Hey, all! One AAD tool update deserves another!
Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can. … [ Continue reading ]
Configuration
Posts
Configuration
Update to the AAD Connect Advanced Permissions tool
It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):
As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.… [ Continue reading ]
Information
Update to Get-SCCDataExport
I’ve been tinkering around a little with this, hoping to bring some better updates (so maybe you can see who is generating your data exports and go smack them around).
I’ve got a few updated fields added to the tool, so be sure to go check it out!… [ Continue reading ]
Information
WhoAmI for Office 365
If you’ve ever struggled to find out who your current session is logged in as when you connected to Office 365, here’s a tidbit to shed some light on it:
(Get-PSSession |?{$_.ComputerName -like “*outlook.com”})[0].RunSpace.ConnectionInfo.Credential.UserName
You can also use RunSpace.… [ Continue reading ]
Information
Calculating your Daily Export for the Security & Compliance Center
One of the lesser-known boundaries of Office 365’s Security & Compliance Center is that we only allow 2TB per day export volume. When we talk about exports, we’re talking about the idea of taking content that has been identified via a content search mechanism (content search, eDiscovery case search, etc) and then staged for download.… [ Continue reading ]
Client
Export User GAL Entries from Outlook
This morning, looking for an answer to something, I stumbled across a question that seemed easy enough to fix: Is it possible to export the GAL from Outlook if I don’t have access to a server?… [ Continue reading ]
Updates and Fixes
Update to Forwarding Address Export Import Tool
Every now and then, I get a ahead of myself. I’ve updated a typo in the script on the gallery, a vestige of when I updated the script to use server-side filtering. … [ Continue reading ]
Scripting
Getting Around the Basics of Azure Automation for Office 365
One of the the things that we’ve learned about the cloud over the past few years is that you still need an environment (a utility server, an app server, a something) to run batch jobs and custom scripts against your environments. … [ Continue reading ]
Scripting
Generate a list of mailboxes whose litigation hold duration is less than a week away
While many people use Office 365 retention policies as part of their data governance strategy, there are many customers who either do not enforce retention or do so only for items under some sort of litigation hold.… [ Continue reading ]
Scripting
Update to the WipeExchangeOnlineMailbox tool
Who knew you’d need an update to a tool meant to delete things?
After working with a partner today and an out-of-control email application spamming user mailboxes, we decided an update was necessary. … [ Continue reading ]
Information
Update to the Get-UserHoldPolicies Tool
A new year, a new update for Get-UserHoldPolicies! Woo!
I stumbled across some additional information today regarding deciphering hold policies for mailboxes while troubleshooting another issue and decided to update my Get-UserHoldPolicies tool to reflect it.… [ Continue reading ]
Scripting
Searching the Office 365 Unified Audit Log for Specific Activities, Sites, and Users
Last week, I was working with a large government customer in a consolidated tenant (read: all agencies in a single, centrally-managed tenant). One of the questions that was presented was how to search and filter the audit log for entries relating to the following categories:
- Files shared by an agency or department’s users
- Files accessed in an agency’s SharePoint site collection
To that end, I based together this script. … [ Continue reading ]
Scripting
Iterating hash values to a log file
While working on my last script, I was trying to figure out the best way to write the values stored in a hash table for the purposes of splatting out to a log file.
Consider:
$parameters = @{}
$parameters.Add("Parameter1","Value1")$parameters.Add("Parameter2","Value2")$parameters.Add("Parameter3","Value3")
I was using a modified version of my logging function, which is basically a wrapper for Add-Content with parameters for log detail/types, colors, and output display.… [ Continue reading ]
Configuration
Migrating from Exchange Online eDiscovery and In-Place Hold to the Security & Compliance Center
One of the issues that some of my larger customers have been dealing with is the lack of tooling and planning around moving legacy Exchange Online In-Place eDiscovery & Holds to the new(ish) Security & Compliance Center. Our direction has been to either let them age out or manually recreate them the Security & Compliance Center.… [ Continue reading ]
Scripting
Checking for compromised email accounts
UPDATE: I have posted the script to check against haveibeenpwned.com at the bottom in the TechNet Gallery. https://gallery.technet.microsoft.com/PwnCheck-HaveIBeenPwned-d65cf5f1
Yesterday, I participated in an escalation for a customer where one or more users had been successfully phished and had given up their credentials. … [ Continue reading ]
Configuration
Alerting on OneDrive Deleted Item Activity
I had a customer recently raise some questions about how to provide further enhancements and protections around their OneDrive for Business deployments. Suppose this scenario exists:
- Users are site collection administrators over their OneDrive for Business sites (default configuration)
- Retention policies are configured, but may only be configured to provide a very minimal amount of data protection (such as 90 days from creation or last modification of data) due to organizational legal compliance
- No retention policies are in effect for the target data (as all the data we’re concerned with is technically older than 90 day creation or last modified date)
- Malicious or disgruntled user deletes OneDrive data
- Deletes data in OneDrive
- Empties recycle bin
- Empties second stage recycle bin
At this point, for any data older than 90 days, it is lost.… [ Continue reading ]
Configuration
Find Whitelisted Users, Domains, and IPs in Office 365
If you’ve ever asked anyone how to do virtually anything, the answer is usually “It depends.” Just as there is no wrong way to eat a Reese’s Peanut Butter Cup and more than one way to skin a cat, so it frequently is with technological tasks. … [ Continue reading ]
Configuration
Delegating Reporting Access for Exchange Online
Earlier this week, I had a request for assistance with delegating reporting features in Exchange Online to non-administrative users. This is a frequent topic of discussion when it comes to compliance and security officers validating that systems are not being misused by unauthorized persons.… [ Continue reading ]
Configuration
Migrate-EOPSettings now does ATP!
ATP! ATP!
At long last, I’ve made a first pass at updating the Migrate-EOPSettings script to now include settings for Advanced Threat Protection. I’ve had several customers moving their instances from commercial EOP to Office 365 GCC, and while my Migrate EOP script would capture just about everything, it came to my attention that we still had configuration to do for ATP. … [ Continue reading ]
Configuration
Updated Tool Roundup!
Hi! It’s a day ending in “y,” which means it’s a good day to update a script!
Today, while on-site with a customer and running my AAD Connect Permissions script, I noticed that the logging output wasn’t as helpful as I wanted it to be.… [ Continue reading ]