One of those “looking back on 2017" blogs on Office 365
Another year has passed, which means it’s time for all those “looking back” articles. Well, here’s mine, listing some of the coolest features or updates Office 365 got in 2017, but not necessarily the biggest or most talked about ones. Everything featured below is of course my personal opinion. So, let’s start – in no particular order.
Support for Modern authentication across the board
Modern authentication has been around for years now, and in 2017 we finally saw all the different teams at Microsoft embrace it. We got the ADAL-enabled PowerShell module for Exchange Online and later on, support for the Security and Compliance Center PowerShell cmdlets. The Skype for Business PowerShell module also got support for Modern authentication, as did the SharePoint Online module and the Azure RMS (Azure Information Protection) module.
All the newly released clients, applications, and PowerShell modules also feature support for Modern authentication. Which in turn means that there is no longer an excuse to use accounts that are not secured with some form of multi-factor authentication, especially when it comes to privileged accounts. More importantly, Modern authentication enables some password-less authentication scenarios, extends the support for 3rd party IdPs and MFA solutions, and is the basis of Conditional access and features such as Pass-through authentication. Therefore, the adoption of MA should drive a horde of new features in 2018!
Conditional access improvements
2017 brought a lot of improvements to the Conditional access functionality. New applications that support conditional access, expanding support for macOS, iOS and Android, new controls (including 3rd-party MFA solutions), session restrictions and much more. In effect, Conditional access now offers even more flexibility than federated scenarios, while being much easier to configure compared to AD FS claims rules for example.
There are still some challenges left to tackle, for example the lack of support for legacy authentication scenarios, but hopefully Microsoft will be able to offer a solution for these in 2018.
Pass-through authentication and SSO
Technically, we first saw these two features in preview in December 2016, but they actually reached GA status in September this year – which means they qualify here.
Pass-through authentication allows organizations to delegate the authentication process to their on-premises servers, without requiring the complexity of AD FS deployments. PTA is now the recommended choice for most organizations, unless you have some specific requirements. However, AD FS still dominates the monthly authentications statistics, but that’s slowly going to change in the future.
The Seamless SSO feature further bridges the gap with AD FS, when it comes to end-user experience. Seamless SSO can be combined with either Password Hash sync or PTA to make windows-integrated authentication possible for those scenarios. To really make the experience seamless however, you need to combine it with “hints”, so that the user is never prompted for credentials.
At the end of the year, we also got a new login experience for Azure AD, which is certainly easier on the eyes, but still has some minor issues.
Stricter control for compliance functionalities
In 2017, we saw a lot of updates to the different compliance features, both small and significant. There were the initial versions of the unified DLP and retention experiences, Event-based retention, Disposition Reviews, the new Supervisory review, revamped reporting, and much more. The Security and Compliance Center has better RBAC support now, and we already mentioned the support for modern authentication for the SCC PowerShell module. Apart from that, I want to name two particular features: targeted collection for eDiscovery searches, and the Search permissions filters.
Targeted collection for eDiscovery searches enables you to scope down your searches to a particular folder inside the user’s mailbox or their OneDrive for Business site collection. Similarly, you can limit the search to a particular SharePoint Online folder. The Exchange Online implementation has some rough edges around obtaining the folder IDs, which shouldn’t discourage you from using targeted collections. It is a very powerful feature that can substantially reduce the amount of time you spend performing eDiscovery.
The Search permissions filters feature allows you to tightly control what content a particular user can access via eDiscovery. You can get as granular as specific mailboxes, sites, or items – even items containing a certain keyword. You can also restrict specific actions, for example you can allow users to search for items but prevent them from exporting or purging them. And you can combine multiple filters to further optimize the restrictions.
Improving the Outlook experience
Last year, Microsoft released a horde of updates that address the end-user experience in Outlook. The Calendar experience was revamped to be simpler, faster and consistent across all modalities, and it now features some options that were only available on the desktop version. Support for accessing shared Calendars on mobiles was added, and additional improvements of handling free/busy information were also delivered.
Aside from Calendar improvements, the Original Folder Item Recovery experience deserves a separate mention. 2017 also marked end of life for the Clutter feature and its replacement with Focused Inbox. The new “onboarding” experience was also flighted, however it still has some rough edges.
Other noteworthy features
Of course, we cannot possibly mention every single feature introduced over the year. We have intentionally tried to focus on features that haven’t made the highlights so far, which is not to say that we don’t consider Teams, Files on Demand, Flow, PowerApps or the new Office Message Encryption v2 features noteworthy. These features have been covered extensively over the course of the year, and have been featured in plenty of “recap” articles, so chances are you’re all familiar with them by now. Hopefully the list above will remind you of some useful, ‘low-profile’ improvements we received over the year.
Here’s to an even busier 2018!