Episode 193 – Organize All The Things With Project Moca

- Welcome to episode 193 of the "Microsoft Cloud IT Pro Podcast," recorded live, August 31st, 2020. This is a show about Microsoft 365 in Azure, from the perspective of IT pros and end users. Where we discuss a recent topic or news and how it relates to you. In this episode, Ben and Scott spend some time talking about email exfiltration and security, new features coming for Windows security, that relate to advanced threat protection, Microsoft 365 business. And then we would be remiss if we didn't talk about Moca, Project Moca that is. A new feature coming to Outlook on the web. So let's dive in.

- The bites and the bits they make a difference.

- They do make a difference. So should we talk about news today? We have a whole bunch of topics we've talked about that we've had, and haven't talked about, all of that.

- Yeah, let's do it.

- All right, take your pick. You had a few that you had on our list that we haven't talked about. So I'll let you kick it off this week.

- Yeah, let's talk about email exfiltration controls for Office 365 connectors.

- Perfect, I like that, anything that prevents email from going out if it shouldn't, it's a good thing right, email security?

- Yes.

- So what are these exfiltration filters that have been rolled out?

- So you can do things now, well, they've added extra headers to messages from certain services. So you have things now, like there's an XMS mail application header. And that header might be set to a string value such as Microsoft Power Automate. So you could take something like that and create a transport rule in exchange online, which says all emails that come from Power Automate, now go through this filter chain. So maybe they can be sent to external people. So that's kind of cool and you can extend that and take it forward a little bit. There's also an XMS Mail operation type header, which will have values like forward, reply, send, things like that. So you can potentially like take either or one of those rules and either say, we're going to have rules that execute against a particular application. Like your business needs to keep sensitive information internal, and you never want a Flow in Power Automate to send an email to the outside world no matter what your users say, well, you can do that. Or you can also do things like look for purely forwarded messages going through your system and not even allow things like that. Or combine those two together. If Power Automate is logging into my mailbox and forwarding messages, stop it. Like just kill it at the edge with the transport rule. Which is kind of fun.

- So with this, yeah, so this transport rule and the new headers could I now do something like if somebody clicks reply to all on a message that has 250 participants, tell them to stop doing that?

- I don't think you can stop the whole thing. There's no great thing for that--

- It's not gonna stop.

- buttons that vendors make and put in your mail client but really you just have to teach people better behaviors.

- Yes, no amount of technology can fix certain behaviors of people.

- No.

- That is really nice because there's a lot, as people are using Flow and PowerApps and all of this more, I mean, even I've built stuff for my clients where it is automatically sending out information, it's logging information. Microsoft is putting those technologies in the hand of end users and they might not always realize what they're doing when they create certain Flows. So being able to put some rules in there that looks at the source of these emails, whether it be PowerApps Flow, or I don't know how many it's extended out to, or if it will start extending out to other areas. Definitely a good thing to have for email security.

- Yeah, it's interesting. 'Cause it takes this SAS world where, for better or worse, we all feel like we're in less control and it puts some of that control back in, kind of that governance plane or that administrative plane for the product. I don't know that, like so yes it solves the problem of email exfiltration. It doesn't solve the problem of you having to go to your user community and continue to educate them and let them understand the rules that drive the business. Like this is not a feature that goes into Power Automate and says you can never create a Flow with a forwarding rule that goes outside your organization. Like that type of governance doesn't exist there. So now, you might go and implement something like this, but then from a user adoption plane, they could still be going out and creating all these types of things. So I would maybe want to extend that with some reporting and take a look and so if you do set up rules like this, like where are we blocking it? Who was the person or the process that sent it? So that we can go educate them and kind of have a talk and see like hey, are we meeting the needs of the business? Or, did we potentially make things worse?

- Yeah, definitely. And it does, that ties in. So I actually had an experience. It wasn't with PowerApps or Flow, but this past, I think it was this past week, where I had a client come to me and say, "Hey, I just had a user set up a mail forwarding rule. "What's going on, can you look it up?" Come to find out, said user of said client clicked on some type of malicious malware that automatically went into her Outlook on the web. So this wasn't even like a Outlook on-prem rule. It was Outlook on the web. So I don't know if it was the whole, I'm signed in, in one tab, I opened it in another tab and created this Outlook on the web rule but I was able to go in through all the audit logs to create an Outlook on the web rule to automatically forward email with certain information in it to some external email address. Fortunately, we had actually set up a mail Flow rule that said, do not allow people to set up rules that forward mail externally. And it prevented this whole fiasco where certain confidential information could have been forwarded. So the nice thing is the rule worked, it caught it all. It didn't allow this rule to be forwarded. And as a result, no mail got forwarded out. But also with all of the unified audit logs, the mail tracing all of the security features available in Office 365, we could also go through and show exactly what had happened. Walk through the, get a good idea of what happened as well as verify that they indeed were protected.

- Yeah, so the other thing that I've done in the past there is you, probably want to implement process, like again on top of your transport rules to do things like, just run a PowerShell script that audits everyone in your exchange org. And if they have a forwarding address set on their mailbox, let's bubble that back up and report it. 'Cause you might be killing those things, like you said, on the edge with the transport rule, but that hasn't solved the underlying problem that somebody clicked a malicious link and a grease monkey script came in and did all this stuff and set up emails to forward out. So, you've got two things. Like yeah, was there a rule there? Or was there an all up forwarder placed on the mailbox as well? And what does that look like? So that can manifest itself in a couple different ways. Like I always like just have a script that runs on a cadence and enumerates all the mailboxes and anybody who has a forwarder set to an external domain or something that's external to your organization, you wanna know about that. You don't always need to know about, the manager who picked up somebody's mailbox for the next 30 days and has a forwarding rule in place there.

- Right, although in theory, should that be a fowarding rule or should that just be delegated access to the user's mailbox?

- Oh, well . That all depends on how people know, how much people know about how to use email.

- It is true, so another one that Microsoft actually recently announced in the middle of all of this, so while, I was dealing with this with a client, I also noticed a new message in my message center, linked to a Microsoft 365 roadmap item, where Microsoft is also adding a outbound spam policy rule to block external forwarding for select people in their organization. So this allows you to kind of, with your scenario is, if a certain user does need a forward mail externally or has an external mail forwarding rule on because there probably are some cases where that's necessary, you will now be able to use your anti-spam rules up on anti-spam policies in Office 365 advanced threat protection in their spam policies to block it at that level on a per user basis. So even more interesting announcements and features coming around blocking that mail forwarding data exfiltration.

- Yeah, I mentioned this stuff kits, the Math changes a little bit with everybody being at home and any time any device kind of policies and having, you have to shut more of this stuff down at the edge this way. So it's good to see that come out as a native control and not requiring a third party or anything like that.

- Right, 'cause there's, going back to the whole work from home. There's probably a lot of companies that have certain proxy filters set up, different edge devices set up for people when they're in the organization. That protect against this stuff and all of a sudden people are at home maybe may or may not be working on a company on device, may or may not be going through your company's network. And, let's be honest when people are at home, they don't tend to necessarily be as cautious about what they're clicking on and what websites they're visiting as they are if they're sitting in an office.

- No way.

- Imagine that, mind blown.

- Yes, absolutely.

- So yeah, I agree. Some of these are becoming more important. Which, there's another feature, I'm full of new features today around security, Scott. Application Guard for Office 365. Now hit public preview, so do you remember or you may know about the whole, now I'm just completely drawing a blank. Safe Links, safe attachments feature in your email where an attachment comes in, you may see in your email that, hey there's an attachment there, but you can't open it yet because Microsoft is verifying that this attachment doesn't include any malware or any malicious under the covers code. Now they have a similar feature, this Application Guard, for your office desktop applications. So this does require you to be on a very specific build or later of Word Excel, PowerPoint office for the desktop. It requires you to have a specific security updater plugged to your computer for Windows 10 and have this all enabled, and what this will do is now if you go click on a word document and open up a word document, it will actually open it up and like a safe containerized, segmented area on your computer to make sure that there isn't anything malicious in this office document, before it actually opens it up in your office client. So yet another layer of security. Now within your desktop in your office applications.

- Yeah, I love the principle of AppGuard and kind of standing all this stuff up and certainly, isolating those processes is an important component. I wonder if you look at kind of like the long tail of things and how many organizations can actually implement this? Like they have the hardware in place that supports virtualization and the min spec for RAM requirements. Like I've seen organizations that still buy PCs with four gigs of RAM. 'Cause it's like, it's what was cheaper and what they could lease. And like those become blockers now to having, some of these security features. But maybe the strives, like better hardware purchasing decisions as well. So you mentioned, like there's min spec for hardware and for software here so it's not just like client builds of office which it's currently in a Beta Channel build. So if you wanna kick the tires on it, like it's out there, but it's definitely like a preview feature.

- Right, but yeah, like you said, there are those hardware requirements. I forgot to mention those and they're not, I mean, they're not minor hardware requirements for this.

- I get it, I think it depends on the organization, right? And, who approaches purchasing within your org and what's important to them from the PC they buy perspective and what does that look like? So there's the context of potentially minimum hardware requirements for physical devices, but what does this look like in a virtual land where potentially, you've made the decision to transition to more like virtual desktops or you're doing like Citrix or WVD or something like that. Well, what does that look like? And can you take advantage of these same features and how does all that roll together? So I think that's always kind of an interesting intersection there. And then of course, for this one like, we'd be remiss if we didn't mention that there's licensing requirements for it too, like all other things.

- Do you really have to be at a certain level?

- Yeah, well like all other things, it is a gated feature. So it's in the E5 skews, so Microsoft 365 E5 or the E5 security skew of Microsoft 365.

- Yap, and we did say there are certain requirements, but we didn't say what they were. It's a 64-bit four-course physical or virtual, I5 equivalent or higher, eight gigs of RAM and 10 gigs of free space on the system drive with an SSD recommended. So that is all your requirements. Those for the hardware, the software, we'll link to that description, so you can go read all the software ones and then that E5 skew. And then the willingness to deploy a preview feature with a Beta build of office. And I'm not sure about that security update. I'm assuming that, I mean, I think those are standard released builds of Windows 10 in that monthly security update. They don't call it out specifically that those are Beta preview build of Windows for security updates--

- It's the client version there. Well, the office client rather, that's gonna get you on that one.

- Yes

- So it's a kick the tires feature.

- Yes, absolutely. A lot Like, should I say it? Do I dare?

- Sure, you dare.

- A lot like Moca. but not the traditional coffee mocha, nor is it spelled the same way as the traditional coffee mocha.

- Okay.

- So what--

- I'm gonna let you take this one 'cause--

- So you're assuming I actually understand this one?

- It's a thing, I don't know that I get it. So let's start with, what is Moca? What is Project Moca?

- Yes, Project Moca, not the coffee drink, mocha.

- Yes.

- Project Moca is a new feature in Outlook on the web. So this is only available in Outlook on the Web. It is not in any client builds, it is off by default. If you are in a tenants' version office, I would say Office 365, but we have to differentiate enterprise business builds of Office 365. This is off by default. It appears like it is just going to be on, in like home or personal builds of Office 365. And it is a way to organize your content. I don't get it. So it's, I don't even know how to describe this. Let's think of a canvas, it's a whiteboard.

- Yeah, it's a big virtual whiteboard, that's encapsulated, like you said, inside of Outlook on the web where you can pick up various, I'll call them widgets. But you can add different components of your life, whether they come like documents from one drive, maybe like you have important documents that you've tagged as important or that all live in the same folder. You might have notes, right? Like, sticky notes--

- Yap like sticky notes type of things.

- That have come through. You could have tasks, now that's a pretty nebulous thing. 'Cause we've talked about tasks a bunch, right? Well, to do, is that an email task? Is that a planner task? All those things kind of come together. You can also maybe like link contacts and events all together into this big virtual space, right? Like effectively, you've got all these post it notes and you're gonna take them and put them on the whiteboard and or on that Moca board and then kind of organize them and play with them as you want to. So you'll create kind of--

- I mean, I almost want to describe it as like a SharePoint page, where you're dropping web parts on a SharePoint page.

- Yes, a little bit.

- It's a little bit more probably fluid and dynamic than that. But yeah and then on this whiteboard, you can arrange it by, you have like buckets of things, but then you can also, like you said add notes and files and links and tasks and goals and the weather. And then a bunch of other stuff. At least, I will give them credit. I have not played with this yet. I turned it on in my Office 365 tenant because that's just what I do. Call me a glutton for punishment, or just very easily distracted with new Beta features. But I turned it on, it hasn't been enabled yet, but they do say that if you add tasks on this, it does automatically sync them into to do. And just based on the screenshots, it looks like, if you create one of these boards, 'cause you can have different boards within Outlook too, that all the tasks on a board create a new list in to do. So you end up with like Project Moca dash project plan in to do, and then all of your tasks that you added within that Project Moca, project plan board show up within that list in to do. So at least they're syncing them all into to do at this point in time, it appears.

- Yeah, I mean, it's interesting, but do we need another place to organize personal data? Like I could see this being kind of, flighted in some different ways. If you went out and said, okay, here's how we're going to extend planner to bring this initial information in and kind of get you out of, maybe you do like the or something like that. What's that driver to bring in this additional context, 'cause context is important, but this is all at the moment personal context. And personal context, for some people you might be looking for a brand new tool and like you said, this new feature to turn on. But I don't know, I feel like most of us have a pretty good way to work. Like we all know what works for us individually, and this is changing that up potentially or saying hey, go learn yet another new thing. So it's a lot of like, it's a lot of feature fatigue on that one. To understand what it is and go play with it and then say that didn't work, let me do this. Or is this the thing for me? And of course it's another project, I don't understand the projects.

- Well, I understand the projects, they can't name anything, not a project without getting sued.

- No comment.

- So I feel like, this is how I would have liked to see this. I would have to liked to see this as an update to OneNote. Like let me embed a OneNote page or a OneNote notebook as a part of my Outlook. And let me do all of this stuff in a OneNote notebook. 'Cause, OneNote is very similar to this and that you can always create different sections. You can have handwriting sections, you can do tasks, you can post links in there. I feel like this could have been implemented as an upgrade to your pages in a OneNote notebook. And then at least you're still consolidating all of that information into a single tool or product rather than like you said, having yet another feature in another product to organize your content.

- Yeah, and just to kind of be clear, this is personal context. So you are going to go into Moca and you're going to add your personal items to it, like it's, the owners assigned you as user to, turn that product into what you want it to be, which means you add the documents, you add the weather widget, you add the task list, all those kinds of things. It doesn't seem like it has any type of intelligence to it. So I would look at potentially other things that are out there in the MS 365 ecosystem. So maybe take like Cortex, for example, trying to build out these knowledge bases and these bodies of knowledge around me automatically. It doesn't seem to have any of that going on in the side of it. Like you already have a lot of personal context about me based on my mailbox. 'Cause you know what weather and times and places, I've set up on my calendar. Like, why should I have to add that? You already know if I have a to do list or if I have multiple to do lists, like let's go ahead and populate that board for me and get it on there, like lessen that cognitive load to potentially get started with that.

- Right, it also doesn't look like there's any type of sharing this with other people. It's not a collaborative workspace--

- No, it's very much personal context.

- Organize my own, excuse me, organize my own stuff. And I don't care about sharing this and it doesn't look like I may ever care about sharing this with other people.

- Yeah, no, it's, all personal.

- But, I guess I see it probably being a little bit more of a personal, a feature added to the personal and home plans. I think I see people at home that have maybe just email and Outlook on the web taking advantage of this a little bit more than really an enterprise context. I don't see a lot of use for this in the enterprise. Maybe I'm wrong, someone prove me wrong. Tell me why this should be an enterprise feature.

- Yeah, I don't know, it's another interesting one. I don't know, I wasn't asking and I don't know how many folks are out there asking for, and this is the way Microsoft describes it as a dresser with unlimited drawers and each drawer has unlimited organizers in them. That, I don't know.

- I mean, to me that sounds like OneNote notebook, right?

- Yeah, but it is. It's all those things that I potentially already do in a OneNote notebook or say like inside like a collection in CrEdge or something like that, or a combination of those things today. You've brought it all into one tool, that's great. But now cognitive load, I have to potentially move all that other stuff out of those tools or maintain both tools at the same time. I'm not sure I have that mental bandwidth.

- Speaking of this is not one, I'm gonna come completely out of left field with this one. Did you see that with those collections and CrEdge now you can actually send an entire collection to a OneNote notebook?

- No.

- I don't know where the link is to this feature, so I can't send it to you while we're talking, but I will go find it so we can include it in the show notes. But yes on a certain version of CrEdge, now you can go like use CrEdge to go build your collection, stall your websites in that collection. And then maybe once you wanna archive it off, or if you just wanna save it to one note or share with somebody, you can actually send an entire collection to OneNote.

- That's kind of nifty.

- It is, that was one feature. I was like, okay, I can, I see this. I can see a use for having those collections 'cause I have started using those collections. Those are kind of a cool feature of CrEdge that I don't hear a lot of people talk about that as I'm working like with a certain client or researching a new product or a new feature. And I want to pull like a bunch of docs from Microsoft together or a bunch of blog articles, I found about a certain topic. I'll just start dropping them into a collection. So I can always go reference that collection later. And I may or may not need to keep it long term, but it gives me a way to quickly kind of bundle some of those pages together as I'm researching something or working on something.

- Yeah, and then it just becomes a list of links inside a OneNote page.

- Yap.

- And then you would just take that page and slam it in an email or share it out.

- Right, share it with somebody, yeah.

- It's like a shared team notebook or something like that, then you could just have that link to that page, like straight in the web view, you will be all set.

- Yeah, so my new, my nifty feature announcement from the day that I wasn't even thinking about until you started talking about those. Anything else?

- What I'm here for, there's always, always more staff.

- We maybe have time for one more stuff, one more thing.

- You want to talk about licensing thing and how you can in a more simple way secure your Windows 10 computers with Microsoft 365 business premium?

- You told me you didn't want to talk about that one.

- No, I want you to talk about it.

- I haven't read that one yet. You can more securely, there's a simpler way to secure your Windows 10 computers, with Microsoft 365 business premium.

- Yes, well, so there's a mechanism that is going to manifest itself through the admin center, which is going to allow you to kind of have that easy onboarding or set of I'll call them like baseline policies--

- I think that's what they actually call them in the article as baseline policies.

- Turn on so you'll be able to do things like just have a check box, say hey, help protect my PC from viruses. So that will require that Windows defender antivirus gets turns on and it gets scheduled scans and on-demand scans ready to go. There's another checkbox, help protect PCs from web based threats. So that'll help protect your users from malicious sites and downloads, it prevents the launching of applications automatically within Microsoft Office. So if somebody has like a macro, that's trying to launch something else, it'll go ahead and stop that. It's got a simple checkbox which enables network isolation. You can do things like enable BitLocker drive encryption with just a nice little checkbox. And the other interesting one, like, so some of these are kind of like things you could almost do in the past or you could do all this with a GPO. This is taking GPOs out of the story. It's kind of like the office Config stuff, right? Where you don't always have to go down that path and have that set of infrastructure to make those things work, which small businesses who are leveraging Microsoft 365 business premium may not. So there's even things like, go ahead and turn off your device screen when it's idle for a given amount of time, certain minutes.

- Right and then--

- That's an easy one. Like how many of your users, actually enables screensavers on their non-domain joined machines to ensure that they get locked when they get up and walk away from them, right? You can't go into a coffee shop, but you can go sit outside at a coffee shop now. What does that look like? And can you make that a little bit, a little bit better for them? So the nice thing is it's just a bunch of checkboxes now in the background, it's doing a lot more than that. So it's going to leverage Intune and Azure active directory to go ahead and push those MDM policies down. So they'll manifest themselves as like sets of MDM policies. And that's nice, 'cause I think like when you go into Intune by itself, it's a pretty intimidating product. And if you are just somebody who your job is to run the office, not run the computers. That's like, that's a good feature. I could see a bunch of people doing that. Now the question is, what happens if you turn it on and want to turn it off later? Like how clean is that process go? Who really knows.

- Right, I'm gonna guess what this is doing in the background is just going in, 'cause we've talked about it in the past where they have all those configuration policies where you can use the ADMX templates now in Intune. So it's those Intune configuration policies and I'm gonna guess it just creates a bunch of those policies, that you could go and turn on or off because like we talked about a couple of months ago or so Microsoft 365 business premium does have all the Intune stuff in there so, it should just be that checkbox or the radio button to toggle those off. Now it probably means that those settings are going to be, remain set until the user would disable them locally, but it wouldn't force them on anymore by your, by Azure active directory. And as you may also have guessed that we've been mentioning Intune a lot, these don't get applied unless the user's computer is already enrolled in Intune. So if you're gonna use these, you are gonna have to take that initial step of making sure those devices get enrolled in Intune. Otherwise the computer doesn't actually know to go grab these policies nor other appropriate permissions there for these policies to get set on their Windows 10 device.

- Yeah, a little bit of onboarding. And this one is rolling out now, and it sounds like it's gonna take a couple of months to roll out, I'd imagine just based on the article with all the screenshots being screenshots of the admin centers that's out there for Ignite. You know that you'll see more about this in the coming weeks as Ignite comes up and passes.

- Yes, I have noticed a little bit of a slowdown in news and everybody keeps saying, "Watch for exciting announcements coming out at Ignite." So the next three weeks might be a little slower from a news front, but Ignite will come and we will figure out how to cover all Ignite news remotely with everybody else joining into the conference from home. We can podcast live from Ignite at home.

- I look forward to it.

- Alright, well with that, I will let you go. I think you have a meeting coming up. I have some work to do and we will talk to, again, I would say next week, but we're recording this on Monday. So later this week.

- All right.

- To record our next episode.

- Sounds good.

- All right, thanks Scott.

- Thanks Ben.

- Talk to you soon.