Timeline Fullwidth

Adoption and learning are ongoing, evolving processes that cannot be confined to a one-hour workshop

The year 2020 has thrown us all into a spin. Whether dealing with long lockdowns and sharing your workspace with your five-year-old, or being forced to rethink your entire business processes, it is fair to say we have all learned something. 

Learning and developing is a core component of any workforce. Businesses experience a huge amount of change during their lifecycles, and employees are generally expected to adapt and grow with each modification. Recently, there has been a general shift in how staff learn, with many organisations opting for self-managed learning journeys. The expectation that this can deliver the necessary education however, is flawed.  

“Self-managed learning relies on motivation. Staff are often expected to find time in a busy schedule, so they need to be highly motivated to complete it. In addition, self-managed learning journeys generally rely on pre-packaged tools and information which do not address specific learning needs. This can lead to disgruntled staff, a lack of confidence and an overall impact on productivity,” says Megan Strant, Principal Consultant – Adoption and Change Management at Insync Technology.  

So how do you ensure that your staff are learning and being equipped for the information and support they need?  

Understand where your staff sit in the ‘learning pit’  

The theory of the learning pit is that in order to learn, we first need to be thrown into, what is essentially, a pit of despair. By facing a challenge, staff identify that they may not have the knowledge and competency needed to complete it. This can have a knock-on effect with confidence and a willingness to jump in and give it a go.  

“Managed, ongoing learning means you have specialists standing by, ready to help staff climb out of the pit. In the case of technology and workplace computing, we do this by having staff touch and try the tools and ask questions as they go,” says Megan.  

By getting hands-on with a tool and having time to absorb information, staff are more likely to adopt and use it in their work life. According to Megan, this is because they have transitioned through the learning pit, from unconscious incompetence, to being consciously incompetent and ultimately consciously competent.  

“It’s important we consider all stages of the learning pit, because incompetence makes staff feel silly and stupid, it leads to embarrassment. This is a blocker for learning and so your adoption and change management needs to address this,” adds Megan.  

To allow staff to become competent, it is important to provide psychological safety by setting realistic goals and timeframes on how something is learned.  

Consider the anchors your staff need in order to learn  

In order to provide the guidance needed to help your employees through the learning pit, organisations should consider the information being delivered and the format of it.  

“At Insync, we want to provide anchors for staff that make it easier to remember information. We do this by focussing on the relevance of the content and how it is presented. We provide creative visual content and hands-on demonstrations and we repeat any components needed to continually reinforce behaviour,” says Megan.  

Putting structure around learning also ensures staff continuously move forward and stops their learning from stagnating. This is especially important if the learning is around workplace computing as the systems and tools are constantly evolving. Staff who may have received Microsoft training in 2017 can’t be expected to be consciously competent in a Microsoft environment in 2020.  

Realise learning isn’t a project with an end date 

For Megan, one of the key issues with self-managed learning is the perception that training is something that has a clear end date. Employee learning should in fact be an ongoing process, driven not only by product releases, but inhouse pains and challenges.  

For this to happen, seeking and listening to staff feedback is crucial. Learning has to be collaborative and include those with their ear to the ground and hands on the tools, as well as managers and leaders.  

“When it comes to learning, the people using the tools should have a voice. What struggles are they having, what goals should they be working towards? By driving learning programmes based on pains rather than product releases, you will prevent frustration and increase adoption,” notes Megan.  

Switch to managed learning 

Revising how you implement learning and development requires a shift in mindset. Professor Edgar Schein said back in 1955 “my own thinking has evolved from theorising about ‘planned change’ to thinking about such processes more as ‘managed learning.”   

To assist businesses in making the shift, Insync Technology is launching M365 Manage. The solution encompasses planning, governance and adoption and change management for organisations working in Microsoft 365.  

“Before we can address learning, we first embed ourselves in an organisation in order to understand what it is like to work there and how they use their platforms. Then we set goals and immediately focus on quick wins, because we know this builds confidence,” says Megan.  

By looking at the specifics of each organisation, Megan believes real, long lasting change can be implemented, and business leaders can be confident their staff are consciously competent.  

To find out more about Insync Technology’s M365 Manage, contact the team today 

Has your PBX (or Skype for Business Conference) been hacked?

by Jason Jacobs

 

Working for a Modern Workplace & Managed Service Provider (MSP) like Insync Technology can bring some curious and interesting issues my way. 

Issue description:

This week one of our customers reported some strange behaviour on their telco bill. Within the span of 48 hours, 1000+ outgoing calls were made to various international numbers…all from a single phone number. What made things worse, the supposed user making these outgoing calls was high up on the corporate ladder! Let’s call him Executive “JDoe”. Luckily, the telco was able to block any further international calls coming from JDoe’s number to avoid further charges. It was at this point where the issue came our way. Now it was up to us to figure out what had happened.

Investigation:

The customer runs a Skype for Business Server 2015 on-premises deployment, and all telephony services interface with Skype for Business via a Ribbon SBC 1000 voice gateway. The first place to start was the trusty “Skype for Business Monitoring Reports”.

Only a single audio call was made to “JDoe” during this 11 hour period. Well this cannot be it.

Let us keep looking…

BINGO! According to the list of conferences for this user, we see that “JDoe” hosted a Skype conference which started at 1:25:53am on 19 August 2020. Within minutes, multiple PSTN callers were added to the conference. PSTN callers are added continuously for another 90 minutes at which point the conference ends. Another conference starts and the whole process repeats. Note how most of the conferences use the same conference ID.

The key was realizing that despite “JDoe” hosting the conference, this user never actually joined any of these conferences from their Skype account. The time stamps also give it away; “JDoe” was fast asleep at 1:25:53am.

A Skype for Business conference can only be generated in one of two ways:

  1. From Microsoft Outlook calendar using the “New Skype Meeting” button. This will generate a conference ID on the Skype for Business server and allow people to join the meeting immediately (even if the conference is scheduled for the future). It simply creates the virtual meeting space and allows you to send the meeting join URL to any email address:
  1. From the Skype for Business client using the “Meet now” button. This will also generate a conference ID, but it will also join you into the Skype meeting automatically using your Skype for Business PC client.

All of this could mean one of two things:

  • Someone got hold of the Active Directory username/password for “JDoe”, logged in as them, and started creating Skype conferences from their account using Microsoft Outlook Calendar. (we know that “Meet Now” was not used because we don’t see “JDoe” in the meeting.
  • Someone got hold of a legitimate conference ID, or Join URL, and was able to enter the conference unencumbered.

Our security team ruled out the first option by checking sign in logs against Active directory. All authorisations for “JDoe” were legitimate. This leaves us with only one option: The “hacker”, in this case dyonnes@dyonnimlanches.onmicrosoft.com, got hold of a Meeting URL and happily joined themselves into the meeting and started calling PSTN numbers. Turns out the first time that Conference ID was used was for a legitimate meeting at 18/08/2020 11:30am

Why did this happen?

Now that we know WHAT happened, we need to figure out WHY, and how to prevent it in the future.

Skype for Business Server 2015 has several settings in the Conferencing Policy that configure who and what can be done from a conference.

Looking at the first few settings we see the following:

There are 4 types of users that can join a conference:

  1. A Skype user from the same organization
  2. A Skype user from another organization/domain (federated user)
  3. Anyone with access to the Meeting URL. This will join them via a web browser as a (guest) This is also known as an anonymous user.
  4. PSTN dialin user

In this case, dyonnes@dyonnimlanches.onmicrosoft.com is seen as a federated user. But here is the catch, all federated users that join a conference are also seen as “non EV” users. This means if you have this setting ticked:

 

It will allow any federated user to make outbound PSTN calls.

Of course, this issue led me to multiple internet searches, and I must give credit to “Flinchbot” for this article, which confirmed my suspicion:

https://flinchbot.com/ucnow/index.php/2016/11/28/conference-participants-and-dial-out/

In summary, here is what happened:

  1. JDoe creates a new Skype meeting from his Outlook client for 18/08 at 11:30am
  2. Somehow, dyonnes@dyonnimlanches.onmicrosoft.com gets hold of the meeting URL and can join the meeting from their own Skype for Business PC client. (Scheduled meetings can be joined for 14+ days after the schedule date). If you have the join URL, you can join.
  3. dyonnes@dyonnimlanches.onmicrosoft.com is seen as a non-EV federated user and can make outbound PSTN calls from the meeting.

As for how they got hold of the meet URL, this could happen any number of ways. The meeting invite could have been sent to an already compromised external party which is out of our control.

Solution:

Disable PSTN dial out for federated users:

 

 

Only Skype users from within your organization will now be able to PSTN dial out from a conference.

Alternative prevention:

Another preventative measure, albeit controlled by the users themselves, is to modify the Skype For Business meeting options from Outlook. This way you can prevent “Anyone” from bypassing the lobby even if they get their hands on the meeting join URL.

Inside Insync – Anneliese Luz

Today we meet: 

Anneliese Luz – Adoption Consultant  

Time with Insync: July 2020

Previous notable time in IT industry: 

Not having a lot of previous experience in the IT industry is actually a strength of mine in my adoption role.  I connect with the challenges that people face when migrating to and learning new applications, and can assist and encourage them in a non-technical and easy manner. 

What are your best skills for your role?

Mix Approachable with adaptable. 

In a separate bowl add in a heaped interest in learning and facilitation. 

Combine together and add a good pinch of people skills. 

What do you like about your role?

I am on a constant learning curve, which allows me to grow personally and professionally.  I get real enjoyment helping our customers to adopt new modern ways of working. 

What trends are you seeing with customers? 

Rapid online organisational transformation and onboarding of new modern technologies to assist staff to function and enrich remote collaboration and connection.  This is the new post Covid world. 

What do you think about the opportunity for Teams for customers? 

Seriously, it’s got dynamic rich functioning features that will just keep on improving.  I really don’t know how I worked without it – Once your staff build up their confidence (I can help with this part) they will love it too!

Where have you used Insync core values in Insync everyday work life: 

Coming from a non-technical background, I have really stepped outside my knowledge boundaries and gone the extra 1.6 KM to learn and upskill on the job. Putting in lots of effort to be effective and contribute to my Team. Working for Insync matches my own values.  I love that I can be open, honest and fundamentally  human in my work environment and facilitation work with Clients. 

 

What do you like to do in your downtime?

I have a 5 & 7 year old and an adoring Hubby.  I like nothing better than to head out for a bike ride, go camping and be outdoors with my family.

Running a Hackathon on Microsoft Teams

For the last 4 years, Insync Technology has been a proud sponsor of UHack: The University of Tasmania’s annual weekend-long event that sees teams of participants come together to create something innovative. The event runs from Friday evening though to Sunday afternoon, with mentors from various backgrounds providing guidance along the way, culminating in a panel of judges on Sunday afternoon who review the teams’ submissions and ultimately crown the winners. 


Historically, UHack has been an in-person event: participants from around Tasmania would gather at the three main UTAS campuses (Hobart, Launceston and Cradle Coast) and work through the weekend to develop their innovation. Mentors would be on-site, with some video conferencing allowing participants in the north of the state to also access mentors who have tended to be concentrated at the Hobart campus.  

 

Of course, given the global COVID-19 pandemic that has affected all of us this year, many events have been disrupted and have needed to move to an online format. UHack also found itself needing to adapt and pivot to a complete online solution ensuring it didn’t disrupt the event activities and submission of entries. The critical impact of this change to the event was on time. The project team needed a technical platform for the event with only weeks to work through the many use cases, build and give access to participants in the lead up to the main event. They also had to ensure that the change didn’t impact the flow of communication and activities, and that all thosinvolved, whatever their role, could come together easily, and with minimal training time, using this platform. The fast pace of the event has relied on physical proximity to bring together multiple roles, deliverables, checkpoints and many largely unnoticed resources – all of which now needed to be accessible, responsive and smooth to replicate the UHack experience in an online environment. And it all had to be set up quickly, as preparation and registration was already in train.

In previous years, even though an in-person event, there have been multiple platforms to capture data across the eventEventBrite for registration, MeetUp for lead up information sessions, DevPost for submitting deliverables. If you’re interested, Insync’s very own Richard Charnock wrote a blog about last year’s experienceincluding a first outing for Teams, primarily as a communication tool. Here’s Richard taking a well earned rest in the “Mentor Pen” in between sessions:

 

 

This year, given that all participants would now be remote, the focus was to build a much more integrated solution that reduced the need to move across applications or platforms. The immediate desire was to utilise an education tenant and Microsoft Teams to build out the event, along with as many out of the box apps and features as possible to save time. We will dive deeper later in this blog into the technical journey and platform detail. Firstly, let’s talk about the overall experience of moving a weekend hackathon to a remote competition and experience.
 

How did a hackathon differ run completely remote? 

UHack is a great event. Each year it brings people together with a fantastic sense of community and energy. Participants are students and members of the general public who simply turn up, join groups and head into an intense phase – measurable in hours  to create an idea and develop that into a business model. During this, the event team floorwalk. They pop into rooms and chat to groups to answer questions, address concerns and give updates. It is very much about people coming together. 

A key factor for moving this event online was bringing this UHack community together. How do you replicate the communication and team feel through technology? 

The immediate answer was Microsoft Teams as the central platform and hub. Teams and channels for the event wide communication, break out social space, questions to the event team, private Teams for each group of participants and spaces for judges, mentors and the event staff to communicate. 

 

 

If you want to see a little more of what we created within Microsoft Teams, check out our intro sway. The imbedded video will take you on a walkthrough of the various Teams, Channels and Apps that came together to support UHack this year. 

What we built was an instant community, and by contrast with the timescales in a conventional organisation for uptake of a social platform, in this instance we needed uptake to be high right away.
What was great to see was that as soon as participants were registered and had access to the platform, there was a lot of activity in the breakout channel looking for a team to join and general discussion. See below for some further thoughts on the overall experience, with further wins and challenges.
 

The overall platform experiences  

Microsoft 365 had several built-in apps and services that not only integrated easily, but enabled some easy wins across the event such as: 

  • Meetings and Live events – Using Microsoft Teams to support UHack meant that we had a single tool that could handle not just the collaborative requirements to run a hackathon, but also all communications requirements. Both opening and closing ceremonies were held using Live Events, with mentor sessions, information sessions and other sessions that had typically been held face to face in previous years all being held via Teams meetings. This also made it simple to record meetings and live events directly to Microsoft Stream and share them out to all UHack participants. 

Here’s one example: the pitch presentation Live Event: 

 

 

  • Bookings – this app was quick to setup and make edits. Having a participant choose a timeslot to meet with a mentor with it, and then automatically book a Teams Meeting in a Mentors calendar, meant less applications for Mentors to access and learn. They simply followed what was in their calendar and only needed to know how to join Microsoft Teams meetings. 
  • Having Bookings create timeslots from free/ busy time in a Mentors calendar was easy to work with. We simply advised each mentor to setup their availability and block out breaks and this fed into Bookings as meeting timeslots. 
  • Microsoft Forms was used to create a scoring system for judges. Having this as a tab in the Judges Team general channel simplified their experience with a single space to access and complete the work. It was easy at the end to export everything into Excel and use a pivot table to manipulate data to create winners across divisions. 
  • Communication through posts in the event wide channel made it easy to broadcast updates and provide information to all participants, or to communicate directly in either the judges or mentors’ spaces. 
  • Using tags in Microsoft Teams was a great way to alert the event team as a group of people, rather than having to type all their names to @mention. Simple feature with big impact. 
  • Having everything combined through Microsoft Teams meant we all ‘lived’ in one place and had easy access to all aspects across the platform for the event weekend.  

fast-paced event brings with it challenges. Some of these we had to rapidly overcome to ensure the event ran smoothly and activities were delivered: 

  • UHack has participants from a diverse range of backgroundsfor many of whom English is their second language. This means communication must be clear and followup questions must adequately support the participant. This is much easier to handle face-to-face where you can gauge if they understand or need more support. This was harder with online posts in Teams. We really had to think about language in an announcement or instructions and if it was a clear explanation. When people posted a question, at times the reply post wasn’t always resolving their confusion and a Teams call was needed to discuss further.   
  • The importance of clear roles across the event. At times we had several people responding to posts. It was potentially unclear which name was the person to assist. We did have display names clearly indicate who was staff, mentor, participant etc, but there may have been too many people posting and replying which should be more streamlined in events like these. 
  • The quality of data was a challenge that increased stress and challenges leading up to the event opening ceremony. You can clarify an email address when a participant registers standing at a desk; however when the event is 100% remote the data input is critical. Several typo’s in registration data lead to bounce backs and some manual follow up. 
  • We used a separate education tenant for the event and provided everyone accounts. This separate profile and account worked well for Live Events and consistent data, however it can mean people don’t log in to that account and see activityHaving a guest account enables people to tenant switch and notifications in their Microsoft Teams application are more obvious. 
  • And finally, of course a key challenge as with many events and technology is human error. People not understanding the basics of Microsoft Teams led to replies not connected to posts and thus not being seen, or not checking their calendar and joining a mentor meeting, and in the ‘assignments’ area of Teams some not clicking ‘submit’ on their final entry. A lot of lessons were learned by everyone involved in the event. 

As everthere were challenges: many of these were behind the scenes or quickly remediated and we all moved forward.
 

Without COVID-19, UHack may have shifted forward with slight technical platform innovation. What we have seen in 2020 is a massive shift – a technical revolution. The crisis drove a massive change which everyone involved enthusiastically rolled up sleeves and adopted with minimal hesitation or barriers. 

Let’s now dive deeper into how we solved some of UHack’s requirements within the Microsoft 365 ecosystem: 

 

Microsoft 365 Tenant 

 Given that not all UHack participants are students of UTAS, we weren’t able to use the existing UTAS tenant to support UHack. This was to ensure security and privacy was maintained, but also would have led to longer lead times to develop the UHack platform itself. If we were working in with an existing production tenant that supported an entire university, development of applications, creation of teams and user onboarding would not have bene possible in the time frame available. Luckily, work on the previous year’s UHack event has meant that a separate UHack tenant had already been setup and was sitting idle ready for us to use. This tenant is an education tenant: this ended up being crucial, as we used educationspecific Teams features to support assignment submissions for UHack teams. 

 

 

To support participants, an Office 365 A1 licence was sufficient. This gave them access to Teams, Microsoft Stream, online Office apps, and everything else required during the event. A1 was also sufficient for Judges, however for Mentors who needed to be bookable via the Microsoft Bookings app, they required an A3 license. The tenant had 25 of these licenses available to support this. 

 

Onboarding 

 In previous years where UHack was an in-person event, participants would turn up to one of three UHack locations and “manually” register their teams, or even create\join a new team on the day. Transitioning the event to being fully online meant that this would no longer be possible, and users would need to be onboarded to Microsoft Teams prior to the commencement of activities.  

Onboarding required a number of things to occur: 

  • Create accounts for participants in Azure Active Directory 
  • Add participants to specific groups to ensure they received appropriate Office 365 licensing, and to automatically add them to the right Teams 
  • Communicate login and other pertinent information to each participant via email 

How was this achieved? 

Since its inception, UHack has used Eventbrite to support user registration for UHack, and this year was no different. This year however, data from Eventbrite was the primary input data to PowerShell scripting developed to support user onboarding and email communications. The first step was to create all participants in Azure AD: 

 

 

Key actions the script completed for each participant: 

  • Set initial password for participants 
  • Force participants to reset their password to something unique at first login 
  • Appended (Participant) to display name to make it easier to identify Participants in Teams during the UHack event 
  • Set Department to UHack Participant (used for dynamic group membership and automatic licensing\Teams membership) 
  • Alternate email address attribute set to email address used to register via Eventbrite: supporting easy password reset without requiring a participant to register a mobile\email address for password reset 

 

 

Now that participant accounts had been created, we now needed to get an individualised email out to every participant letting them know how to login, where to find additional information, and how to get in touch with UHack event staff if they had any problems. Initially, mail merge was investigated as a way to achieve this, but was dismissed due to complexity (who remembers how to mail merge?). 

Instead, PowerShell was again the winner and would allow us to use the same master participant list that was used to enable users in Azure AD. To do this, the script used for user enablement above was modified to send an email instead. 

This did require email content to be in HTML format, fortunately sites like https://wordtohtml.net/ make it easy to design in plain test and output the HTML you need: 

 

 

Once we had HTML content ready to go, the following script was used: 

 


With the resultant email sent to all participants: 

 

 

 

Onboarding Assets 

Given the radical shift in how UHack would be delivered in 2020, we wanted to make sure that we were able to give participants as much information about what Microsoft Teams was, how it was being used to support UHack, and how to login to the UHack tenant. Links to resources that would achieve this were imbedded in the welcome emailMicrosoft Sway was used to create a presentation that explained what was different about UHack this year, and to provide an asset that was dynamic and updateable in the leadup and during the UHack weekend. 

 

 

 In addition to Sway, Camtasia was used to record and edit a first time login video for UHack participants. In under an hour, Camtasia allowed us to record, edit and publish a professional looking video that helped removed friction from the first-time sign in process:  

 

 

UHack App 

In delivering UHack as a pure online event for 2020, there was a desire to provide a single location within Teams where participants could check the schedule, get helpful tips and info, and provide a way to find more details on mentors. Given the relatively short amount of time available to come up with a solution, we needed to find something that could meet our requirements with a minimal amount of development. 

Earlier in the year, Microsoft released a template Power App that aimed to provide a user-friendly experience to connect users with information about a crisis. Insync Technology had deployed this for a number of organisations as a way to communicate during the COVID crisispresenting it as an app within the Microsoft Teams client. 

It would save a lot of time if we could use this as the base of an app for UHack, and that’s precisely what we did. Here is what the Crisis app looks like when deployed with defaults: 

 

 

And here’s what our UHack App looked like. Company News was repurposed as the UHack schedule, World news (which was initially an RSS feed from the WHO) was repurposed to take an RSS feed of any social content that mentioned UHack 2020. Emergency Contacts became Mentors, a single location where participants could see all mentors listed, click on a link to read more about a Mentor (SharePoint site) or make a Mentor booking with the Bookings app: 

 

 

Content within the app was controlled with a corresponding Admin app that allowed event staff to update the schedule, add helpful tips, links, or anything else for the duration of the event: 

 

 

With minimal effort, we were able to take an off the shelf app template and turn it into something that supported our needs for UHack. 

 

UHack Bot 

One other use case we wanted to support was the ability for participants to ask questions, get an automated answer, but also have a mechanism to ask a person if they were unable to find the answer they were after. Building chat bots within Teams is relatively straight forward, with lots of resources available to help you along the way: 

Within the time constraints we were working with, we were able to build a bot that presented useful information to participants: 

 

 

As well as ensuring any queries the bot couldn’t answer were directed to the Events Team to action: 

 

 

Bookings App 

UHack 2019 was the first year that Insync deployed Microsoft Bookings to support booking mentors, but this year it was more important than ever given that all participants were remote. In addition, the Bookings app in 2020 automatically created the booking as a Teams meeting – ensuring participants and mentors had a quick and seamless way to meet throughout the weekend: 

 

UHack Submissions 

When participating in UHack, each team is required to submit the following: 

  • A Business Model Canvas 
  • A 2-minute pitch video 
  • Their innovation submission files 

In previous years, UHack submissions were handled by Devpost. This year, however, given that the event was being held on Microsoft Teams, we wanted to find a way to support submissions natively within Microsoft Teams. We also needed to ensure we had a mechanism in place that would allow us to get submitted files prepared ready for judging: all while taking into account that all participants, event staff and judges were scattered throughout Australia. 

Given that UHack was being held on an education specific Microsoft 365 tenant, this meant that we had access to Assignments in Microsoft Teams to support UHack submissions. We created single UHack Final Submissions Team, added a single team captain per hacking group to the Team, and created a single UHack 2020 Submission assignment within the team. We took this approach as not every UHack participant needed to submit an assignment: one submission per group. If we had added an assignment to each Teams private Team, every participant would have had the ability to submit, making collecting submissions much harder. Introducing the concept of a team captain and a single UHack submissions teams solved thisAssigment submission also provided a mechanism to ensure everyone had access to the same template documents and instructions, in this case a Word template for the Business Model Canvas: 

 


Once all Teams had submitted their work, our next challenge was how to get these files to a Team created specifically for the judges. Whilst it was possible to manually click on each and every submission, download submitted files and upload to another location, we needed something that was quicker and more streamlined. To achieve this, we discovered where submitted files are actually stored in SharePoint, and synced this library to our own PCs: 

 

From here, it was much easier to review submitted files, format as required and copy across to the synced SharePoint library from the Judges Team. This allowed the remote Judges to access files quickly and easily: 

 

 

Some closing reflections… 

It wasn’t until the dust had settled and all the post-hackathon wrap-ups had been done that we realised how big a change we had made. Of course, we had built a model of one aspect of the “hybrid workplace” we are all now starting to envision. But more than that – 

First, in terms of space: once UHack escaped the limitations of physical space based on all the people and all the action being in one place, it actually became, in principle, boundless. The event serves to promote innovation in Tasmania, but by the time UHack 2021 comes around we’re sure there will have been much discussion of how to attract attendees, mentors and others from outside Australia, never mind the state.  

Second, in terms of time: we transformed UHack from an onsite event (one that only worked if you literally went to it) to an online event in a matter of weeks. This took a lot of skill and focus, and a certain level of sleep-deprivation: but it also demonstrates what can be achieved with the ever-improving tools available in Office365.  It will only get easier. 

And of course the world is now full of online events replacing their onsite predecessors. Commsverse, Ignite, M365 May, TeamsFest… these are not just replacements – they are in many ways improvements, certainly in terms of accessibility, participation, scope and choice. We can’t wait to be involved in the next one. We’ll see you there! 

Inside Insync – Ian Culliver

Today we meet: 

Ian Culliver – Senior Consultant 

Time with Insync: Early 2019 

Previous notable time in IT industry/customer/vendor: 

Having worked full time in IT for 20 years, I have worked in or with almost every industry Australia has to offer. I still remember floppy disks if that counts for anything? 

What are your best skills for your role?

My ability to help analyse issues and identify problems has always helped with managing IT systems and issues for my customers. Lately, I have had the opportunity to work with our clients to help develop and improve their systems and processes. This non-technical engagement is aimed at bridging the gap between IT staff and the commercial operations. 

What do you like about your role?

Being able to help create change and improve people’s effectiveness and work life balance. 

What trends are you seeing with customers?

COVID has changed the attitude of some senior leadership on the value remote working can provide. I have seen customers that were strongly against having a remote workforce, embrace and encourage this recently. Some are now looking to continue and even expand flexible hours and remote work locations beyond COVID. 

What do you think about the opportunity for Teams for customers?

The collaborative nature and the integration of supporting products are the key to a remote workforce being effective. If this platform continues to simplify the interactions and integrations between people and products, this will only further enhance the effectively and productivity of all involved. 

Where have you used Insync core values in Insync everyday work life: 

I would like to think that I never promote or push a solution or product that wont work for a customer. Not every business has the same needs, desires, or wants and sometimes you need to help curb the enthusiasm of senior staff and help get the foundations in place. Being honest and not bulls#!ing them about their expectations and the road ahead is imperative to a successful partnership. 

 

What do you like to do in your downtime?

Scuba diving. I’m inside and at desk enough so when I can I like to tune out and find a trench, channel or shipwreck to paddle around and in. 

Modern Workplace telephony is easy to use and massively advantageous, which is why we have created VoiceX

If you are working happily and productively in your Modern Workplace and are now wondering what else is possible? It’s time to talk about phones. Physical, old-fashioned, office-bound phones.  

As you read this, there are hundreds of thousands of Australians working remotely whilst their phone handsets sit redundant and unloved on desks in empty offices. Perhaps you have managed to divert calls to mobiles, but it’s a less than ideal solution.   

If Cloud has been successful for your IT, it is more than likely it can offer improvements for your telephony. In response to the increased desire for businesses to move to cloud telephony, Insync Technology is eXcited to announce the launch of our new service, VoiceX, a managed Teams Calling service that integrates into your existing Microsoft 365 environment, quickly and simply.  

What are the benefits of VoiceX? 

Integrating your telephony with your existing Microsoft 365 environment will deliver several improvements for your business and employees. Most notably, staff can make calls from anywhere with an internet connection, via a phone, tablet or laptop.  

Unlike other Cloud telephony solutions, VoiceX has been designed to give freedom and flexibility to customers.  So, what makes it different and why do you need it? 

  1. The VoiceX fee structure is based on the number of concurrent calls at any one time, not the number of total users using the service 
  2. You might be mid-way through a telephony contract, or have a great relationship with your telco, so VoiceX’s BYO carrier option allows you to migrate to VoiceX at any time Of course, if you are ready for a change, we will help you find the right fit as needed.  
  3. With new systems or a shift in technology, there is always a period of learning. Insync Technology has a strong focus on adoption and change management across all of our solutions. Our experts will equip you and your staff with the knowledge to ensure your change in telephony is a seamless transition.  
  4. But what about issues beyond training? Fear not, VoiceX includes a complete support and management solution for your entire Microsoft 365 environment, telephony included.  

As VoiceX will enable staff to answer calls via their desktop, laptop, tablet or mobile, your traditional handsets will become obsolete as staff receive and make calls from any device with an internet connection. Cloud telephony enables you to retire your phone hardware and save considerable costs in future hardware upgrades and annual maintenance agreements 

Unlike diverting phone lines or dishing out staff personal numbers, the VoiceX solution provides total control to staff to set contact times and use standard office numbers that have been ported into Teams Calling.  

Flexibility and support at the heart of VoiceX 

Other cloud telephony providers charge based on the number of users registered to the system. For example, if you have 350 employees, you need to pay for 350 users regardless as to whether the staff member works full time, part time, or uses the phone once in a blue moon. With VoiceX, our simple and cost-effective pricing plans mean you only pay for the number of concurrent calls that you want to support.  

So, in our example of 350 employees, if you only want to support a maximum of 50 calls taking place at the same time, you will only pay for 50.  

Insync provides a complete support and management service for your Teams Calling telephony, along with your existing Microsoft 365 environment. For you, this minimises the costs and time associated with managing different providers and assures your infrastructure will work together seamlessly.  

Because VoiceX is not tied to a telco carrier, you can get started with VoiceX now. It doesn’t matter who provides your existing telephony and how far through your contract you are – just BYO your existing carrier.  

So, is VoiceX right for you? 

If you are familiar with your Microsoft 365 environment, using Teamssaving files in SharePoint and you understand the benefits of a cloud-based infrastructure then the answer is probably yes.  

Rather than working with separate partners for your Microsoft 365 and telco needs, you can now integrate cloud telephony via Teams Calling with the rest of your Modern Workplace environment – all set up, managed, and supported by Insync Technology 

Take the next step on your Modern Workplace journey with VoiceX and enjoy the benefits of increased efficiency and improved productivity. To learn more about VoiceX, get in touch today 

Microsoft 365 compliance centre

Failure to comply will result in… a lower score and a lot of alerts

Former US Deputy Attorney General Paul McNulty once said, “if you think compliance is expensive, try non-compliance”. For many, the subject of compliance can cause headaches. Yet there are business tools available that can ease the burden of workplace compliance and it’s quite likely you have access to them.

Microsoft has offered various scoring functions for some time and are currently developing and consolidating capabilities. Scoring systems include the Windows Score for Security, Azure Active Directory Secure Score, Microsoft Secure Score and the Microsoft Compliance Score.

The latter is, surprisingly, somewhat of an enigma to many. A large number of organisations are unaware of the built-in compliance capability when rolling out Microsoft 365. However, it is worth getting to grips with, because, with a little bit of input it can help streamline compliance processes.

 

How does it work?

There is a compliance centre in every organisation’s Microsoft 365 environment. Unlike some features, your compliance score does not need activating, it is always on. That said it isn’t a set and forget function. In order to maximise its efficiency and use it to your advantage, it does require some thought.

Your score is generated based on certain activities and processes seen within the tenant. In addition to providing an overall score, a list of suggested improvements is provided.

Based on the specific settings, staff who execute a non-compliant action will receive an alert or an alternative recommendation to advise that this has occurred.

Some suggestions might be easy to implement, like calendar management, in which case they can be assigned to a task member to complete within a set timeframe. Another simple improvement might be to refresh Multi-Factor-Authentication (MFA), a sensible plan following the COVID-19 induced work from home period. Once complete, the score should improve, and the suggestions should have changed.

“If you use the compliance score properly, it can provide an effective technical audit of a workplace, but it doesn’t account for specific business processes or rational preferences,” says Loryan Strant, Product Manager at Insync Technology.

 

Manage your expectations. There’s no such thing as a perfect score

For the high achievers amongst us, it might be depressing to know that a Microsoft Compliance Score of 100% is pretty much a castle in the sky, it ain’t gonna happen! You can, however set a realistic benchmark or goal based on your specific organisation.

“A score of 100% would only come when a tenant is so compliant that it impacts their ability to work. The machine learning in the compliance centre cannot account for the specific processes and nuances that vary business to business,” says Loryan.

To avoid hampering the end user experience, Loryan recommends defining what your version of good looks like and then working towards achieving and maintaining this score. The compliance score will change over time, so you need to ensure that any actions are reviewed and repeated as regularly as required.

 

When you can’t mitigate, manage

Compliance doesn’t mean having one blanket rule for everyone because that just doesn’t work. To avoid tying yourself in knots over compliance suggestions, remember that when it comes to risk, if you can’t mitigate it, manage it. To do this you need to think about the bigger picture and clearly define what you are trying to achieve.

“I worked with a customer where users had to tick boxes before accessing services. This included MFA, which was a problem for provisioning the Surface Hubs installed because the devices accounts are obviously not real people. In this scenario we had to exclude those device accounts from the policy, which resulted in the loss of a point from the Secure Score – but this is an acceptable risk. These are the kind of tweaks you need to make as you go,” says Loryan.

 

Tips for using Microsoft Compliance Centre

Within the compliance centre, there are some guidelines that contradict with other elements of the Microsoft ecosystem and ethos. For example, enforcing password complexity or expiry conflicts with Microsoft advice around Windows Hello, that passwords are things of the past.

In order to get the most from your compliance centre and increase your score, Loryan recommends considering the following tips:

  1. Think about the bigger picture. What are you trying to achieve and why?
  2. Conduct an impact assessment before flicking a switch. How will end-users be affected, do they know which alerts can be ignored, and which can’t? Do you need to provide education or change management?
  3. Consider how you bring the compliance centre into your existing security and compliance processes. Do you need to update your policies and processes given you have increased functionality?
  4. Which elements flagged in the compliance centre are subject to licence and which elements may require additional licencing beyond those currently in place?
  5. Which staff will have admin access, read-only access or no access (end users)?
  6. Beware of false positives – e.g. alerts caused by logins which seem suspicious but are completely normal if the context is understood
  7. Do you have a risky user policy? What is a risky user and how do you manage that?

 

What’s your score?

So, there you have it, a handy compliance tool already accessible in any Microsoft 365 tenant. Are you ready to find out how you are faring when it comes to compliance?

“Remember that whilst this technology is incredibly clever, it’s not perfect. You need to look after it, manage it and adjust it as you go,” concludes Loryan.

To find out more about how Microsoft 365 can help improve compliance in your workplace, contact Insync Technology today.

Espire Infolabs and Insync Technology assist with ACU’s digital refresh

Microsoft partners Espire Infolabs and Insync Technology have overhauled the Australian Catholic University’s (ACU) systems through its digital workspace program.

The two-week long refresh saw the introduction of SharePoint Online, OneDrive for Business and Teams and Teams Telephony for communication and collaboration, all underlined by Microsoft 365 integration.

These products come in to replace on-premises-backed Sharepoint, network share drives and Skype for Business, plus Cisco desk phones, respectively.

Online system access is governed by Azure Active Directory and multi-factor authentication, which includes workspace access, joining meetings, collaboration and interaction with peers and internal and external stakeholders — all across ACU’s eight national campuses.

The refresh is a part of the university’s digital workspace program to increase the level of technology being used through to 2023.

Niranjan Prabhu, CIO and director of IT at ACU, said the program is aiming to provide “a modern workspace environment that ensures seamless collaboration and optimised communication to increase efficiency and enhance the staff experience”.

The digital workspace program has proven particularly useful with the rise of COVID-19 causing staff to work from home, with Teams allowing for collaboration and secure file access.

There’s nothing like a crisis to present an unprecedented opportunity for change and transformation,” Prabhu said.

The decision to side with Microsoft solutions, according to Prabhu, was due to the “breadth and space for opportunity” that they provide.

We wanted to leverage our current investment and integration of multiple capabilities to achieve a consistent digital experience for our staff and students,” he said.

The ACU digital workspace enables the best experience for employees and students securely, regardless of their location or device. They have the same seamless experience no matter where they are.

The digital workspace was initially deployed to staff, with plans to expand it for student usage. Currently, Teams usage is being piloted to some course units to strengthen partnerships between staff and students.

For teaching space meeting technology, we currently use Zoom. Our intention is to transition to Microsoft Teams, to ensure a single platform across the University. As staff are familiar with Microsoft Teams, we expect this to be relatively straightforward,” Prabhu said.

Furthermore, the ease of sharing documents and ability to live chat during a meeting, as well as emerging features, such as the “raise hand”, or running a 3×3 video calls, are helping to spur the transition to Microsoft Teams.

The university’s meeting rooms also saw an upgrade as part of the program, utilising room panels to display room availability and can facilitate on-demand room bookings, even from non-Microsoft devices. Outlook integration also allows for staff to add extra room services, like catering and IT support.

In addition to the refresh provided by the two partners, the ACU is looking to develop its own applications and workflows through the Microsoft Power Platform in order to replace existing third-party workflows.

Two examples include the use of a Data Lake to utilise Power BI and the Azure Data Platform to identify students who need assistance, including those that are at risk of separating permanently from ACU before they finish a course, and the ACU Virtual Assistant chatbot for providing on-demand support.

Read original article here.

Australian Catholic University harnesses cloud, data and AI to spur staff and student success

The Australian Catholic University is ranked among the top 2 per cent of all tertiary institutions and is in the global top ten of Catholic universities. It operates eight campuses in Australia, a ninth in Rome and boasts 35,000 students and around 6,500 staff and partners.

The Australian Catholic University’s (ACU) strategic plan through to 2023 sets out its ambition to achieve excellence in research, service, learning and teaching. Technology stewardship and digital foundations will play a critical role in being able to accomplish that.

For ACU, empowering staff is the catalyst for creating a modern and secure workspace accessible from anywhere and any device. The digital transformation will help ACU to collaborate, innovate, sustain and serve to deliver new solutions for students, uplift the cybersecurity posture of the organisation and deliver IT-enabled value faster and more effectively.

Dr Stephen Weller, Chief Operating Officer and Deputy Vice–Chancellor of ACU, said; “Amongst the pillars of our strategic plan through to 2023 is our intent to deliver an engaging, technology-enriched and immersive student experience. We will also strive for adaptable, accountable and transparent business and service delivery models. The digital transformation now underway will play a critical role in terms of fulfilling our strategic goals for the University. We are empowering students and staff with modern tools and data-rich insights – setting them up for success”.

ACU has always been on an exponential growth path when it comes to technology. Microsoft 365 is at the heart of the transformation.

Niranjan Prabhu, Chief Information Officer and Director of IT at ACU, says “We’re creating a modern workspace environment that ensures seamless collaboration and optimised communication to increase efficiency and enhance the staff experience. It accelerates the integration of new technologies and applications to strengthen our ability to innovate.

The digital workspace now rolled out for staff offers:

  • Access to SharePoint Online (replaces on-premise SharePoint)
  • OneDrive for Business (replaces network share drives)
  • Teams and Teams Telephony for communication and collaboration (replaces Skype for Business and Cisco desk phones)

Another critical part of the Digital Workspace program is the next-generation meeting room experience, consisting of room panels that display room availability and facilitate on-demand room bookings. Staff can also use custom Outlook add-ins to order additional room services such as catering or IT support. These rooms also provide ‘single click to join’ functionality, even from non-Microsoft devices and tools.

ACU is also developing its own applications and workflows to replace existing third–party workflows using the Microsoft Power Platform. Microsoft Power Platform provides the flexibility to embrace process changes and emerging capabilities along the transformation journey. It makes the development process more predictable and repeatable, enabling faster delivery with lower risks.

Prabhu says that the Microsoft ecosystem was selected as it “provides breadth and space for opportunity. We wanted to leverage our current investment and integration of multiple capabilities to achieve a consistent digital experience for our staff and students.

Access to the online systems is governed using Azure Active Directory and Multi–Factor Authentication.

Prabhu explains that “The ACU digital workspace enables the best experience for employees and students securely, regardless of their location or device. They have the same seamless experience no matter where they are”.

This includes full online functionality, the ability to access workspaces, join meetings, collaborate, interact with peers, and engage with internal and external stakeholders. With eight campuses nationally at ACU, this has also facilitated continuous dynamic virtual social interactions between campuses – physical distance simply doesn’t matter anymore.

During the COVID-19 pandemic, the digital workspace made the entire working from home experience possible, including secure remote access to files and applications and collaborating across borders with Microsoft Teams.

ACU’s dashboard analytics provide complete transparency of the adoption and usage of the digital platform across business units. Unsurprisingly, when COVID-19 struck and forced a remote work model on the University, these analytics revealed that the digital workspace and associated tools were widely adopted with less than 1 per cent of staff raising service tickets and no significant resistance.

As an example, in October 2019 ACU had 1100 active Teams users – by March 2020 that had soared to 8,700, a 690 per cent increase in just five months.  ACU analysis also suggests productivity has more than tripled since the introduction of the digital workspace.

To achieve all this, ACU has worked in collaboration with Microsoft Partners Espire Infolabs and InSync to deploy these leading-edge cloud-based digital tools.

The entire transition to remote working for ACU staff was achieved in about two weeks. In terms of effecting massive change, Prabhu notes; “There’s nothing like a crisis to present an unprecedented opportunity for change and transformation.

This change and transformation extends to students and will likely prove enduring according to Dr Weller, who says that the pandemic experience has; “Proven clearly that people want to have more choice, with 50 per cent of students choosing to attend lectures on campus and 50 per cent choosing to view it online.

In the future it won’t be an either-or proposition, rather a case of digital everywhere.

What the pandemic has shown is that while everyone embraced more online experiences, it’s not a substitute for human interaction in person. That doesn’t mean that as a student I want to go to every tute every week in person, but it does mean that almost every aspect of learning can be digitally enriched”, he says.

For example, students on placement (e.g. assisting in a hospital) want to be able to use a tablet to access their notes on OneDrive or Teams where and when they want, without being tethered to a campus.

Dr Weller says there are other opportunities to use advanced technologies to promote learning; for example, using augmented reality to run virtual workshops that can “develop a level of digital competency to complement in–person learning. Maybe the student wants to learn online this morning and go into the campus in the afternoon. We need to make it all a digital experience – not exclusively on campus or online.

 

Chatbot Support

To further enhance the service experience, ACU has created a Chatbot, powered by Azure and known as AVA (ACU Virtual Assistant). AVA uses natural language processing capabilities and integrations (such as ServiceNow, ACU COVID-19 FAQ, Microsoft Learning Pathways and Who bot) to provide instant, on-demand support to ACU staff from within Teams and SharePoint.

Furthermore, when interacting with our chatbot, if the staff member requires further assistance, there is the option to seek help via handover to a live chat or log a service ticket through ServiceNow,” says Prabhu. “This means staff are fully supported no matter their issue“.

There are exciting plans in store for AVA” he says, which include incorporating voice activation, partially intended to create an improved experience for those living with disabilities.

Transforming Teaching Spaces

ACU’s digital transformation was initially deployed to staff, with the next phase currently underway to extend the technology to students. The University is presently piloting Microsoft Teams within some course units. The intention is to foster closer partnerships between staff and students, including facilitating interactive classroom experiences and seamless multi-channel learning and collaboration.

For teaching space meeting technology, we currently use Zoom. Our intention is to transition to Microsoft Teams, to ensure a single platform across the University. As staff are familiar with Microsoft Teams, we expect this to be relatively straightforward.” says Prabhu.

Furthermore, the ease of sharing documents and ability to live chat during a meeting, as well as emerging features, such as the “raise hand”, or running a 3×3 video calls, are helping to spur the transition to Microsoft Teams.

To provide options for students, ACU is introducing virtual laboratories. Instead of physically attending the campus, students can remotely access cloud-based digital laboratory resources using Azure Lab Services via Microsoft Teams. This also eliminates the need for laboratory set up by ACU technicians.

Students will be able to have the same experience at home as on campus, and that’s really important for both our existing student experience, and where we see education heading in the future. We want to make sure that students are equally equipped to study wherever they choose to be”.

 

Supporting Student Growth

Another important program of work underway at ACU is the establishment of a Data Lake that leverages Power BI and the Azure Data Platform to support students who may need assistance or are at risk of separating permanently from the University prior to course completion.

Prabhu explains; “We’re generating and capturing more data than ever before, on an increasingly varied set of data sources, providing us with the opportunity to understand support student success throughout the student’s lifecycles.  Effectively managing that lifecycle is the key to excellent learning outcomes and student success”.

Common risk factors include struggling with grades, financial stress, and social or environmental factors.

To assist at-risk students, ACU is looking to leverage the data to identify patterns that allow them to predict and identify who may need support. Data on student engagement, interactions, attendance and participation, as well as their overall behaviour, can give early warnings that support is required.

We’re assessing the parameters that can be a red flag to academics and professional staff allowing them for early intervention and support,” says Prabhu, referring to financial, pastoral or tutoring support. “We can monitor the success of programs that engage and assist students in all aspects of the student lifecycle. Interpreting this data will ensure early intervention of students at risk, as well as understanding student well-being across the spectrum of student abilities and competencies.

Prabhu acknowledges the delicate balance between using data to provide valued support and respecting student privacy. “We definitely need to strike a respectful and conscientious balance while achieving the best outcomes for both the student and the university,” he says. “The wellbeing of our students is very important to us, so we’re eager to get this right.

The other balance that needs to be struck in a post-COVID world as ACU regroups to face whatever will be the next normal, is between investing in technologies that will improve the staff and student experience and building capabilities within current financial constraints.

Prabhu states the medium-term focus for IT at ACU will be to “contain, sustain, and grow.” This means making smart decisions about technology deployment that can boost efficiency, deliver savings through process automation, as well as create a competitive advantage – such as having the ability to build and leverage a rich data lake of insights to support the University decision–makers and students as they strive for success.

Dr Weller is clear that; “The quantum spent on virtual infrastructure will only continue to increase exponentially.” Also, he expects that the search for trust will mean that the investment in cyber security will increase substantially.

Ultimately, he says the ACU’s Digital Workspace initiative is about supporting ACU personnel, faculty and students; “Anywhere, any device, anytime… empowering them to do what they want to do where, when and how they want to do it.

Read original article here.

Retention & Data Loss Prevention: Beware of what’s not covered in your Microsoft 365 environment

Compliance in the workplace can be a bit of a minefield. There are many elements, people and considerations to take into account. When exploring Modern Workplace compliance capabilities, it helps to split them out and look at them individually, rather than as one big clump of confusion.

Looking at retention in Microsoft 365

In the Microsoft 365 universe, built in retention policies enable organisations to apply labels to content that determine whether it is retained for a specific period of time regardless of deletion by an end user, or to ensure it is permanently deleted.

One component of the functionality included is eDiscovery, the intuitive process of identifying information stored within your files.

“Searching for files and emails manually is not practical. There are too many places to look. eDiscovery has been significant for this, as it allows you to search across the entire organisation, under set parameters,” says Loryan Strant, Product Manager at Insync Technology.

Examples of eDiscovery include searching for legacy data and identifying communication and documents required for HR or legal purposes. However, whilst the functionality is greatly improved there are some general misunderstandings.

“Inbuilt retention and eDiscovery tools in Microsoft 365 only apply to Exchange, SharePoint, OneDrive, Teams and, more recently, Yammer. Popular applications including Sway, Forms, Power BI and Planner are not covered by the compliance technology, yet this is not always understood.” notes Loryan.

The outcome is organisations that believe themselves to be compliant, are in fact not. To combat this, Loryan notes there are several steps organisations can take, specifically:

  1. Understand your compliance in more detail
  2. Focus on mitigating issues
  3. Set policies that prevent staff entering data into unmonitored platforms
  4. Limit permissions to applications based on usage needs
  5. Support your policies with training
  6. Be clear which tools are risky and where staff must take individual responsibility

Data Loss Prevention (DLP), what’s included?

Where retention focuses on preserving or disposing of data, DLP concentrates on the transmission and storage of what is inside the content or data. For example, DLP can autodetect when Personally Identifiable Information (PII) – such as credit card or Medicare numbers have been stored or sent in contravention of the organisational policy.

Microsoft 365’s DLP can detect patterns, search for keywords and, based on policies, select different actions. You can choose for particular content to trigger a tip or alert.

“Using DLP well can result in automating certain policies. You can flag that PII should not be saved in files, or that information needs to be included in an audit. You can use DLP to auto-forward copies of documents to managers and key staff for approval before release, or just visibility,” says Loryan.

In fact, you can go as far as to simply block content. If a staff member pastes a credit card number into a Teams channel with external guests, DLP would remove the message and replace it with the reason why it was blocked. It is intelligent and effective technology. But, as with retention, DLP is not available to the full Microsoft 365 suite.

The limitations of DLP include the assumption that information will go into an email, conversation, or a file, when it could be input in Forms, Planner, Sway, and several other services within the platform. DLP needs to be configured correctly in order to stop data leaking out of the organisation. But it is a fine balance as it is easy to overload warnings and policy violations which results in constant alerts, even for legitimate transmissions.

“To head towards being compliant, you need to turn on DLP, observe it, tweak it and adjust it,” says Loryan.

Don’t skip the detail, configuration is key

To ensure that your organisation is as compliant as you think it is, you need to address your Microsoft 365 configuration. Loryan advises taking the following steps:

  • Don’t rush deployment
  • Align your Modern Workplace DLP and retention policies with your existing organisational policies, noting that traditional policies might need to be updated to reflect what the technology can offer by way of improved controls
  • Did you customise the settings when the platform was first deployed or did you settle for the default settings? Look at what is and isn’t working and what components of Microsoft 365 DLP doesn’t cover
  • Communicate clearly with staff about changes to process and policies
  • Regularly review the configuration to ensure it is still relevant to your organisation
  • Run retention and DLP drills internally on a regular basis to ensure you know what is missing

“When it comes to compliance, the biggest part is understanding that you need to change your approach from both an organisational and IT perspective. We used to rely on firewalls but with Microsoft 365 entirely outside the firewall, we need to shift how we think about it. But above all, you can’t rely on a platform doing all your thinking for you, you need to define clear policies, specific to your organisation,” concludes Loryan.

So, when was the last time you looked at your retention and DLP policies and configuration? Are you confident you are compliant? If you need assistance identifying cracks in your Microsoft 365 compliance, contact Insync today.

show