As written on

Recent updates for security and compliance include enhancements to Microsoft Defender, eDiscovery, Advanced Data Governance, Advanced Security Management and expanded support for Windows Information Protection. Read on to learn more about these updates.

Enhancements to threat protection visibility and controls

Office 365 Exchange Online Protection (EOP) and Microsoft Defender were designed to keep your organization protected against cyber-attacks while supporting end-user productivity. The Office 365 team continues to enhance both EOP and Defender by offering deeper insights and more flexible controls. This month, we are introducing the following new capabilities:

Threat Protection status report—New reporting for Defender and EOP that adds visibility into malicious emails detected and blocked for your organization. This supplements the recently introduced reports in the Security & Compliance Center for Defender Safe Attachments.

Enhanced quarantine capabilities—Now all emails classified as malware from both EOP and Defender are quarantined. This builds upon the existing quarantine experience by allowing administrators to review and delete emails from quarantine.

New Defender Safe Links Policy features—Four new features build upon the Safe Link policies.

  • Per-tenant block list—Provides the administrator the ability to block specific URLs.
  • Email wildcarding for domains and handles—Enables you to save time by writing partial domain/handle names.
  • Split Safe Links policies—Allows Safe Links policies to be customized for specific user lists in the organization, including groups, individuals and divisions.
  • Expanded character limit for URLs—Enables blocking/allowing URLs with longer character lengths.

Additional details on these new features can be found in the Microsoft Tech Community, as well as on the EOP and Defender product pages. EOP is offered across our enterprise E1, E3 and E5 suites. Defender is offered as both a standalone SKU or as part of E5.

New features streamline your compliance process using Office 365

Businesses around the world must be able to keep and protect important information and quickly find what’s relevant to continue to meet legal, business and regulatory compliance requirements. At Microsoft, we know how demanding and complex compliance can be and have recently released several new eDiscovery and Data Governance features in Office 365 to support your compliance needs. These features include:

Optical character recognition in Advanced eDiscovery—Extracts text from image files or objects within the files, significantly reducing the amount of manual remediation work required to analyze image files.

Rights management (RMS) decryption in Office 365 eDiscovery—Automatically decrypts RMS-encrypted email messages at export time when you choose the MSG Export option.

Unified case management—Provides a consistent user interface spanning the eDiscovery capabilities in Office 365, from core to advanced, which helps to reduce potential human errors by streamlining eDiscovery case definition and eliminating several steps in the process.

Visit the Microsoft Tech Community for more details about the new eDiscovery features. Unified case management and RMS decryption are included with Office 365 E3. Optical character recognition is included with Advanced eDiscovery in E5.

Announcing general availability of Supervision capabilities in Office 365 Advanced Data Governance

Many organizations have the need to perform supervision of employee communications. This need stems from internal security and compliance guidelines, or from regulatory bodies such as the Financial Industry Regulatory Authority (FINRA). In both cases, failure to have a demonstrable supervision process in place could potentially expose organizations to liability or severe penalties.

To address this need, we’ve released the new Supervision feature in Office 365 Advanced Data Governance. Supervision covers not only email communications, but also third-party communications streams, such as Facebook, Twitter, Bloomberg and many more. Visit the Microsoft Tech Community for more details about the general availability of Supervision.

Supervision is part of Office 365 Advanced Data Governance, which is available as part of Office 365 E5 or the Office 365 Advanced Compliance SKU.

Windows Information Protection now supports Office desktop applications

In August, we announced our support of Windows Information Protection (WIP) for Office mobile apps on Windows tablets and phones, to help prevent accidental business data leaks while letting users maintain control over their personal data by designating content as “work” or “personal.” We’re pleased to announce we have expanded support for WIP to include the Office 365 ProPlus desktop versions of Word, Excel, PowerPoint, Outlook, OneNote and Skype for Business. This will help provide more comprehensive protection of your business data on Windows 10 devices. To read more about WIP, check out our Microsoft Tech Community blog.

SIEM connector—now available for Office 365 Advanced Security Management

A year ago, we announced a way for you to get greater visibility and control over Office 365 with Advanced Security Management (ASM). Since then, we have added new features to help you better determine shadow IT activity. We also enhanced control over third-party appsconnected to Office 365. After these updates, we started hearing that some of you were looking for a way to export alerts to other systems that are integrated into your existing workflows. Today, we are releasing a solution that supports centralized monitoring of ASM alerts with your security information and event management (SIEM) software. Integrating with an SIEM allows you to better protect Office 365 while maintaining your organization’s security workflow, automate your security procedures and correlate between your cloud-based and on-premises events.

There is no additional cost for an SIEM connector for ASM; you just need to have Office 365 E5 or the ASM add-on. To learn how to setup the ASM SIEM connector, please read “SIEM integration with Office 365 Advanced Security Management.”

Want more info on cybersecurity? Contact us to learn more about keeping your data protected.

azure site recovery 2 - managed solutionCloud migration and disaster recovery of load balanced multi-tier applications

Support for Microsoft Azure virtual machines availability sets has been a highly anticipated capability by many Azure Site Recovery customers who are using the product for either cloud migration or disaster recovery of applications. Today, I am excited to announce that Azure Site Recovery now supports creating failed over virtual machines in an availability set. This in turn allows that you can configure an internal or external load balancer to distribute traffic between multiple virtual machines of the same tier of an application. With the Azure Site Recovery promise of cloud migration and  disaster recovery of applications, this first-class integration with availability sets and load balancers makes it simpler for you to run your failed over applications on Microsoft Azure with the same guarantees that you had while running them on the primary site.
In an earlier blog of this series, you learned about the importance and complexity involved in recovering applications – Cloud migration and disaster recovery for applications, not just virtual machines. The next blog was a deep-dive on recovery plans describing how you can do a One-click cloud migration and disaster recovery of applications. In this blog, we look at how to failover or migrate a load balanced multi-tier application using Azure Site Recovery.
To demonstrate real-world usage of availability sets and load balancers in a recovery plan, a three-tier SharePoint farm with a SQL Always On backend is being used.  A single recovery plan is used to orchestrate failover of this entire SharePoint farm.
Disaster Recovery of three tier SharePoint Farm
Here are the steps to set up availability sets and load balancers for this SharePoint farm when it needs to run on Microsoft Azure:
  1. Under the Recovery Services vault, go to Compute and Network settings of each of the application tier virtual machines, and configure an availability set for them.
  2. Configure another availability set for each of web tier virtual machines.
  3. Add the two application tier virtual machines and the two web tier virtual machines in Group 1 and Group 2 of a recovery plan respectively.
  4. If you have not already done so, click the following button to import the most popular Azure Site Recovery automation runbooks into your Azure Automation account.


  5. Add script ASR-SQL-FailoverAG as a pre-step to Group 1.
  6. Add script ASR-AddMultipleLoadBalancers as a post-step to both Group 1 and Group 2.
  7. Create an Azure Automation variable using the instructions outlined in the scripts. For this example, these are the exact commands used.
$InputObject = @{"TestSQLVMRG" = "SQLRG" ; "TestSQLVMName" = "SharePointSQLServer-test" ; "ProdSQLVMRG" = "SQLRG" ; "ProdSQLVMName" = "SharePointSQLServer"; "Paths" = @{ "1"="SQLSERVER:SQLSharePointSQLDEFAULTAvailabilityGroupsConfig_AG"; "2"="SQLSERVER:SQLSharePointSQLDEFAULTAvailabilityGroupsContent_AG"}; "406d039a-eeae-11e6-b0b8-0050568f7993"=@{ "LBName"="ApptierInternalLB"; "ResourceGroupName"="ContosoRG"}; "c21c5050-fcd5-11e6-a53d-0050568f7993"=@{ "LBName"="ApptierInternalLB"; "ResourceGroupName"="ContosoRG"}; "45a4c1fb-fcd3-11e6-a53d-0050568f7993"=@{ "LBName"="WebTierExternalLB"; "ResourceGroupName"="ContosoRG"}; "7cfa6ff6-eeab-11e6-b0b8-0050568f7993"=@{ "LBName"="WebTierExternalLB"; "ResourceGroupName"="ContosoRG"}} $RPDetails = New-Object -TypeName PSObject -Property $InputObject | ConvertTo-Json New-AzureRmAutomationVariable -Name "SharePointRecoveryPlan" -ResourceGroupName "AutomationRG" -AutomationAccountName "ASRAutomation" -Value $RPDetails -Encrypted $false
You have now completed customizing your recovery plan and it is ready to be failed over.
Azure Site Recovery SharePoint Recovery Plan
Once the failover (or test failover) is complete and the SharePoint farm runs in Microsoft Azure, it looks like this:
SharePoint Farm on Azure failed over using Azure Site Recovery
Watch this demo video to see all this in action - how using in-built constructs that Azure Site Recovery provides we can failover a three-tier application using a single-click recovery plan. The recovery plan automates the following tasks:
  1. Failing over SQL Always On Availability Group to the virtual machine running in Microsoft Azure
  2. Failing over the web and app tier virtual machines that were part of the SharePoint farm
  3. Attaching an internal load balancer on the application tier virtual machines of the SharePoint farm that are in an availability set
  4. Attaching an external load balancer on the web tier virtual machines of the SharePoint farm that are in an availability set
With relentless focus on ensuring that you succeed with full application recovery, Azure Site Recovery is the one-stop shop for all your disaster recovery and migration needs. Our mission is to democratize disaster recovery with the power of Microsoft Azure, to enable not just the elite tier-1 applications to have a business continuity plan, but offer a compelling solution that empowers you to set up a working end to end disaster recovery plan for 100% of your organization's IT applications.
You can check out additional product information and start protecting and migrating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Azure Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate, whether it is running on VMware or Hyper-V. To learn more about Azure Site Recovery, check out our How-To Videos. Visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers, or use the Azure Site Recovery User Voice to let us know what features you want us to enable next.

Contact us Today!

Chat with an expert about your business’s technology needs.