Share via

Office 365 Weekly Digest | March 12 - 18, 2017

Welcome to the March 12 – 18, 2017 edition of the Office 365 Weekly Digest. Microsoft Teams took center stage in many ways last week, so it is naturally featured in this week's digest including the Message Center, Upcoming Events and Blog Roundup sections. Somewhat buried in the avalanche of Teams-related content, the Exchange Team announced multi-factor authentication for the Hybrid Configuration Wizard and Remote PowerShell in Exchange Online. Rounding out this week's post are noteworthy items for Exchange Online Protection, Skype for Business and an interesting look at how Microsoft builds its fast and reliable global network.


Note: The information below may not be posted to your Office 365 tenant as not all notifications apply to all tenants. The Message Center ID for notifications could also be slightly different than those posted in your tenant.


Updated Feature: Flow integration with SharePoint Online lists and libraries

MC96049 | Posted: March 13, 2017 | Expires: April 20, 2017 | Urgency: Normal | Category: Stay Informed | Action: Awareness | Office 365 Roadmap ID: 75043 | In our next wave of updates to Flow in SharePoint, we’ve added the capability to build a new Flow directly from a document library. We’re also adding the ability to build Flows in lists and libraries which can be launched on demand, for a single item or document, using a button added to the command bar. The new features provide additional Flow integration directly from the modern command bar in lists and libraries. We'll be gradually rolling this out to First Release customers starting March 20, and completing around the end of April. Then, we’ll begin rolling out to the rest of customers. Users will require Editing Permission on a list or library to be able to build new Flows. Additional information is available at


Feature Update: Microsoft Teams is now on-by-default

MC96050 | Posted: March 14, 2017 | Expires: April 15, 2017 | Urgency: Normal | Category: Stay Informed | Action: Awareness | Office 365 Roadmap ID: 61652 | As we communicated last month, in MC93471, we are turning Microsoft Teams on-by-default at the organization level, for all eligible users with the appropriate license assignment. Microsoft Teams is now on-by-default. The ‘Turn Microsoft Teams on or off for your entire organization’ setting in ‘Settings > Services and Add-ins > Microsoft Teams’, went from a default value of “off” to a default value of “on”. Microsoft Teams is now available to all eligible users with the appropriate license assignment. You can continue to manage user access to Microsoft Teams via license assignments. If you have explicitly removed the Teams license for a specific user, they will not have access to Teams when we make this change. Microsoft Teams is available in the following Office O365 commercial suites: Business Essentials, Business Premium, and Enterprise E1, E3, and E5 plans. Microsoft Teams will also be available to existing E4 customers who purchased E4 before its retirement. Microsoft Teams is not available to Education and Government customers, at this time. If you do not rely on this setting to govern user access to Microsoft Teams, there is no action you need to take. Learn more by going to If you currently rely on this setting to govern user access to Microsoft Teams, please migrate over to managing access via user licensing. Please visit Administrator settings for Microsoft Teams for more information including how to use license assignments to enable or disable user access through Office 365 Admin center and PowerShell.


Auto creation of Direct Reports group in Outlook

MC96611 | Posted: March 16, 2017 | Expires: April 28, 2017 | Urgency: Normal | Category: Stay Informed | Action: Awareness | Office 365 Roadmap ID: 78174 | To help managers collaborate more effectively with their employees, we will automatically create Office 365 Groups containing the manager's direct reports. Managers can easily update, delete, or modify the group at any time. Beginning April 13, 2017, we will automatically create direct reports groups in Outlook (leveraging the Office 365 Groups Service) for eligible managers. If you have Office 365 Groups disabled for your tenant, or if the manager in question doesn't have permission to create groups, then no group will be created. If you are looking forward to this, there is no action you need to take. Get yourself familiar with Office 365 Groups, update your user training, and notify your helpdesk, as needed. If you would like to leave Office 365 Groups enabled for your organization but turn off direct reports groups creation, we have provided controls to enable and disable. Please visit for details.


Feature Update: Editing of synchronized user names in Office 365 Admin Center

MC96717 | Posted: March 17, 2017 | Expires: March 24, 2017 | Urgency: Normal | Category: Stay Informed | Action: Awareness | We identified an issue which allowed accounts with only the user management admin role assigned to edit user names (UPNs) in the Office 365 Admin Portal. Prior to the fix, there was a chance of user name divergence between your on-premises Active Directory (AD) and Azure Active Directory (AAD). This update prevents editing user names in the Office 365 Admin center. The expectation is that mastering synchronized accounts happens in your on-premises Active Directory. Users assigned the user management admin role, are no longer able to edit user names. You received this message either because you activated directory synchronization after June 2015, or because you opted in to the feature to synchronize UserPrincipalName(UPN) from Active Directory. Please visit to learn more.



Azure Active Directory Webinars for April

When: Multiple sessions currently scheduled April 4 - 20, 2017 | Are you looking to deploy Azure Active Directory quickly and easily? We are offering free webinar briefings on key Azure Active Directory deployment topics! Sessions include: Getting Ready for Azure AD, Streamlining Password Management, Securing Your Identities with Multi-Factor Authentication, Managing Enterprise Applications and Accessing Your Organization’s Internal Apps. Each 1-hour or 75-minute webinar is designed to support IT Pros in quickly rolling out Azure Active Directory features to their organization. All webinars are free of cost and will include an anonymous Q&A session with our Engineering Team. So, come with your questions!  Capacity is limited. Sign up for one or all of the sessions today! Note: There are also some sessions available on-demand.


Microsoft Teams: Ask Microsoft Anything (AMA)

When: Wednesday, March 22, 2017 at 9:00am PT | An AMA is a live online event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. Please add the event to your calendar and join us on Wednesday March 22, 2017 from 9:00am to 10:00am PST in the Microsoft Teams AMA group. This live online event will give you the opportunity to connect with members of the product engineering team who will be on hand to answer your questions and listen to feedback. We hope to see you there!


Microsoft FastTrack: Achieve success with Office 365

When: Wednesday, March 22, 2017 at 10:00am PT | Join host Dux Raymond Sy, IT advisor and author, for an inside look at successful Office 365 adoption. Microsoft CIO Jim Dubois will share advice on how to enable digital transformation with Office 365. Mott MacDonald's Business Architect, Simon Denton, will walk through how he helped his colleagues boost productivity by moving to Office 365. And FastTrack Product Manager Sharon Liu will demo the best resources to start your adoption journey and achieve your goals. Reserve your spot today. | Additional Resources: Office Blog post | Adoption Guide | Productivity Library


Online Customer Immersion Experience: Get more done faster with Microsoft Teams

When: Wednesdays through April 5, 2017 at 10:00am PT & 12:00pm PT | Around the world teamwork is on the rise. Research suggests employees now work on nearly double the number of teams than they did just five years ago. This means more than ever people are reliant on their peers to help get things done. But a “one size fits all” approach does not work when it comes to group collaboration—different tools appeal to different groups and address unique needs. Join Microsoft to test drive Office 365 and our hottest new collaboration tool: Microsoft Teams. Each 90-minute session starts with an online business roundtable, discussing your biggest business challenges with a trained facilitator and then transitions into a live environment in the cloud.  You will receive a link to connect your own device to a remote desktop loaded with our latest and greatest technology so you can experience first-hand how Microsoft tools can solve your biggest challenges. Space is limited: each is session is only open to 12 participants.  Reserve your seat now.


FastTrack Webinars: Learn how to do more, together

When: Multiple sessions currently scheduled through April 27, 2017 | Ask questions, learn shortcuts and find out how Office 365 can make you and your team more productive. Each webinar is a live, instructor-led session offered at multiple dates and times. Facilitated discussion follows each session, with opportunities to ask questions and discuss specific scenarios to you. Direct registration links for each webinar are provided below.



Microsoft Teams rolls out to Office 365 customers worldwide

On March 14th, during a global webcast from Microsoft headquarters, we announced that Microsoft Teams—the chat-based workspace in Office 365—is now generally available in 181 markets and in 19 languages. Since announcing the preview in November, more than 50,000 organizations have started using Microsoft Teams, including Accenture, Alaska Airlines, Cerner Corporation, ConocoPhillips, Deloitte, Expedia, J.B. Hunt, J. Walter Thompson, Hendrick Motorsports, Sage, Trek Bicycle and Three UK. We’ve also introduced more than 100 new features to deliver ongoing innovation and address top customer requests. Microsoft Teams is a digital workspace built on four core promises: chat for today’s teams, a hub for teamwork, customization options and security teams trust. Moving forward, we’ll provide a regular rhythm of new features and capabilities. For example, we are targeting to deliver guest access capabilities in June along with deeper integration with Outlook and a richer developer platform. Expect our pace to be rapid and responsive to customer needs.

Additional Resources:


Multi-Factor Authentication for the Hybrid Configuration Wizard and Remote PowerShell

You can now use an Administrator account that is enabled for Multi-Factor Authentication to sign in to Exchange Online PowerShell and the Office 365 Hybrid Configuration Wizard (HCW). In case you are not aware, the Azure multi-factor authentication is a method of verifying who you are that requires the use of more than just a username and password. Using MFA for Office 365, users are required to acknowledge a phone call, text message, or app notification on their smart phones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied. You can read more about the Office 365 Multi Factor Authentication option here. Many Exchange Online customers wanted the extra level of security that is offered with Multi-Factor Authentication, which allows you to force the administrator account to use Multi-Factor Authentication. However, because of a limitation in Remote PowerShell, Exchange Online administrators could not connect with a Multi-Factor enabled account. In addition, as the Office 365 Hybrid Wizard also requires Remote PowerShell connections to Exchange Online, prior to now, the account you used to run the HCW could not be enabled for Multi-Factor Authentication.


Defending Office 365 with Graph Analytics

In Office 365, we are continually improving the detection and response systems that safeguard your data. We gather many terabytes of telemetry from our service infrastructure each day and apply real-time and batch analytics to rapidly detect unauthorized access. The same engineers who design and operate the Office 365 service also analyze and act on the output of our intrusion detection system. The context we have about the design of Office 365 allows us to build highly-sensitive detections while differentiating between legitimate service behavior and suspicious activity. As we have scaled up our telemetry and analysis infrastructure, we have also innovated in how we interact with the results of our detection system. One recent development is the use of graphs for correlation and visualization. Prior to our graph approach, we represented detection results as a set of tickets in a queue for manual review. We found that it was difficult to group related activity together, and occasional bursts of benign activity would overwhelm the system with irrelevant results. Representing detection results as graphs has enabled us to: (1) evaluate intrusion detection results in context with related activity, (2) incorporate lower-fidelity indicators without overwhelming us with benign results, and (3) determine with greater fidelity when datacenter activity is likely to represent an intrusion.


Hybrid Self-Service Site Creation now available for SharePoint Server 2013

At the center of collaboration is the site and modern Team Site in Office 365 are core to discovering and showcasing the most relevant and important information to you and your business. While SharePoint Online in Office 365 is an attractive alternative to on-premises business solutions with SharePoint. You might want to or need to deploy specific solutions in the cloud while still maintaining your on-premises investments or gradually move to cloud using a staged, workload-driven approach. Hybrid scenarios with Office 365 and SharePoint on-premises allow you to bring the cloud to your business while bringing the business to the cloud. We’re pleased to announce the availability of hybrid self-service site creation for customers of SharePoint Server 2013. New hybrid self-service site creation allows SharePoint administrators to direct users site creations requests to Office 365. This new hybrid capability allows administrators of SharePoint Server 2013 to have the option to enable their existing or new Self-Service Site Creation flow redirect users to SharePoint Online to create a Group (with an associated Team Site). SharePoint administrators can turn this feature on or off on the Self-service Site Collection Management page, accessible from SharePoint 2013 Central Administration. This capability is included in the March 2017 Public Update.


Modern Service Management for Office 365

Introducing the Modern Service Management for Office 365 blog series! Regardless of the size of the organization, the move to Office 365 brings changes from a Service Management perspective. In a small environment where there are no dedicated IT staff members, there is still someone who gets the phone call when the boss’ email is down. In enterprise environments, the Service Management aspects are broader, deeper, and more important because IT must integrate Office 365 Workloads into their existing IT Portfolio (e.g. moving Exchange to the cloud is one of hundreds of IT Services in the enterprise Service Catalog) and into their existing IT Operations strategy (e.g. monitoring). At one extreme, enterprise customers worry that their tooling, workflows, and IT Pro roles must drastically change. At the other extreme, customers do not focus on the Service Management aspects of integrating the cloud with their existing catalog and operational model. Given the importance of these Service Management topics, Microsoft is beginning a blog series to help simplify the discussion for customers of all sizes, but particularly for enterprise customers. In the coming months, we will publish additional blog posts for Office 365 Service Management in all of these areas.  Each blog post in this series will provide the core framing for how to think about the topic and the integration of Office 365 into the existing IT Service Management Portfolio.  The series will focus on integration with Office 365 APIs where appropriate, and in some cases, we will post sample scripts to help your business integrate with less effort.  Each blog post will also layer in existing and announced features that support each framed scenario.  And in the future, as we release new Service Management features, we plan to blog about them within the framing that is outlined here.



Migrate Meetings Manually using Meeting Migration Service (MMS)

Meeting Migration Service (MMS) automatically updates meeting coordinates for users who are migrating from on-premises to Skype for Business Online. To learn all about MMS, please refer to Based on customer feedback, we added functionality which allows admins to run MMS manually for a user.


Microsoft IT Showcase: Enhancing security and reliability with Exchange Online Protection

Format: Video (35 minutes) | Published: March 17, 2017 | Shad Morris, IT Service Engineer for the Discovery and Collaboration team, shares best practices for increasing email security using Exchange Online Protection. He discusses how Microsoft IT uses both proactive configuration and reactive policies to block threats at the connection, content, and user levels, and he answers questions from participants.


EOP Field Notes: Custom RBAC role to allow access to only the Action Center

If a user account has been compromised and used to send massive amounts of spam, Exchange Online will block the account from sending (if enabled, a notification email can be sent to administrators to alert them when this happens). Once the account password has been reset, the block can be lifted by an administrator from the Action Center, located in the Protection section of the Exchange Online portal. We often see organizations that would like to give help desk individuals rights to the Action Center so that they can unblock a banned sender. The stipulation being that the help desk individuals won’t have rights to change anything else in the portal, and only have rights to unblock a banned sender. Out of the box this is not possible, as the built-in admin roles that grant access to unblocking users also grant access to other parts of the Exchange Online portal. Have no fear, we can create a custom RBAC (Role Based Access Control) role which will ONLY grant access to the Action Center. To do this, we are going to create a custom RBAC role through PowerShell which will only grant access to the cmdlets Remove-BlockedSenderAddress & Get-BlockedSenderAddress, which will, in turn, allow delisting through the portal as these are the cmdlets that are run in the background.


How Microsoft builds its fast and reliable global network

Every day, customers around the world connect to Microsoft Azure, Bing, Dynamics 365, Office 365, OneDrive, Xbox, and many other services through trillions of requests. These requests are for diverse types of data, such as enterprise cloud applications and email, VOIP, streaming video, IoT, search, and cloud storage. Customers expect instant responsiveness and reliability from our services. The Microsoft global wide-area network (WAN) plays an important part in delivering a great cloud service experience. Connecting hundreds of datacenters in 38 regions around the world, our global network offers near-perfect availability, high capacity, and the flexibility to respond to unpredictable demand spikes. As we build, expand, and run this world-class network, we rely on three guiding principles: (1) Be as close as possible to our customers for optimal latency, (2) Stay in control of capacity and resiliency to guarantee that the network can survive multiple failures, and (3) Proactively manage network traffic at scale via software-defined networking (SDN).