O365 News: Security & Compliance Center is getting replaced

Office 365 Security & Compliance Center is getting replaced by 2 new sites:

The administrator experience will change, but this won’t impact your current security and compliance configurations.

The rollout happens February through March 2019.

Office 365 security: 3DES cipher comes to it’s end on February 28, 2019

As part of Microsoft’s plan to move all online services to TLS 1.2, they are retiring 3DES beginning February 28, 2019. As a result, connections using the ciper 3DES will not work.

You can get an overview of your TLS 1.0/1.1 and 3DES usage in Office 365’s Secure Score at http://securescore.microsoft.com

Remember that TLS 1.0 and TLS 1.1 are not supported since October 31, 2018. Fore more details see:


Office 365 will remove support for TLS 1.0 and TLS 1.1 starting October 31, 2018

As of October 31, 2018, Microsoft Office 365 will remove support for TLS 1.0 and 1.1. This means that if you have issues connecting to Office 365 services because of weaker protocols, no support tickets would be generated.

By October 31, 2018, all client-server and browser-server combinations should use TLS version 1.2 (or a later version) to ensure connection without issues to Office 365 services. This may require updates to certain client-server and browser-server combinations.

If you do not update to TLS version 1.2 (or later) by October 31, 2018, you may experience issues when connecting to Office 365. If you experience an issue related to the use of an old TLS version after October 31, 2018, you will be required to update to TLS 1.2 as part of the resolution.

The following are some clients that we know are unable to use TLS 1.2. Please update your clients to ensure uninterrupted access to the service.

•  Android 4.3 and earlier versions
•  Firefox version 5.0 and earlier versions
•  Internet Explorer 8-10 on Windows 7 and earlier versions
•  Internet Explorer 10 on Win Phone 8.0
•  Safari 6.0.4/OS X10.8.4 and earlier versions

Source: https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

This change comes in the context where of all major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether announced October 15, 2018 to remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols in the first half of 2020.

See the official articles here:

Google: https://security.googleblog.com/2018/10/modernizing-transport-security.html
Microsoft: https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
Apple: https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Mozilla: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

Office 365 migration – design your local network to improve performance

Optimizing Office 365 network performance comes down to removing unnecessary impediments.

User data and processing in Office 365 is distributed between many Microsoft datacenters. There is no single network endpoint to which client machines can connect. Services are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.

Shortening the network path to Office 365 entry points by allowing client traffic to egress as close as possible to their geographic location can improve connectivity performance and the end user experience in Office 365. By treating Office 365 connections as trusted traffic, you can prevent latency from being introduced by packet inspection and competition for proxy bandwidth. Allowing local connections between client machines and Office 365 endpoints enables traffic to be dynamically routed through the Microsoft Global Network.

The optimum connectivity model is to always provide network egress at the user’s location, regardless of whether this is on the corporate network or remote locations such as home, hotels, coffee shops and airports. Generic Internet traffic and WAN based corporate network traffic would be separately routed and not use the local direct egress model. This local direct egress model is represented by Microsoft in the diagram above.

Office 365: 10 hands on tips for a successful migration

These are my top 10 tips and learnings made by leading Office 365 migration projects:

1. Plan your User Identities

Identities are everything in Office 365. Spend more time on planning the identities than on any other service. While for SharePoint/Exchange/Skype/etc. you will be able to do some changes during the migration, if you need to change something for the identities or authentication it can become a nightmare as it affects everything in Office 365.

e.g. you cannot change the sourceAnchor attribute (it is immutable during the lifetime of an object)

2. Use idFix to fix your Active Directory before uploading the users to the cloud.

IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory.


3. Create a proof of concept (Poc)

Test the complete migration procedure in a lab or test environment. You will be able to use the environment also for additional testing or issues that might encounter post migration.

4. Evaluate 3rd party tools and ask for trial licenses

Sometimes the Microsoft tools are not enough and you need to go for third party tools. Contact the sales persons and ask for a demo. Many times the sales persons are also the ones that can give you a free trial to evaluate the tool in your test environment.

5. Create a migration runbook for sysadmins

IT administrators from other locations should be able to perform a complete migration by following the steps in the runbook. It doesn’t need to have a specific format, but it needs to be very well documented so every newbie would be able to follow it.

6. Migrate some test users and the IT administrators first

Do not start the velocity migration before getting the confirmation from the local departments that all processes and tools work as expected.

7. Office 365 throttling

Office 365 uses various throttling mechanisms to help ensure security and service availability. You might fight out during the migration that data is being transferred to the cloud at a low speed, and not because of your local network. There are various methods to overcome those throttling policies (e.g. for Exchange you can ask Microsoft support to „relax” the throttling for your tenant during the migration).

8. Change Management

Take care of your users. Communicate all change to users and train them before the migration itself. Remember that a successful project is being measured through happy users.

9. Have a disaster recovery and backup plan

Mistakes can happen. But if they happen, you need to solve them fast.

10. Use the FasTrack Center Benefits

If you have 500 or more Office 365 licenses per tenant, you qualify for the FastTrack center migration services. Do not hope that FastTrack will do the migration for you 😊

Their benefits are described here: https://docs.microsoft.com/en-us/fasttrack/fasttrack-benefit-for-office-365

Configure folder redirection to OneDrive. Sync your Desktop, Documents and Favorites folders to the cloud.

In a recent customer project, we have redirected the user’s personal Desktop, Documents and Favorites folders to the cloud using OneDrive. Users can get to their files from anywhere and the files are safe in OneDrive if anything happens to the devices.

Configure folder redirection in 3 steps

  1. Prevent users from changing the location of their OneDrive folder
  2. Create an environment variable for the OneDrive folder
  3. Configure redirection of Documents, Desktop & Favorites folders to OneDrive
1        Prevent users from changing the location of their OneDrive folder

We will configure a group policy to make sure users sync their OneDrive to the default location and do not change the location of their OneDrive folder.

The group policy is located under:

User Configuration\Policies\Administrative Templates\OneDrive\Prevent users from changing the location of their OneDrive folder


2        Create an environment variable for the OneDrive folder

Group Policy won’t let us redirect known folders directly to a different location under %userprofile%, so we need to create a new environment variable that contains the location of the folder under %userprofile%.

We’ll use item-level targeting in this environment variable to prevent folders from being redirected until the folder has been created by the sync client.

Under “User Configuration\Preferences\Windows Settings” create a new Environment variable called “OneDriveSync” and set the value to “%userprofile%\”.

e.g. %userprofile%\OneDrive – ranari

In the common tab check the box “Item-level targeting” and define a new item that matches the folder you have defined before “%userprofile%\”.

3        Configure redirection of Documents, Desktop & Favorites folders to OneDrive

Under “User Configuration\Policies\Windows Settings\Folder Redirection”, go to Properties and enable the setting “Basic – Redirect everyone’s folder to the same location” and set the Target folder location to “Redirect to the following location”. For the Root Path type in “%OneDriveSync%\Documents”.

On the Settings tab, clear the “Move the contents of Documents to the new location” check box.


Leaving this setting enabled could result in data loss when the contents of the Documents folder is merged with the OneDrive folder, if there are files with the same name in both locations.

Configure group policies similarly to redirect the Desktop or Favorites area.

Important Considerations

Note that it is not supported to have existing content automatically migrated by Group Policy to the OneDrive folder. With automatic file migration, there is a potential for data loss in cases where there are files in both locations that have matching file names.

Once the redirect to OneDrive is in place, we’ll need to migrate the user’s data from the original location on their local disk to the OneDrive folder.

Keep in mind that as new users and computers come online over time, users may still save files to their Documents folder before they configure the OneDrive sync client, and these files would then need to be moved to the OneDrive folder after the redirect takes place.

User Experience

After everything is set up, here is how the user experience will look like:

  1. The user logs in to Windows and gets the OneDrive set up page. odb10
  2. He types in his e-mail address first.lastname@ranari.com and clicks Sign in.
  1. If a new login window appears, types in the credentials again and clicks ok. (after adding the sites through GPO in the IE zones this step might not be necessary)
  1. Go through the Wizard without changing any settings, click Next every time.
  2. The Folder Redirection will be configured automatically on the next reboot.
  3. All the existing files need to be manually copied to the new locations. Or they can be copied via script, which I will cover in a separate article.odb12

Getting Facebook adds from a site you just visited? Facebook Pixel

I keep seeing adds on Facebook from an online shopping site that I just visited. Does this sound familiar? It happens to me all the time.
The feature that makes this possible is called Facebook Pixel. By placing Facebook Pixel Code on the header of your website, when someone visits your site and takes an action like completing a purcase, the Facebook Pixel is triggered and reports the action. You will then be able to reach to the customer again through future Facebook ads.

Curios to see if a site uses Facebook Pixel?

1. Open in Internet Explorer any add suggested by Facebook.
2. Press F12 to switch to the Developper Tools.
3. Press Ctrl+F to open the search query and search for „fbevents.js”.
4. Finding a match like this one will confirm that the site is using Facebook Pixel Events.

To set up Facebook Pixel on your own site follow these steps

1. Create a Facebook pixel from the Pixels tab in Facebook Add Manager available at https://www.facebook.com/ads/manager/pixel/facebook_pixel

2. Update the website’s header section with the code provided by Facebook Pixel. The code looks like this:

3. Track specific actions people take on your website by setting up the Facebook Pixel in the Ads Manager https://www.facebook.com/ads/manager/pixel/facebook_pixel
You can choose between following events to track on Page Load or Inline Action: Purchase, Generate Lead, Complete Registration, Add Payment Info, Add to Cart, Add to Wishlist, Initiate Checkout, Search, View Content.

You can also create your own custom events.

Sources and more information
Facebook Pixel

Pixel Events – Facebook Tag API