect closed data center from your office egress and remote work locations. But still many corporates are not willing to allow their remote work force to connect directly to closet Microsoft 365 front door, and wants users to connect company VPN and then let route traffic to Microsoft 365 via egress which cause latency and performance issues. For Workloads like Microsoft teams, Its wider impact on performance which use media traffic for calls and meetings and doesn’t like to pass the traffic via VPN concentrator.

We all can agree on this that, cloud solution has given a seamless platform to connect services from anywhere but increased security and compliance threat in proportionally, And this is the fear in organization causing to not let them allow direct connectivity to Microsoft 365, even today most of the workforce is working from home due to COVID-19 outbreak.

You can use Microsoft enhanced security feature and Azure policy to enable remote users to work directly with Microsoft 365 and provide a great user experience. We must implement the security controls at mainly two level.

1. End Point Level
Using below solutions and tools, you can make sure that your user’s endpoints are secure, safe and qualifying to connect Microsoft 365 services directly.

a) Patching
An automated patching system should be in place to regularly patch the end-points like SCCM to meet the defined threshold of the compliance policy.

b) Defender ATP
Microsoft Defender Advanced Threat Protection is a complete end-points security tool delivers preventative protection, post-breach detection, automated investigation, and response. The beauty of this solution is, it’s not only detect the threat but immediately response and help to remediate vulnerabilities and misconfigurations.

c) Antivirus
Systems should be protected with antivirus with the latest updates. If your organization is only having windows 10 OS environment, Microsoft Defender Antivirus is automatically enabled and installed on them. But if you have mixed environment then you need to use third party antivirus with combination of Defender AV. You can go Microsoft Defender Antivirus compatibility for more details.

d) EDR (Endpoint Detection and Response)
As name suggest, when a threat is detected, alerts are created in the system for an analyst to investigate and The response capabilities give you the power to promptly remediate threats by acting on the affected entities. It’s part of Microsoft defender ATP.

e) Device Compliance

2. Azure Level

a) Azure AD Device Registration
Your device needs to be registered with azure AD. Azure AD registered devices are signed in to using a local account and additionally have an Azure AD account attached for access to organizational resources like Microsoft 365. Access to resources in the organization can be further limited based on that Azure AD account and Conditional Access policies applied to the device identity.

Administrators can secure and further control these Azure AD registered devices using Mobile Device Management (MDM) tools like Microsoft Intune.

b) Multi factor authentication
Users should be enabled to Azure MFA to access Microsoft 365 apps from external. The MFA requirement would be enforced with conditional access policy which will allow users to consume the service. The exclusion can be setup for admins accounts if required so they can connect PSshell script without MFA to manage the service without any interruption.

c) Conditional Access policy
Conditional access policy is a feature part of azure active directory to enforce the company policy based upon clients signals and decision. You need to setup conditional access policy to grant Microsoft 365 app access from external locations (Each organization may have different requirements, so they need to work with their IT security to implement it), The grant control can be enforced as per the requirements.

Setup Conditional access policy

Once you have made sure the above pre-requite for machines is in place, now you are good to configure conditional access policy to meet the requirements aligned with company IT security, which will let end user to connect M365 and teams from external.

a) Create a new CA policy

• Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
• Browse to Azure Active Directory > Security > Conditional Access.
• Select New policy.
• Give your policy a name.

b) Grant access to clients for the conditions required

c) Allow “apps”

• Select “cloud apps or actions” in the new conditional policy options
• In “Select what this policy applies to” select “cloud apps”
• Click on “Include” and pick “Select apps” radio button
• Now in the apps, you need to select the apps which you want to allow to access from external for example, Microsoft Teams.

You need to allow SharePoint and exchange apps as well as Teams use one drive, Messaging and SharePoint in background for several used cases.

How it works?

Now, I am connected with open internet and trying to login with my teams desktop app. Yes, I can sign-in successfully and use the teams over open internet.

To verify the end-end connectivity, I am checking my IP address got from service provider which is “103.86.183.43”. you can use whatismyipaddress web tool.

Now, Go into azure active directory > Sign-ins and find out the user logged-in into teams. You would see the above IP address connecting you.

As above stated, Using the strong security control you can enable your end users to access M365 and teams from outside and provide them better experience with good performance.

What’s New in Microsoft Teams | September 2020

by Contributed | Sep 30, 2020 | Uncategorized

This article is contributed. See the original author and article here.

September has been an eventful month filled with exciting news and announcements. Before we dive into the new product features released this month, we want to address feedback we’ve heard from you regarding the performance of Microsoft Teams and share some of the investments we’re making to improve it.

Teams performance update

Organizations of all types and sizes depend on Teams to keep their users connected and productive throughout the work and school day. As we drive new capabilities to meet our customer’s evolving needs, we’re also working to ensure they have a high-performance experience that scales across their devices and levels of internet connectivity.

We’ve recently doubled down on Teams performance with improvements you can experience now and we’ll continue to update you on future improvements as part of this monthly blog.

Offline support in desktop
Limited network connectivity is a reality for many of our users around the world. In March, we launched the ability to run the desktop client on Windows and macOS in environments with limited bandwidth or without a network connection. This was accomplished through caching of data and code, and we also adopted a local fetch approach over network requests which led to improved launch times of the desktop client. Now we’re working on allowing users to author messages even when offline and have them automatically sent when network connectivity is reestablished.

Improved desktop launch time
As users start their meetings, classes, and days in Teams, it’s essential they can get things running quickly. We’re rolling out multiple updates to improve the launch time of our desktop clients on Windows and macOS. This includes deferring non-essential operations until after launch, optimized code delivery flows and service side optimizations like migrating services infrastructure to Azure Front Door. In our testing these investments resulted in a 30% reduction in application launch time.

Video rendering optimizations in desktop
With more users working and learning from home, video is a critical way to connect with others. However, video rich features can also raise the average workload of device CPUs and GPUs. To address this, we’re adjusting how much compute power is used during video calls and meetings by reducing animations, blending layers, and simplifying the overall experience. We are also making changes to video rendering, the UI overlays composite on top of the video, and hardware drivers. These improvements are rolling out now to our desktop clients on Windows and macOS with more updates coming soon.

Battery life optimizations in iOS
Staying connected through Teams on a mobile device is essential for Firstline Workers and those away from their desktops throughout the day. To reduce the Teams app battery consumption in iOS, we ’ve moved a significant amount of background processing to our cloud services and reduced the frequency of syncing static information. In our testing this resulted in close to 40% improvement in background battery life consumption. You can experience these improvements today using the latest version of the Teams app for iOS.

Low bandwidth optimizations for Android
Lastly, we’re optimizing the Teams app on Android for low bandwidth environments. This includes reducing message sync latencies while increasing messaging reliability by optimizing background conversation syncs and database access patterns. We also improved the network quality detection logic that enables scenarios such as file uploads to intelligently balance between reliability and performance based on the available bandwidth. These enhancements are available in the latest version of the Teams app for Android.

What’s new in Microsoft Teams in September?
Last week at Ignite, we announced many new features coming to soon to Microsoft Teams. Be sure to have a look at What’s New in Microsoft Teams | Microsoft Ignite 2020 for a recap of the news and read on to see features that have started rolling out in September.

What’s New: Meetings & Calling
Large Gallery view – see up to 49 participants
Large Gallery is providing a new way to view video up to 49 participants at once on a single screen (7×7). This feature rolled out to production with the new multi-window experience. In order to take advantage of this new view, users will need to turn on the new multi-window meeting experience.

Together mode
Together mode uses AI segmentation technology in meetings to digitally place participants in a shared background, making it feel like you’re sitting in the same room with everyone else. Last week at Ignite, we announced new Together mode scenes are coming later this calendar year.

New Teams meeting pre-join experience
We’ve improved the pre-join meeting experience for Teams meetings including easier discovery of audio, video, and device configurations before joining a meeting.

Reverse Number Lookup Enhancements
In October 2019, we released Reverse Number Lookup to make it easier to identify the caller. Now with these latest enhancements, the caller name will also show up in your activity feed, call history, and voicemail.

Safe Transfer
Safe Transfer allows you to transfer a call between Teams and Skype for Business with confidence. If the recipient doesn’t answer the call, it will ring back to you so don’t lose the call. You must be a Teams user to transfer a call and the recipient must be either a Teams or Skype for Business user in the same tenant or in a federated tenant.

New Teams meeting and calling offers
This month we announced three promotional offers to help you experience the best of what Microsoft Teams can offer in meetings and calling. For eligible customers, these include free Audio Conferencing, a 35% discount on Advanced Communications, and FastTrack support to help you move from Skype for Business to Teams in a cost-effective manner. Learn more about these offers.

What’s New: Devices
New feature for Microsoft Teams phones
We have delivered a series of new feature updates to Microsoft Teams phones that are available now in version 1449/1.0.94.2020071702.

• Redesigned Home Screen: A new, simple view providing up-to-date information about your calling and meeting activity, reminders of your current and upcoming meetings, and access to quick actions like replying to missed calls and listening to voicemail.
• Customize Quick Access to Apps: Set the default views for your phone by pinning and re-ordering your apps suited to your needs. See here for more details.
• Auto accept incoming meeting and call requests: Teams phones can now be provisioned to automatically accept incoming meetings nudges and calls, allowing instant, hands free connection to incoming join requests.
• Dedicated Teams button: new and upcoming Teams phones will have a dedicated Teams button to quickly launch Teams app on the device home screen.

Microsoft Teams Rooms on Windows, app version 4.6.20.0 now available
The latest app for Microsoft Teams Rooms on Windows, version 4.6.20.0, is now available through the Windows Store. Features enabled through this update include:

• Live captions: Meeting participants joining from a Teams Room can now view live captions turned in a Teams meeting. In-room participants can also turn live captions on or off from the center of room console. Captions will appear at the bottom of the meeting experience shown on the front of room display.
• 3×3 gallery view: Meeting participants can now view up to nine participants in the meeting gallery view, shown on the front of room display.
• Direct Guest Join with Zoom Rooms (Preview): Teams Rooms and Zoom Room devices can now connect to each other’s meeting services via embedded web technologies. This will reduce the friction you experience when trying to join calls from external partners or clients who may not be using the same meeting service.

Microsoft Teams Rooms on Android, app version 1.0.94.2020062501 now available
The latest app for Microsoft Teams Rooms on Android, version 1.0.94.2020062501, is now available through the Teams Admin Center. Features enabled through this update include:

• Pin video: Now you can pin the video stream of a meeting participant from the Teams Rooms device, keeping the pinned user’s video visible in the gallery. This “pinned view” is only applied to the gallery view in the meeting room and not to other meeting participant’s views.
• Support for structured meeting role and roster controls: Allows meeting organizers to assign meeting roles (presenter and attendee) from the Teams Rooms experience, enabling participants to take specific actions associated with those roles (e.g. mute participants, present content, etc.)

Lenovo Announces New ThinkSmart Hub Solution
Lenovo’s ThinkSmart Hub is now better than ever. The redesigned meeting room solution is purpose-built to deliver a best-in-class Microsoft Teams Rooms experience, and now sports an even sleeker design, richer audio, and cleaner cable management. The new ThinkSmart Hub is under certification for Teams.

Poly G-Series Microsoft Teams Rooms Solution is Now Certified for Microsoft Teams
Available now! Poly G-Series Room Solution for Microsoft Teams not only delivers the premium Poly audio and video for Teams, but it also provides ultimate simplicity from start to finish, with clutter-free cabling and Meeting AI technology enabling hands-free tracking and noise block technology in any size room. To learn more about the Poly G Series solution for Microsoft Teams Rooms, click here.

Yealink Announces New Teams Rooms Device
Yealink MVC400 brings a dedicated Teams Rooms system with an integrated USB video bar UVC40, including a premium AI-powered camera, microphone arrays, and speaker. The enhanced MTouch II offers flexible content sharing, and the new MCore mini-PC has a simplified cabling system. Learn more about these products here.

Crestron Announces New Crestron Flex Solutions
Recently released, the Crestron Flex MM transforms more rooms into collaboration spaces, delivering a premium UC experience with its compact tabletop design and it is under certification for Teams. Also announced, the Crestron Flex MX brings every option to the table, supporting both native, one-touch join for Microsoft Teams and Bring Your Own Device (BYOD) for all other platform software. Learn more about both products here.

Please visit http://aka.ms/teamsdevices to see the latest our portfolio has to offer in the world of collaboration devices!

What’s New: Chat & Collaboration
Reflect messaging extension
Managers, leaders or teachers now have an easy way to check in with how their team or students are feeling — either in general, or about a specific topic like work-life balance, the status of a project, current events, or a change within the organization. IT administrators can install the Reflect extension from GitHub and make it available to their users in the message extension menu.

Microsoft Lists in Teams
We recently announced the general availability of the Lists app in Teams for all our commercial and Government Community Cloud (GCC) customers. Microsoft Lists help track information and organize work. Lists are simple, smart, and flexible, and help teams stay on top of what matters most. And now you can create a list directly in Teams as a channel tab.

Microsoft Whiteboard updates
Microsoft Whiteboard is integrated within every Teams meeting, enabling meeting participants to join in with touch—or their mouse—and contribute with digital ink. We recently added the ability to add sticky notes and text to a canvas, making it easier to contribute if you’re using a device without a digital pen, and added the ability to move and re-order objects on the canvas through a simple drag and drop gesture. Learn more here.

What’s New: Teams for Education
“Only Me” Admin Policy for all Organizer Meeting Options
IT Admins can apply a policy that defaults “Only Me” to allow only educators (or the meeting organizer) to enter the meeting and keep students in the lobby until the educator admits them. This helps maintain student safety and contains student to student interaction in class to the right time when the educator is present. Learn more about this and other recommended Teams for Education policies here.

For more Microsoft Teams for Education features and announcements, check out What’s New in Teams for Education | September 2020.

What’s New: Firstline Workers
Walkie Talkie Android
Walkie Talkie is a push-to-talk experience that enables instant and secure voice communication over the cloud, turning your personal- or company-owned Android smartphones and tablets into a walkie-talkie. It reduces the number of devices you need to have while providing clear communication free of radio interference, static and no distance limitations in range. Learn more.

Integration between Teams and RealWear
Through an integration between Teams and RealWear head-mounted devices, you, as a field worker can remain 100% hands-free using a voice-controlled user interface while maintaining situational awareness in loud and hazardous environments. Learn more here.

Shifts Connector in Power Automate
With the new Power Automate Shifts connector you can automate processes within the Shifts application. As a manager you can be more efficient and save time with schedule management and by auto-approving shifts all at once. With these new templates, team members can view all Shifts in the calendar of choice (such as Outlook), and can be empowered to create Shifts templates of their own to meet the needs of your business. These features can be enabled in the Power Platform directory. Learn more here.

Customizable Praise Badges
Now, organizations can create customized Praise badges to express their culture and values when recognizing successes and fostering comradery. Praises can help improve workplace culture and job satisfaction, from corporate headquarters to Firstline Workers. Learn more about how to get started here.

What’s New: Government
These features currently available to Microsoft’s commercial customers in multi-tenant cloud environments are now rolling out to our customers in US Government Community Cloud (GCC), US Government Community Cloud High (GCC-High), and/or United States Department of Defense (DoD).

New experience for launching instant channel meetings for GCC
Meet Now buttons in Teams channels have a new home. You will soon find them in the Channel header where you can easily find and launch the meeting.

Custom Apps and Sideloading in GCC
Sideloading and custom (line-of-business) apps are now available in GCC. GCC tenant administrators can decide whether to upload a custom app to their tenant environment and publish it to their tenant app catalog. To learn more, read our technical documentation here.

What’s New: Power Platform and custom development
Microsoft Graph API for change notifications
The Microsoft Graph API for change notifications allows developers to build apps that messages in near-real time, without polling, to enable scenarios such as data loss prevention (DLP), enterprise information archiving, and bots that listen to messages that they aren’t @mentioned on. This helps both customers and ISVs to enable DLP scenario implementations to remain secure and compliant. Learn more at our detailed developer blog post here.

Teams membership Microsoft Graph APIs
Team Membership APIs allow your app to list, add, change, and remove Team members and their roles. Learn more about how to utilize this API here.

Private Channels Microsoft Graph APIs
With the Private Channels Microsoft Graph APIs we enable apps to create and manage private channels. Developers will be able to add, update, remove, members of a private channel and be able to create a private channel on behalf of a user.

What’s New: Management, security, and compliance
New meeting lobby configuration setting available for PowerShell and Teams Admin Center
A new lobby type option is coming to PowerShell and Teams Admin Center that allows tenant administrators to assign a user-level policy to send everybody but the Teams meeting organizer into the meeting lobby. Once assigned, all meeting attendees–including those from within the same organization–will be sent to the meeting lobby to be admitted by the organizer.

Screen share from chat policy governance
Screen share from chat allows you to immediately start sharing your screen in a one-to-one or group chat. This entry point was previously governed by the AllowPrivateCalling policy. If this policy was disabled, users weren’t able to screen share from chat. This will now be governed by the ScreenSharingMode policy.

Advanced eDiscovery: Supporting modern attachments from SharePoint Online
Advanced eDiscovery can now automatically collect documents from a storage location, such as SharePoint or OneDrive, to pull the content into an eDiscovery case. The attachments are collected, reviewed, and exported along with the Teams conversations so IT or relevant stakeholders don’t need to manually find and collect the documents one by one.

Microsoft Information Protection: Data loss prevention for Microsoft Teams
Data loss prevention (DLP) capabilities in Microsoft 365 government clouds will be extended to include Microsoft Teams chat and channel messages, including private channel messages. If your organization has DLP, you can now define policies that prevent people from sharing sensitive information in a Microsoft Teams channel or chat session.