One of the up-and-coming combination phish-ransom attacks is to trick the mark into thinking that you’ve got access to their data, and then get them to send money to a Bitcoin address to protect them from data leakage. You can create a DLP rule in the Office 365 Security & Compliance Center (or an Exchange Online transport rule) to try to combat this.… [ Continue reading ]
Hey, all! One AAD tool update deserves another!
Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can. I’ve made a few changes to the way it works (hopefully which you all think is for the better). … [ Continue reading ]
It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):
One of the issues that some of my larger customers have been dealing with is the lack of tooling and planning around moving legacy Exchange Online In-Place eDiscovery & Holds to the new(ish) Security & Compliance Center. Our direction has been to either let them age out or manually recreate them the Security & Compliance Center.… [ Continue reading ]
I had a customer recently raise some questions about how to provide further enhancements and protections around their OneDrive for Business deployments. Suppose this scenario exists:
- Users are site collection administrators over their OneDrive for Business sites (default configuration)
- Retention policies are configured, but may only be configured to provide a very minimal amount of data protection (such as 90 days from creation or last modification of data) due to organizational legal compliance
- No retention policies are in effect for the target data (as all the data we’re concerned with is technically older than 90 day creation or last modified date)
- Malicious or disgruntled user deletes OneDrive data
- Deletes data in OneDrive
- Empties recycle bin
- Empties second stage recycle bin
At this point, for any data older than 90 days, it is lost.… [ Continue reading ]
Earlier this week, I had a request for assistance with delegating reporting features in Exchange Online to non-administrative users. This is a frequent topic of discussion when it comes to compliance and security officers validating that systems are not being misused by unauthorized persons.… [ Continue reading ]
At long last, I’ve made a first pass at updating the Migrate-EOPSettings script to now include settings for Advanced Threat Protection. I’ve had several customers moving their instances from commercial EOP to Office 365 GCC, and while my Migrate EOP script would capture just about everything, it came to my attention that we still had configuration to do for ATP. … [ Continue reading ]
The other day, on one of the forums, I came across an issue that I also had with one of my customers a few years ago. In my customer’s instance, they had imported thousands of contacts into an externally trusted forest and deleted them in their primary forest (which then removed the objects from Office 365). … [ Continue reading ]
Today, we’re going to explore two relatively new sharing controls in SharePoint Online (and, by extension, OneDrive for Business). The two options we’re going to look at are located inside the SharePoint Admin Center (https://<tenant>-admin.sharepoint.com) under Sharing:
To test both of these functions out (as well as how other users are affected), I’m going to work with 3 test users and two security groups.… [ Continue reading ]
In part 1 of our adventure, we built an Azure AD lab to support configuring AAD Connect to work as a GalSync engine. In this post, we’ll finish up the configuration. As a reminder, this is the what the overall solution will look like:
And, as I mentioned in part 1:
Please don’t call Premier asking for support on this.… [ Continue reading ]
A few years ago, I worked with one of my close consultant peers to build a GALSync-style solution for a big state government that was going through a divestiture from a single BPOS-D (yes, I am old) and a single managed hosted Exchange environment to multiple O365 multi-tenant instances. … [ Continue reading ]
It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.
One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]
As luck would have it, I have one more update to deliver today.
One of my peers (shout out to Mike Manning) noticed that when using the ExportImport-CalendarProcessing tool, mailbox objects that have some special characters in them don’t get processed correctly on the import function. … [ Continue reading ]
Yesterday, while working with a customer, I was asked if there is a way to programmatically add OneDrive locations to an existing retention policy. Say, for example, you have a blanket retention policy that covers all of your tenant at a base level (which is what I typically recommend to ensure you at least have either belt or suspenders), but then you have a second set of users that need a longer policy.… [ Continue reading ]
While working through an issue with a customer today, we needed to add some OneDrive sites to a retention policy. No problem! Except for the part where no one has a list of OneDrive sites and the user interface doesn’t let you search or browse for them.… [ Continue reading ]
This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.
Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?… [ Continue reading ]
I was shocked to discover that I hadn’t updated the OneDrive for Business Admin Tool since January. Shocked that I hadn’t had any good ideas for it. Shocked, I tell you.
And then, a requirement presented itself for a tenant-to-tenant migration: how big are all of the OneDrive sites?… [ Continue reading ]