Azure & Office 365

Azure Health Data Services provides an compliant environment, for storing and processing health data. It offers features, including encryption, auditing, role based access control and data protection. By default Azure Health Data Services ensures that the data stored in its underlying Azure services like Azure Cosmos DB, Azure Storage and Azure SQL Database is encrypted using keys managed by Microsoft.
Microsoft managed keys refer to encryption keys that are created and handled by Microsoft on behalf of the customer.
These keys provide an hassle free method of encrypting data without requiring any setup or maintenance, from the customers end.

When customers enable encryption with customer-managed keys for their Azure Health Data Services account, they can specify an Azure Key Vault key URI, which is a unique identifier for their encryption key. Azure Health Data Services then passes this key URI to the underlying Azure services, such as Azure Cosmos DB, Azure Storage, and Azure SQL Database, which use the customer-managed key to encrypt and decrypt the data. Azure Health Data Services also uses the customer-managed key to encrypt and decrypt the data in transit, such as when the data is transferred between Azure services or between Azure and the customer’s applications.

Encryption with customer-managed keys offers several benefits for customers, such as:

• Enhanced security and privacy: Encryption with customer-managed keys adds a second layer of encryption on top of the default encryption with Microsoft-managed keys, which means that the data is encrypted twice. This provides an extra level of protection and assurance for the data, as it prevents unauthorized access or disclosure, even if the Microsoft-managed keys are compromised. Encryption with customer-managed keys also enables customers to control and monitor the access and usage of their encryption keys, by using Azure Key Vault or Azure Key Vault Managed HSM features, such as access policies, logging, and auditing.
• Improved compliance and governance: Encryption with customer-managed keys helps customers to meet their specific security or compliance requirements, such as HIPAA or GDPR, that mandate the use of customer-managed keys. Encryption with customer-managed keys also enables customers to demonstrate their compliance and governance to their stakeholders, such as regulators, auditors, or customers, by using Azure Key Vault or Azure Key Vault Managed HSM features, such as reports, certificates, or attestations.
• Simplified management and operation: Encryption with customer-managed keys leverages the existing capabilities and integrations of Azure Key Vault and Azure Key Vault Managed HSM, which means that customers do not need to deploy or maintain any additional hardware or software for their encryption keys. Encryption with customer-managed keys also allows customers to use the same encryption keys for multiple Azure services, which simplifies the management and operation of their encryption keys.

Encryption with customer-managed keys is currently in public preview, which means that it is available for testing and evaluation purposes, but not for production use.

Encryption with customer-managed keys is a promising feature that aims to make encryption easier and better for customers who use Azure Health Data Services. Encryption with customer-managed keys offers several advantages, such as enhanced security and privacy, improved compliance and governance, and simplified management and operation. Encryption with customer-managed keys can help customers to achieve their goals and requirements, while saving time, money, and effort. Encryption with customer-managed keys is a feature that is worth trying out and exploring, especially for customers who have sensitive or confidential health data. Encryption with customer-managed keys is a feature that can potentially transform the way customers use encryption in Azure Health Data Services.

A private subnet serves as an isolated network segment, safeguarded from external networks and the vast world of internet. It is the preferred environment for safeguarding sensitive and confidential data, like databases, servers, and applications, demanding a pristine level of security and privacy. Its efficacy in enhancing the performance and reliability of network traffic by mitigating latency, congestion, and interference cannot be overstated.

Challenges do arise with private subnets. Notably, their inability to directly interact with the public internet hinders access to online resources like web pages, APIs, and cloud storage. Equally limiting is the difficulty in monitoring, managing, or troubleshooting them remotely from outside the network.

To surmount such obstacles, private subnets often lean on intermediary devices or services such as NAT gateways, VPNs, or proxies, facilitating bidirectional or unidirectional communication between the private subnets and the public internet or other networks. Nonetheless, these solutions introduce added complexity, cost, and security risks mandating meticulous configuration, maintenance, and security measures.

In an enterprise to ease and refine the usage of private subnets, Microsoft Azure has recently unveiled the public preview of the groundbreaking feature, “Private Subnet,” within Azure Virtual Network (VNet). This innovation obviates the necessity for intermediary devices or services, empowering private subnets to communicate securely and directly with the public internet and other Azure services like Azure Storage, Azure SQL Database, or Azure App Service, employing private IP addresses. Notably, the Private Subnet offers the flexibility to access and administer private subnets from any location through Azure Portal, Azure CLI, or Azure PowerShell.

The underpinning of Private Subnet lies in the Private Link concept, a paradigm that forges a private endpoint for a service within a VNet. Private Link empowers users to connect to a service using a private IP address, eschewing the need for a public IP address or DNS name. Further, Private Link thwarts data from exiting the VNet, eschewing the use of the public internet or any intermediary devices or services. This heralds a secure, reliable way to link to Azure services and third-party services that support Private Link.

Private Subnet extends the functionality of Private Link, by allowing users to create private endpoints for any subnet within a VNet, not just for specific services. Private Subnet also allows users to create private endpoints for multiple subnets within the same VNet, or across different VNets, regions, or subscriptions. Private Subnet also supports both IPv4 and IPv6 addresses, and integrates with Azure DNS, Azure Firewall, and Azure Network Security Groups.

Private Subnet is a promising feature that aims to make private subnets easier and better to use in Azure. Private Subnet offers several benefits, such as:

• Enhanced security and privacy: Private Subnet protects data from exposure or interception, as it does not use the public internet or any intermediary devices or services. Private Subnet also encrypts data in transit, and allows users to control access and permissions by using Azure Network Security Groups.
• Improved performance and reliability: Private Subnet reduces latency, congestion, and interference, as it uses private IP addresses and private endpoints. Private Subnet also ensures high availability and scalability, as it leverages Azure’s global network and infrastructure.
• Simplified management and operation: Private Subnet eliminates the need for configuration, maintenance, and security measures for intermediary devices or services, such as NAT gateways, VPNs, or proxies. Private Subnet also enables users to access and manage private subnets from anywhere, by using Azure Portal, Azure CLI, or Azure PowerShell.

Private Subnet is a feature that is worth trying out and exploring, especially for users who have workloads or scenarios that require private subnets. Private Subnet can help users to achieve their goals and requirements, while saving time, money, and effort. Private Subnet can also help users to take advantage of the rich and diverse offerings of Azure services and third-party services, without compromising the security and privacy of their data. Private Subnet is a feature that can potentially transform the way users use private subnets in Azure.

SharePoint Online, a cloud-based service, empowers organizations to create, share, and govern content, knowledge, and applications. It is part of the comprehensive Microsoft 365 suite, comprising Exchange Online, OneDrive for Business, Microsoft Teams, and other integral services. However, customers’ data residency requirements and preferences vary significantly. Some necessitate or desire storing their SharePoint Online data in a particular country or region, owing to factors such as compliance, performance, or sovereignty. To address this diversity, Microsoft offers distinct options for SharePoint Residency:

• Data Residency Commitments
• Advanced Data Residency
• Multi-Geo Capabilities

In this article, we will explain what each option means, how to purchase and use them, and what are the benefits and limitations of each option.

Data Residency Commitments

Data Residency Commitments serve as the default choice for SharePoint Online customers who enlist in Microsoft 365 within the Local Region Geography, the European Union, or the United States. This means that their SharePoint Online data will be stored in the same country or region as their sign-up location, unless stated otherwise in the Privacy and Security Product Terms. For instance, a customer registering for Microsoft 365 in Canada can anticipate their SharePoint Online data being housed in Canada, unless they opt for an alternative.

• SharePoint Online site content and the files stored within that site
• Files uploaded to OneDrive for Business
• Microsoft 365 Video services
• Office in a browser
• Microsoft 365 Apps for enterprise
• Visio Pro for Microsoft 365

This option encompasses various types of SharePoint Online data such as documents, lists, and files, among others. It is seamlessly integrated into the Microsoft 365 subscription and is applicable to all users in the tenant. Nevertheless, it does not ensure that the SharePoint Online data will always stay within the country or region of origin, as there might be exceptional circumstances where Microsoft accesses or relocates the data for operational or legal reasons.

Advanced Data Residency

For those desiring greater authority over their data residency, there exists the option of Advanced Data Residency. This supplementary choice caters to SharePoint Online customers seeking extended control and assurance regarding their data residency. With Advanced Data Residency, customers gain access to expanded coverage for Microsoft 365 workloads and customer data, committed data residency for local country or region datacenter regions, and prioritized tenant migration services. Essentially, this empowers customers to specify a particular datacenter region within their Local Region Geography or Expanded Local Region Geography for housing their SharePoint Online data, with Microsoft observing a policy of not moving or accessing their data outside that defined region, except when mandated by law or with the customer’s explicit consent.

The Advanced Data Residency option covers the following types of SharePoint Online data, in addition to the ones covered by the Data Residency Commitments option:

• Microsoft Teams
• Microsoft Defender for Office P1 and Exchange Online Protection
• Viva Connections
• Viva Topics
• Microsoft Purview Audit (Standard and Premium)
• Data Retention
• Microsoft Purview Records Management
• Sensitivity Labels
• Data Loss Prevention
• Office Message Encryption
• Information Barriers

The Advanced Data Residency option requires an additional purchase and configuration. Customers must meet the following prerequisites to be eligible to purchase the Advanced Data Residency add-on:

• The Tenant Default Geography must be one of the countries or regions included in the Local Region Geography or Expanded Local Region Geography, such as Australia, Brazil, Canada, France, Germany, India, Israel, Italy, Japan, Poland, Qatar, South Korea, Norway, South Africa, Sweden, Switzerland, United Arab Emirates, and United Kingdom.
• Customers must have licenses for one or more of the following products: Microsoft 365 F1, F3, E3, or E5; Office 365 F3, E1, E3, or E5; Exchange Online Plan 1 or Plan 2; OneDrive for Business Plan 1 or Plan 2; SharePoint Online Plan 1 or Plan 2; Microsoft 365 Business Basic, Standard or Premium.
• Customers must cover 100% of paid seats in the tenant with the Advanced Data Residency add-on license for the tenant to receive data residency for the Advanced Data Residency workloads.

Customers can purchase the Advanced Data Residency add-on through their Microsoft account representative or partner. After purchasing the add-on, customers can request a tenant migration to their preferred datacenter region through the Microsoft 365 admin center or by contacting Microsoft support. The migration process may take several weeks or months, depending on the size and complexity of the tenant. During the migration, customers may experience some temporary impacts on their SharePoint Online services, such as video playback, search, or synchronization.

Multi-Geo Capabilities

Multi-Geo Capabilities is another add-on option for SharePoint Online customers who have a global presence and need to store their SharePoint Online data in multiple countries or regions, to meet different data residency requirements or preferences across their organization. With Multi-Geo Capabilities, customers can assign users of SharePoint Online and OneDrive for Business to any Satellite Geography supported by Multi-Geo, and their SharePoint Online data will reside in India, Japan, Norway, South Africa, South Korea, Switzerland, United Arab Emirates, United Kingdom, and United States. Customers can also use the Default Geography as a Satellite Geography, if it is different from their Tenant Default Geography.

The Multi-Geo Capabilities option does not guarantee that the SharePoint Online data will never leave the Satellite Geography, as there may be some scenarios where the data may be accessed or moved by Microsoft for operational or legal purposes. For more information, see the Location of Customer Data at Rest for Core Online Services section in the Privacy and Security Product Terms.

Noise Suppression in Reading Progress

Reading Progress is a Learning Accelerator that helps students practice their reading skills by recording themselves reading out loud. However, sometimes the classroom environment can be too noisy and affect the quality of the recordings. To solve this problem, Reading Progress has a new feature called Noise Suppression, which can filter out the background noise and improve the accuracy of the results. When you turn on Noise Suppression, Reading Progress uses AI to remove any extra noise when analyzing the student reading and auto-marking the accuracy scores. You can enable Noise Suppression for each student individually, depending on their needs and preferences.

Insights in Search Progress

Search Progress is another Learning Accelerator that helps educators teach information literacy skills to their students. It allows educators to create research assignments on any subject and track how students search for information online. Now, Search Progress has a new feature called Insights, which shows you how your students are doing in their search habits. You can see new clickable cards in the grading view for each Search Progress assignment, which let you compare your class’s search performance with the Compare to Class button. You can also explore other useful metrics, such as the number of searches, the time spent, the sources used, and the keywords entered. Insights help you to identify which students are performing well, which students need more guidance, and which students need more challenge. You can also use Insights to have conversations with your students about their search strategies and to adjust your future assignments according to your class’s needs.

Microsoft Reflect is a Learning Accelerator that supports students in developing essential social, emotional, and academic skills. Reflect provides a platform for creating meaningful check-ins to gain insights into students’ wellbeing and learning needs. It also includes a variety of ready-to-use activities, such as brain breaks and breathing exercises, that can help students to relax and focus. One of the newest brain breaks is mindful coloring, which can be a powerful way to foster student wellbeing and engagement. Mindful coloring features the Feelings Monster, a friendly character that expresses different emotions, and allows students to explore their own feelings through art. By using digital coloring pages in Reflect, students can have a creative and therapeutic outlet that can enhance their mood and motivation. You can try the mindful coloring activities in Reflect and see how they can benefit your students and your classroom!

Reading Progress is a Learning Accelerator that automatically records and evaluates how students are progressing in their reading skills. It helps educators to provide individualized support and feedback to each student based on their reading strengths and areas for improvement. Reading Progress can measure students’ reading speed, accuracy, and prosody across different reading assignments and levels. Now, you can access new clickable cards in the Reading Progress grading view, which allow you to see a summary of each student’s reading performance and growth. You can also compare the progress of your whole class and identify patterns and trends. The clickable cards make it easy and convenient for you to monitor and track your students’ reading fluency and comprehension.

• Adobe Sign and DocuSign, prominent electronic signature providers, have seamlessly integrated their solutions with SharePoint. This web-based platform facilitates document and data collaboration, management, and sharing across organizations.
• Within SharePoint, users can leverage Adobe Sign and DocuSign to create, share, and sign PDF documents, while also tracking the status and history of signature requests.
• Furthermore, these solutions offer robust security, compliance, and control features to safeguard data, documents, and organizations from unauthorized access and manipulation.
• Notably, Adobe Sign and DocuSign are compatible with the Approvals app in Microsoft Teams, enabling the creation and management of approval workflows within the collaboration platform.
• Selected as our SharePoint eSignature launch partners, Adobe Sign and DocuSign deliver exceptional value, performance, and user experience for customers requiring electronic document signing and sending from SharePoint.
• These solutions, designed for straightforward installation and use, seamlessly integrate with both SharePoint Online and SharePoint 2013.
• Moreover, boasting a strong track record of customer satisfaction, innovation, and reliability, Adobe Sign and DocuSign are trusted by millions of users and organizations globally.

Business Documents app in Teams is a new app that allows you to create, edit, and share business documents with your team members and external partners in Microsoft Teams. Business Documents app in Teams is powered by SharePoint Syntex, a new service that uses advanced AI and machine learning to automate content processing and transform your content into knowledge. With Business Documents app in Teams, you can:

• Choose from a diverse array of templates to craft essential business documents, including proposals, contracts, invoices, and reports. Additionally, the option to devise personalized templates for future utilization is at your disposal.
• Within Teams, leverage the Microsoft 365 suite encompassing Word, Excel, PowerPoint, and Visio to modify your business documents. Engage in real-time collaboration, enabling concurrent editing, commenting, and effortless tracking of revisions and versions alongside your team members.
• Empower secure dissemination of business documents to both internal collaborators and external associates through Teams. Exercise meticulous control over access and permissions, employing encryption and Azure Information Protection to safeguard sensitive data and avert potential leaks.
• Harness SharePoint Syntex to systematically capture and standardize crucial metadata for your business documents, encompassing document type, status, ownership, and more. This empowers seamless filtering, sorting, and retrieval of documents, and facilitates the application of compliance labels and retention policies.
• Utilize SharePoint Syntex to extract invaluable insights from your business documents, including dates, monetary figures, names, and other pertinent information, enhancing the efficiency and efficacy of information retrieval.
• Extract valuable information from business documents: You can use SharePoint Syntex to extract valuable information from your business documents, such as dates, amounts, names, and more. You can also use this information to create custom views, reports, and dashboards, and to trigger workflows and actions with Power Automate.

SharePoint Premium enables you to create, manage, and share content across your organization with ease. You can access and share files securely from anywhere with 1 TB of cloud storage per user on OneDrive, coauthor and edit documents in real time with Microsoft 365 apps, and create team sites to share information, content, and files throughout your intranet with SharePoint. You can also search and discover relevant people and important content when you need it most with SharePoint, and move and manage files between OneDrive and SharePoint with ease.

SharePoint Premium also leverages the power of artificial intelligence (AI) to enhance your content management and experiences. Some of the AI features that SharePoint Premium offers are:

• Introducing SharePoint Syntex, an innovative service harnessing cutting-edge AI and machine learning technologies to revolutionize content processing. By automating this procedure, it seamlessly converts raw content into valuable knowledge. This multifaceted tool allows users to efficiently capture and standardize metadata, extract pertinent insights, and apply compliance labels to their content. Furthermore, organizations can create bespoke models tailored to their distinct business requirements and scenarios.
• Enter SharePoint Spaces, an avant-garde capability enabling the creation of immersive 3D environments that can be experienced through web browsers or virtual reality headsets. Utilize this feature to showcase products, services, or concepts in a captivating manner, captivating audiences with 360° images, dynamic videos, and interactive 3D models. Enhance these spaces with web parts, text, and links to deliver a richer and more engaging experience.
• Embracing the SharePoint Home Sites feature empowers organizations to construct personalized and dynamic landing pages. These tailored pages effectively convey an organization’s vision, mission, and values, while providing facile access to news, events, resources, and applications. Leveraging the AI-driven Microsoft Graph, it is feasible to deliver pertinent and personalized content based on user roles, preferences, and activities, effectively enriching the user experience.

While engaging with SharePoint, I happened upon a discovery that caught my attention. Within the Change the Look menu, I stumbled upon two novel themes. Dubbed as Black and Cerulean, these newly introduced themes provide fresh avenues for customizing the visual identity of your SharePoint sites.

Black, an alluring dark theme, employs a palette of black, gray, and white to craft a suave and sophisticated aesthetic. It caters to sites aspiring to exude a professional and refined ambiance. Moreover, Black serves the purpose of mitigating ocular strain and amplifying contrast, a boon for users operating in dimly lit surroundings.

On the other hand, Cerulean boasts a luminous theme, harnessing hues of blue, green, and white to yield a serene and invigorating semblance. Ideal for sites seeking to radiate an aura of expansiveness and inventiveness. In addition, Cerulean bolsters legibility and inclusivity for users laboring in brightly lit settings.

• On your site, click Settings and then click Change the Look > Theme
• Under the “Personalize your background” setting, select the Picture option.
• Click the Browse photos button and select the background image that matches the theme you want to use. For example, if you want to use the Black theme, select the image named “Black.jpg”.
• Click the Choose picture button.
• Under the “Choose a color” setting, select the color palette that matches the theme you want to use. For example, if you want to use the Black theme, select the palette named “Black”.
• Click the Save button to apply the theme to your site.

Here is a screenshot of how the Black theme looks like:

And here is a screenshot of how the Cerulean theme looks like:

By using these themes, you can enhance your site customization options and make your sites look more attractive and engaging.

A recent enhancement in Microsoft Forms provides a seamless migration path from Google Forms to Microsoft Forms through the Microsoft 365 admin center. This augmentation is a component of the comprehensive Google Workspace migration service, empowering administrators to transfer Google Docs, Sheets, and Slides to Microsoft 365. To leverage this functionality, admins must adhere to a specific set of steps.

To use this feature, admins need to follow these steps:

• Sign in to the Microsoft 365 admin center with an account that has global admin or SharePoint admin permissions.
• Go to Settings > Migration > Google Workspace migration.
• Connect to Google by signing in with a Google account that has read access to the Google Forms that need to be migrated.
• Add the Microsoft 365 migration app to the Google Workspace account custom apps.
• Select the users whose Google Forms need to be migrated and add them to the migration list.
• Review the destination paths for each user and modify them if needed. The destination paths are automatically mapped to match the source paths in Google Drive.
• Map the identities of the users and groups in Google Drive to their corresponding accounts in Microsoft 365. This will help migrate the permissions and sharing settings of the Google Forms.
• Start the migration and monitor the progress. The migration status will be shown in the admin center and in the Migration Manager app in SharePoint.

Once the migration is completed, users can access their migrated Google Forms in Microsoft Forms. They can also view and edit their forms in OneDrive or SharePoint, where they are stored as Excel files. Users can also share their forms with others, collect responses, and analyze the results using Microsoft Forms’ built-in features.

The migration feature supports most of the question types, settings, and features of Google Forms, such as multiple choice, short answer, linear scale, date, time, file upload, required questions, shuffle options, response validation, confirmation message, and more. However, some features are not supported or have some limitations, such as:

• Images and videos embedded in Google Forms are not migrated. Users need to manually add them to their Microsoft Forms after migration.
• Sections and page breaks in Google Forms are not migrated. Users need to manually add them to their Microsoft Forms after migration.
• Logic branching and conditional questions in Google Forms are not migrated. Users need to manually add them to their Microsoft Forms after migration.
• Quizzes and scoring settings in Google Forms are not migrated. Users need to manually enable them in their Microsoft Forms after migration.
• Response data and summary reports in Google Forms are not migrated. Users need to collect new responses and generate new reports in Microsoft Forms after migration.

By using this feature, users can easily switch from Google Forms to Microsoft Forms without losing their existing forms or data. They can also enjoy the benefits of Microsoft Forms’ integration with other Microsoft 365 apps and services, such as Teams, Outlook, PowerPoint, Stream, Dynamics 365, Power BI, Power Automate, and more.