Configuration
Featured

Exchange Online Protection (EOP) Best Practices and Recommendations

Yes. I said it.

Someone needed to put a line in the sand and today, that person is me.  I’m going to say these are some best practices.

But of course, your mileage may vary, depending on your type of organization (users at a local bank or city government will have different threats presented to them than an engineering firm with international customers, for example). … [ Continue reading ]

Configuration
Featured

ATP: Safe Attachments, Safe Links, and Anti-Phishing Policies or “All the policies you can shake a stick at”


With the advent of scammers, spammers, phishers, and other types of baddies, and the complementary rise in anti-malware, anti-spam, domain and sender verification techniques, we’re in a perpetual cat-and-mouse game.  I’ve had several customers over the past few weeks ask me about best practices for configuring some of the Advanced Threat Protection (ATP) features.… [ Continue reading ]

Personal

Creating an Array with Headers and Columns from a string using [PSCustomObject]

Today, I was updating a script I wrote a while ago, and I wanted to streamline the processing loops once input was received.  This particular script took parameters for:

  • Identity (as an email address or UserPrincipalName)
  • CSV (with either no header or a header of UserPrincipalName)
  • Target environment type (either Active Directory or Office 365/Azure AD, which return a UserPrincipalName property with Get-ADUser or Get-AzureADUser)

I had gone the “easy” route and just done a simple If/Then to see if the Identity parameter had been passed, and if it had, run a separate chunk of code (which made troubleshooting or updates much harder since I had to keep two branches of the code synced when I made updates).… [ Continue reading ]

Configuration

Update to Create-LabUsers Script

My colleague Andreas asked today for some help troubleshooting an issue he’d run into with the Create-LabUsers script failing while using the InflateMailboxes parameter.

The problem ended up being three-fold:

  • I had some pre-populated user names that had spaces in them
  • I hadn’t trimmed the spaces out when constructing the SMTP address (although I had for the UPN)
  • I didn’t test for a valid RFC sender address when constructing the mail

So, all of those things together conspired to generate errors whenever some of those user names were hit. … [ Continue reading ]

Configuration

Apply Security & Compliance Center Retention Labels to Outlook Folders

I couldn’t really come up with a cool-sounding title for this post, so I just went with the basics of what it does.

Last week, I worked with a customer that wanted to deploy custom retention labels to custom folders inside a user’s mailbox–the idea being that they would create a custom folder structure such as this under a user’s Inbox:

\Inbox
\Inbox\Retention Schedule
\Inbox\Retention Schedule\2 Year (apply a 2-year retention label to everything in this folder)
\Inbox\Retention Schedule\4 Year (apply a 4-year retention label to everything in this folder)
\Inbox\Retention Schedule\7 Year (apply a 7-year retention label to everything in this folder)
\Inbox\Retention Schedule\Forever (apply a ‘Never delete’ retention label to everything in this folder)

Seems easy enough, right? … [ Continue reading ]

Information

Update to Get-UserHoldPolicies

This certainly seems to be a day for updates! Based on some additional feedback from my peers, I’ve updated the Get-UserHoldPolicies script to exclude legacy Exchange MRM policies by default.  MRM policies, while they have RetentionPolicyTags, are technically either moving or deleting content, not preserving it.… [ Continue reading ]

Configuration

Update to OneDrive for Business Admin tool

Based on some user feedback, I’ve made the following modifications to the OneDrive for Business Admin Tool:

  • Fixed a reference to the original function name for FolderToDelete
  • Added verbiage referencing the -Confirm parameter when using FolderToDelete parameter
  • Tidied up code indentations to make it more readable

I’ve got some additional feedback that I will incorporate as well (once I figure out how to do it).… [ Continue reading ]

Configuration

Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

  • Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
  • Synced identity to tenant
  • Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Identity

Update to Create-LabUsers!

Sometimes, your mind just gets to thinking about stuff you could have done better.  Last night was one of those times.

I’d started building new lab environments for work, and decided to start pumping users into AD and syncing them to my test tenants. … [ Continue reading ]