[ #Office365 ] What’s new for IT Pros in 2015 and beyond, part 1: the big picture

First article from a series on news on [ #Office365 ] Administration:

There had been a lot of announcements around Office 365 admin at MS Ignite2015 and since that time several new features have already been delivered (at least on First Release tenant). The big picture may seem difficult to understand but you can in fact categorize them in 3 topics:

  • Administration control
  • Data protection and Control
  • Auditing and Reporting


We will detail in the following posts these features but right now we can give some hints on them and when there are coming. Here is a summary.


Enhanced Compliance Center

Compliance center should be thought as the place where the admin will be able to govern all the data of Office 365, across the various applications and data silos. With Compliance Center, you can work with data stored in:

  • Exchange Online,
  • SharePoint Online,
  • OneDrive for Business and
  • Skype for Business.

The compliance center is regularly evolving and was first based on Exchange (as it looks like on the left and as the URL proved it: https://compliance.protection.outlook.com), but it is more and more spanning all the services. We can see the evolution on these screnshots:


When new capabilities are there or will be around:

  • Mobile Device Management (has been added first since April 2015) and is activated on demand
  • Data Loss Prevention (coming from Exchange is reaching SharePoint et OneDrive content as well)
  • Compliance Reports
  • Compliance Search (announced on June 17, 2015 here: Introducing Compliance Search in Office 365)

If you want to know more about current capabilities of the Compliance Center, some are demonstrated here starting at 11:18 with:

  • Retention policy at 13:30
    • Deletion policy at 13:30
    • Preservation policy at 18:20
  • Mobile Device Management (MDM) at 38:24 (to 46:25)

New capabilities of the Compliance Center are demonstrated here:

    • eDiscovery at 19:30
      • Data Loss Prevention (DLP) at 21:20

Mobile Data Management

To activate MDM for Office 365, you should first go to the admin center and “mobile devices”, then click on “Get Started”


More on this here: Manage mobile devices in Office 365

I have already described the MDM features of Office 365 here.


The following schemas detail what happens when a user with a new device signs in to an app that supports access control with MDM and when a user with an enrolled device isn’t compliant with a security setting in a mobile device management policy that applies to their device:


This schema shows what are the apps supported to control access to Office 365


They are coming from the documentation here: Capabilities of built-in Mobile Device Management for Office 365


Data Loss Prevention

Data Loss Prevention (DLP) helps you identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. You can set up DLP policies to notify users that they are sending sensitive information or block the transmission of sensitive information. For a conceptual overview of DLP in Exchange Online, watch the following video:


The specific DLP roadmap is detailed here (from Evolving Data Loss Prevention in SharePoint Online/OneDrive for Business and Office applications):

Evolving Data Loss Prevention 1

Available in Phase 2 public preview (starting Q2 CY2015)

Coming in Phase 3 (planned second half CY2015)

Create automated policies with any of the available built-in sensitive information types

Exceptions for locations and conditions

Detect external sharing and apply appropriate actions

Ability to encrypt content as an action

Scope the policies to specific locations or sites

Support for custom classifications and document fingerprinting

Scanning for document properties (metadata)

Shared by/by member of conditions

Block or restrict access to the sensitive content

Detect content scanning errors

Customizable Policy tips and user notifications via policy tip and email

Richer content types and more enforcement endpoints

Admin facing Incident reports and reporting


To summarize here is a global summary of the roadmap:


[Updated on July 23th, 2015]

I added to the roadmap the announcement made at MS Ignite by Julie White about the possibility for customers to use their own keys, so called “Bring Your Own Keys” (BYOK) to crypt Office 365 files and data. This will not come before 2016  



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s