Identity

Update to the Remove-ProxyAddresses Script

This update comes from a user–it’s a pretty simple one.

I posted the script Remove-ProxyAddresses back in 2017 after writing a blog post on the same topic.  In my script, I had covered Mailboxes, MailUsers, and Contacts.  I did not, however, include RemoteMailboxes, as my original thinking was “if you moved it there, you already got rid of the bad proxies.”

Which, didn’t turn out to be necessarily true (especially if you used my other way of removing proxy addresses via AAD Connect). … [ Continue reading ]

Identity

Update to PwnCheck script

This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password.  They’re not currently in Office 365 (or even Active Directory), but the risk is the same:

Users tend to use the same passwords everywhere.… [ Continue reading ]

Configuration

DLP for Bitcoin Addresses

One of the up-and-coming combination phish-ransom attacks is to trick the mark into thinking that you’ve got access to their data, and then get them to send money to a Bitcoin address to protect them from data leakage.  You can create a DLP rule in the Office 365 Security & Compliance Center (or an Exchange Online transport rule) to try to combat this.… [ Continue reading ]

Scripting

Creating a Teams “New Channel” notification

One of my customers recently asked for a solution to checking a particular Microsoft Team multiple times a day for new channel additions.  In their organization, someone is responsible for creating a new channel every time new item for review is published, and then all of the communications, files, and data related to that item is stored in that particular time.… [ Continue reading ]

Information

WhoAmI for Office 365

If you’ve ever struggled to find out who your current session is logged in as when you connected to Office 365, here’s a tidbit to shed some light on it:

(Get-PSSession |?{$_.ComputerName -like “*outlook.com”})[0].RunSpace.ConnectionInfo.Credential.UserName

You can also use RunSpace.OriginalConnectionInfo.Credential.UserName. … [ Continue reading ]

Information

Update to the Get-UserHoldPolicies Tool

A new year, a new update for Get-UserHoldPolicies!  Woo!

I stumbled across some additional information today regarding deciphering hold policies for mailboxes while troubleshooting another issue and decided to update my Get-UserHoldPolicies tool to reflect it.

The core pieces that I added:

  • Identifying Skype policies (as prefaced by sky in the InPlaceHolds property of a mailbox)
  • Identifying excluded mailbox policies (as prefaced by -mbx in the InPlaceHolds property of a mailbox)
  • Disposition action for items at the end of a retention period:
    • Delete only
    • Do nothing after retention period
    • Delete after retention period

You can see a few of the new options here. … [ Continue reading ]