The hosting venue has changed to serve you better.
Today, while logging into a Windows Server via my favorite RDP tool (RDCMan), I was faced with the “Your password has expired” prompt. No worries, just enter my password and change it.
Except for the part where the password has been saved and I neglected to add it to my password manager.… [ Continue reading ]
Yes. I said it.
Someone needed to put a line in the sand and today, that person is me. I’m going to say these are some best practices.
Of course, your mileage may vary, depending on your type of organization–users at a local bank or city government will have different threats presented to them than an engineering firm with international customers, for example.… [ Continue reading ]
As my kids are eager to tell me, I done messed up. 😉 One of my readers pointed out an oversight where a null variable may have been referenced–and it’s been corrected! H/T to @itpro_tipscom!
You can get the updated version at https://gallery.technet.microsoft.com/PwnCheck-HaveIBeenPwned-d65cf5f1… [ Continue reading ]
This week, I had a customer ask about generating a list of all sites a user had access to as part of their security and employee termination process. SharePoint PnP PowerShell seemed like a good place to start. But then, I decided, what if I wanted to find all the places a particular had a particular type of permission? … [ Continue reading ]
OneDrive for Business is, from my perspective, one of the most under-utilized but benefit-rich parts of the Office 365 platform, allowing organizations (especially organizations that subscribe to the E3 or higher SKU) virtually unlimited storage, versioning, and recovery capability for their file-based storage.… [ Continue reading ]
This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password. They’re not currently in Office 365 (or even Active Directory), but the risk is the same:
Users tend to use the same passwords everywhere.… [ Continue reading ]
One of the up-and-coming combination phish-ransom attacks is to trick the mark into thinking that you’ve got access to their data, and then get them to send money to a Bitcoin address to protect them from data leakage. You can create a DLP rule in the Office 365 Security & Compliance Center (or an Exchange Online transport rule) to try to combat this.… [ Continue reading ]
It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):
As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.… [ Continue reading ]
Last week, I was working with a large government customer in a consolidated tenant (read: all agencies in a single, centrally-managed tenant). One of the questions that was presented was how to search and filter the audit log for entries relating to the following categories:
To that end, I based together this script. … [ Continue reading ]
One of the issues that some of my larger customers have been dealing with is the lack of tooling and planning around moving legacy Exchange Online In-Place eDiscovery & Holds to the new(ish) Security & Compliance Center. Our direction has been to either let them age out or manually recreate them the Security & Compliance Center.… [ Continue reading ]
UPDATE: I have posted the script to check against haveibeenpwned.com at the bottom in the TechNet Gallery. http://aka.ms/pwncheck
Yesterday, I participated in an escalation for a customer where one or more users had been successfully phished and had given up their credentials. … [ Continue reading ]
I had a customer recently raise some questions about how to provide further enhancements and protections around their OneDrive for Business deployments. Suppose this scenario exists:
At this point, for any data older than 90 days, it is lost.… [ Continue reading ]
If you’ve ever asked anyone how to do virtually anything, the answer is usually “It depends.” Just as there is no wrong way to eat a Reese’s Peanut Butter Cup and more than one way to skin a cat, so it frequently is with technological tasks. … [ Continue reading ]
Earlier this week, I had a request for assistance with delegating reporting features in Exchange Online to non-administrative users. This is a frequent topic of discussion when it comes to compliance and security officers validating that systems are not being misused by unauthorized persons.… [ Continue reading ]
Today, we’re going to explore two relatively new sharing controls in SharePoint Online (and, by extension, OneDrive for Business). The two options we’re going to look at are located inside the SharePoint Admin Center (https://<tenant>-admin.sharepoint.com) under Sharing:
