Nexus: News

EDIT: Microsoft have backtracked on this policy. Now Bing will only be forced as the default search engine in Chrome/Firefox if the admins enforce that. We will not be enforcing this. 🙂
https://techcommunity.microsoft.com/t5/office-365-blog/update-to-microsoft-search-in-bing-through-office-365-proplus/ba-p/1161030

Microsoft have snuck a little ‘treat’ into version 2002 of Office 365 Pro Plus which, fortunately, does not yet affect educational institutions on our licencing model. From version 2002 – which starts being deployed in mid February 2020 – Microsoft are installing an add-in into the Chrome browser, if present, that makes Bing the default search engine. This will happen with new Office installations and when existing ones are updated. A further update due later will do the same for Firefox. The deployment is currently location-based, depending on IP address, so the add-in might appear suddenly on a laptop used at a new location. Currently deployment is limited to Australia, Canada, France, Germany, India, the UK, and the USA.

This isn’t just a shot at Google’s market share, however.  The logic is that if Bing is your search engine, you can query for your corporate Office365 content, whether it’s  in SharePoint Online, OneDrive, or  Teams, directly from your browser’s own search bar. If you use Google as your search engine, you can’t do that. Microsoft’s angle is therefore that this is a reasonable, sensible, and proportionate way for centrally-controlled business computers to operate. However comments on the proposal have not gone down well…

If you want to avoid this extension from being deployed to your users you may want to exclude it via the Office Deployment Tool, or via Group Policy. It can also be excluded via EndPoint Configuration Manager or InTune. A particularly nasty feature of the add-in is:

Once this feature has rolled out, your end users can change their search engine preferences only via the toggle in the extension; they cannot modify the default search engine in browser preferences.

Belatedly applying the exclusion will NOT uninstall this add-on: you must set your exclusions up before it is deployed to your users’ computers, if you wish to avoid it.
Microsoft’s admin guide on this whole can-of-worms can be found here: https://docs.microsoft.com/en-us/deployoffice/microsoft-search-bing

Currently the University is on an A1 educational licencing model which exempts us from this feature but we will be moving to E3 soon which, alas, is one which applies this approach.

Microsoft have finally started to deploy support for Private Channels within the Teams application, allowing you to share content with a subset of a Team’s members. This is described as ‘rolling out’ in their roadmap here.

The functionality has started to appear to Teams users within the Nexus365 tenancy already, although you may need to quit and re-launch the Teams application to gain the functionality.

We are pleased to announce that it is now possible to add almost anyone to a Nexus365 team. All that is required is for the individual you wish to add to your team to have a valid email address and a Microsoft account. If they don’t yet have a Microsoft account they will be prompted to create one (free). This Microsoft account will always remain separate from and unrelated to the Nexus service.

How to add a guest to a Team

These are the steps a team owner needs to follow in order to add a guest to their Nexus365 team:

1. From within the Teams app, the owner needs to select ‘Add member’ as shown below.
   :

2. In the ‘add members’ dialogue box you can now enter any valid email address – you are no longer limited just to Nexus365 user accounts:

3. Once you’ve added the email address an email is sent immediately to that address to notify the person that they’ve been added to the team. The link will open the Teams web app by default but will also provide a download link to the full Teams client software, if it’s available for their operating system:

4. If they already have an account with Microsoft associated with their email address, they’ll be prompted to log in. If not they will be asked to create an account with Microsoft:

5. The final step before they are granted access to the team is for them to review and accept the access permissions that Nexus will request in order to give them access to the team’s content.

Team owners can review the status of prospective members by checking the ‘source’ column when looking at their team’s members.

• ‘Azure Active Directory’ is a Nexus365 user.
• ‘External Azure Active Directory’ is someone from another organisation who also uses Office 365, which includes the Said Business School members.
• ‘Invited user’ is an external email address for whom access has not yet been given, but they have been sent the team membership email.
• ‘Microsoft account’ is an external email address to which access to the team has been granted.

Notes and queries

1. It is not possible to remove a team, or the last owner of one, while guest accounts are still members of one. This is to ensure that there are no teams to which only external people have access.
2. Guests can view the team’s membership but not amend it.
3. Removing a guest from a team revokes their access instantaneously. If logged in at the time, their window will go blank.
4. Reinstating a guest’s access is also instantaneous.
5. Guests are unable to send email to the team’s email address.
6. The maximum ratio is five guests per full team member.

The intention is to improve discoverability and reduce clutter for users in meetings and calls by unifying session controls to a single toolbar at the bottom of the screen. This change will affect Windows, Mac, and web clients. There will be no impact for mobile or Microsoft Teams Rooms (MTR) devices.

Nexus365’s TEAMS application has, to date, been predominantly targeted at the Windows desktop. Other operating systems have had access to limited functionality via a web browser but the inability to video-conference, share desktops or applications, or to give presentations has limited the usefullness of the feature for Linux users.

Forcing users to boot a Windows VM simply for a meeting, to send emails, or to collaborate with colleague is far from an ideal solution. Things are, thankfully, improving. There is yet to be an official Teams client for Linux but in the interim additional functionality is now available, albeit with some preparatory effort.

By using a Chromium -based browser, tweaking a few settings , and installing a single browser extension, you can achieve near-parity with the full Windows Teams client. This will allow in-private video calls, presentations, and other functions not previously possible for Linux users.

This should be considered as a beta, or a work-in-progress, rather than a permanent well-tested solution. Microsoft are asking the Linux community to feed back and are promising to make further updates based on those responses.

What do I have to do?

1. Ensure you have either Chrome for Linux, or a Chromium for Linux browser.
2. Install the following extension from the Google Webstore: User Agent Switcher for Chrome.
3. Add one or both of the following user agent strings to the “User Agent Switcher for Chrome”. This will allow you to switch to the desired one that works for your system:
   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134
   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393X
4. Click the User Agent Switcher and choose your Edge browser string. This should remain selected until you change it to something else or back to the browser default.
5. Open the Chrome browser, in the address bar type Chrome://flags and hit the Enter key. In the search box provided, search for each of the settings below. Set each one to ENABLED:
   Hardware Acceleration
   – Override software rendering list: ENABLED
   PWA
   – Enable PWA full code cache: ENABLED
   – Desktop PWAs: ENABLED
   – Desktop PWAs Link Capturing: ENABLED
   WEBRTC
   – Negotiation with GCM cipher suites for SRTP in WebRTC: ENABLED
   – Negotiation with encrypted header extensions for SRTP in WebRTC: ENABLED
   – WebRTC Stun origin header: ENABLED
   – WebRTC Echo Canceller 3: ENABLED
   – WebRTC new encode cpu load estimator: ENABLED
   – WebRTC H.264 software video encoder/decoder: ENABLED
   Downloads
   – Parallel downloading: ENABLED
6. Verify that those settings work:
   – Open Microsoft Teams in your browser.
   – Start a private chat with someone and verify that the video chat icon switches from grey to purple and white. If so, you can start making video calls and you should also be able to make a presentation.

These same settings should also enable the same functionality on other operating systems, although naturally those cannot be assumed to have received any testing.

Known issues

While you can use the EDGE UA to participate in Conference calls it may cause issues with not displaying the most current posts in a TEAMS channel. So you may have to switch between the EDGE UA and the browser default UA.

Microsoft have just introduced a new feature to video calls made within Skype for Business and Teams: a ‘background blur’ feature that means you don’t have to think quite so much about tidying up your surroundings before joining that call.

The process using artificial intelligence to identify the person making the call, keeping you in focus, while blurring the background. It’s therefore not perfect and it is possible to confuse the software – it won’t always work. Microsoft are at pains to point out that you can’t rely on background blur to hide confidential information that may be nearby.

Accidentally broadcasting wifi password on TV

But it might have helped the organisers of America’s Superbowl a few years ago from telling the whole world their wifi password…

At this stage the idea of background blur is really just a bit of a gimmick but it does indicate an interesting new real-world example of how AI technology is being developed in new directions.

Here’s how to try out the feature:

How to enable background blur in Teams

Before a call use the option below ‘join now’

Turning blur on during a call…

How to enable background blur in Skype

Microsoft will soon be rolling out a new feature within Outlook for iOS and Android which adds a new mailtip or notification when composing messages. The intention behind this feature is to reduce the risk of sensitive information being inadvertently sent to external email recipients.

What’s changing?
When composing or replying to a message with external recipients using Outlook for iOS and Android, the external recipient email address is highlighted in the address list. It may also be highlighted in the message body if someone is @mentioned. A small notice label is visible in the message header during the compose or reply process. This is NOT visible by the external recipients once sent.

Outlook mobile will clearly alert you when an external recipient is in the email address list when composing or replying to email messages, as shown in the image.

This capability is being rolled out by Microsoft already, but with the default setting set to OFF. From the 4th March Microsoft will change the default settings to ON. From that date Nexus365 users running Oulook on iOS or Android devices will therefore start to see this mailtip or notification whenever there is a recipient in the To, Cc or Bcc lines that is outside the University.

Please note that, as far as Nexus365 is concerned, an ‘external email recipient’ will include units which handle their own email and don’t use the central IT Services Nexus365 service. This would include, but is not limited to, the Saïd Business School and the department for Continuing Education.
This enhancement is related to Microsoft 365 Roadmap ID 27555 and 27556.

Nexus365 currently includes a user-customisable setting that allows users to personalise what page they land on when they log into the Nexus365 portal. However Microsoft have chosen to remove this functionality. They have begun rolling out a new (mandatory) home page for users logging in via the web. This will soon replace any customised landing page.

The thinking behind this change is that Microsoft’s Office.com page has evolved. Now it shows users’ most relevant applications, documents, and places where they are working. Since this useful information is all collected in one place Microsoft believe that it makes for a more useful, more consistent (and thus easier to support) default page when someone signs into Nexus365 at Office.com.
Users who miss the customised starting page can continue to use browser bookmarks and direct URL navigation to get to specific Nexus365 components, applications, or pages.

When will this happen?
The change should first become visible in March 2019, when users who have set a start page other than Office.com will be directed to Office.com when they log-in.

What should I do to prepare?
Informing your users of the upcoming change would be sensible, and encouraging them to bookmark any custom page they’ve set as their start page.

How can I stay informed?
The Nexus Team make information available via this blog, and via the IT Services Service Desk.
You can also review upcoming changes yourself via Microsoft’s roadmap page. This specific change can be found on that roadmap here.

A number of Nexus users have recently logged support tickets with the Service Desk regarding a repeating cycle of logon authentication requests in Outlook. Similarly affected users may receive an error stating ‘You need the internet for this’ even when they are self-evidently connected and online.

Investigation has shown that – generally but not exclusively – this seems to affect users running versions of Office downloaded from the Nexus365 portal, and who are running Windows 10 as their operating system.

ITSS advice and things to try:

1. Under Settings>Accounts>Access Work or School, remove any reference to an OnTheHub or personal Microsoft account.
2. Ensure that your local firewall, antivirus software, and/or Windows Defender are not blocking processes that engage in authentication token acquisition.
3. Removing stored accounts from Credentials Manager, and rebuilding Outlook’s profile may also help.
4. There is a registry fix which can resolve this issue. However as the issue is due to be patched early in 2019 if you use this solution we strongly recommend you schedule to reverse it once the fix is released. With that borne in mind:
   Starting from build 16.0.7967, Office switches from Azure Active Directory Authentication Library authentication (ADAL) to Web Account Manager (WAM) for sign-in workflows on Windows builds later than 15000 (Windows Version 1703, build 15063.138). The workaround is to disable WAM by modifying the following key:[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\
   “DisableADALatopWAMOverride”=dword:00000001