How to Leverage Microsoft Teams For Your Remote Workforce

Empower Your Employees to Stay Protected & Engaged While Working From Home

The COVID-19 (novel coronavirus) outbreak has organizations rapidly ramping up to operate remotely and asking their employees to work from home.

However, many organizations are faced with a sudden challenge — do they have the right systems in place to make this happen?

If that sounds challenge sounds familiar, you aren’t alone. But providing your remote workers with the right tools and resources is key to helping them stay connected, productive, and secure — no matter their location or device.

So where do you start?

Consider Microsoft Teams as Your Virtual Office for Remote Workers

Even before the COVID-19 crisis, we’ve been helping our clients roll out Microsoft Teams to increase collaboration and teamwork across their global workforce.

Microsoft Teams is a widely used platform that you can deploy to keep your organization running safely and securely in a virtual environment. It provides a single workplace where people can actively connect, meet, and collaborate in real-time – all in one place. With this solution, your employees can remain productive while maintaining the necessary level of security and control over your organization’s resources. For your remote workers, it can provide functionality including:

  • Voice calls, video calls, and online meetings between your organization and external contacts.
  • Chat and instant messaging between either groups or individuals in your organization.
  • Secure document collaboration, sharing, and storage.

Additional advantages for remote working include:

Centralized Communication & Collaboration
Microsoft Teams functions as a self-contained and virtual, secure workplace. It eliminates the need to switch between applications and devices for collaboration, email, text messages, and phone calls throughout the day. By using one connected platform, you can avoid the risk of shadow IT, unsecured file sharing, and loss of organizational intellectual property.

Online Meetings with Anyone Inside or Outside Your Organization
Your workforce can hold online meetings with audio, video, and web conferences with anyone inside or outside your organization. Even while working remotely, employees can run effective meetings and have the ability to blur backgrounds, use live captioning, and control meeting roles and permissions. Meetings can be recorded in case people are unable to attend so they can catch up later and not feel left out.

Staying Connected with Video
Employees can meet face-to-face even if they aren’t in the same location via one-on-one or group video chats and meetings. Face to face interaction goes a long way to help everyone feel more connected.

Keeping Employees Engaged with Chat
Online chats keep employees engaged with casual conversations. Emojis, Gifs, and stickers can help keep chatter fun and light.

Securely Collaborate & Co-Author Documents
Employees and teams can securely coauthor documents, share a screen for fast-paced decision making, collaborate on shared deliverables, and share documents without using email.

Easy IT Administration
Microsoft Teams is designed with IT in mind and provides management capabilities for collaboration, meetings, callings, and apps in one place with simple administration.

Check out this video to see many of these functionalities in action »

How Quickly Can Microsoft Teams Be Deployed?

The short answer is  – it depends. But don’t let that answer dismay you. Determining how to deploy it and how long it will take several factors.

Here are three common scenarios:

  • You have Office 365 but haven’t turned on Microsoft Teams.
  • You have Office 365 and have turned on Microsoft Teams, but it isn’t widely used.
  • You do not have Office 365 but want to roll out Teams.

For more advanced capabilities to support a large-scale use of all the collaboration, meetings, and document collaboration functionalities, it would take longer to deploy.

If you are considering deploying Microsoft Teams, here are some resources for guidance to start planning:

Support Remote Workers Using Microsoft Teams

Microsoft Teams FAQ: Support Your Remote Workforce

Welcome to Microsoft Teams: For Microsoft Teams Admins

Microsoft Teams IT Architecture Poster [PDF]

Privacy & Security in Microsoft Teams

Our Team is Here to Help

At Xgility, we know what it takes to get Microsoft Teams quickly set up and deployed to your workforce.

As a Microsoft Gold Partner, our team has been helping our clients of all sizes successfully roll out Microsoft Teams with unprecedented adoption rates. Let’s talk to learn how our team get can help you started with Microsoft Teams. Contact Us Now »

10 Tips for Employees Using Microsoft Teams While Working Remotely

In response to the COVID-19 (novel coronavirus) outbreak, organizations around the world are asking their employees to work from home and to use collaboration and meeting platforms like Microsoft Teams to stay connected for online meetings and chats.

If your organization has already rolled out Microsoft teams for calls, meetings, online chats, and collaboration, that’s good news. You may have already been using it throughout your workday at your office.

However, if you are new to working at home, you may discover that you need to find new ways to communicate and collaborate with your teams and co-workers in ways that you didn’t from the office. Based on our own experience and working with our clients, we’ve put together a list of recommendations for ways to use Microsoft Teams as you adjust to your remote work style.

Consider Microsoft Teams as your virtual office that has the tools you need all in one place and that you can take anywhere you go.

But first, this may a great time to refresh yourself with the Microsoft Teams platform and features. Check out this quick interactive demo to learn the basics » 

10 Tips for Using Microsoft Teams while Working Remotely

Here are ten tips to help stay you stay connected, engaged, and productive using Microsoft Teams.

  1. Communicate with Online Chats
    While you may not be able to talk in the office, you can still chat directly with your coworkers or check in with team members either with individual or group chats. Learn how »
  2. Stay Connected with Video
    You can still meet face-to-face with your coworkers – even if you aren’t in the same location – with video conferencing. It’s a great way to still feel like you are connected to your team as well as to avoid feeling isolated.
  3. Embrace Online Meetings
    Make sure all meetings include a virtual “join” option so that team members can join from wherever they are working. Turn video on so your team can interact face to face, feel more connected, and avoid confusion that can occur when there are no visual cues to help you interpret conversations.
  4. Don’t Forget the Background Blur Tools
    Make sure you are the main focus when using video for meetings and chats. Use the Background Blur so you will appear nice and clear while everything behind you is subtly concealed to avoid embarrassing distractions. Learn how »
  5. Record Your Meetings
    When you start a meeting, hit “record.” Team members who aren’t able to join can watch later or search the automatically generated transcript for important information. That way, people can easily review anything they missed or need to be repeated. Learn how »
  6. Share Your Screen
    Share your screen for easier collaboration and faster decision making. It can help your team feel connected to projects that you’re working on together. Learn how »
  7. Set Your Status Message
    You can set up a status message in Teams so your team and coworkers know what you are up to and when they can reach you. FYI: If you have a status message set in Teams, it will not show your automatic out-of-office reply that you’ve set in Microsoft Outlook. Learn how »
  8. Stay Organized with Planner
    Use Planner as part of your team structure – add it as a tab in Team’s General section. Planner makes it easy for your team to stay organized, assign tasks, and keep track of your progress. Learn how »
  9. Use the New Target Tags
    Avoid typing in everyone’s name in a post with new target tags. Use target tags to message everyone assigned to a specific tag at the same time – simply @mention the tag name in a post. Learn how »
  10. Be Social
    Think about chat messages as your virtual watercooler and set yourself a reminder to check in with people regularly. Use emojis, Gifs, and stickers to help keep the chatter fun and light. Try ice breakers in team chats like what’s everyone’s favorite Netflix show right now.

We understand that every individual and team works differently. But hope the tips from our team helps you stay productive and connected as you adjust to a new way of working.

Additional Resources:
We’ve also rounded up some additional resources to help you get the most out of Microsoft Teams:

Microsoft Teams Video Training

Microsoft’s End User Training for Microsoft Teams

Staying Productive While Working Remotely with Microsoft Teams


Microsoft Teams.

Roundup of Key Microsoft Team Features Announced at Microsoft Ignite

At the Ignite 2018 conference last week, Microsoft revealed that Microsoft Teams is now the fastest growing business app in Microsoft’s history and announced several powerful new capabilities to foster teamwork and collaboration.

As we help more of our clients strategically rollout and adopt Microsoft Teams, it is exciting to learn that many of the new features will help fill the gaps our clients have needed – particularly around security, compliance, and data loss prevention.

According to our Office 365 and Microsoft Teams strategy guru, JoAnna Battin, here are several of the new features and functionalities she says our clients will be happy to see rollout for both their Teams end users and Teams administrators.


New Meeting features:

Our team is particularly excited about the new artificial intelligence (AI) powered meeting features including background blur and meeting recording. Background Blur uses facial detection to blur your background during video meetings, and Meeting Recording allows you to playback recorded meeting content at any time with captions and a searchable, timecoded transcript.

Access your Yammer community via a tab in Teams:

You can include relevant Yammer groups directly in Teams for easy monitoring and engagement by adding them as a tab in any of your team channels. No more going back and forth between Teams and Yammer!

Enrich your private chat experience with screen sharing:

Need to quickly show someone your screen, but don’t have time for a call? You can now share your entire desktop or a specific window directly from a private chat session. You can even let them take control to collaborate on content together.


Enhanced Security & Compliance Features for Messaging:

For organizations with enhanced security and compliance needs, Microsoft is releasing two new secure messaging features. With Image Annotation, users can capture images, annotate, and share them on a secure platform. IT Admins can set policies to prevent images from being stored on a mobile device or local drive. As we mentioned, Priority Notifications will alert a recipient to an urgent message and automatically notify the recipient every two minutes for up to twenty minutes – it is scheduled to roll out by the end of this year to all Teams commercial customers.

Microsoft announced that these capabilities support HIPAA compliance, and enable clinicians to communicate about patients while avoiding the privacy risks that arise when healthcare professionals use consumer chat apps. In addition to the healthcare sector, we are excited to help our clients in other fields use these features to protect their security.

Microsoft Teams Urgent Message Notification.Microsoft Teams Urgent Message Notification.

Data Loss Prevention (DLP) in Teams will enable you to identify, monitor, and automatically protect sensitive information:

With DLP, you can soon create policies directly from the Security and Compliance Center to prevent sensitive information – credit card numbers, social security numbers, or health records – from being shared or leaking unintentionally. Policies will apply to both messages shared in private chat and channel conversations. Files that are shared in channels and private chats will be covered by SharePoint and OneDrive for Business DLP policies. User messages that contain the specified sensitive information will be blocked based on the DLP policy you create with options for the sender to override and send the message and/or report false positives. Stay tuned for more details.

Microsoft Teams SCC Policy configuration.

SCC Policy Configuration

Manage your teams directly from the Admin Center:

According to JoAnna, this is huge! Administrators will have the insights into Teams that they never had before.

A list of all teams in your organization is now available directly in the Microsoft Teams and Skype for Business Admin Center. Simply click on “Teams” in the left navigation and select “Manage Teams” to see this list. From here, you can manage membership, add or remove channels, and change settings. Additionally, you can quickly create a new team, customize it, and add members allowing you to better support your users.

Microsoft Teams Admin Center Manager.

Microsoft Teams Admin Center Manager View

Manage your team membership with dynamic groups:

We are excited about this feature – you can reduce your administrative overhead of adding and removing users by creating teams from Office 365 groups with a dynamic membership rule. For these groups, membership is managed dynamically based on user’s Azure Active Directory (AAD) attributes. Thus, when a user’s AAD attributes change, they will be added or removed automatically from the team based on the dynamic membership rules defined by the administrator. All Office 365 groups can continue to be managed directly from the Azure Admin portal. Teams will support the creation of teams from Dynamic Groups in the coming months. Learn more about dynamic groups here.

Replicate your best Team’s experience with Templates:

Finally, a real template experience!

Have you found a team setup that works best for a type of project or workstyle? You soon will be able to easily create new teams based on best practices and lessons learned by leveraging a new REST endpoint as part of the Microsoft Graph API. With Team Templates, you’ll be able to pre-define a team’s channels, apps, and tabs that can help you easily create consistent teams across your organization. You can also define team settings and auto-favorite channels, allowing your team owners to focus on collaborations rather than spending time setting up the team.

Boost your productivity with a tighter integration between Teams and SharePoint:

You’ll soon be able to enjoy the full capabilities of SharePoint libraries in your file tab with features like creating a custom view and pinning a document to the top. Additionally, you will have the ability to add SharePoint lists and SharePoint Framework web parts as tabs in your team’s channel.

Those new features will provide new ways to aggregate information between SharePoint and Teams.

Read the official Microsoft Teams announcements from Ignite: What’s New in Teams – Ignite Edition

Let us help your organization create a culture of collaboration and teamwork with Office 365 tools including Microsoft Teams, OneDrive, SharePoint, Yammer, and more.
Contact us to learn more »

New Microsoft Teams Features for Meetings

Microsoft Ignite 2018 is underway! There are loads of announcements coming out each day about new capabilities and features in Office 365, SharePoint, Microsoft Teams, Azure, and more. Our team is currently gathering top takeaways – stay tuned for upcoming blog posts!

In the meantime, here are two of my favorite features now available in Microsoft Teams.

Background Blur:

Microsoft Teams now allows video conference participants to blur their background.  The ‘background blur’ feature is possible due to artificial intelligence, which is able to distinguish between a person’s face and their background.  Now, employees can remotely tune into video conferences from almost anywhere – whether at the beach, a coffee shop, or home office – and it’ll go almost entirely undetected.

Meeting Recordings & Transcripts:

Microsoft is putting its machine learning technology to work with a new tool that will automatically generate real-time transcripts of your meetings, as well as captions on recordings. With meeting recording in Teams, you or other invitees who missed the meeting can playback recorded audio, video and content at any time. Pull up a transcript, powered by Microsoft Stream, and search for keywords so you can optimize your time while getting caught up.

We can help your organization create a culture of collaboration and teamwork with Office 365 tools including Microsoft Teams, OneDrive, SharePoint, Yammer, and more.
Contact us to learn how we can help »

Can You Use Microsoft Teams Without an Exchange License?

One of the government clients that I support has selected to use Google as their primary unified communication service. However, they also purchased an Office 365 tenant to use for SharePoint Online, Skype for Business, and OneDrive for Business. The Exchange license is turned off for all of their users. But what about Microsoft Teams? Based on conversations happening today, I can tell that there is already demand for Teams.

But according to the Microsoft roadmap, Teams won’t be available in the Government Cloud until sometime in the 3rd quarter of 2018. Here’s a screenshot:

This made me think about what the Microsoft Teams experience would be like without an Exchange license.

Setting Up a Test

First, I discovered that Teams DOES work without Exchange – and surprisingly well. As a test, I created a user in my Office 365 tenant and disabled their Exchange license.

See below for the settings:


From the End User’s Perspective

As the “Exchange-less” user, I was able to log into Teams (from both the web app and the desktop app) and do the following:

  1. Create a new Teams (both public and private)
  2. Add members to both teams
  3. Manage a Team’s Members, Channels, Settings, and Apps
  4. Participate in Team Conversations, including using @Mentions
  5. View meeting info from a Channel conversation
  6. Participate in a channel meeting
  7. Upload files into a Channel
  8. Update a Wiki
  9. Add Other Tabs in a Channel such as Planner
  10. Create Buckets and assign tasks in Planner
  11. Participate in a Private chat including sending files, and making both a phone and video call
  12. Access files uploaded via private chat and within a team channel via the Files left tab

Here’s what I was not able to do outright or was able to do with partial success:

  1. Schedule a meeting
  2. View Scheduled Meetings via the Meetings left tab
  3. Update my picture
  4. Configure Connectors

Here are some of the screenshots associated with a few of the processes:

That’s it from the end user perspective. So far, I learned that not having Exchange is not much of an issue.

From the Administrator’s Perspective

According to Microsoft, Teams was built to support audit log search, eDiscovery, and legal hold for channels, chats and files as well as mobile application management with Microsoft Intune. These tools reside in the O365 Security and Compliance Portal and provide the following features:

  • Auditing and Reporting
  • Compliance Content Search and eDiscovery

Let’s take a look how those features are affected when the user doesn’t have an Exchange license.

Auditing and Reporting

Audit log searches work on content that was created by accounts without an Exchange license. The following is a screen capture of what Teams activities are audited and can be reported on:

Below is a sample report showing all the Created Team, Deleted Team, and Added Channel activities. The TestUser account is the one without an Exchange license, and as you can see, that user’s activities are still being captured.

Compliance Content Search & eDiscovery

Content Search can be used to search Teams through rich filtering capabilities and exported to a specific container for compliance and litigation support. You can use Content Search to search for content in Microsoft Teams. However, without an Exchange license, you will not be able to search the group mailbox or shared calendar.

Below is an explanation from Microsoft:

“Users who participate in conversations that are part of the Chat list in Microsoft Teams must have an Exchange Online (cloud-based) mailbox in order for you to search chat conversations. That’s because conversations that are part of the Chat list are stored in the cloud-based mailboxes of the chat participants. If a chat participant doesn’t have an Exchange Online mailbox, you won’t be able to search chat conversations. For example, in an Exchange hybrid deployment, users with an on-premises mailbox might be able to participate in conversations that are part of the Chat list in Microsoft Teams. However in this case, content from these conversation aren’t searchable because the users don’t have cloud-based mailboxes.

Conversations that are part of a Microsoft Teams channel are stored in the mailbox that’s associated with the Microsoft Team. Similarly, files that team members share in a channel are stored on the team’s SharePoint site. Therefore, you have to add the Microsoft Team mailbox and SharePoint site as a content location to search conversations and files in a channel.

Alternatively, conversations that are part of the Chat list in Microsoft Teams are stored in the Exchange Online mailbox of the users who participate in the chat. And files that a user shares in Chat conversations are stored in the OneDrive for Business account of the user who shares the file. Therefore, you have to add the individual user mailboxes and OneDrive for Business accounts as content locations to search conversations and files in the Chat list.”


My biggest takeaway from research and testing is that users without an Exchange license can use most of the Teams functionality to collaborate and their activities are included in the audit logs.

However, not all their content will be accessible by the Office 365 Compliance and Search and eDiscovery functionalities.

If your organization is considering implementing Office 365, please contact us to discuss how our team of experts can provide personalized assistance to get your Office 365 platform and related applications deployed as quick and as painless as possible.

About the Author

Dean Virag is currently a consultant and trainer at Xgility. He’s been providing Microsoft SharePoint consulting services and training to a variety of organizations since 2009. Currently, Dean helps manage SharePoint 2010 & 2013 and Office 365 for a large federal government client as well as provides them with process automation consulting, training, and documentation services. 


4 Project Management Applications You Should Be Using Now

According to PWC, more than half of the companies that are unhappy with the project management software say that it is because the software is too expensive.  Are you still using sticky notes or Microsoft Excel to manage projects?  I continue to be surprised that Excel is still one of the most popular project management applications.  If you have not researched your options in the past year or even 6 months, now is the time.

For our customers running SharePoint in their data center, many project managers use Microsoft Project on their desktop and sync with either a SharePoint Project Site Template or Project Server.  The project site template allows project managers to share a Gantt chart, tasks, and documents on a SharePoint web page.  Project server takes project management to a whole new level allowing for true portfolio management, including resource scheduling/allocation, prioritization, time-sheets, and resource leveling across projects.  Our on premises customers have also had success with a 3rd party SharePoint application called BrightWork.

In the past 5 years, we have shifted, along with customers, from waterfall (PMP style) project management to Agile project management, especially when it comes to large software development projects.  At Xgility and with several of our customers, we have used a cloud based application called JIRA.  JIRA has a helpdesk component as well as an Agile cloud based project management software component.  One disadvantage for us is that JIRA is not as tightly integrated with SharePoint, Outlook, and Office 365.  The other disadvantage to JIRA is that we already have Office 365 E5 licenses.

4 Project Management Applications You Should Be Using Now

For customers using the Microsoft cloud, project managers have a new option.  Project managers can continue to use the SharePoint Project Site Template or Project Online (project server in the cloud).

Our team is really excited about a new tool called Office 365 Planner.  Office 365 Planner is based on Office 365 Groups, so you if you have tried out groups, you will notice that your Office 365 Groups will show up under planner.  I believe many customers that like Agile and don’t need true portfolio management will move to this as a project management tool.

4 Project Management Applications You Should Be Using Now 2

Features of planner include reporting, conversations, tasks and subtasks, conversations, OneNote Notebook, and document storage.  As a member, it is easy to track your tasks across multiple projects.  For a demo, check out this link.

We are happy to announce that Microsoft has introduced two new features to planner.  The first is the ability to assign multiple users per task, the second is allowing guest/external user access.

Try out planner and let us know what you think as compared with the other tools we mentioned.  As always, contact us if our team of experts can help your organization become more efficient and effective.



Author:  Kurt Greening

Editor:  Alex Finkel

Board Portal Solutions – Diligent vs Office 365

According to Wikipedia, “a Board Portal can be a custom-built, in-house application, an off-the-shelf, commercial application that is deployed by IT, or a subscription-based software as a service (SaaS).”  The portal is used to provide information to the board of directors and organize documents used to conduct a meeting.  Diligent Corporation (formerly Thompson Reuters Boardlink) has one of the leading SaaS solutions and it is a great product.  As an alternative to Diligent, several customers have asked us to compare Office 365 (SharePoint Online) to Diligent’s offering.  The purpose of this article to explain the requirements for a board portal and compare features in Diligent and SharePoint Online that meet the requirements for a Board Portal.  Both solutions have many advantages over email attachments and printed documents.

While Diligent is the leading board portal solution, some of our customers have used other SaaS solutions.  Maren, from the Xgility team, built a solution that saved $8,000 annually by replacing BoardEffect with a SharePoint site.  The solution was more secure and reduced the number of places employees had to go to save and find information needed to do their job.

Board portals provide the following features:

  • Strict Security: Due to the sensitive nature of board information, security and confidentiality is critical.  Sometimes board portals will use two-factor authentication for user logins, role-based access control to information, and full encryption of stored information and communications between members.
  • Online Accessibility: Board members can review documents or communicate with other members at any time, even when they are on the road.
  • Offline Accessibility: Board members can download documents to their computer for offline review.  However, board portals ensure that downloaded documents still support the same strict level of security.
  • Board Packet Creation, Modification, and Distribution: Corporate secretaries can use the board portal to create board materials and disseminate them online.  Edits or deletion of documents can be done and the changes are immediately distributed.  This saves the hassles associated with printing and handling changes after board packets have been printed.  Board packets are often quite thick, with 600 pages on the low-end and as many as 2,000+ pages.
  • Dashboard of Key Performance Indicators: to allow directors a quick view of the KPI of the organization’s performance, a flexible dashboard is often an integral part of Board Portal packages.
  • Online Collaboration support allows documents and board packets to allow for directors to record their comments and save a record, while reviewing such information.
  • Data Retention Policy Support: To mitigate company liability, board portals enforce data retention policies on documents, as well as board member communications.
  • Read Receipt of announcements, policy documents and any other legal documents is recorded and maintained by board portals.


In reviewing the solution offered by Diligent, their main advantage is that they are a purpose-built SaaS application.  They excel at creating a board book, which is the document used by the board to prepare and follow along during a meeting.  A typical board book contains the agenda, meeting minutes (including approval), executive management reports, committee reports, new business, and adjournment.  The Board Book can be accessed online and offline.  Diligent is also known for personalized executive support.  Since Diligent is a purpose built application, they meet all of the requirements above.

Office 365 can also meet all the requirements for a Board portal, but some configuration is necessary. SharePoint Online is designed as a general purpose, enterprise wide, collaboration system.  For many companies, the work needed to customize Office 365 will outweigh the benefits of the point solution offered by Diligent.

Office 365 would be a great choice for those looking to have a platform that can be used for the collaboration and creation of the documents that are used to create the board book.  With Diligent, documents are typically created outside the application.  In addition, Office 365 should be used as a collaboration and follow up on action items assigned from the board meeting.  For instance, tasks can be assigned to company employees in the portal or new committees can be formed inside the portal.   Office 365 out-of-the-box features that would be used for a Board Portal include: calendars, OneNote notebooks, contact list, Outlook meeting invites, workflows, alerts, metadata, tasks, and subsites.

Another advantage of Office 365 is tight integration with Office products such as Word, Excel, Outlook, and PowerPoint.  Office 365 also has good mobile applications.  Some executive administrators may choose to take Notes in OneNote, but distribute the final meeting minutes for approval in Word.

In terms of security, I would prefer to trust my sensitive corporate data to a larger SaaS provider such as Microsoft.  Microsoft offers great solutions for single sign-on and two factor authentication, along with a very large security team.  While our typical recommendation is to assign SharePoint permissions based on active directory groups, assigning permissions to individual board members may be a requirement in the board portal.

The disadvantage of Office 365 when compared with Diligent is that corporate IT may have train the executive admin team to utilize best practices for security and collaboration.  Since Office 365 support is not specific to board portals, training and support should be provided by an expert like Xgility.

While some boards may still use paper or email attachments, these methods are likely to cause issues.  For instance, this may cause confusion over the latest document version and make it difficult to correct documents at last minute.  A Board Portal is a great solution to improve productivity and collaboration for executive staff, as well as to assist with proper governance and oversight.

See below for examples of a demo Board Portal Solution:

Board Portal Solution S1 Board Portal Solution S2


Want a free trial of Office 365?  Get your Office 365 E5 trial subscription here.  If you are ready to implement a board portal in Office 365 or would like to learn more about Microsoft’s Cloud please contact us.



Author:  Kurt Greening

Editors:  Alex Finkel and Maren Kelley

Office 365 vs. Your Information Security Program

As you compare Office 365 versus your company’s security program, you should evaluate both internal and external threats.  Many security professionals focus on external threats, but data shows that internal threats are more common than external threats.  I have found that that NIST has a lot of great resources that can be leveraged to build your information security program.  Microsoft and many other cloud vendors are very transparent about their security and privacy policies in the Trust Center.  Below are six factors that should be part of your evaluation of Office 365 services versus applications hosted by your organization.


  1. The Team

Most of my security discussions with customers start with asking the customer to bring in their security team in to discuss their security program versus Office 365.  If they have a large team, the discussion may continue, if not, I point out that Microsoft has invested more than a billion dollars in security and has thousands of security professionals.  Microsoft has two teams of security experts, one known as the red team and, one known as the blue team.  The job of the red team is to break-in and the blue team is tasked with stopping them.


  1. Secure Score

If you already have Office 365, we recommend evaluating your secure score.  This is a gamification tool provided with Office 365 that makes recommendations and allows your organization to see the affects of security improvements in your environment.  Secure score is available to all Office 365 customers.


  1. Continuous Monitoring

If your organization is considering going all-in with the Microsoft cloud, you should consider Microsoft 365 E5.  This SKU is still called Secure Productive Enterprise, but will change in Microsoft documentation soon.  This includes Advance Security Management.  Advanced Security Management can also be purchased as an add-on SKU for $3 per user per month if you don’t want everything in the suite.  Since this tool comes with multiple templates, it is better than many of the tools purchased by our customers that don’t often get used after they are installed.  Buying best-of-breed security solutions can be an effective strategy, just make sure you have the staff and budget to integrate best-of-breed security systems.


  1. Device Protection

If your network and applications are secure, that won’t be enough if your devices are not secure.  Windows 10 is the most secure operating system ever offered by Microsoft.  We are upgrading many customers from Windows 7 and implementing Windows Defender for virus scanning and BitLocker for encryption.  System Center Configuration Manager can help keep your systems patched and updated.  Intune (included in Microsoft 365 E5) is an integrated mobile device management solution that enforces policies including what to do if a device is lost or stolen.  Again, buying best-of-breed security solutions can be an effective strategy, just make sure you have the staff and budget to integrate best-of-breed security systems.


  1. Data Loss Prevention

Office 365 provides integrated options for encryption, data loss prevention, and information protection.  These solutions protect against employees sharing personal identifiable information and sensitive/confidential data.  Policies can be created by the compliance team to align to industry standards.  Here is an example of the new policy template for Personally Identifiable Information supporting content in email, collaboration, and personal storage:


To classify documents at the user level, templates for common scenarios exist and can be customized for organizational needs.

Recently I received a confidential email from a partner and the email was setup so I could not forward, print, or event screenshot the information:


  1. Authentication

Recently our team completed an security audit for an organization with several hundred users of which 18% were Active Directory Domain Administrators!  They did not have any Single Sign-on applications, so they had a tough time forcing password resets when an administrator left the company.  Office 365 with Azure Active Directory Premium makes it easy to enforce password policies and allows users to have a single login to both on-premise and cloud applications.  At a minimum, I would recommend two-factor authentication for administrators and implement just-in-time admin access.  At Xgility, we have enabled two-factor authentication for all users.  We find the Microsoft Authenticator app to be the best way to implement two-factor authentication.  On our Windows 10 devices we have enabled facial recognition using Windows Hello.



If you are looking for help comparing Office 365 to running collaboration workloads in your data center, make sure you consider the true cost of providing enterprise class security in your data center.  Don’t assume that just because you can see the server that it is more secure than the cloud.  If you are looking to build a custom return on investment (ROI) analysis for your organization, Microsoft has funding that pays for Xgility experts to assist.  If you would like to learn more, please contact us.

Unraveling Office 365 Groups

Let’s face it, Office 365 Groups is a bit confusing.  Are they the same as AD security groups?  How do I use them and what do my users need to know?

From an IT perspective, we need to be able to put Office 365 tools in a box and present them to our users and administrators in a way they understand.  Office 365 Groups are managed through Azure AD and are presented like familiar AD managed resources, so Administrators tend to think of them as just another way to control permissions.  Office 365 Groups isn’t necessarily a change in permission management or control….but we’ll get into that in a bit.

The truth is, in today’s workplace, users get frustrated when they must ask IT for resources to do their jobs.  If that process is difficult or frustrating, they will figure out another way to perform these tasks.  Many times, that means your organization’s intellectual property gets dumped into shadow IT applications like Slack, DropBox, Google Drive, etc.  With today’s “consumer app generation” users want on-demand, self-service applications and they want to be able to control who has access to their documents and processes.  But more importantly, they want features and functionality that a standard SharePoint Team site doesn’t provide.

That’s where Office 365 Groups comes in!  Groups is a way to manage and provide the security wrapper around what the users are demanding – resources when and where they need them – in a self-service way that doesn’t require IT intervention or control to create/manage who has access to them.  AND the suite of tools Microsoft has introduced into Office 365 is beginning to rival any third-party tool your users may already be using.

Stay with me, I will explain….


What Users Want – The Tools

Until now, when a user needed documents, calendars, tasks management, or any other collaboration tools, we created a SharePoint Team Site.  Then we determined who needed access to the site and granted that access using AD security groups – and in some cases direct permissions to users.  These sites came with out-of-the-box lists and libraries and we presented these basic sites to users so they could add content.  But let’s face it, sometimes a SharePoint Team Site falls short and doesn’t quite live up to user expectations because of functional limitations within SharePoint.  So we create custom lists and use workflows to make the tools fit business needs.  Some examples of places where SharePoint fell short are:

  1. Task Management – Users want robust task and project management without having to be a Microsoft Project expert.
  2. Calendars – It should work and function like Outlook.
  3. Real, robust document collaboration – the ability to decide who gets access to my documents.
  4. Messaging and insights into team activities – send an email or post updates to my team or group.

So Microsoft introduced some really great, fully functional and ever-expanding tools like Office 365 Groups, Teams, Planner, etc.  These tools will change the way your users work and keep them from looking elsewhere for tools to fill the gaps where the organization’s technology fell short.  By focusing on the features and functionality, Microsoft is providing real, valuable, resources that people will use.

But Aren’t We Talking About Office 365 Groups?

We sure are!  To talk about Office 365 Groups, we must understand what drove Microsoft to implement Teams, Planner, and other Office 365 tools the way they did, and how these tools work together with Office 365 Groups.  The concept, use, and implementation of Office 365 Groups is, in my opinion, revolutionary! 

Office 365 Groups Are NOT AD Security Groups

Simply put, Office 365 Groups is a bundle of services, functionality, tools, and security.  Including:

  1. People – An aggregation of individual people brought together for a common purpose.
  2. On-Demand/Self-Service – The functionality users want, when they want it.
  3. Robust Tools – To easily communicate and collaborate.
  4. Autonomous Control of Membership – Management and oversight of the Group by its Owners. No IT intervention is needed to manage who has access to the group resources.

But what about security and permissions?  This is where it gets fun!

You are granted access to the tools and resources of the group simply by being a member (or Owner) of the group.  Let me say that again – you choose a group of people that you want to collaborate with, the collection of resources is created for these people, and permissions to these tools and resources are automatically granted because they are included in the group.  There is no longer a need to grant permissions to the resources.

The Resources and Tools

There are several ways that Office 365 Groups are created.  In general, it doesn’t matter which method you use to create the Group, as the same resources are provisioned.

When an Office 365 Group is created – either through the Admin Panel or through creating a new Plan (in Planner), the following resources and tools are dynamically created and permissions granted to the users in the Group.

  • Shared Inbox – For email conversations between your members. This inbox has an email address and can be set to accept messages from people outside the group and even outside your organization, much like a traditional distribution list.
  • Shared Calendar – For scheduling events related to the group. This is a fully-functional calendar as you would see in Outlook.
  • SharePoint Document Library – A central place for the group to store and share files.
  • Shared OneNote Notebook – For gathering ideas, research, and information.
  • SharePoint Team Site – A central repository for information, links, and content relating to your group.
  • Planner – Organize, assign, and collaborate on tasks; set due dates; update statuses and share files, while visual dashboards and email notifications keep everyone informed on progress.

When an Office 365 Group is created through Teams, those same resources and tools are created, permissions are granted to users in the Group, AND these additional resources and tools are created:

  • Team Workspace – Content, tools, people, and conversations in the team workspace
  • SharePoint Document Library – A central place for the group to store and share files
  • Scheduling Features – Calendar integration for easy scheduling of team meetings from within Teams
  • Skype for Business Integration – Communicate one-on-one or in a group with tightly integrated Skype for Business features and functionality

 Governance and Oversight

The new model allows users to create on-demand tools for their teams and groups of people.  From a management and governance perspective that can make even the most seasoned IT professional nervous.  We’ve focused on security and permissions as we roll out new applications and managing the infrastructure behind the scenes was critical.  Office 365 Groups changes that approach because the security and permissions is already managed.

IT’s focus needs to be on the resources that are provisioned behind the scenes, so that we manage the growth of our Office 365 environments.  There are two vital pieces of information regarding the dynamic provisioning of these resources.

  1. When a new Group is created a SharePoint site collection is provisioned.
    • This is a true site collection with a unique URL and visible through the browser directly or on the SharePoint tile.
  2. This site collection is hidden and not manageable in the traditional site collection administrative views.
    • The only way to know how many site collections have been created is by the number of Office 365 Groups created.

New governance and management features are now available to help manage retention and deletion of unused sites, create a tagging structure within Office 365 applications, and to programmatically rename Groups to append or extend the names of Groups upon creation so they are easily differentiated between AD Security Groups.  New features and functionality are being added constantly for management of the infrastructure required to roll out Groups, Teams, and Planner to members of your organization.

We continue to be excited around what Microsoft will add next and how responsive they have been to user feedback.  The rapid roll-out of new features and functionality, coupled with the ability for users to create on-demand, self-service resources, all while removing the need to assign permissions for these resources is something we should all be excited about.

If you are in IT and wanting help providing governance and security best practices, our team at Xgility can help.  If you are a departmental executive looking for training on how and when to use what, please contact us.

Office 365 – Desktop Update Best Practices

When it comes to cloud migrations, most customers dedicate efforts to the migration only to then realize there is more work to be done.  Enterprise customers have been accustomed to Microsoft version releases every couple of years.  However, subscription-based cloud services update often.  Large enterprises managing desktops and applications often dedicate teams to test and deploy updates.  Consumers who manage their own devices and smartphones are accustomed to seeing their system and apps update automatically and more often.

As an Office 365 subscriber, organizations should be aware of subscription channels and their update frequency.  Information Technology users should be on the First Release Deferred Channel with monthly feature updates.  The rest of the enterprise should run the Deferred Channel, which updates three times per year.  Consumers and Windows insiders are kept current with monthly builds.

Great news!  Starting this September, the updates will move to a semi-annual model.  Microsoft announced these changes in a blog and then shared the support article with this helpful chart:

Windows 10 will also follow the same model starting in September and then March as well.  While this change is confusing, it seems Microsoft is listening to customers who have been managing the update frenzy as they try to keep current and secure with the Microsoft cloud.  Having to deal with this twice a year for the desktop OS and Office apps sounds almost blissful.


Are you thinking of moving from a subscription based model for Microsoft applications such as Word, Outlook, PowerPoint and Excel?  If you are interested in migrating, but concerned about the change, the team of experts at Xgility can help.  Want a free trial of Office 365?  Get your Office 365 E5 trial subscription here.  For a free 30 minute consultation, please contact us.



Author:  Chris Ertz

Editors:  Alex Finkel and Kurt Greening