This week, I was presented with a question from a partner who was in the middle of the Skype for Business portion of a larger merger and acquisition migration project. The customer had enabled the Skype for Business license for all users in the tenant (including users who hadn’t migrated for other domains and forests), and since neither the hybrid configuration nor DNS were complete, messages and calls were undeliverable. … [ Continue reading ]
While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments. Many organizations have policies against data exfiltration, but detecting and enforcing are totally different animals. … [ Continue reading ]
UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.
Last week, I was asked by a few people for information on displaying holds applied to mailboxes.
Holds come in several varieties:
- In-Place Holds created via the Exchange Admin Center or eDiscovery case
- Retention Policies (either as Retention or Label policies)
- Litigation Hold set as a mailbox property
- Legacy Exchange MRM policies
When viewed programmatically from PowerShell, you’ll notice that In-Place Holds and Retention Policies are somewhat inverse relationships like the legacy MRM policies–that is, the various policies in the Security & Compliance Center don’t have lists of objects applied to them. … [ Continue reading ]
While working with a partner this weekend on a tenant to tenant migration, we had the need to migrate Office 365 groups. There’s not really a lot of information around on recreating groups and memberships, so I decided to put together a tool to help the effort.… [ Continue reading ]
Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes. Fortunately, it ended up being much easier than I anticipated:
When I enumerated the mailbox originally, I used:
$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,… [ Continue reading ]
Recently, I had a requirement come up to enable the bulk restore of content from a OneDrive for Business site in the event of a cryptoware or ransomware attack. OneDrive has versioning turned on, so I figured this would be an “easy” add. … [ Continue reading ]
Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool. The most recent updates:
- 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
- 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property
These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]
In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.
For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]
This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:
Password expiration policy
If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.… [ Continue reading ]
Update: I’ve also added some new features, detailed in https://www.undocumented-features.com/2017/10/16/recovering-from-crypto-or-ransomware-attacks-with-the-onedrive-for-business-admin-tool/.
While updating a script I wrote to remove the “Shared with Everyone” folder in OneDrive for business, it dawned on me that there are a number of bulk management tasks for OneDrive that are not easy to do, that we don’t have specific guidance on, or only have little bits of information scattered around the interwebs.… [ Continue reading ]
Updated with additional requirements and scenarios, 2017-10-26.
I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation. After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure the various permissions delegations.… [ Continue reading ]
A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet. … [ Continue reading ]
I meant to post this earlier, but I wanted to let everyone know that I’ve had the great honor of being able to write a book with some of the titans of Microsoft Consulting Services. The book has all new content for Office 365 based on our experience in the field, and even features current service release updates. … [ Continue reading ]
The people have spoken.
I’ve updated the tool with a couple of features:
- Include the Skype for Business IP ranges in the proxy bypass list, since there are occasions that it is necessary.
- Added an option for *all* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option for *only* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option to export the IP ranges for selected products to a separate text file.
A while ago, I wrote about a script that I had built for creating BitTitan MigrationWiz connectors with the parameters necessary to do bulk resource mapping. This worked pretty well, until I downloaded the newest version of the PowerShell module when I had to do it for a customer that was already partway through their migration.… [ Continue reading ]
Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). … [ Continue reading ]
This past week has seen the widespread growth of the WannaCry ransomware attack, which was based on the EternalBlue SMB vulnerability. We released security update MS17-010 on March 14, 2017 to address the vulnerability.
Preliminary reports show at least 300,000 computers have been affected globally by this ransomware that encrypts files, requiring up to $600 in bitcoin payments within 7 days before the data is deleted.… [ Continue reading ]
I’ve been working on a little project, and the need to retrieve the last n number of commands I’ve executed in PowerShell has become a tedious task. As you’re (hopefully) aware, Get-History is a great cmdlet to review exactly how you got to where you are. … [ Continue reading ]
From time to time, you may find that you need to selectively filter out users going to Office 365. The easiest way to do it is with a scoping filter. We do have some documents on setting the cloudFiltered attribute in the metaverse to True, but that requires creating new rules. … [ Continue reading ]