Microsoft 365

Microsoft Forms now has a shorten URL option

Such a basic thing, but great to see. As per this Forms Uservoice suggestion, Microsoft Forms now has a ‘shorten URL’ option. It’s still rolling out right now (March 2021) but it turned up in my tenants. You’ll find it under the Share menu, and then under ‘Send and collect responses’ :

The tick box is called ‘Shorten URL’:

Before ticking this box, the Forms URL for sharing looks like this:

https://forms.office.com/Pages/ResponsePage.aspx?id=gp6jfCyryEOFjHcqjfOQaicaufj5P4hCmrpZg_pruFhUNUFYSUlQMFEwRjVRNkZPUDBLOFYwUUtRVy4u

After ticking the box, it takes about a second or so to update, then looks like this:

The resulting link is of course, shorter. It also looks a lot nicer:

https://forms.office.com/r/Qca3qTjcMu

It’s nice to see a much more usable URL come out of Microsoft Forms, and still on the forms.office.com domain without having to resort to a third party URL shortener service.

Impersonation Protection delivers emails to Junk Folder

Impersonation Protection in Microsoft Defender for Office 365 is part of the Anti-phishing policies, designed to take action if an external email comes in with a match, or near match, to the display name of an employee.

The actions you can take when a match is made are:

  • Redirect message to other email addresses
  • Move message to the recipient’s Junk Email folders
  • Quarantine the message
  • Deliver the message and add other addresses to the Bcc line
  • Delete the message before it’s delivered
  • Don’t apply any action

What I wanted to do, was deliver the message and add other addresses to the bcc line. This could be used to send a copy of the email to helpdesk for investigation, as Impersonation Protection tends to get a lot of false positives from services that like to use people’s actual names from emails they generate, or from people using a personal account to email other employees.

What I found was that the action was applied, but the email was then delivered to the Junk Email folder. If I wanted that to happen, I would have selected the ‘Move message to the recipient’s junk email folders’ option. After logging a case with Microsoft, I found out why.

Any time an email is detected as an Impersonation Protection, and the mail is still allowed to flow through, it will set the header as SCL 5. As per Office 365 standards, this will deliver the email to the recipient’s junk mail folder.

It makes the choices on what actions to take in the Impersonation Protection settings rather misleading; but there is one option that’s still reasonable – Quarantine the message. This should trigger a fairly quick quarantine digest to the recipient for review, allowing them to review and decide if it should be released. If released, it will then deliver to the Inbox rather than Junk Mail.

How to Backup Office 365 Mailboxes with Altaro

Backing up mailboxes in Exchange Online as a part of the Office 365 or Microsoft 365 suite is always a debated topic – some will argue that Microsoft have enough redundancy and backups in their own environments so you don’t need a third party solution and you’ll always be able to get your data back. However, this hasn’t been proven yet (thankfully) in a real world event where mailbox data has been lost by Microsoft. It also doesn’t cover scenarios where there’s outages, account problems or other connectivity problems that can delay your access to your cloud based data. Is it a risk each company will need to decide if it’s worth an investment into reducing.

Altaro asked me to have a look at their product – Altaro Office 365 Backup – to provide a quick run-through on setting it up and seeing what it does. Their solution is fully cloud based, so you don’t need any extra hardware to get going. You can set up a 30 day free trial here. Once signed up, here’s what to do:

After logging in from the link you’ll be emailed, you’ll be presented with this screen:

The wizard here will take you through the setup required, starting with a Company Name and your domain configured in Office 365 (which you can get from https://admin.microsoft.com/Adminportal/Home#/Domains) – I had to use my primary:

Next, you’ll need to grant access for Altaro to be able to access data in your tenant, which makes sense since you want them to back it up:

Following the links you’ll get the standard window advising you what permissions you’re granting and to whom:

If it worked, a successful message will show and you can go back to the setup wizard:

After doing this three times, you can go to the next step where you can choose which users to back up – which as it says, will be this data: “Office 365 User Backups consist of Emails, Calendars & Contacts within Mailboxes and Files stored within OneDrive accounts.”, then “SharePoint Backups consist of Files stored within SharePoint Document Libraries.”

If it all goes well, you’ll then get to the final screen showing a successful setup:

That’s it – backup has been set up. Of course your data won’t be in there instantly, the first backup happens over 24 hours, and then up to 4 times a day ongoing. You can choose if new users are automatically added to backup plans or not, which should turn this into a set and forget backup system.

Set and forget only works if you’re alerted around issues, which is possible in the Alert Settings – you can choose what sort of alerts you receive, such as if a backup job failed:

Restoring is also an easy process – for example if you want to restore an entire mailbox, the Mailbox Restore wizard will take you through the steps and ask where you want to restore – onto that user’s mailbox, another user’s mailbox, an Outlook PST file, or a ZIP file containing each mail item as an individual file:

You can also use the Granular Restore option, to search and restore particular items rather than entire mailboxes and accounts. The granular restore has the same options as the full restore for destinations, so there’s a lot of flexibility based on what you’re after:

If you can’t find what you’re looking for, the ‘Advanced Search’ option lets you define what you’re looking for:

Pricing for Office 365 Backup by Altaro is available at https://www.altaro.com/office-365-backup/#faqs and is a per user, per type (either mailbox or mailbox + OneDrive + SharePoint) model. This also includes 24/7 support and unlimited storage for backups.

After setting this up and trying out all the options, I’m confident in saying this is as good as you could hope for, from a turn-key solution. Setup is literally a few minutes, there’s no software to install anywhere and no infrastructure requirements. The data Altaro backs up is held forever (yes, infinite retention!) assuming you still have a valid subscription. The data is stored in Microsoft Azure, but only in West Europe at the time of writing – so if you have data sovereignty requirements, you’ll need to assess this.

Download your free 30-day trial of Altaro Office 365 Backup

Organization Branding for Safe Link Warnings

Two new little features have turned up for Safe Links as part of the Microsoft 365 Security & Compliance suite.

  • Display the organization branding on notification and warning pages

The first option is to show your organization’s branding on warning pages. This should help users identify that it’s a legitimate warning they’re seeing, as default Microsoft warning pages are often used by malicious actors to look legitimate themselves.

  • Use custom notification text

This lets you put a message that sounds like it’s actually from your own company when a webpage gets blocked. This means you can put in contact details or a process you want users to follow when they hit a site – which could be sending an email or calling helpdesk.

Here’s how the custom text and logo looks on a blocked page:

The custom branding will appear above this warning as a banner and a small logo for your company.

If you haven’t set up branding already, have a read on Microsoft Docs on how to do it for Azure AD and Microsoft 365 (do both!).

Microsoft Edge 87 Enterprise Considerations

Microsoft Edge 87 has now been fully released. There’s a few options in this that Business and Enterprises should consider:

Shopping

Microsoft by default, are enabling a bunch of shopping options in Edge. As per the article above, there’ll be coupons that’ll pop up, detections when there might be the same item you’re looking at cheaper elsewhere, and tab page enhancements to add extra shopping info about items.

I can already hear some of you saying you don’t want this in your place of business, so to disable it you’ll need to find the ‘Shopping in Microsoft Edge Enabled‘ GPO, located under User Configuration > Policies > Administrative Templates > Microsoft Edge default settings (users can override) / Microsoft Edge:

If you’re missing this setting, make sure you update your ADMX files by downloading from here and updating your central repository.

It’s good that this is under both force disable, as well as disable but let a user turn it on if they want. It’s not good that it’s on by default.

Friendly URLs

If you’re on Edge, you may have noticed this already. Copying a URL link from Edge, then pasting it somewhere that supports HTML code results in this:

AdamFowlerIT.com

instead of this:

https://www.adamfowlerit.com/

It’s another ‘on by default’ and although I can see certain use cases where this would be preferable, I’m fairly against changing the default copy/paste behavior that has been in place for decades.

If you copy a link and want to paste it as the link itself, you can use Ctrl + Shift + V instead of Ctrl + V … except right now, this doesn’t work in Office apps like Outlook or Word, and I’ve tested in both 2016 and 365.

Edge itself also has a new right click menu for pasting showing the options, but right click > mouse to menu, mouse to submenu, choose ‘Plain text’ is a bit clunky.

You can turn this off in the Edge settings, but again businesses and enterprises may not want this new feature in place, since some would more frequently be copying a link because they want the link itself, rather than a nice way to share it.

Again, Group Policy has a setting for this but this time it’s just a forced setting, rather than user changeable. If you want that, you’d need to deploy the registry setting as per the above article with a ‘apply once and don’t reapply’ option ticked.

The GPO is under User Configuration > Policies > Administrative Templates > Microsoft Edge > Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users

That’s a doozy of a name, and a doozy of a long dropdown menu with a ‘coming soon’ dropdown – none of these dropdowns actually match the description given.

I am a big fan of Edge, but it’s pretty obvious that the normal care that goes into updates just hasn’t happened in this instance. There’s already a fair bit of noise about this change, so who knows, maybe they’ll at least change the default behavior and not have it on?

My Feed

This one actually sounds really useful and lets both users and admins modify and present different sets of data arounds news and the organisation.

It has to be enabled in the Microsoft 365 admin center, which it was already on for me:

But, I’m missing some of the options selected in my Australian tenant. I checked my U.S. tenant and I see different things:

I’m not actually seeing the My Feed in my Australian tenant’s accounts, so I’d be guessing it’s either a US only thing at this stage, or it’s still rolling out. A bit annoying that this isn’t mentioned in the ‘My Feed‘ article or the original article mentioning the features that are now out, so hopefully the rest of us get it soon!

For the US tenant account though, it’s all there!