Microsoft Ignite – news, ideas and take-aways with Enfo Modern Workplace pt.3
This is the last blog post about Microsoft Ignite 2020 delivered to you by Andreas Eriksson Hammar, Solution Architect and Technical Lead within Microsoft 365 at Enfo Modern Workplace.
In this blog, I will share news that I found interesting concerning security, compliance and Power Automate. Let's get started!
Read our previous blogs here:
Security and Compliance
A favourite from past events was repeated and I will do the same here, MFA. Multi Factor Authentication is the easiest way to secure your identity and enable it on your tenant today if you not already have.
Unified Session sign-out
A user has lost his computer or other device and want to sign out on all devices to ensure no unauthorized persons uses the lost device to steal information. Unified session sign-out which is in public preview right now gives the admin a tool to perform a sign-out on all Office 365 sessions on all devices for the user. Can be handy in case of lost devices.
Guest expiration for a site
As a site administrator it can be hard to keep track of guests of your site. How many are there and for how long have they had access and do they still need access. Automatic expiration of external access for content in SharePoint & OneDrive will support a site administrator to keep track of guest users and ensure guest accounts no longer needing access to the site to be removed.
The setting is configured in SharePoint Admin UI and one thing to change according to me is to have the setting on a site level giving the site admin the responsibility for how long the guest account should have access. When it comes to OneDrive, you are the site admin of your own OneDrive.
The site admin will receive a message in the message bar about the status of guest accounts and an e-mail will also be sent to the site admin.
Figure 1 Message bar status guest accounts. Source: Microsoft
The site admin will be able to extend or remove guest accounts from the “Access Expiration” pane.
Figure 2 Access Expiration pane. Source: Microsoft
External sharing policies with Microsoft Information Protection sensitivity labels
The arrival of group- and site settings in sensitivity labels have made it easier to secure sites and teams in your tenant. At Ignite Microsoft presented external sharing policies to sensitivity labels to achieve secure external collaboration with frictionless experience to the users.
In short, it is now possible to decide the level of sharing in SharePoint. You could create a label that allows guests to the group but declines guest access to files in SharePoint. Coming soon in public preview.
Data loss prevention (DLP) policy for blocking “anyone links” for sensitive content.
If your sharing settings allow to share content with anyone, the user must be aware when sharing a sensitive document to select another type of sharing link. This can be an issue where links to sensitive content is created and shared due to the user not knowing how to share. It could cause damage if the sharing link enables editing.
The new DLP policy rule checks if the document contains sensitive information and disables the possibility for the user to share sensitive information with anonymous links by mistake.
Figure 3 Option prevented due to DLP policy. Source: Microsoft
Information barriers for OneDrive and SharePoint
On your tenant you might have several organisational units, divisions or even companies that never should collaborate due to compliance or legal reasons. Information barriers, previously known as “Ethical walls”, was presented at Ignite this year and will enable an organisation to create barriers between users and sites. Information barriers requires Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, Microsoft 365 Insider Risk Management, Office 365 E5/A5, and Office 365 Advanced Compliance to provide the rights for a user to benefit from information barriers.
- As an administrator you can create information segments and create barriers between those segments.
- As an administrator you can manage the segments association for one or several sites.
- As a site owner you can manage the segments association for your site.
Want to get started with information barriers in SharePoint? Onboard your organisation here!
Power Automate Desktop
Power Automate has been around for a while and once in a time it was known as MS Flow. Power Automate makes RPA in the cloud easy in a web-based interface and now it is time to RPA authoring on the desktop. With Power Automate desktop you can automate desktop or web-based applications to perform from everyday tasks to more complex business processes.
You can record steps in an application to automate the steps and creating more complex scenarios in an editor for unattended RPA which Microsoft describes very well: “Let bots handle the tedious, menial work for you by recording and playing back actions—without the need for anyone to be at their computer. With unattended RPA everything is fully automated, so you’re able to schedule and trigger events which accelerates end-to-end automation of high-volume tasks.”
Figure 4 Unattended RPA in Power Automate. Source: Microsoft
Attended RPA – Again, Microsoft explains it very nice: “Focus on more high-value work by automating boring, repetitive tasks like front-office activities. With attended RPA, humans initiate tasks or respond to specific prompts—like providing a yes/no response.”
Figure 5 Attended RPA in Power Automate. Source: Microsoft
I hope you feel inspired to get started with these new features! Do not hesitate to contact me if you have any questions regarding how Microsoft 365 can empower and facilitate your organization’s work.
Andreas Eriksson Hammar works as a Microsoft 365 Solution Architect and Technical Lead at Enfo