Information

Determining your Office 365 Tenant Location

During a conversation with my peers, the discussion came up on how to determine what environment a tenant is located in (usually between Commercial and Government).  Typically, the easiest way to determine this is to look at your account SKUs.  For example, from PowerShell, the cmdlet Get-MsolAccountSku will return a list of SKUs available in your tenant.… [ Continue reading ]

Configuration

Adding OneDrive Locations to an Existing Retention Policy

Yesterday, while working with a customer, I was asked if there is a way to programmatically add OneDrive locations to an existing retention policy.  Say, for example, you have a blanket retention policy that covers all of your tenant at a base level (which is what I typically recommend to ensure you at least have either belt or suspenders), but then you have a second set of users that need a longer policy.… [ Continue reading ]

Configuration

Creating Scoped DLP rules with Custom Sensitive Information Types

A few weeks ago, I put out a series of posts on creating and using custom sensitive information types (https://www.undocumented-features.com/tag/sensitive-information-types/).  The blog, posts, however, focus on using the DLP configuration options available in the Security & Compliance Center.

Rules created via the DLP wizard in the Security & Compliance Center have the benefit of being able to be applied globally across your organization and its content sources. … [ Continue reading ]

Configuration

Looky, looky! Custom sensitive information types with even more customitivity!

So, of course, as soon as I finish up posting a few entries (here and here), we go and release a new UI to help you get it done on your own!

You can do most of the effort of creating a data classification here, although if you want to use any of our built in functions (such as credit card Luhn check), you’ll need to export/modify/import, use the sensitive information type package that I created (referenced earlier) or use one of our native DLP classifications.… [ Continue reading ]

Configuration

Sensitive Information Types–now with more sensitivity!

UPDATE: The TechNet Gallery link for this post has been updated.

So, this is an entry that has been long in the making.  I have had several customers over the last few years give feedback about our Data Loss Prevention’s (DLP) matching requirements, mostly around how they require too much corroborating evidence (in the form of patterns or keywords) to meet their organization’s very restrictive policies.… [ Continue reading ]

Configuration

Update: AAD Connect Network Test Tool

Update (7/24): I updated this since the last revision, so if you downloaded it prior to 7/24/2018, get the newest version.

I began working with the product group on rolling in some of the network connectivity and testing checks available in the AAD Connect Network Test tool into the actual AAD Connect product. … [ Continue reading ]

Information

Report proxy addresses not in Accepted Domains

Like as the waves make towards the pebbled shore, so do our proxy addresses hasten to multiply.

At least, that’s how it seems.  As is the organizational ebb and flow, business objectives change, new business units are spun up, old projects are turned down, and you may need to add or remove proxy addresses in your Exchange environment to account for that. … [ Continue reading ]

Configuration

Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

  • Allow the underscore (“_”) character to be used in an OU name path
  • Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
[ Continue reading ]
Information

Creating and Managing Security and Compliance Filters in the Real World [Part 2]

Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.

In this scenario, we’re going to:

  • Remove users from any existing eDiscovery roles or groups
  • Create a security group to hold users that will perform eDiscovery searches
  • Create a custom role group that has the appropriate eDiscovery roles and add the security group as a member
  • Verify

If you didn’t read the previous blog post on this topic, I’d encourage you to go back and do so, since I’m going to continue using the same users and compliance filters.… [ Continue reading ]

Information

Office 365 Administration Inside Out

Hey! It’s finally here! After months of hard work (almost a year from when we started until a copy at my doorstep), we’ve finally made it to the finish line!  Also, pay no mind to my poor cuticles!

You can read the press release here: https://blogs.msdn.microsoft.com/microsoft_press/2017/11/27/new-book-microsoft-office-365-administration-inside-out-includes-current-book-service-2nd-edition

Or jump straight to Amazon and order it: http://aka.ms/o365adminio

While you’re at it, be sure to check out the blogs of the other authors, filled with all sorts of goodies:

Darryl Kegg, https://aka.ms/dkeggblog

Lou Mandich, http://blogs.technet.com/b/loum/

Ed Fisher, https://blogs.technet.microsoft.com/edfisher/[ Continue reading ]

Configuration

Disable Skype SKUs across all users

This week, I was presented with a question from a partner who was in the middle of the Skype for Business portion of a larger merger and acquisition migration project. The customer had enabled the Skype for Business license for all users in the tenant (including users who hadn’t migrated for other domains and forests), and since neither the hybrid configuration nor DNS were complete, messages and calls were undeliverable. … [ Continue reading ]