While working with a partner this weekend on a tenant to tenant migration, we had the need to migrate Office 365 groups. There’s not really a lot of information around on recreating groups and memberships, so I decided to put together a tool to help the effort.… [ Continue reading ]
Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes. Fortunately, it ended up being much easier than I anticipated:
When I enumerated the mailbox originally, I used:
$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,… [ Continue reading ]
Recently, I had a requirement come up to enable the bulk restore of content from a OneDrive for Business site in the event of a cryptoware or ransomware attack. OneDrive has versioning turned on, so I figured this would be an “easy” add. … [ Continue reading ]
Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool. The most recent updates:
- 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
- 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property
These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]
In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.
For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]
This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:
Password expiration policy
If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.… [ Continue reading ]
Update: I’ve also added some new features, detailed in https://www.undocumented-features.com/2017/10/16/recovering-from-crypto-or-ransomware-attacks-with-the-onedrive-for-business-admin-tool/.
While updating a script I wrote to remove the “Shared with Everyone” folder in OneDrive for business, it dawned on me that there are a number of bulk management tasks for OneDrive that are not easy to do, that we don’t have specific guidance on, or only have little bits of information scattered around the interwebs.… [ Continue reading ]
Updated with additional requirements and scenarios, 2017-10-26.
I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation. After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure the various permissions delegations.… [ Continue reading ]
A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet. … [ Continue reading ]
I meant to post this earlier, but I wanted to let everyone know that I’ve had the great honor of being able to write a book with some of the titans of Microsoft Consulting Services. The book has all new content for Office 365 based on our experience in the field, and even features current service release updates. … [ Continue reading ]
The people have spoken.
I’ve updated the tool with a couple of features:
- Include the Skype for Business IP ranges in the proxy bypass list, since there are occasions that it is necessary.
- Added an option for *all* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option for *only* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option to export the IP ranges for selected products to a separate text file.
A while ago, I wrote about a script that I had built for creating BitTitan MigrationWiz connectors with the parameters necessary to do bulk resource mapping. This worked pretty well, until I downloaded the newest version of the PowerShell module when I had to do it for a customer that was already partway through their migration.… [ Continue reading ]
Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). … [ Continue reading ]
This past week has seen the widespread growth of the WannaCry ransomware attack, which was based on the EternalBlue SMB vulnerability. We released security update MS17-010 on March 14, 2017 to address the vulnerability.
Preliminary reports show at least 300,000 computers have been affected globally by this ransomware that encrypts files, requiring up to $600 in bitcoin payments within 7 days before the data is deleted.… [ Continue reading ]
I’ve been working on a little project, and the need to retrieve the last n number of commands I’ve executed in PowerShell has become a tedious task. As you’re (hopefully) aware, Get-History is a great cmdlet to review exactly how you got to where you are. … [ Continue reading ]