Yes. I said it.
Someone needed to put a line in the sand and today, that person is me. I’m going to say these are some best practices.
But of course, your mileage may vary, depending on your type of organization (users at a local bank or city government will have different threats presented to them than an engineering firm with international customers, for example). … [ Continue reading ]
With the advent of scammers, spammers, phishers, and other types of baddies, and the complementary rise in anti-malware, anti-spam, domain and sender verification techniques, we’re in a perpetual cat-and-mouse game. I’ve had several customers over the past few weeks ask me about best practices for configuring some of the Advanced Threat Protection (ATP) features.… [ Continue reading ]
Here’s a fun one … Disabling Teams auto-startup. Imagine this scenario:
- You haven’t trained your service desk on how to answer/troubleshoot/manage Teams help desk calls
- You’ve configured restrictions on who can create Teams
- You’ve deployed the new Office ProPlus update with Teams integrated.
… [ Continue reading ]
This certainly seems to be a day for updates! Based on some additional feedback from my peers, I’ve updated the Get-UserHoldPolicies script to exclude legacy Exchange MRM policies by default. MRM policies, while they have RetentionPolicyTags, are technically either moving or deleting content, not preserving it.… [ Continue reading ]
Based on some user feedback, I’ve made the following modifications to the OneDrive for Business Admin Tool:
- Fixed a reference to the original function name for FolderToDelete
- Added verbiage referencing the -Confirm parameter when using FolderToDelete parameter
- Tidied up code indentations to make it more readable
I’ve got some additional feedback that I will incorporate as well (once I figure out how to do it).… [ Continue reading ]
As my kids are eager to tell me, I done messed up. 😉 One of my readers pointed out an oversight where a null variable may have been referenced–and it’s been corrected! H/T to @itpro_tipscom!
You can get the updated version at https://gallery.technet.microsoft.com/PwnCheck-HaveIBeenPwned-d65cf5f1.… [ Continue reading ]
Just had this come up, so I thought I’d post it for whoever else needs to hear this. I can quickly think of three ways to do this: One using Outlook, one using PowerShell, and one using both.… [ Continue reading ]
Yesterday, I came across a request for a script or method to download all files from SharePoint Online.
At first, I balked because CSOM isn’t my favorite and kind of finicky, but then remembered that we’d released the SharePoint PnP PowerShell cmdlets a while back.… [ Continue reading ]
An issue came up today for one of my customers–how to remove orphaned mailbox searches in Exchange Online. Apparently, they have about 300 mailboxes in this state. Oops.
So, in order to do this, you need to go through a handful of steps:
- Identify all of the Mailbox Searches.
… [ Continue reading ]
This week, I had a customer ask about generating a list of all sites a user had access to as part of their security and employee termination process. SharePointPnPPowerShell seemed like a good place to start. But then, I decided, what if I wanted to find all the places a particular had a particular type of permission? … [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
Sometimes, your mind just gets to thinking about stuff you could have done better. Last night was one of those times.
I’d started building new lab environments for work, and decided to start pumping users into AD and syncing them to my test tenants. … [ Continue reading ]
One of my peers this week was looking for a script to help check global DNS resolution for particular records for both replication and geo-loadbalancing testing.
The record types and data he was looking for:
- TXT (for SPF)
- TXT (for DMARC)
This is what I came up with, so maybe it can help someone else.… [ Continue reading ]
OneDrive for Business is, from my perspective, one of the most under-utilized but benefit-rich parts of the Office 365 platform, allowing organizations (especially organizations that subscribe to the E3 or higher SKU) virtually unlimited storage, versioning, and recovery capability for their file-based storage.… [ Continue reading ]
Yes, these seems like a silly feature to add (since you can just do a single identity from the haveibeenpwned.com website, buuuuuuuttttttttttt…..), I wanted to showcase the script’s versatility while at a customer, so I added this one on the fly today.… [ Continue reading ]
As you may have figured out from the title, I’ve got a guest post today. Jorge Lopez is a Premier Field Engineer, and has spent a lot of time in the trenches with Windows, AD, and Azure AD, and currently works helping customers resolve hybrid identity issues. … [ Continue reading ]
This is just a quick update–if you’ve been using my Get-UserHoldPolicies script to check out the holds applied to your mailboxes, I’ve updated it to include the DelayHoldApplied property.
A Delay Hold is applied whenever a hold is removed from a mailbox (as in, the mailbox is excluded from an inherited policy or manually removed from an explicitly included policy), and stays in effect for 30 days. … [ Continue reading ]
It’s been coming for a while.
Change is inevitable.
SharePoint Modern UI is here.
And, we’ve begun updating libraries and lists.
Per this link, https://techcommunity.microsoft.com/t5/SharePoint/Update-on-modern-list-tenant-opt-out-removal/td-p/469297, we changed the opt-out methods (from tenant-level to site-level). One of the things that we noted is that you can use Enable-PnPFeature or Disable-PnPFeature to manage this. … [ Continue reading ]
Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]
Today, I pressed in a little bit on exploring CSOM–at least as it relates to the OneDrive for Business Admin tool.
One of my peers asked if there was a command that we could use to check to see if a site had been put on a retention hold. … [ Continue reading ]
This update comes from a user–it’s a pretty simple one.
I posted the script Remove-ProxyAddresses back in 2017 after writing a blog post on the same topic. In my script, I had covered Mailboxes, MailUsers, and Contacts. I did not, however, include RemoteMailboxes, as my original thinking was “if you moved it there, you already got rid of the bad proxies.”
Which, didn’t turn out to be necessarily true (especially if you used my other way of removing proxy addresses via AAD Connect). … [ Continue reading ]