Microsoft Viva Goals

The Microsoft Viva suite has been expanding and delivering its employee experience platform apps since its announcement in 2021. Integrated with Microsoft Teams, Microsoft Viva offers Viva Learning, Viva Topics, Viva Insights, Viva Engage, and Viva Goals, all accessible through the “home” of the Viva Suite, Viva Connections.

Microsoft Viva Goals supports the Objectives and Key Results (OKR) goal-setting framework for the natural alignment of an organization’s top strategic business priorities with the work that is being performed by its teams to drive results and feed a thriving business, keeping forward momentum. Not only will it align, but it will create, manage, and customize OKR workflows through automated check-ins and OKR templates. With a shared dashboard and advanced insights, OKR rhythms can be boosted through the connection of work and outcomes through deep integrations to projects and tasks such as data sources, critical tools, and advanced OKR configurations such as customizable weights and scoring guidance.

Viva Goals provides business leaders, HR leaders, and employees with the benefits of:

  1. Clarity through a centralized source that provides goal setting, progress monitoring, and success assessment across the organization. Teams will be able to connect daily work to outcomes, aligning with the organization’s top priorities on all levels;
  2. Focus teams on impact versus output. With the shift of focus from activity and effort to impact and outcomes, teams will share their progress on the customizable dashboards that translate data into insights for the organization; and
  3. Goals will be kept at the forefront of employees daily through the flow of daily work by bringing action and data into spaces that are already in use by your teams, such as Microsoft Teams, ADO, and the most popular project management and data tools.

Viva Goals: Capabilities

More exciting capabilities will be added in the future, but for now, the features available with Viva Goals to bring your organization’s OKRs into the flow of work for your employees include:

  1. Customize OKRs by using built-in templates or by creating them from scratch;
  2. Understand and align at all levels in your organization your team’s goals in the context of goals, down, up, and across the company with OKR approval workflows, Chart View, and Organizational, Team, and Individual Goal Pages;
  3. Engage and excite employees through clarity and communication of how their everyday work contributes to the progression of the organization moving towards its goals by connecting work to outcomes by aligning Projects and Tasks to OKRs;
  4. Focus discussion at town halls and team meetings with insights on real-time progress towards goals through context and simplified reporting with the use of a customizable dashboard combined with automation and dynamically updating OKRs; and
  5. Collaborate and share the progress and insights with shareable links to dashboards across the organization. By keeping every employee engaged with team goal setting and progress, individual team members of each team will be engaged with a sense of belonging in a community that is striving towards common goals.

Viva Goals: Logging In  

Once your organization has purchased the license for Viva Goals, you can log in by using your Azure Active Directory credentials. Remain logged in to your Azure Active Directory to log in to Viva Goals. Follow the following steps based on your scenario:

  1. On the Viva Goals Sign-In page, select Azure Active Directory;
  2. Log in to your Azure Active Directory;
  3. If there is no organization available, then you will be redirected to the No Organizations page. You will then be prompted to Create a New Organization;
  4. If you are a first-time user and received an invitation link to join your organization, then you will be redirected to your organization’s Viva Goals account;
  5. If you are a first-time user and are not part of an organization, you will then be redirected to the Join Organizations page. Here, select your organization from the list. You will then be taken to your organization after logging in.

Viva Goals: Creating Your First Organization

To create your first organization:

  1. Log into your Viva Goals account with your Azure Active Directory credentials;
  2. You will now be prompted to create an organization;
  3. Select Create Organization;
  4. Enter your organization’s name. You have the option to provide a brief description;
  5. Select the organization type as either Public or Restricted. A Public type allows anyone in your company to join your organization without the need for approval. A Restricted type provides the ability to choose which users get to join your organization. The purpose of Restricted is to keep and maintain a tight-knit user group’s information boundaries;
  6. Select Create Organization;
  7. Your first organization is now created; and
  8. As the Administrator, add users by inviting members.

Viva Goals: Creating Additional Organizations

You may find that you need to create another organization if you are part of more than one organization. To create another organization in Viva Goals:

  1. Log into your first organization in Viva Goals;
  2. At the top of the left menu, select the organization name;
  3. An organization-switcher dropdown list will appear. Select the Create or Join New Organization button;
  4. Select Create New Organization on the Join Organizations page; and
  5. Repeat steps 1 through 8 for Creating Your First Organization.

You can switch between organizations with the organization-switcher dropdown.

Viva Goals: How to Join an Organization  

You can join an organization in Viva Goals by:

  1. Using your Azure Active Directory credentials, log in to Viva Goals;
  2. If you are logging in for the first time and are not a part of an organization, you will be redirected to the Join Organizations page. Select your organization;
  3. If your organization is Public, then you can select the Join button to join your organization’s account;
  4. If your organization is Restricted, then select the Request to Join button. This will send a Request to Join notification to the administrator for approval;
  5. If you are a member of multiple organizations, then you can use the organization‑switcher dropdown list from the left menu. Select Create or Join New Organization. Next, select the organization that you want to join that is listed on this page.

Microsoft Viva Goals provides employees and organizations the ability to utilize the successful OKR framework for the successful alignment of business priorities by focusing teams on the impact of their contributions on the organization’s success in achieving its goals. Employees and teams will feel engaged, empowered, and invested in the success of their organization through the sense of community and collaboration when real-time data and progression is presented on the centralized dashboard during town halls, team meetings, and at anytime an individual or team checks their progress. The key success of the OKR framework answers the question of “Why am I working here every day?” by providing a visible and mental connection between individuals, teams, and the organization’s strategic business goals and how their contributions impact the progress of the organization to reach these goals. Viva Goals provides a new, collaborative, community-based employee experience while propelling the organization forward as individuals and teams pull in the same direction for the successful completion of the organization’s strategic goals.

Microsoft Viva Engage

The Microsoft Viva suite, including Viva Learning, Viva Topics, Viva Insights, and Viva Goals, are all available through the Microsoft Teams app. The latest addition to the Viva family is Viva Engage. With Viva Learning, employees hone their skills and grow their knowledge. Viva Topics organizes expertise and knowledge, making it easily discoverable for your staff. Geared towards individual employees, Viva Insights encourages productivity balanced with self-care for one’s healthy well-being. Viva Goals improves business results by aligning teams. Viva Engage will connect people across an organization by creating communities, encouraging conversations, participating in activities like events, and sharing openly on topics ranging from personal experience to data-driven analytics. Viva Engage is a place where people in your organization can connect, share, and create a sense of belonging by creating communities with each other, regardless of their work environment, whether they are working onsite or remotely or a combination of both.

Viva Engage and Yammer: Their Relationship

The surfacing of new and existing employee-high-value experiences in Viva Engage, such as knowledge sharing, community building, self-expression, and leadership engagement, is powered by Yammer services. Being integrated into Microsoft Teams, Viva Engage also introduces Storylines and Stories, and both features will appear in the web, desktop, and mobile versions of Yammer. Users will see the same content and effectively access the same feature set whether they launch Viva Engage or Yammer.

In comparison to Yammer, there are a few features that are limited in Viva Engage:

  1. Live events and other videos hosted in Microsoft Stream (Classic) do not play on iOS;
  2. Settings such as Managing delegate setting and Setting your skin tone, both of which are available only in the new Yammer, are not available;
  3. Viewing community files stored in the document library of SharePoint; and
  4. Editing or Viewing full community info.

Viva Engage and Viva Connections: What’s the Difference?

The best way to describe Viva Connections is that it is the “home” for the Microsoft Viva suite. It is the gateway, the place for your employees to start their day, and easily and quickly catch up on organizational news, resources, and tasks. Viva Connections is a branded company app where staff can find everything they need to stay connected and complete their tasks. As the overall arcing home of Microsoft Viva, Viva Connections provides a structured, tailored, and curated experience that reflects the user’s job role and the organization’s priorities, including resources, tasks, and organizational news. Featuring content from Viva Engage and SharePoint News, Viva Connections’ feed includes announcements, storyline posts from people who staff follow, and @Mentions.

Focusing on individuals, co-workers, leaders, and communities, by connecting and engaging each other, Viva Engage is the social layer of Microsoft Viva and Microsoft 365. Viva Engage provides a space for people to socialize through conversations (and they may come onto some unexpectedly), volunteering and sharing of their expertise and knowledge, and asking questions (and these can be work-related or “get to know each other” types such as “Post a pic of your pet”), hosting and/or participating in virtual events, and most importantly, extending their work network with more in-depth interactions and engagement.

Viva Engage: What is it?

Connecting. Sharing. Belonging. Microsoft Teams Viva Engage encourages a positive, inclusive, engaging, and community-based work culture as a social platform. Viva Engage allows individuals to connect with their co-workers, leaders, and communities regardless of their physical location in the work world. By fostering a social work culture, Viva Engage enables all members of a community and network to share:

  1. Questions and Answers: this is a great way to crowdsource solutions to questions being posted. Questions can be posted and pinned, replies can be voted on, and the best answers can be marked.
  2. Conversations: get social! Initiate, join, and build conversations across teams and departments with pinned conversations and @Mention to draw co-workers into the dialogue.
  3. Announcements: there are several announcement types, and with each announcement, team members can be kept informed and engaged as notifications will reach them through the web or on mobile.
  4. Stories and Storylines: using familiar social tools like creating, uploading, sharing, and following, leaders and co-workers can create stories by sharing their thoughts, experiences, and knowledge through conversation and video for colleagues to engage and follow. Storylines will be a feed that features posts from peers along with the most popular posts across the organization and the Following feed will feature the latest posts from the people that you follow.
  5. Virtual Events: staff and leaders can be brought together to have meaningful conversations with virtual Town Halls, Q&A sessions, and video presentations.
  6. Topics: call in experts with @Mentions after creating and following #Topics. #Topics will assist employees in finding relevant content from company resources and learning providers.
  7. Analytics: detailed insights are provided for every conversation, event, and community. These detailed insights measure engagement and activity, providing enough data to act.

Viva Engage: Setting Up

Installing Viva Engage App for Yourself in Teams

  1. Open Microsoft Teams on the desktop client or the web
  2. Select Apps on the left side of Microsoft Teams
  3. In the Search bar, search for Viva Engage
  4. Select the app for Viva Engage
  5. Select Add to add the app to all your Teams clients, including the mobile app

Note: Check with your Teams admin if you do not see Viva Engage in the available apps as they may have renamed the app.

Installing Viva Engage App for Your Organization

If the Microsoft Teams admin chooses to deploy Viva Engage for specific departments, then this can be done through a Teams app setup policy. If the Microsoft Teams admin chooses to deploy for the entire organization, then they deploy and pin the app for all users.

Licensing for Viva Engage and Yammer

As Viva Engage is included in the existing Yammer license, enable Yammer users will be enabled to use Viva Engage.

Configure and Review Privacy and Security Settings in Yammer

The content in Yammer and Viva Engage is managed by the Yammer administrator. However, Privacy and security controls from Yammer are shared with Viva Engage.

Viva Engage: Customizing the Appearance in the Teams Store

For organizations that have given their network custom branding to reflect their corporate identity, Viva Engage can be customized in the Teams app store. The appearances that can be customized for Viva Engage include:

  1. Accent color
  2. App icons
  3. App name
  4. App description

The Microsoft Viva suite has provided Microsoft Teams with several apps, including Viva Learning, Viva Topics, Viva Insights, Viva Goals, and Viva Connections (the home for the suite). Now, with Viva Engage, there is a place where people in your organization can connect, share, and create a sense of belonging by creating communities with each other, regardless of their work environment, whether they are working onsite or remotely, or a combination of both.

Microsoft Teams Rooms Pro

In 2020, Microsoft announced Microsoft Teams Rooms to the MS Teams platform to support corporations and users adapting to the hybrid environment that was and continues to be, affected by the global pandemic. Microsoft Teams Rooms was developed to close the difference in the gap between onsite and remote staff meetings in a virtual space. Two years later, the work environment has morphed, demanding sophisticated, realistic, integrated, and interactive capabilities for meeting in the combined spaces of face-to-face and virtual. Microsoft Teams has kept the pace, but more importantly, focused and elevated these experiences for users in combination with ease of use and management. Understanding that users are both onsite and remote, Microsoft has met this challenge through an innovative approach by rethinking and designing Microsoft Teams Rooms. Unlike previous licensing, Teams Rooms licensing is based on the number of devices rather than users. Changing from the previous licensing format, the new Microsoft Teams Rooms licensing offers two forms – the Basic and the Pro. Notably, there are some major differences in the offerings between the plans.

What is a Microsoft Teams Room?

Microsoft Teams Room is a virtual space for staff to meet regardless of their location at the time of the meeting. Microsoft Teams Room facilitates attendees to meet virtually, even if they are on-site in their own office or a board room, offsite in their home or cottage, or a combination of both on-site and off-site. This hybrid meeting environment has challenges, including creating an environment whereby attendees interact as if face-to-face, ease of use, realism, and on-the-fly meetings. Microsoft Teams Rooms eliminates the barriers that exist between places, people, and spaces. It is a splace (space and place) for attendees and participants to inclusively meet, engage, create, collaborate, and be together regardless of their physical location.

What is Microsoft Teams Room Basic Plan?

Previously, Microsoft Teams Room was available in the Basic and Premium Plans. With the introduction of Pro, the former Premium plan is no longer available.

Microsoft Teams Room Basic is just that. The Basic plan will provide small businesses the ability to create hybrid meeting spaces through scheduling, sharing wireless content, and joining meetings. However, if your small business requires assistance in managing core and hybrid meeting features, then the Pro plan is the one that will meet these needs.

Teams Room Basic is included with all certified Teams Rooms devices at no extra charge if purchased before September 1, 2022. For licensing, 25 Basic licenses, or rooms, can be applied by the customer to their tenant.

What is Microsoft Teams Room Pro Plan?

The new Teams Room Pro Plan focuses on ease of usability, security, flexibility, inclusivity, and management while providing a simplified purchasing process for customers. Teams Room Pro offers one license that includes the existing Teams Room features, innovative advancements in hybrid meeting experiences, and the Teams Rooms managed service platform.

Some features are currently available in Teams Room Pro while others will be rolled out in the future. These features include:

  1. Intelligent Video and Audio for Certified Microsoft Teams Devices: Advanced camera capabilities will use AI to capture and automatically frame the active speaker, creating a feeling of being in the room even though the attendee is remote. Video layout options include front row while audio will be high quality with noise suppression and full optimization of bandwidth for smooth streaming;
  2. Increased Engagement: Engaging with ease encourages attendees to participate, especially those who are remote. Interactions like content sharing, raising a hand, and providing live reactions are some of the most popular and well-known features that continue to be accessible for participants. To ensure conversations that happen alongside the meeting are not missed, chat bubbles appear in the classic video grid layout to alert in-room participants;
  3. Powerful Collaboration: With Microsoft Whiteboard, Microsoft Surface Hub 2S, and intelligent capturing of an analog whiteboard, every attendee will have the real-time capabilities to collaborate. Adding a touch display enables multi-user capabilities for sharing the whiteboard while the addition of a content camera provides an augmented and intelligent whiteboard view in Teams meetings;
  4. Management and Security: With hybrid meeting environments, trustworthy, operational, and strongly effective security is mandatory and not an option. Teams Room Pro not only provides essential enterprise-grade security and management but also provides device analytics, access control, remote configuration, and IT service management integration (ITSM). The Teams Rooms managed service platform provides AI-driven operations that detect problems, provide solutions at scale, and provide automatic updates.

Microsoft Teams Rooms Pro: Teams Rooms Managed Services, IT Service Management (ITSM) Integration

In the previous Teams Rooms Premium plan, Microsoft provided a paid service for 24/7 monitoring and management of the room operating system and software with the permission to perform remote action to address any issues or deficiencies. With the new Teams Rooms Pro plan, Microsoft will no longer provide this paid service but instead will enlist partner remediation. Beginning October 1, 2022, all incidences will remediate automatically or route to either the designated management partner of the customer or the customer’s IT department, negating the need for Microsoft engineers to be the intermediary.

Preparing for the Transition to Microsoft Teams Rooms Basic and Pro

The deadlines for the transitions are coming up quickly, and as administrators, these deadlines are outlined in Microsoft’s documentation under “Important” notes.

One detail to be noted is that “legacy licenses” will not automatically transition to the new licenses. When a legacy or older license expires, an organization will have to switch to Basic or Pro, which can be done through the Microsoft 365 Admin Centre Portal. Alternately, licensing for the Teams Rooms Pro plan can be purchased from sales channel partners of Microsoft.

An important detail regarding user licenses used with Teams Rooms devices, as noted in Microsoft’s documentation, will no longer be supported effective July 1, 2023. User licenses will need to be replaced by a Teams Rooms Basic or Teams Rooms Pro license as Teams Rooms licensing is based on the number of rooms, not the number of users. It was also made clear that meeting devices that have a user license will be blocked from signing in until a Teams Rooms license is assigned.

Once again, Microsoft has focused on the Microsoft Teams collaborating app with changes and enhancements that continue to support interactive, real-time, engaging, and collaborative meetings in Microsoft Teams Rooms. Whether it is the Basic or Pro license, organizations will be able to schedule, join, and share content with the Basic license to fully immersed, innovative, collaborative participation with high-definition audio, visual enhancements, multi-user whiteboarding, side-chat bubbles, and live reactions with the Pro license. Whichever plan is implemented, Microsoft Teams Rooms continue to provide an excellent solution as a key method of hosting and delivering meetings regardless of participant location. Seamless and easy to use, Microsoft Teams Rooms transcends barriers and brings together participants who are onsite, remote, or a combination of both into one space as if they are face-to-face for real-time collaboration.

Microsoft Ignite October 2022: Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams

In continuation from our first article, Part 1: Security and Compliance Across SharePoint, OneDrive, and Teams, we will continue to examine the announcements from Ignite 2022 of how Microsoft is offering new measures of cybersecurity as it resolves to meet the high Zero Trust standard of cybersecurity. Cybersecurity has been highlighted with the hybrid work environment with many organizations being prey to hackers, and in some situations, being held hostage to pay fines and ransoms. These situations can cause severe loss of income to the bankruptcy of an organization.

Not to be taken lightly, Microsoft has introduced six new security and management capabilities to help counter these cyberattacks. As announced at Ignite 2022, these counter measures include:

  1. Advanced access policies for secure collaboration
  2. Security controls to safeguard content
  3. Comprehensive compliance
  4. Migration enhancement
  5. Advanced sites lifecycle management
  6. Organization lifecycle management.

In our previous article, we examined Advanced Assess Policies for Secure Collaboration, and in this article, we will review the remaining new announcements for security and management.

Security Controls to Safeguard Content

User-Defined Permissions (UDP) Support for Office Files in SharePoint, OneDrive, and Teams: Private Preview

Expanding and innovating with Sensitivity Labels, User Defined Permissions, Office files will be protected with labels containing User Defined Permissions (UDP). Admins will be able to apply sensitivity labels that are associated with admin-defined permissions, such as who can view and co-author files in SharePoint, OneDrive, and Teams.

Protected PDFs Support in SharePoint, OneDrive, and Teams: Private Preview

By bringing the security controls that power Office files to protected PDF files, sensitivity labels can now be viewed in the Document Library’s sensitivity column when labeled and encrypted PDF files are uploaded to SharePoint, OneDrive, and Teams.  Compliance and security admins, by using their established DLP or eDiscovery policies, can govern these protected PDFs.

Default Sensitivity Labels for SharePoint Document Libraries: Public View

The default sensitivity label for SharePoint Document Libraries can be set through the Library Settings in the information panel. Once the appropriate sensitivity label has been assigned, all documents in that library will be labeled automatically. These documents can be newly created ones or ones that are being modified. The concept of labeling with rich sensitivity labels that have been applied with Office files, SharePoint Sites, Teams, and Microsoft 365 groups can now be applied to new and uploaded documents in SharePoint Document Libraries.

Programmatic Way to Assign Sensitivity Label to a File in SharePoint, OneDrive, and Teams: Private Preview

A premium capability, a programmatic endpoint in the Microsoft Graph Beta will allow users and applications to allow the labeling of files.

Anti-Malware Scan on File Download: General Availability

Advancing towards Zero Trust, the third layer of protection is added in addition to the asynchronous antimalware scanning in SharePoint and OneDrive with anti-malware scanning during downloading of unscanned files through the browser or in Teams.

Forensic Malware Identification and Extraction: General Availability

Through the use of the simple SharePoint PowerShell cmdlet, administrators will not need to elevate their access to the SharePoint or OneDrive site where malware and infected content is present. They will be able to determine what type of malware is present in a file that is marked infected and extracts the infected file from the site in order to perform further analysis, circumventing the existing challenge of how to gain access to infected files without needing to gain access to all the files in the source site.

Comprehensive Compliance

Information Barriers (IB) 2.0: IB Modes and Multi-Segment Support: General Availability

The needs of users can be tailored with the capability provided through the Information Barriers (IB) modes while maintaining corporate information barriers. With five IB modes (Owner-moderated, Open, Explicit, Implicit, and Mixed), there is flexibility and customizability to support site/team owners to bring in incompatible segments users to the site/team to participate in multiple regulatory projects to successfully complete projects while meeting mandatory regulatory needs.

Migration Enhancements

Migration Manager

With Migration Manager, Bulk download reports, Migration filters, and Estimated time to migrate are new features added to simplify the migration of content from file shares, Dropbox, Google Drive, Egnyte, and Box.

Bulk-Download Detailed Reports

When performing cloud migrations, gone is the time-intensive download of detailed reports that are chosen one by one. Instead, this can now be done with one click by selecting tasks in the scans and migrations tab.

Migration Filters

Content can be curated in M365 by filtering the files and folders containing invalid characters, excluding by folder names and file extensions, and by date of creation and modification. There is an option to replace invalid characters with valid characters.

Estimated Time to Migrate

An estimate of time to complete the migration project and the task level is provided based on scans, file sizes, and other factors.

SharePoint Migration Tool (SPMT) Improvements

Scanning and migration from On-prem Server are streamlined within one tool while the navigation page flow is intuitive for managing migration jobs and creating migration-by scenarios.

Advanced Sites Lifecycle Management

SharePoint Data Access Governance (DAG) Insights V1: General Availability

The lifecycle of a site starts at the time of its creation and evolves to the active state when content and collaboration occur with users. During this active state is when oversharing or accidental sharing occurs. With DAG, administrators can discover the top 100 and the top 10,000 sites of millions of sites that an organization may have and that requires the closest monitoring/validating/tailoring for share and access policies for these sites.

Sites Lifecycle Policies – Inactive Sites: Preview

With Sites Lifecyle Policies, administrators can create tailored inactive site policies that target specific SharePoint sites, Teams created sites, Public labeled sites, or sites with information segment of Research. These policies will trigger an alert to the respective site owner, providing them the option to delete, keep or exercise other actions on these inactive sites.

Site History and Recent Admin Actions: Preview

The Site History capability in the SharePoint Admin centre addresses the inability of SharePoint admins to troubleshoot inaccessible team sites, know the lifecycle state of a site, manage the lifecycle, and know the activities carried out by site owners. The Site History will provide a history of all changes made to site properties by all site owners and admins in the admin actions panel and will show the latest site changes such as site URL, site name, storage limit, and share settings. Admins will also be able to export 30 days of changes.

Organization Lifecyle Management

SharePoint Tenant Rename: General Availability

For tenants with less than 10k sites, SharePoint Tenant Rename allows SharePoint admins to rename the tenant’s SharePoint URL should the organization need to rebrand due to a merge or expansion across satellite locations.

OneDrive Cross-Tenant User Data Migration: General Availability

With OneDrive Cross-Tenant User Data Migration, admins can move users’ OneDrive and mailboxes across two tenants by implementing a simple set of SharePoint PowerShell cmdlets. Sharing links to old URLs will continue to work even though the URL of OneDrive has changed. Why would admins need to migrate users across two tenants? Situations arise when companies expand through mergers and acquisitions, which are part of an organization’s lifecycle. When mergers and acquisitions occur with a common footprint in Microsoft 365, OneDrive Cross-Tenant User Data Migration makes easy work of moving users from one tenant to the next while retaining content integrity and security.

Microsoft Ignite 2022 has had some exciting announcements, including its stance on Zero Trust concerning cybersecurity and the many ways it is addressing and proactively implementing to achieve this standard. From sensitivity labels to access policies, from site lifecycle management to secured migration tools, Microsoft is providing organizations, admins, and their users several layers, methodologies, and processes to retain control of content at the organization, admins, and user levels. Cybersecurity with Zero Trust is the new standard and Microsoft is working adamantly towards this high bar of security.

Microsoft Ignite October 2022 Part 1: Security and Compliance Across SharePoint, OneDrive, and Teams

Around the world, we hear how corporations fall prey to cyber predators. Cybersecurity has never been more important than now with the hybrid conditions for work. The challenge has been to ensure the cybersecurity of data and content for staff who work remotely on their systems and Wi-Fi network in conjunction with staff who work on-site. With so many possibilities of threat entries, cybersecurity has reached Zero Trust as the standard and norm. Microsoft is committed to enabling its customers to diligently, smoothly, and easily as possible manage content, people, and context across SharePoint, OneDrive, and Teams.

Microsoft announced at Ignite today, six new security and management capabilities including:

  1. Advanced access policies for secure collaboration
  2. Security controls to safeguard content
  3. Comprehensive compliance
  4. Migration enhancement
  5. Advanced sites lifecycle management
  6. Organization lifecycle management

In this article, we will review Advanced Access Policies for Secure Collaboration and we will review the remaining in the next article, Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams.

Advanced Access Policies for Secure Collaboration

Advanced access policies for secure collaboration are currently available as either private preview, general availability, or premium feature and span across SharePoint sites, OneDrive, and Teams.

Restricted Access Control (RAC) Policy for SharePoint Sites: Private Preview

Unauthorized access to content can occur when content is overshared by users. Users commonly share content with good intent, but they are unknowingly and mistakenly, sharing with a broad audience, resulting in unauthorized access to content by the broader audience. Oversharing has always been an issue, but with hybrid work environments, this has bubbled to the surface with an expansion of oversharing and unauthorized access to content.

With the RAC Policy for SharePoint Sites, administrators can now restrict access to SharePoint Sites, instantly restricting access to content to a confined set of users, regardless of how widespread the content has been shared or where inheritance was broken at the content level.

This advanced policy, RAC Policy v1 (Private Preview), allows administrators to restrict Microsoft 365 Groups-connected sites to having the same membership as the parent Microsoft 365 Group, even if the site or content was shared outside of that group membership. Microsoft announced that this policy will be extended to all SharePoint Site templates by configuring the RAC policy with a security group.

Restricted Access Control (RAC) Policy for OneDrive in Your Organization: General Availability

Announced at Ignite this week, the Restricted Access Control Policy for OneDrive is generally available. Similar to oversharing of SharePoint sites with external users, OneDrive content is also overshared.

By creating security groups in Azure Active Directory that contains all the organization’s employees and then configuring the Limit OneDrive Access to those groups in the SharePoint Admin centre, only those groups granted access will now have access. By restricting access to all OneDrives in your organization to a determined set of users such as only employees, your organization’s content is secure from being accessed by externals who should not have access in the first place.

Conditional Access Policies for SharePoint Sites, OneDrives, and Teams: General Availability

There is flexibility with the Conditional Access Policies for SharePoint Sites, OneDrives, and Teams by allowing admins to determine whether the content is classified as business strategic or general training content. Both types of content will require different levels of security whereby classified business strategic content is accessible only when certain conditions are met, and general training content should be easily accessible. The conditional access requirements should match the security posture of these sites.

This can be achieved by utilizing SharePoint Online PowerShell to set the appropriate access policy for a site. This will dictate the conditions that are required to access the specified site. For example, a site containing business strategic information can have the condition of multi-factor authentication (MFA) to be met in order for a user to access this site. Additionally, these policies can be associated with sensitivity labels, if deployed, by labeling the teams or sites appropriately. The key benefit of this policy is that it allows the admin to have users go through additional credentialing only when they are accessing critical sites or teams that contain business strategic content.

Access policies are just one of the methods that are being applied for cybersecurity by Microsoft. As Microsoft moves closer to Zero Trust, increasing security controls, safeguards, malicious malware protection, and lifecycle management are all integral parts of this advancement. In our next installment, Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams, we will examine these closer in detail.