Office 365

Office 365 IRM & Azure Rights Management

I recently configured IRM to protect documents and email communications as part of a security initiative.

Information Rights Management (IRM) in Exchange Online uses Active Directory Rights Management Services (AD RMS), an information protection technology service in Office 365. IRM protection is applied to email by applying an AD RMS rights policy template to an email message. Usage rights are attached to the message itself so that protection occurs online and offline and inside and outside of your organization’s firewall

Need to know info:

  • Time to complete this task: 30-60 minutes
  • You need to be assigned admin permissions to manage IRM
  • Knowledge of using Windows PowerShell to connect to Exchange Online

Steps Taken:

Step 1: Activating Azure Rights Management

  1. Log into the Office 365 admin center
  2. In the left pan expand the services settings
  3. Click Rights Management
  4. On the Rights Management page, click Manage
  5. On the Rights Management page, click Activate
  6. You will be prompted with the question: Do you want to activate Rights Management? click activate.

You should now see Rights Management is activated

Step 2: Using Exchange Management Shell to log into Office 365

Here I use PowerShell ISE to step through he process

# Login to the Office 365 Account

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Step 3: Use the Exchange Management Shell to configure the RMS Online key sharing location in Exchange Online

#Displaying the IRM Configuration

Get-IRMConfiguration

# List of Locaitons

#North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

#European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

#Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

#South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

#Office 365 for Government (Government Community Cloud) https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”

#Checking that the configraiton was applied

Get-IRMConfiguration

Step 4: Importing Trusted Publishing Domain (TPD) from RMS Online

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

Test-IRMConfiguration -RMSOnline

Step5: Enabling IRM in Exchange Online

Set-IRMConfiguration -InternalLicensingEnabled $true

Step 5: Testing the IRM configuration

Get-IRMConfiguration

Test-IRMConfiguration -Sender jsmith@jermsmit.tld

Expected Results should show that each area verified has passed

Ref Links:

https://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx

https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c

Summery  image of my PowerShell ISE

 

Unable to open Office Documents, SharePoint 2013 On-Prem

 

We have recently encountered a strange issue where users get stuck on the Word, Excel, Powerpoint splash logo where it says “Contacting the server for information.”  We have spent several days on this issue and it seems to have impacted a large user base.

I am working with the team here to find a resolution and as soon as I know of one I will share.

–update–

We have tested this in several test, demo SharePoint 2013 deployments and are facing the same issue.

Here is something new:  When tested with SharePoint Online the issue does not exist { scratching my head }

Joined in on a thread about this issue, where others are also facing the same incident
Link:  https://community.office365.com/en-us/f/154/p/412623/1024983#1024983

–update–

Steps taken: with no resolution

  • Attempt to open from SharePoint on another piece of hardware or virtual machine with the same exact versions of Office including updates – issue does not occur
  • Logging in with another use, even when creating a new profile on same affected OS / Hardware install the issue occurs
  • Attempts to remove windows updates, office updates do not resolve the issue
  • Repair or Uninstall followed by reinstall of Office 2013 doesn’t resolve the issue
  • Tested with a new SharePoint 2013, including a pre install contoso installations, the issue occurs

Environments:

We have workstations running Windows 8.1, Windows 10 all having these issues.

Note:

  1. this issue has not affected users who are using Office 2016
  2. this issue has not affected users who using SharePoint Online

No much more is known about this issues cause. The only solution which works at this time is to clean install or system restore to a point prior to this issues occurrence

There is a possibility that an antivirus may be causing this issue the future of the anti virus causing it is still unknown.

*UPDATE*

In my case this incident was directly related to ESET and its filtering of HTTP requests. Disabling this filtering resolved the issue.

I must note that disabling all security isn’t the best choice so here is some info from ESET to help you filter out and white list requests to avoid such an issue

http://support.eset.com/kb939/

 

Activating RMS in Office 365

Microsoft Azure Rights Management provides a comprehensive policy-based enterprise solution to help protect your valuable information, no matter whom you share it with.

These policies help improve data security using both Both Information Rights Management and Office 365 Message Encryption

To activate rights management:

  1. Log into Office 365 with an account which has been assigned an administrator role. To do this simply go to the portal site: https://portal.office.com
  2. Click on admin to enter the Office 365 admin center via the admin app icon

  3. In the left pane, expand the service settings
  4. Click on Rights Management to enter the Rights Management dashboard
  5. Here on the dashboard, click on Manage
  6. Click on Activate to active Rights Management

For additional options and steps please have a log over on technet

 

Thanks for visiting – jermal

Enabling First Release in Office 365

“First Release” update for Office 365 allows you to get access to updates faster than GA (General Availability).
For more info check out Office 365 release options.

With the first release option users receive a select set of  service updates as early as one week after the official release announcements.

To enable First Release in Office 365 do the following

Log into your Office 365 Portal (https://portal.office.com)

Select Admin from the apps menu; this takes you to the Office 365 admin center

Expand the “Server Settings” menu

Select “Updates” located under the Server Settings menu.

Here we have several options to choose from.

  • Standard release: Get updates when Office 365 releases them broadly.
  • First release:
    Entire organization – Get updates early for your entire Office 365 organization
    Select people – Allows you to hand pick person in your organization to be on the cutting edge of the updates. This is a good idea if you need to have users such as support staff evaluate the new features pushed out from Office 365 as become available weeks ahead of others.

 

I hope you enjoyed this techshort, thanks for visiting – jermal

OneDrive & OneDrive for Business

Many of us have used OneDrive for several years now.  Now with the big boom in cloud adoption and the great success of Microsoft’s Office 365. Introducing the buzz around implementing OneDrive for Business. I for one have had my share of thoughts around this.

Sure its OneDrive and you just drop in files which sync to the cloud.  However there are some things I have noticed in my first use of OneDrive for Business.  That was I couldn’t just share a file to anyone online, which is what I was accustom to doing for the OneDrive.

Rather than me rehash what I found to be a good write up by Cory Peter. I will share with a link to his post titled Lessons Learned: Implementing OneDrive for Business. I hope you find it as informative as I have.

One thing I will share as I have preached about it for a while now.  That is to understand the following key items:

  • Network bandwidth considerations – What happens when all your users start taking large libraries offline? Can your network handle it?
  • Drive encryption – Do you encrypt laptops with BitLocker? What happens when someone takes something offline? Is it still secure?
  • Expect Common Sync Problems – Such as file size limits, folder length limits, invalid characters to name a few.
  • Prepare your technical team – How to migrate files to Office 365, how to disable OneDrive if needed, how to track the version installed, how to configure OneDrive administrators

I underline the “prepare your technical team” portion here as IT mangers may have jumped into the cloud with not so much consideration of retooling of their staff to support the company; creating a gap in knowledge.

If he your staff is lacking the tooling needed; then what is the over all perception from the customers they need to support.

Be sure to check out Cory’s post: Lessons Learned: Implementing OneDrive for Business