Configuration

Exchange Online Protection (EOP) Best Practices and Recommendations

Yes. I said it.

Someone needed to put a line in the sand and today, that person is me.  I’m going to say these are some best practices.

But of course, your mileage may vary, depending on your type of organization (users at a local bank or city government will have different threats presented to them than an engineering firm with international customers, for example). … [ Continue reading ]

Information

Update to Get-UserHoldPolicies

This certainly seems to be a day for updates! Based on some additional feedback from my peers, I’ve updated the Get-UserHoldPolicies script to exclude legacy Exchange MRM policies by default.  MRM policies, while they have RetentionPolicyTags, are technically either moving or deleting content, not preserving it.… [ Continue reading ]

Configuration

Update to OneDrive for Business Admin tool

Based on some user feedback, I’ve made the following modifications to the OneDrive for Business Admin Tool:

  • Fixed a reference to the original function name for FolderToDelete
  • Added verbiage referencing the -Confirm parameter when using FolderToDelete parameter
  • Tidied up code indentations to make it more readable

I’ve got some additional feedback that I will incorporate as well (once I figure out how to do it).… [ Continue reading ]

Configuration

Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

  • Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
  • Synced identity to tenant
  • Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Information

Update to Get-UserHoldPolicies — Now includes DelayHoldApplied

This is just a quick update–if you’ve been using my Get-UserHoldPolicies script to check out the holds applied to your mailboxes, I’ve updated it to include the DelayHoldApplied property.

A Delay Hold is applied whenever a hold is removed from a mailbox (as in, the mailbox is excluded from an inherited policy or manually removed from an explicitly included policy), and stays in effect for 30 days. … [ Continue reading ]

Information

Switch SharePoint Online Lists between Classic and Modern Experience

It’s been coming for a while.

Change is inevitable.

SharePoint Modern UI is here.

And, we’ve begun updating libraries and lists.

Per this link, https://techcommunity.microsoft.com/t5/SharePoint/Update-on-modern-list-tenant-opt-out-removal/td-p/469297, we changed the opt-out methods (from tenant-level to site-level).  One of the things that we noted is that you can use Enable-PnPFeature or Disable-PnPFeature to manage this. … [ Continue reading ]

Identity

Update to the Remove-ProxyAddresses Script

This update comes from a user–it’s a pretty simple one.

I posted the script Remove-ProxyAddresses back in 2017 after writing a blog post on the same topic.  In my script, I had covered Mailboxes, MailUsers, and Contacts.  I did not, however, include RemoteMailboxes, as my original thinking was “if you moved it there, you already got rid of the bad proxies.”

Which, didn’t turn out to be necessarily true (especially if you used my other way of removing proxy addresses via AAD Connect). … [ Continue reading ]

Identity

Update to PwnCheck script

This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password.  They’re not currently in Office 365 (or even Active Directory), but the risk is the same:

Users tend to use the same passwords everywhere.… [ Continue reading ]