Hybrid Scenarios with SharePoint and Office 365 Updates and Recap + Hybrid Taxonomy GA

Cross-posted from my post on the Microsoft Technical Community at https://techcommunity.microsoft.com/t5/SharePoint-Blog/Hybrid-Scenarios-with-SharePoint-and-Office-365-Updates-and/ba-p/47571#M204.

Ubiquitous connectivity, the proliferation of devices – the rise of the cloud.

The cloud has become mainstream and services such as Office 365 are an attractive alternative to on-premises business solutions with SharePoint.  However, for a variety of reasons, you might want to or need to deploy specific solutions in the cloud while still maintaining your on-premises investments.  For some organizations, you may wish to gradually move to cloud using a staged, workload-driven approach.  Hybrid scenarios with Office 365 and SharePoint on-premises allow you to bring the cloud to your business while bringing the business to the cloud.  From on-premises to the cloud and back—your information is where and when you want, at your pace, using the investments you already have. Your existing solutions coexist with the cloud—without the full cost of migration. You can even use Delve and Power BI with on-premises data.

The cloud is no longer a luxury—it’s central to a mobile, modern workplace—and Office 365 brings the cloud to you, on your terms and across SharePoint and OneDrive we’re constantly working to help you take advantage of the power of Office 365.

In November we announced preview availability of two new hybrid scenarios coinciding with Feature Pack 2 for SharePoint Server 2016 – hybrid auditing and hybrid taxonomy..

Hybrid Taxonomy (Generally Available)
Today we’re pleased to announce hybrid taxonomy is generally available.

Taxonomy is key to promoting discoverability and access to the right information at the right time. Hybrid taxonomy in SharePoint Server 2013 and SharePoint Server 2016 allows customers to bring their taxonomy store to Office 365 enabling a single-source for creating and managing Terms, Term Sets and Groups through a single Managed Metadata Service.

Hybrid Auditing (Preview)
Hybrid auditing is a new feature that aims at helping administrators manage their SharePoint infrastructure by giving them access to various reports and dashboards in Office 365. The reports are generated from SharePoint Server 2016 on-premises diagnostic and usage logs.

If you opt in for this service, audit logs get collected and uploaded to Office 365 regularly. From the Office 365 dashboard, you can view auditing and activity reports that show usage and reliability patterns in your SharePoint Server 2016 farm alongside data from your SharePoint Online tenant.

Hybrid auditing will become generally available later this calendar year.

Learn more about hybrid scenarios with Office 365 and SharePoint on-premises at http://hybrid.office.com/.

Resources
Download the hybrid scenarios pocket guide with SharePoint and Office 365 at https://go.microsoft.com/fwlink/?linkid=842608.

Get more information on implementing hybrid scenarios with SharePoint and Office 365 at https://support.office.com/en-us/article/SharePoint-Hybrid-4c89a95a-a58c-4fc1-974a-389d4f195383.

File Security in SharePoint Online and OneDrive for Business (Whitepaper)

When choosing a cloud collaboration platform, the most important consideration is trust in your provider. Microsoft SharePoint and OneDrive for Business are covered by the core tenets of earning and maintaining trust: security, privacy, compliance, and transparency. With SharePoint and OneDrive, they’re your files. You own them and control them. The Microsoft approach to securing your files involves:

A set of customer-managed tools that adapt to your organization and its security needs.
A Microsoft-built security control framework of technologies, operational procedures, and policies that meet the latest global standards and can quickly adapt to security trends and industry-specific needs.

These tools and processes apply to all Microsoft Office 365 services—including SharePoint and OneDrive—so all your content beyond files is secure.

Learn more about file security in SharePoint Online and OneDrive for Business in this whitepaper https://www.microsoft.com/en-us/download/details.aspx?id=53884.

Unified eDiscovery and Data Loss Prevention in Office 365 Recap and Updates

Unified eDiscovery and Data Loss Prevention in Office 365 allows Tenant Administrators to create, manage, and secure content from a unified console (Office 365 Security and Compliance Center).

To date, Tenant Administrators have had to manage Data Loss Prevention for SharePoint, OneDrive for Business, and Exchange in two separate locations, the Office 365 Security and Compliance Center and the Exchange Admin Center respectively.  In January 2017, Data Loss Prevention was centralized for SharePoint, OneDrive for Business and Exchange in the Office 365 Security and Compliance Center.  This unified Data Loss Prevention platform allows you to manage a variety of Office 365 scenarios through a single management layer – reducing time spent configuring and organizing policies across tools.

sc-all

On July 1st, 2017 eDiscovery will also be unified in the Office 365 Security and Compliance Center.  After July 1st, 2017 the ability to create new In-Place eDiscovery searches and In-Place Holds (*-MailboxSearch) in the Exchange Admin Center in Exchange Online and the creation of new cases in the eDiscovery Center in SharePoint Online will be disabled and new cases and searches should be created and managed through the Office 365 Security & Compliance Center to fulfill eDiscovery needs. In both cases, you will still be able to edit and run existing searches in the Exchange Admin Center and work with existing cases in the SharePoint eDiscovery Center.

sc-disc-all

These discrete solutions are being disabled due to their limited breadth across Office 365 services.  The Security & Compliance Center supports permissions, cases, holds and exports as well as Advanced eDiscovery features such as Themes, Email Threading, Near Duplicate Detections, and Predictive coding.  These changes only apply to the Exchange Admin Center in Exchange Online and the eDiscovery Center in SharePoint Online.

These changes do not impact any existing policies, searches or holds created via the EAC, and you will still be able to create new email DLP policies in the EAC (you will not be able to create new eDiscovery searches and In-Place Holds after July 1, 2017). However, it’s recommended to use the new DLP management experience in the Office 365 Security and Compliance Center, as this is where new capabilities will be delivered in the future.

Resources

Learn more about the Office 365 Security and Compliance Center at https://support.office.com/en-us/article/Office-365-Security-Compliance-Center-7e696a40-b86b-4a20-afcc-559218b7b1b8.

Learn more about eDiscovery in Office 365 at https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bfce?ui=en-US&rs=en-US&ad=US.

Learn more about Data Loss Prevention in Office 365 at https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e.

FAQ

Where can I learn more about eDiscovery in the Office 365 Security & Compliance Center?
https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf…

Where can I learn more about Advanced eDiscovery in Office 365?
https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf…

Does this change my Office 365 pricing or plan?
Although Advanced eDiscovery requires E5 Licensing, the base eDiscovery offering is available for all enterprise plans.

When will this happen?
New cases in the eDiscovery Center in SharePoint Online and new In-Place eDiscovery searches and holds in the Exchange Admin Center will be disabled on July 1, 2017. This might vary slightly based on the actual deployment schedule.

Will I still have access to my existing cases in the SharePoint eDiscovery Center?
Yes, you can continue to interact will all existing cases, you can add searches, holds and export from these cases.  We are only removing the ability to add new cases.  All new cases should be created in the Security & Compliance Center. For more information, see Manage eDiscovery cases in the Office 365 Security & Compliance Center.

Will I still have access to my existing searches and holds in the Exchange Admin Center?
Yes, you can continue to interact with all existing searches and holds in the Exchange Admin Center.  We are only removing the capability to create new searches.  All new searches should be created in the Security & Compliance Center. For more information, see Run a Content Search in the Office 365 Security & Compliance Center.

I use the Exchange Admin Center or SharePoint eDiscovery Center for Retention and Preservation, how do I do this now?
The Security & Compliance Center has a full set of features for preserving content. For more information, see Overview of preservation policies.

Can I migrate searches in the Exchange Admin Center or cases in the SharePoint eDiscovery Center to the Security & Compliance Center?
No. eDiscovery cases in the Security & Compliance Center and cases in the eDiscovery Center in SharePoint Online are completely different objects, and their underlying architecture is also different. The same is true for In-Place eDiscovery searches in the Exchange Admin Center and Content Searches the Security & Compliance Center. Thus, existing cases and searches can’t be migrated to the Security & Compliance Center. If you have existing cases in the eDiscovery Center, we recommend that you continue to manage them in the eDiscovery Center until they are completed and you close them. If you need to support a new legal investigation in your organization, we recommend that you use eDiscovery cases in the Security & Compliance Center.

If you have existing searches in the Exchange Admin Center, you can create a corresponding Content Search in the Security & Compliance Center.

What about my existing holds, will they continue to preserve data?
Yes, all existing holds from the Exchange Admin Center and eDiscovery Center will continue to hold content. Only the creation of new In-Place Holds in the Exchange Admin Center and new cases in the SharePoint eDiscovery center are being disabled.

How do I get access to the Security & Compliance Center?
By default, global administrators have access to the Security & Compliance Center. Administrators can assign permissions to other users so they can the eDiscovery tools in the Security & Compliance Center.

How do I access the Security & Compliance Center?
You can navigate directly from https://protection.office.com/ or from the app launcher, choose the Security & Compliance tile.

Conditional Access Policies with SharePoint Online and OneDrive for Business

The days of the corporate boundary beginning at the firewall are over, today’s corporate boundary is the end user.  Connectivity is ubiquitous and with an endless number of devices available, people have an increasing number of options for staying connected at anytime, anywhere.

The freedom to work fluidly, independent of location has become an expectation as has the freedom to access email and documents from anywhere on any device—and that experience is expected to be seamless.  However, data loss is non-negotiable, and overexposure to information can have lasting legal and compliance implications.  IT needs to make sure that corporate data is secure while enabling users to stay productive in today’s mobile-first world, where the threat landscape is increasingly complex and sophisticated.

SharePoint Online and OneDrive for Business are uniquely positioned to respond to today’s evolving security challenges.  As a first step to providing administrators security and control in a mobile and connected world are conditional access policies.  Conditional access provides the control and protection businesses need to keep their corporate data secure, while giving their people an experience that allows them to do their best work from any device.  Conditional access policies with SharePoint and OneDrive allow administrators define policies that provide contextual controls at the user, location, device, and app levels.

In January we made available to First Release Tenants location-based policies which allow administrators to limit access to content from defined networks.  These policies ensure content can only be access when someone is connected to the defined network, denying access outside of that boundary – whether the content is access via a browser, application, or mobile app.

Configuring Location-Based Policies

To configure location-based policies:

Navigate to the SharePoint Admin Center in Office 365 and select device access from the list of available options (see illustration).

settingsconditionalaccess

On the Restrict access based on device or network location page navigate to Control access based on network location and specify a range of allowed IP addresses (see illustration).

devicepolicy

 

In scenarios where an administrator has also configured Azure Active Directory Premium (AADP) to restrict location access by IP network range, this policy is prioritized, followed by the SharePoint policy; however, the specified ranges should not be in conflict of one another.  To learn more about conditional access in Azure Active Directory see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access.

Conditional access policies are just one of a broad array of features and capabilities designed to make certain that sensitive information remains that way, and to ensure that the right people have access to the right information at the right time.  To learn more about how Office 365 safeguards your data while increasing employee productivity see https://www.microsoft.com/en-us/trustcenter/cloudservices/office365.

FaQ

Q: Is location-based policy limited to SharePoint Online and OneDrive for Business?
A: Location-based policy, as configured through the SharePoint Admin Center are limited to SharePoint Online, OneDrive for Business, and Groups.

Q:  Is location-based policy available to E3?
A:  Yes.  Location-based policy is available to all SharePoint Online SKUs including E3?

Q:  Does location-based policy require Azure Active Directory Premium?
A:  No, location-based policy does not require Azure Active Directory Premium.