Introduction: In this blog article, we will learn how to create Azure DEVOps URL. Steps: 1. Go to visualstudio.com and sign in using Microsoft account.Create a new project 2. Go to Organization settings –> Overview 3. Under organization information you will see a link. Turn off the on toggle and a new link will appear on the screen. Now the VSTS link will be generated. This link itself is dev ops URL.

Introduction: With Azure AD Conditional Access, you can control how authorized users’ can access your cloud applications. In this article, we will see how to create conditional access to enforce MFA, if the user is accessing services from the untrusted location (outside of the company’s network). Multi-factor authentication (MFA) is a method of authentication that requires more than one verification method and adds a second layer of security to sign-ins. Requirement: I had a requirement from a client to prompt for MFA if a user is trying to access Dynamics 365 (or other O365 services) from a location outside of company network. Pre-requisites: You will require Azure AD Premium license for users. Create a security group and add the users’ you need to specify in the policy. Company’s public static IP in CIDR format. Example – 15.250.0.89/24 (You can contact your network team to get this detail) Trusted locations: Configure MFA trusted IP’s in Azure AD (see below image). Provide your company’s public static IP in CIDR format (check below image). Conditional Access: Go to Azure AD > Conditional Access > +New Policy Name the policy as UntrustedLocation_PromptMFA and the first thing to configure is Assignments in which you need to mention the User & Groups to be included in this policy (see below image). Select Dynamics CRM Online under Cloud Apps. You can similarly choose other applications as well (see below image) Under Conditions, you need to configure the Device state and client apps as per your requirements (see below images). In Location: Include – Any locations Exclude: Selected locations and then select MFA trusted IPs (see below image) In Access control > Grant Access, tick Require multi-factor authentication (see below image) Finally, Enable the policy and Save. User specified in the group will be asked for MFA when accessing Office 365 services from an untrusted location (outside the company’s network). Conclusion: In this way, we can enforce MFA when Office 365 services are accessed from untrusted locations.

Introduction: When facing a task of naming a new file, every personnel will name it accordingly what may think is the best. You can organize and manage documents more effectively. Organizations should have a standard naming convention for documents, libraries, lists and pages in SharePoint Online. To improve the user experience for SharePoint, here are few points to consider while naming a document. General Instructions: 1. No Spaces – Spaces on the Internet are “%20”. It is the character encoding for space. So, do not provide spaces while naming any document library, documents, etc. Instead, you can use underscore “_ “or dash “- “in place of a space. 2. Make sure document versioning is turned on so that you can store, track & restore files in SharePoint Online. 3. A name should be meaningful and make sense. 4. Dates – Dates are commonly used for two objects “Articles” and “Documents”. For article place the date in front of the name like “20180911_Article” For documents dates should be placed at the end of the name like “Document_20180911” Date Format – yyyymmdd. 5. Make it short and simple – The file name should be as short as possible without losing its potential to be identified and searched. Longer names take more time to search or read. SharePoint includes file name as well, so the short name will make short URL. We can use abbreviations – Invoice can be “INV”, Quotes can be “QTE” 6. No special character, except “_” & “- “. 7. Data Order (From general to specific) – We can consider using the abbreviation (Point 5) followed by Project and then date. We can also consider adding versions & document id. Example – INV-CloudFronts-20180911.pdf 8. For Site Pages – It is not a best practice to name pages with a “_” or space. Instead, it is recommended using “-“. Example (This-is-a-site-page). 9. Many organizations like to prefer placing versions numbers in a document name. Place the version at the end of the file name. Use dash “- “to separate major versions and minor versions or drafts. Example (Document_V01-01.docx). Here, V01 is the major version and “-01” is the minor version. 10. Do not change the name of Lists & Libraries. Conclusion: A simple naming convention is a best way to avoid naming related issues or accidental overwrites which affect end users’ experience. Though it varies from company to company, but each organisation should have a standard naming convention.

Introduction: After creating SharePoint site, you may want to provide or restrict access to the site or site contents. Permission levels are the actions, a user can define as Create Subsite, Delete Subsite, View Versions, and many more. To make it easier Microsoft has provided a set of default levels: Full Control – Has full control. Edit – Can add, edit and delete lists; can view, add, update and delete list items and documents. View Only – Can view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded. Contribute – Can view, add, update, and delete list items and documents. Accessing SharePoint Permissions Levels: You should have the admin privileges. Go to the root of Site Collection > Site Settings. Under Users and Permissions, click on Site Permissions. Go to Manage and click Permission Levels. The screen will show the default Permissions level. By clicking on the Permission level, you will get the list of included permissions. Editing Permission Level: Inheritance – By design, all the sites and site contents in a collection inherit the Permission level from the root site. Even if you “stop inheriting permission” from the root site, the Permissions levels will remain the same. As per your requirements, sometimes you may want that your users’ can only edit items but not delete anything. So, for that, you can just go to the “Contribute” Permission level and edit the same (uncheck the Delete Items under the list of permissions) but it is not recommended to edit a default permission level. Best practice if you want to restrict users from deleting any content: If you need to edit the Permissions level “do not edit the default level” you can create a new one instead. Creating a new Permission level: Access the Permission level from the root site. Click on Add a Permissions Level. Provide this new Permission level a name and check the lists of permission you want to provide. If you want to restrict users’ from deleting any content, uncheck the Delete Items. Conclusion: With the help of the Permission Level, you can secure your SharePoint Online sites and site contents. Want to get consultation or training for your company? Please email us at ashah@cloudfronts.com

Cloud business systems is sprouting rapidly throughout the globe and one of the system like Microsoft Office 365 helps business to be more productive. Have you ever realised that you must go back to office just for accessing a file, you or your client required urgently? The concept of using Office 365 services from anytime, anywhere & any device is striking, and it is helping personnel to handle things more easily. Here, I would also like to highlight a point. Many businesses are already using Office 365 and have installed the apps & services on their employee’s system. But do you think they are utilizing it to its full extent? Many organisations are using Office 365 typically for emails and the Office apps (Word, PowerPoint, Excel, Outlook), however, Office 365 can deliver more, increasing productivity. Magic of Office 365 is still evolving, and Microsoft is continuously adding and updating the features in it. Also, you will always be having the latest versions of applications & software. You can add new users & delete former users easily. You can manage existing users with attractive Administration Center. Exchange Online Archiving offer users’ advanced archiving capabilities within Office 365.  If I just take example of Office 365 Business Premium license (you can choose the plan that suites you best), apart from the Office apps it also includes below services: MS Teams – Platform that combines workplace chat, meetings, collaborate on files and especially the guest access feature in Teams is awesome. Exchange Online – Exchange for email services, also there is a lot you can do with Exchange Admin Center. OneDrive for Business – Storage for documents SharePoint Online – Document Management & Real-time Collaboration with attractive modern sites, document versioning, web parts & lot more. Are your digital assets secured? So, the Microsoft datacentres where your data is stored physically is always monitored and uses encryption for all data. But then again this is a joint responsibility. Office 365 also offers access to Security & Compliance dashboard by means of which you can protect data with various security & compliance policies. Through Security & Compliance dashboard, organization can protect access to data and services, prevent data loss, manage data governance, protect against threats, deep search for any content and auditing. Feature like Multi-Factor Authentication makes the environment more secure. Permissions plays a very significant part within the organization which lets you grant authorizations to people who perform different tasks which you manage Admin center which is based on Role Based Access Control permissions model. Exchange uses filtration of emails using Exchange Online Protection (EOP) and a part of Exchange Online Admin Center which provides different features like Email Encryption, Anti-Spam protection, Outbound Spam detection, Connection filter & lot more. Transport Rules can help you achieve according to your specific requirements. Keeping trace of the messages in your organisation is an awesome feature. Secure Score – Secure Score analyses your Office 365 organisation’s security based on your activities and security settings and assigns a score. Think of it as a credit score for security. Finally talking about choosing the right product & subscription is significant. Microsoft has also launched Microsoft 365 which comes in three tiers – Enterprise, Business & Education (similar as Office 365). If you ask the difference it is very simple to understand. Office 365 is a suite of apps and services which I have already stated, and Microsoft 365 is a bundle of services which includes Office 365. It also involves Windows 10 Business or Enterprise (depending on the subscription you choose) + Enterprise Mobility & Security.

Introduction: While scheduling a meeting from Outlook client, sometimes we may also need to select the room where the meeting will be held. Room Finder in Outlook client helps us to find the available rooms. Sometimes it may happen that when a user creates a new meeting in Outlook, no conference rooms are listed in Choose an available room box in Room Finder. The issue is that the user doesn’t select a room list. Users can select a room list from Show a room list option in Room Finder. But before that admin needs to create a room list so that the option “Show a room list” will be visible in Room Finder. Steps: Open Exchange Online Power Shell and connect your Office 365 environment. Run the following command to create a Room List Distribution Group – New-DistributionGroup <RoomListName> -RoomList -Members $Members<RoomListName> – Provide a name to the Room list. Run the following command to add existing rooms to the list –Add-DistributionGroupMember <RoomListName> -Member <RoomMailbox><RoomListName> – Put the name of the room list which was created in the earlier step.<RoomMailBox> – Put the name of the room mailbox. You can find the room mailbox name from the Exchange Admin Center. If you want to add multiple rooms at once, you need to create a .txt file and add all the room mailboxes and save the file. Run the following command to add multiple rooms –Get-Content <EnterFileLocation> | Add-DistributionGroupMember -Identity <RoomListName> <EnterFileLocation> – Where the .txt file has been saved.<RoomListName> – Provide the room list name. You might need to confirm whether the rooms have been added to room list. Run the following command to check the same –Get-DistributionGroupMember -Identity <RoomListName><RoomListName> – Put a name of the room list, which you have created. After following above steps, you will be able to see the Show a room list option in Room Finder. There you can choose the room list and select the rooms. Conclusion: This is how you can enable Room List in Room Finder, which helps users while scheduling a meeting through Outlook clients and can easily see the available rooms and timings through Room Finder. Want to get consultation or training for your company? Please email us at ashah@cloudfronts.com

Introduction: SharePoint Online is a user-friendly and efficient than any other document management system. However, security is the main concern because it is a cloud service. It is always necessary to have limited control and access for the users. Administrators can restrict the user from downloading or printing the documents from the SPO document library. Restrict downloading: After creating a site/subsite for document management – Go to Site/Subsite > Site Settings > Site Permissions. Click on Stop Inheriting Permissions. After that site will have a unique permission (see below image). Note – By doing this, the site will not inherit the same permissions as the parent site. Create new groups for this site/subsite as you have assigned unique permission. You will get below the screen to create groups. In the below image you can see three new groups have been created, you can add members to these groups as per your requirements. Create one “View Only” group. Users added in this view only group will not be able to download the document or sync the document library in their system. (Please see below image) Provide the name and the permissions level (view-only permissions) for this group. In the below image, you can see the downloading option when you select the document. Add users for whom you want to restrict downloading. After adding a user to View Only group, users will only be able to access the document but will not be able to download. Yes, the sharing option will be available to users, but you can manage it from SPO Admin center > Sharing.   Restrict Print: Firstly, we need to activate Rights Management from the Office 365 Admin center. Go to Admin Center > Settings > Services & Add-ins > Microsoft Azure Information Protection.IRM – Information Rights Management is applied to files at the list or library level. IRM feature requires an Office 365 E3 subscription. Go to Site/Subsite > Document Library > Library Settings. In Library settings, go to Information Rights Management. Click Restrict permissions on this library, provide the name & description. In the below image, you can see, how the print option got disabled after enabling IRM for the document library. Conclusion: With the help of Site permissions and IRM in SharePoint Online, we can restrict users from downloading and printing the contents of a document library. This option is desired by most of the organizations considering security for the documents. Now having seen this, why not check out how CloudFronts has been able to successfully deploy business processes on Dynamics 365 platforms and our esteemed Customer Success Stories here.

With a demand for concrete strategy to determine how applications, workloads & data remain available during downtime organizations need a disaster recovery & business continuity strategy which is given by Microsoft azure. Azure BCDR covers people, communication, transportation that includes physical facilities & information technology. Even the smallest of the outage can prove to be a major setback for your business and with a business continuity plan and a disaster recovery system all your major information technology systems can be well saved without the expense of another secondary infrastructure. With the implementation of BCDR strategy the workload and applications of the organization is kept up and running in the occurrence of any outage. It is an effective and cloud based data recovery solution that is simple to implement and cost effective. Why do we need SAS key for Blob File? Azure Blob is massively scalable object storage for unstructured data. Blob Storage can handle all your unstructured data, scaling up or down as your needs change. You no longer have to manage it You only pay for what you use and you save money over on-premises storage options. A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key. A SAS gives you granular control over the type of access you grant to clients who have the SAS, including: The interval over which the SAS is valid, including the start time and the expiry time. The permissions granted by the SAS. For example, a SAS for a blob might grant read and write permissions to that blob, but not delete permissions. An optional IP address or range of IP addresses from which Azure Storage will accept the SAS. For example, you might specify a range of IP addresses belonging to your organization. The protocol over which Azure Storage will accept the SAS. You can use this optional parameter to restrict access to clients using HTTPS. Using SDK to Generate SAS key from C-Sharp code: You need to include the Azure SDK DLLs: You can get the DLLs from Nuget package manager as well. Refer below names to search in Nuget: WindowsAzure.ConfigurationManager WindowsAzure.Storage The first step is to connect to the Blob storage using Connection String. You can add the Blob connection string in the App.config and use that in code to create connection like below: Your connection string should be of the format: The below code creates the connection: //Parse the connection string and return a reference to the storage account. CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting(“StorageConnectionString”)); //Create the blob client object. CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); Once connection is created, we can retrieve the blob container which contains the blob: We can use the container reference, blob file name and the connection to create the SAS key like below: I have uploaded the entire code to my Github as well for reference. Why we can’t use Azure Storage Explorer tool to do this: The Azure storage explorer also has the option to connect to your blob and generate SAS key with clean User Interface. But recently for last 2-3 months, I am facing issues with generating Key with Azure Storage Explorer. This is the reason I implemented this code to remove dependency on the tool.

Introduction: Restore feature has been added to OneDrive for Business, this feature allows to restore files any time during the last 30 days. So, users will be able to use this feature and restore file to a specific period of time. Restoring file: Sign in to your OneDrive for Business using work account credentials. Choose Settings. Then choose “Restore your OneDrive”. Select a Date, you can select either ‘One week ago’, ‘Three weeks ago’ or you can also select a custom date and time. So, in this case I am choosing custom date and time. Also choose the period of days and files you need to restore. After choosing the files click on ‘Restore’. Click on Restore on the confirmation pop up. Once the files are restored click on ‘Return to my OneDrive’ and you will be able to see your restores files. Conclusion: This is a great and very much wanted feature has been added in OneDrive for Business that will save a lot of efforts and users will be no more worried about OneDrive data.

Introduction: If your organization uses forms to collect sensitive information, Document Fingerprint makes it easier for you to protect this information by identifying standard forms that are used throughout your organization. Document Fingerprint is a feature of Data Loss Prevention that converts a standard form into a sensitive information type which you can use to define DLP Policies. Working: Documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document and creates a document fingerprint based on that pattern and uses that document fingerprint to detect outbound documents containing the same pattern. Limitation: Document Fingerprint DLP agent will not detect sensitive information in the following cases: Password protected files Files that contain only images Documents that don’t contain all the text from the original form used to create document fingerprint. To upload a blank form: Go to Exchange Admin Center > Compliance Management > Data Loss Prevention. Click Manage document fingerprints. Click + New, provide a Name and Description. The name you choose will appear in the sensitive information types list. Click Add + to upload a form. Choose a Form and click Open. Click Save. The Document Fingerprint is now part of your sensitive information types, and you can add it to a DLP policy . Creating a rule in DLP policy: Go to Compliance Management > Data Loss Prevention. Click + New, choose custom DLP policy. Provide a Name and Description for DLP policy, Enable the state of the DLP policy and Enforce the policy. Click Save. New created DLP policy will be shown. Click Edit and go to Rules > Create a new rule. Add a Condition, so that if this (Employee Information Form) sensitive info type is sent to the external Recipient. Depending upon your organization requirement add an Action, that it will block the message, but sender can override and can send the documents to external recipient if there is a business requirement. Fill out the other properties of this rule as per your requirements and Save. So, whenever a user will try to send a form which has been managed by Document Fingerprint to external contacts the results will be as below. Conclusion: In this way you can secure and monitor the sensitive information from leaking outside your organization.