Coming soon to the new SharePoint Admin Center

In May 2017 we unveiled our plans [] to simplify SharePoint administration through delivering an administrative experience that’s intuitive, intelligent, and simple.  Since then we’ve made available the new admin experience as Preview for customers who have enabled Targeted Release at the Tenant level.  In the next several weeks in our preview we’ll be introducing new updates on our journey to deliver an administrative console designed to help IT achieve more, so their users can achieve more.

Improvements to Site Management


New export capabilities allow you to export the displayed information in Site Management to CSV on both PC and Mac.  Using this output you can now use popular tools such as Microsoft Excel and PowerBI to simplify data prep, drive ad hoc analysis, and create dynamic charts and graphs.

Custom Views

In the upcoming updates you’ll now be able to customize views based on your individual preferences in addition to updating and customizing the default view of sites and related information.

NOTE Views you create are shared across all admins on the new SharePoint admin center.

Search Improvements

If you have hundreds or even thousands of sites, they can be difficult to discover through a single view.  New search improvements will allow you to search across Site Management to find the right information when you need it whether searching by site name, Url, or the primary admin.

Site-Level Sharing for Standalone Sites

SharePoint was born on the concept of sharing and now we’re bringing that core principle to SharePoint admin center by enabling management of site level sharing settings for non-group-connected sites. We will follow this shortly with support for group-connected sites, and also support for advanced sharing settings. In case you’re wondering, yes, we are working on a new tenant-level sharing page.

Improved Email Layout

We’re also updating the email layout when contacting site administrators through the SharePoint admin center to make it cleaner and easier to read.

These updates will begin rolling out to Targeted Release in 4-8 weeks.

We’re looking forward to the ongoing feedback. Use the feedback button at the bottom right of the new UI.  Also, if you see a survey that pops up and asks you how you feel about the new site, don’t be shy, let us know.


Manage sites in the new SharePoint admin center []

Office 365 Attack Simulator and Mitigating Common Attacks (Part 1)

When it comes to security your best line of defense is one that is reactive versus one that is proactive; however, how do you know how you’ll respond to a security incident if one hasn’t yet to occur…that’s where Attack Simulator in Office 365 shines, it’s what sets the security solutions we provide apart from other cloud services.

Attack Simulator is designed to put you ahead of curve and keep you in front of the proverbial 8 ball.  With Attack Simulator you can run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line.

In brief, Attack Simulator as a component of Office 365 Security and Compliance is designed to help you identify issues before they become an issue.  It allows you to determine how end users behave in the event of an attack, and update policies to ensure that appropriate security tools are in place to protect your organization from threats.

Getting Started

Attack Simulator is available as Preview in Office 365 E5 Plans.  The Preview version of Attack Simulator allows you to simulate:

  • Display name spear-phishing attacks
  • Password-spray attacks
  • Brute-force password attacks

To skip ahead and learn how to get started with Attack Simulator visit

Display Name Spear-Phishing Attacks

Spear-phishing attacks are designed to play on the trust of a user or users.  The most common spear-phishing attacks involve some level of sophistication, such as understanding influencers within an organization that generate trust amongst potential recipients of email from that individual.

Using Attack Simulator you can simulate this type of attack by creating messages that appear to have originated from such individuals by changing the display name and source address.

The most common objective by bad actors when implementing spear-phishing attacks are to gain access to users’ credentials.

In addition to leveraging the email sender (display name) and body, attackers will also use document phishing to lure users into passing their credentials such as sending spam emails to many harvested email addresses. These spam emails may contain content that tries to lure the user into clicking on the provided link or opening the provided attachment. As the victim of a phishing attack, the user may be directed to a legitimate-looking website that masquerades as an online bank or corporate mail service to steal user credentials. These credentials may then be captured on the masquerading web server.

Protect Users from Phishing/Spear Phishing with Office 365 Advanced Threat Protection

Office 365 Advanced Threat Protection allows you to configure anti-phishing policies to protect your users.

The anti-phishing capabilities with ATP applies a set of machine learning models together with impersonation detection algorithms to incoming email messages that provides protection for both spear and commodity phishing attacks. All messages are subject to an extensive set of machine learning models trained to detect phishing messages, together with a set of advanced algorithms used to protect against various user and domain impersonation attacks.

Learn more on using ATP to prevent phishing attacks at

ATP capabilities such as Spoof Intelligence and Safe Links/Safe Attachments can also be used to further protect users from impersonation, malicious hyperlinks in a message, and malware and viruses.

For a complete list of protected scenarios refer to the ATP service description at

In addition, consider adding DKIM (DomainKeys Identified Mail) signatures to your domains so recipients know that email messages came from users in your organization and weren’t modified after they were sent to help protect both senders and recipients from forged and phishing email.

Learn more about DKIM at

Password-Spray Attacks

Password-spraying is a method of attempting to login with only one password across all domain accounts.  It’s an alternative to brute-force password attacks that is designed to mitigate account lockouts where a lockout threshold is in place.

This allows an attacker to attempt many more authentication attempts without locking out users. For example, if I were to attempt to login to every account with the password ‘pass@word1’ it is very likely (hopefully not ;-)) that someone at the target organization used that password and I will now have access to their account.

Simplified, password-spraying is essentially a reverse brute-force attack in that as opposed to attempting many password attempts against a single known user, it involves a single, strategic password, used across many known users.

In the Microsoft cloud we handle billions of sign-ins each day and our security detection algorithms allow us to both detect and subsequently block attacks such as these in real-time.

Some of these capabilities include:

Smart Lockout

Azure Active Directory (Azure AD) protects against password attacks with Smart Lockout.  Smart Lockout differentiates between sign-in attempts that look like they’re from a valid user and sign-ins from what may be an attacker. Smart Lockout ensures potential attackers are locked out without impacting a valid user which helps to prevent denial of service on the user and stops password spray attacks.

IP Lockout

IP lockout works by analyzing sign-ins to assess the quality of traffic from each IP address hitting Microsoft systems, using that data, IP lockout finds IP addresses acting maliciously and blocks those sign-ins in real-time.

Password-Spray Attack Prevention

A password is the key to accessing an account, but in a successful password spray attack, the attacker has guessed the correct password.  The best solution to mitigating password spray attacks is using something more than just a password to distinguish between the account owner and the attacker. For example:

Implement Multi-Factor Authentication

Azure AD Identity Protection uses sign-in data and adds on advanced machine learning and algorithmic detection to risk score every sign-in that comes in to the system. This enables you to create policies in Identity Protection that prompt a user to authenticate with a second factor if and only if there’s risk detected for the user or for the session.

Learn more about Azure AD Identity Protection at

For an additional layer of security, you can use Azure MFA to require multi-factor authentication for your users all the time, both in cloud authentication and ADFS.

Learn more about Azure Multi-Factor Authentication at, and how to configure Azure MFA for AD FS at

Azure MFA as primary authentication

In AD FS 2016, you have the ability use Azure MFA as the primary authentication means for passwordless authentication which helps to protect against password-spray and theft attacks.  Using Azure MFA as primary authentication bypasses the need for a password which means there is no password for an attacker to guess.  With Azure MFA you can also use a password as the second factor only after your OTP has been validated with Azure MFA. Learn more about using password as the second factor at

Brute-Force Password Attack

Perhaps one of the more archaic attacks, brute-force attacks consist of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

Brute-Force Password Attack Prevention

Like password-spray attacks you can take advantage of the same recommendations (above) in addition to detection and handling through capabilities such as Cloud App Security.

Cloud App Security is a comprehensive solution that can help you as you move to take advantage of cloud applications, but keep you in control, through improved visibility into activity and increase the protection of critical data across cloud applications.  Cloud App Security provides tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, to help you more safely move to the cloud while maintaining control of critical data.

Through Office 365 Cloud App Security you can, for example, use the Multiple failed user log on attempts to an app policy template to be alerted when a single user attempts to log on to a single app, and fails more than n times within a defined number of minutes.

Learn more about Cloud App Security at

Lastly, enforcing strong passwords and account lockout policies can help to mitigate brute-force attacks.  For more information see also


Your security is only as good as what you put into it.  Using Attack Simulator you can better understand how your users will react and then implement the best set of solutions to ensuring both your organizations’, as well as your users’ security.  While this article is not intended to provide a comprehensive view of all of the security options available in Office 365, it helps map those capabilities to the simulations available in Attack SimulatorTo learn more about Attack Simulator visit

Office 365 to include SharePoint Online and OneDrive for Business provide a broad set of control to help keep your data safe no matter where users are when they access or share data, what device they’re working on, and how secure their network connection is. Through these controls you can customize the level of access granted to users while making sure the resulting constraints meet your organizational security requirements.

For additional information on protecting yourself against threats in Office 365 refer to  This article will help you protect your organization against a variety of threats, including spoofing, malware, spam, phishing attempts, and unauthorized access to data.

Next up, Part 2 Using Attack Simulation and Configuring Security Options…


SharePoint Conference North America has it all, and MORE!

SharePoint Conference North America has it all, and MORE!

Get more by registering NOW!


There are 4 main reasons why people attend technical conferences and the SharePoint Conference North America (SPCNA) has all of them, and MORE!

  1. With the constantly changing world of technology, people need to know what’s new before the competition does. SPCNA has the sessions and workshops to keep you ahead of the curve.
  2. Learning with the best of the best from Microsoft and top industry thought leaders from engineering and marketing. Attendees want to hear the practical solutions from the people who actually designed, built and integrated today’s current technologies. SPCNA has the best speakers.
  3. Network and connect with peers and business technology gurus with an opportunity to share, collaborate and understanding the creation of real world solutions.
  4. Location! The host hotel is the world renowned MGM Grand. When you aren’t engaged with sessions, receptions and parties, there is an endless line-up of shows, restaurants and activities for every taste.

BONUS, When you register for one of our workshop packages, take home an Xbox One X, an Xbox One S or an Invoke by Harman Kardon, FREE.

It’s pretty simple, SPCNA has it all. WE want you to BE THERE!

DLP Policy Tips are now available across new endpoints in Office 365

This summer we introduced a consistent, coherent sharing experience across the Web and desktop – these improvements allow you to share Office 365 files directly from File Explorer on PC and Finder on Mac, in addition to the latest versions of Office on the desktop and Office 365 web experiences. The updates we made provide a simplified sharing experience, so you can share files and folders easily with partners both internal and external, while retaining the right level of security – so whether you share on the web, in Explorer on Windows 10 and Windows 7, or Finder or the Mac, the sharing experience is secure, consistent and simple.

While we’ve made the sharing experience consistent across these endpoints we also understand that data loss and leakage are non-negotiable and to comply with business standards and industry regulations, organizations need to protect sensitive information and prevent its inadvertent disclosure.

To ensure your sensitive data remains that way we’re excited to announce that we’ve extended sharing to include DLP policy tips across OneDrive, SharePoint, Word, Excel and PowerPoint on PC, Mac and Web, so whether you’re working on the web or the desktop, you can remain informed with a consistent policy tip experience as you share files.

SharePoint Online

Microsoft Word


By bringing DLP policy tips into the sharing experience you can both block the sharing action as well as use the sharing dialog as a platform to help understand why an is action is blocked regardless of where you’re working.

Learn more about DLP in Office 365 at

For more information on sending policy notifications and policy tips see