On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool:
- Better logging of errors. When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may have happened.
… [ Continue reading ]
I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.
You can see previous updates for the tool:
Update to the Office 365 Proxy PAC tool
Updates to Office 365 Proxy PAC Generator
And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7… [ Continue reading ]
Over the past several months, I’ve slowly been adding features to the OneDrive for Business Admin Tool (you can read about the previous updates and features here, here, and here). Earlier this week, one of my peers asked if I knew of an easy way for a customer to search OneDrive for Business sites and delete all files of a certain type (say, video files).… [ Continue reading ]
Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.… [ Continue reading ]
Diving deeper into the Security & Compliance Center, I decided to embark on trying to scope eDiscovery permissions to meet a certain set of requirements that we see when multiple business units want or need to maintain independence from a content search and discovery perspective.… [ Continue reading ]
I have created a more detailed example of how to do this here: https://www.undocumented-features.com/2018/09/14/fixing-office-365-anonymous-group-write-back-and-external-delivery/
Office 365 Groups are glorious creations. There are, however, some instances where they don’t work as you anticipate (or hope).… [ Continue reading ]
Hey! It’s finally here! After months of hard work (almost a year from when we started until a copy at my doorstep), we’ve finally made it to the finish line! Also, pay no mind to my poor cuticles!… [ Continue reading ]
UPDATE: [11/20/2018] I had an error in the transport rule configuration in the last example, as well as a note that a TR would NDR external traffic. I have this post accordingly.
We’re all familiar with how Office 365 tenants work–when you spin up a new Office 365 tenant, you get a managed domain (tenant.onmicrosoft.com). … [ Continue reading ]
This week, I was presented with a question from a partner who was in the middle of the Skype for Business portion of a larger merger and acquisition migration project. The customer had enabled the Skype for Business license for all users in the tenant (including users who hadn’t migrated for other domains and forests), and since neither the hybrid configuration nor DNS were complete, messages and calls were undeliverable. … [ Continue reading ]
While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments. Many organizations have policies against data exfiltration, but detecting and enforcing are totally different animals. … [ Continue reading ]
UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.
Last week, I was asked by a few people for information on displaying holds applied to mailboxes.… [ Continue reading ]
While working with a partner this weekend on a tenant to tenant migration, we had the need to migrate Office 365 groups. There’s not really a lot of information around on recreating groups and memberships, so I decided to put together a tool to help the effort.… [ Continue reading ]
Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes. Fortunately, it ended up being much easier than I anticipated:
When I enumerated the mailbox originally, I used:
$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,
… [ Continue reading ]
Recently, I had a requirement come up to enable the bulk restore of content from a OneDrive for Business site in the event of a cryptoware or ransomware attack. OneDrive has versioning turned on, so I figured this would be an “easy” add. … [ Continue reading ]
Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool. The most recent updates:
- 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
- 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property
These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]