Author: Brian Reid

  • Blocking Screenshots in iOS Work Applications

    Blocking Screenshots in iOS Work Applications

    A new feature to Intune managed iOS devices, via App Protection Policies, is the ability to block screenshots (“screencapture” in Apple’s terminology). This has started to become available since the end of November 2024 and was mentioned in Message Center MC907517, though this article targeted developers and not administrators. Microsoft has released two new versions…

  • Simple Digital Signage for Teams Rooms

    Simple Digital Signage for Teams Rooms

    In a recent update for Teams Room, pro licence, you have the ability to display relevant messages in your meeting rooms when there is no meeting taking place. Options include a default message for any room that has “digital signage” enabled, and specific messages per room or group of rooms. Though there are third party…

  • Adding Apple Well-Known RemoteManagement JSON to IIS Web Servers

    Adding Apple Well-Known RemoteManagement JSON to IIS Web Servers

    To do Account driven BYOD device enrolment in Intune for iOS devices you need to publish to the website on your domain a JSON file that contains your tenant ID. The URL for this file is https://c7solutions.com/.well-known/com.apple.remotemanagement where the domain (c7solutions.com in this case) is the same as the domain of the username on the…

  • Why Is My Microsoft 365 Data In Multiple Regions?

    Why Is My Microsoft 365 Data In Multiple Regions?

    When your Microsoft 365 service is first used data is provisioned in the location best suited to your organization postal address and provided in the M365 Admin Center. If you start other services at later times, those services might be in different locations. Here is an example: The above is found in the Microsoft 365…

  • Testing Entra ID SaaS OIDC Apps With JWT.ms

    Testing Entra ID SaaS OIDC Apps With JWT.ms

    JWT.ms is an app that will show you the contents of any JSON Web Token (JWT) issued by Entra ID that you have access to and can paste into the top field in the browser. But you can also use it to test apps in Entra ID – you can publish a web app that…

  • Secure Access To Mailboxes Via Graph

    Secure Access To Mailboxes Via Graph

    This is mainly for my own info, as a lot of this I could not find on a single website, and also found info on the now deprecated Application Access Policies and so rather than needing to hut for all this stuff all over the place… To use Microsoft Graph to connect to Exchange Online…

  • OneDrive Over Quota And You Cannot Work Out Why

    OneDrive Over Quota And You Cannot Work Out Why

    I came across this problem with my own tenants OneDrive (business not consumer) service when the Academic licence I use (and was given by Microsoft about 15 years ago) dropped from 5TB to 100GB in line with all Academic/Education free licences. This was a problem as it was my photo library – I could not…

  • Authentication Methods – What Happens If I Click That Button

    Authentication Methods – What Happens If I Click That Button

    There are various buttons in the Entra ID portal that can be used in the event of an incident with a user account, but each have different effects and can be used in different circumstances. This blog post outlines the impact of each button on the user. To do these tests I performed a standard…

  • Intune App Protection Policies and “All Apps” Do Not Automatically Stay Up To Date

    Intune App Protection Policies and “All Apps” Do Not Automatically Stay Up To Date

    When you create an App Protection Policy and select “All Apps”, Microsoft points out in Intune that they will keep the policy up to date for you and add new apps as they are released (so it is always “All Apps”) and not “All Apps on the date I made the policy and no changes…

  • B2B Collaboration and Easy Multifactor Authentication in Microsoft 365/Entra ID

    B2B Collaboration and Easy Multifactor Authentication in Microsoft 365/Entra ID

    A couple of conversations this week, including this prompt by Daniel Glenn – https://x.com/DanielGlenn/status/1812952597759992149 have led me to write up this quick guide to making your cross-tenant, resource account, guest, B2B Collaboration users (note, these are all the same thing) multi-factor authentication easy. If you don’t do this, then the user needs to set up…

  • International Cross-Tenant Sync, Or Fun With Entra Sync Expressions!

    International Cross-Tenant Sync, Or Fun With Entra Sync Expressions!

    I have a client with a parent company in Asia and a subsidiary in the USA and Europe. To provide cross-tenant access to the Intranet and other resources we have used Entra ID Cross-Tenant Sync to populate users from the Asian tenant into the USA based tenant. The issue with this is that the Asian…

  • Enforced MFA on the Azure Portal and Emergency Access (breakglass) Accounts

    Enforced MFA on the Azure Portal and Emergency Access (breakglass) Accounts

    An emergency access (or break-glass) account is a key design consideration of your M365/Entra tenant. This would be an account that would bypass MFA and you would store the very long and unique credentials offline somewhere. This would be used in the case of configuration breakages that would lock out all your other admins or…

  • Microsoft Information Protection Broken in Gmail

    Microsoft Information Protection Broken in Gmail

    Just a short note to help you fix this error: This message is protected with Microsoft Information Protection. You can open it using Microsoft Outlook, available for iOS, Android, Windows, and Mac OS. Get Outlook for your device here: https://aka.ms/protectedmessage. With Microsoft Information Protection, you can prevent your email messages from being copied or forwarded without…

  • Exporting Named Properties From Exchange Online Mailbox

    An undocumented Exchange Online cmdlet came my way the other day – the “Get-MailboxExtendedProperty”. This returns all the named properties, or extended properties in the mailbox and can be exported to a file for review: Get-MailboxExtendedProperty username | Export-CliXml MailboxExtendedProperties_username.xml A mailbox should only have a few thousand of these, but if you get too…

  • Implementing High Volume Email with Exchange Online

    Implementing High Volume Email with Exchange Online

    High Volume Email (HVE) is a new service from Microsoft to allow the sending of up to 100,000 internal emails per day (with a small number external) which is in excess of the current limits of 10,000 per day (depending upon your licence). Here are my initial observations on setting this service up. During preview…

  • Multi-Tenant Organizations: What Configuration Changes

    Multi-Tenant Organizations: What Configuration Changes

    When you configure a Multi-Tenant Organization in the Microsoft 365 Admin Center a number of changes occur across a number of services. These allow for features like member or guest sync, cross-tenant people search and different behaviours for joining meetings (treating people in other tenants as internal for meeting join). You can put all these…

  • Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Custom Controls date back to the Azure AD days and the ability to link an external MFA provider into authentication but without the full step of federation. This feature was in preview for years and never left preview, and was limited to I think three companies. Over the years I have seen this a number…

  • Deleting a Rogue Passkey Device

    Deleting a Rogue Passkey Device

    If you try and set up a passkey in Windows there is the possibility that if it goes wrong you will end up with an entry for a device but no passkey. I got this for a OnePlus device as the OnePlus Android OS (at the time of writing) does not support allowing Microsoft Authenticator…

  • Export Conditional Access Named Locations Using PowerShell

    Export Conditional Access Named Locations Using PowerShell

    The named locations can be used in Conditional Access rules as a way to block or allow countries by IP address to geo-lookup database. Whilst not always accurate, and can be bypassed by VPN or a virtual machine in an allowed location, they do have their uses as a basic block to where services can…

  • Blocking onmicrosoft.com Emails in Exchange Online Protection

    Blocking onmicrosoft.com Emails in Exchange Online Protection

    There is a considerable uptick in emails from the default domain in Microsoft 365 tenants. These emails come from senders @ tenant.onmicrosoft.com and are not your tenant. Microsoft recently announced recipient external sender limits to reduce this, as the default is 10,000 recipients per day, but will get an additional restriction of no more than…

  • Integrating Microsoft 365 SafeLinks and Mimecast Targeted Threat Protection

    Integrating Microsoft 365 SafeLinks and Mimecast Targeted Threat Protection

    If your email protection filter is provided by Mimecast, then you might also have enabled Mimecast Targeted Threat Protection (TTP). TTP, like Microsoft Defender for Office SafeLinks will rewrite the URLs in email messages, but unlike SafeLinks will not rewrite or redirect them in Office documents or Teams chat, channel and meetings. Therefore as both…