Conditional Access Policies with SharePoint Online and OneDrive for Business

Posted by EPC Group on Feb.18, 2017 7:43 pm


Conditional Access Policies with SharePoint Online and OneDrive for Business

By: Bill Baer (Microsoft)

The days of the corporate boundary beginning at the firewall are over, today’s corporate boundary is the end user.  Connectivity is ubiquitous and with an endless number of devices available, people have an increasing number of options for staying connected at anytime, anywhere.

The freedom to work fluidly, independent of location has become an expectation as has the freedom to access email and documents from anywhere on any device—and that experience is expected to be seamless.  However, data loss is non-negotiable, and overexposure to information can have lasting legal and compliance implications.  IT needs to make sure that corporate data is secure while enabling users to stay productive in today’s mobile-first world, where the threat landscape is increasingly complex and sophisticated.

SharePoint Online and OneDrive for Business are uniquely positioned to respond to today’s evolving security challenges.  As a first step to providing administrators security and control in a mobile and connected world are conditional access policies.  Conditional access provides the control and protection businesses need to keep their corporate data secure, while giving their people an experience that allows them to do their best work from any device.  Conditional access policies with SharePoint and OneDrive allow administrators define policies that provide contextual controls at the user, location, device, and app levels.

In January we made available to First Release Tenants location-based policies which allow administrators to limit access to content from defined networks.  These policies ensure content can only be access when someone is connected to the defined network, denying access outside of that boundary – whether the content is access via a browser, application, or mobile app.

Configuring Location-Based Policies

To configure location-based policies:

Navigate to the SharePoint Admin Center in Office 365 and select device access from the list of available options (see illustration).


On the Restrict access based on device or network location page navigate to Control access based on network location and specify a range of allowed IP addresses (see illustration).



In scenarios where an administrator has also configured Azure Active Directory Premium (AADP) to restrict location access by IP network range, this policy is prioritized, followed by the SharePoint policy; however, the specified ranges should not be in conflict of one another.  To learn more about conditional access in Azure Active Directory see

Conditional access policies are just one of a broad array of features and capabilities designed to make certain that sensitive information remains that way, and to ensure that the right people have access to the right information at the right time.  To learn more about how Office 365 safeguards your data while increasing employee productivity see


Q: Is location-based policy limited to SharePoint Online and OneDrive for Business?
A: Location-based policy, as configured through the SharePoint Admin Center are limited to SharePoint Online, OneDrive for Business, and Groups.

Q:  Is location-based policy available to E3?
A:  Yes.  Location-based policy is available to E3 Tenants?

Q:  Does location-based policy require Azure Active Directory Premium?
A:  No, location-based policy does not require Azure Active Directory Premium.

Topics: SharePoint Online

Intelligence-powered search, Delve, and Microsoft Graph updates

Posted by EPC Group on Feb.16, 2017 6:51 pm


Intelligence-powered search, Delve, and Microsoft Graph updates

By the Microsoft Product and Advisory Teams

Microsoft puts people at the center of collaboration. In today’s demanding business climate, it is common for people to get overwhelmed by the ever-growing amount of data and documents swirling about. That’s why Office 365 infuses intelligence into experiences across the suite, like Delve, which provides insights to inform business decisions and connect you with the right content and the right people.

At the heart of it, Microsoft uses Artificial Intelligence (AI) to provide unique, personalized experiences throughout. Users are guided to the right emails, files, sites, videos, news articles and more – in context with where they are already working.

Today, we’re starting to roll out a new, personalized search experience in Office 365, along with improvements to Delve, all powered by the Microsoft Graph. Let’s dive into the details.

Personalized search coming to a Delve search box near you

Office 365 is growing from a usage and storage perspective. And specific to search, the content indexing service is growing steadily at 10 percent month-over-month (MOM) – proof that users may be more challenged to find the right people and content.

Today Delve delivers search results that are informed by who you work with, and what you work on, starting at the moment you begin typing in the Search box. With its new updates, Delve will provide even more personalized search experience in two ways:

  • Get back to what you were doing—When you click in the Search text box and before you type anything, you will see result items appear based on your most recent work. As you type, you’ll see a refinement of results related to the keywords you enter.
  • Discover new information—Once you press Return, you enter the discovery phase where you are searching content, people (based on name and expertise), and sites from throughout your organization. Content is presented in the order of what is most relevant to you. For example, documents by people you work with will typically rank higher than documents by other people. Similarly, documents on SharePoint sites you work on would be ranked higher.


The new, intelligent search experience from within Office Delve.


Immediate results when you click into the Delve search box. (Left) Fast refinement of content as you type ahead. (Right) All relevant to the user who is signed in.

Check it out at – the new Delve experience –home of search and discovery. It provides a more personalized view of content trending around a user’s work social sphere.

Learn more about Delve personalized search.

Microsoft Graph improvements for Office 365

The content, activity, people and recommendations that surface in Delve and other intelligent experiences are powered by Microsoft Graph, which has recently been enhanced to surface more personalized insights in Office 365. The Microsoft Graph is designed as an intelligent and intelligible assistant with sophisticated protections to help secure personal and group information in ways that earn trust.

New insights come from Office 365 Groups and Outlook modern attachments – Microsoft Graph derives intelligence from things like who you work with, what departments your colleagues are from, what sites you work on, the content you share and have in common, and what sites the people around you are using. that which now also includes documents from Office 365 Groups, modern attachments from Outlook, and more. There is business value in all transactions. The breadth of content plays an important role, not only to surface important people and content, it, too, enables a more personalized, relevant experience based on these added signals of content and people interactions.

Improved performance and content freshness—In addition to relevance improvements, Microsoft Graph results are returned faster with improved success rates and content freshness (the time it takes for new content to appear within results). Relevance context is now pre-processed and sent along with the query on the search index. All the while maintaining admin and users requirement and expectation of the highest level of data security and privacy.

And more to come

As we begin roll out of the updated search experience in Delve, we also have our sights on enabling intelligent search from within additional Office 365 applications like SharePoint home in Office 365 and mobile apps, OneDrive for Business and more.

Frequently asked questions

Q: When will personalized search roll out in my Office 365 tenant?

A: The new personalized search experience in Office Delve is rolling out to First Release customers in the next week. We then expect to begin worldwide rollout to all Office 365 by this summer.

Q: Does the new personalized search experience in Delve affect my enterprise search center in SharePoint Online?

A: No. There is no impact to customers’ enterprise search center. Nor do the updates affect access points to the classic search center customers may have put in place.

Q: Should I be concerned about private or sensitive data in Delve search results?

A: No. Delve never changes any permissions on content or other information. Users only discover what they already have permission to see. This includes how content is presented in Delve search results. To learn more, please review the recent Microsoft Tech Community post to understand security and privacy of Delve and intelligent experiences in Office 365.

Topics: Delve Microsoft Graph

Microsoft Flow: Creating Team Flows

Posted by EPC Group on Feb.15, 2017 9:53 pm


Microsoft Flow: Creating Team Flows

By the Microsoft Product and Advisory Team

Create a team flow by specifying one or more other people in your organization as owners, who can perform these actions:

  • View the flow’s history (that is, each run).
  • Manage the properties of the flow (for example, start or stop the flow, add owners or update credentials for a connection).
  • Edit the definition of the flow (for example, add or remove an action or condition).
  • Add and remove other owners (but not the flow’s creator).
  • Delete the flow.

If you are the creator or an owner of a flow, you will find it listed on the Team flows tab of the Microsoft Flow portal. Team flows are also tagged with Team Flow, so you can easily find them among your other flows on the My flows tab of the Microsoft Flow portal:


Shared connections can be used only in the flow in which they were created.

Owners can use services in a flow but not modify the credentials for a connection that another owner created.


To create a team flow or add/remove an owner from a team flow, you must have a paid Microsoft Flow plan and be the creator or an owner of a flow.

Create a team flow

Follow these steps to create a team flow or to add more one or more owners to a team flow.

  1. Sign in to the Microsoft Flow portal, and then select My Flows.
  2. Select the people icon for the flow that you want to modify:

  3. Enter the name, the email address, or the phone number of the person or group that you want to add as an owner:

  4. In the list that appears, select the user whom you want to make an owner:

    The user or group that you specified becomes an owner of the flow:

    Congratulations — your team flow has been created!

Remove an owner


If you remove an owner whose credentials are being used to access one or more services in the flow, you may need to update the credentials for those services so that the flow continues to run properly.

  1. Select the people icon for the flow that you want to modify:

  2. Select the Delete icon for the owner that you want to remove:

  3. In the confirmation dialog box, select Remove this owner:

  4. Congratulations — the user or group that you just removed is no longer listed as an owner of the flow:

Embedded and other connections

Connections used in a flow fall into two categories:

  • Embedded — These connections are used in the flow.
  • Other — These connections have been defined for a specific flow but aren’t used in it.

If a connection is no longer being used in a flow, that connection will appear in the list of Other connections, where it remains until an owner includes it in the flow again.

The list of connections appears under the list of owners in a flow’s properties:

Topics: Microsoft Flow

Unifying Data Loss Prevention in Office 365

Posted by EPC Group on Feb.15, 2017 7:46 am


Unifying Data Loss Prevention in Office 365

All organizations, regardless of size and industry, have data that they consider sensitive. Data Loss Prevention (DLP) is an important capability for protecting this information from getting into the wrong hands. We are always looking to enhance the DLP solution in Office 365 to help meet this organizational need. Today, we are pleased to announce a single management experience for DLP policy creation and reporting across Exchange Online, SharePoint Online and OneDrive for Business. In addition, we are introducing enhancements to the DLP data delivered via the Management Activity API.

Unified policy creation

To date, IT admins have managed DLP for Exchange Online via the Exchange admin center (EAC), while managing DLP for SharePoint Online and OneDrive for Business from the Office 365 Security and Compliance Center. Now admins can create a single DLP policy in the Office 365 Security and Compliance Center that covers Exchange Online, SharePoint Online and OneDrive for Business. The unified DLP platform allows organizations to manage multiple workloads from a single management experience, reducing the time required to set up and maintain security and compliance within your organization.


Apply a single policy to protect across Exchange Online, SharePoint Online and OneDrive for Business.

These changes do not impact any existing policies created via the EAC, and you will still be able to create new email DLP policies in the EAC. However, we recommend you check out the new DLP management experience in the Office 365 Security and Compliance Center, as this is where you’ll see new capabilities show up in the future.

Unified reporting

Along with unified policy creation, we also now provide a single location to view reports for your DLP policies across Exchange Online, SharePoint Online and OneDrive for Business. This makes it easier to understand the business impact of your DLP polices and uncover actions that violate policies across multiple workloads.


Report that shows DLP policies matches from Exchange Online, SharePoint Online and OneDrive for Business.

DLP events in the Activity Management API

Lastly, based on customer feedback, we are providing additional details for DLP events published via the Activity Management API. The Activity Management API enables organizations to connect DLP event data from Office 365 with third-party tools, such as a security information and event management (SIEM) system. Now event details provided via the Activity Management API will contain the same data as the alerts generated in Office 365 to notify IT admins when a DLP event occurs. This data requires separate permissions in Azure AD called, “Read DLP policy events including detected sensitive data,” which an admin can grant.

Topics: Uncategorized

Threat Intelligence for Office 365

Posted by EPC Group on Feb.14, 2017 7:48 am


Threat Intelligence for Office 365 Video Overview (Deep-Dive)

Topics: Office 365

New SharePoint Online Link Web Part Released!

Posted by EPC Group on Feb.14, 2017 6:35 am


New SharePoint Online Link web part rolling out now

There is a new Link web part is starting to roll out to to SharePoint Online.

What is a Link web part?

The SharePoint Online Link web part makes sharing links to external and internal pages and documents much nicer by providing a visual and contextual preview for the link and its contents — with image, title and text snippet — right inline within the internal communication (page or news).

Just add a Link web part to your page, paste in your URL and see the magic happen!



What links (URLs) are supported?

We currently support links to (w/live examples per each type):

  • Internet resources : web pages, YouTube videos, images, etc.:ExtLink.png
  • SharePoint modern publishing pages and news articles:
  • Links to any documents stored in SharePoint or OneDrive for Business:



1. Can I only keep the preview and remove the URL from the page?

Yes, you can. Your readers will still be able to navigate to the linked resource by clicking on the preview.

2. Can I just keep the link and remove the preview?

Yes, you can.

3. Will all links have an image, title and text snippet?

No. This depends on the data that we are able to get from the referenced link. Sometimes the preview will only have title and text, or image and title.


Topics: SharePoint Online