Author: Brian Reid
-
Restricting OneDrive To Multiple Tenants
You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization. But if you look at all the documentation and examples others…
-
Zoom For Intune 5003 and Network Connection Errors
This was an interesting error to track down and fix. Its probably not going to affect a lot of my readers, but its was an interesting problem to get to the bottom of and it might apply for any Intune based app and not just Zoom. The specific scenario I have is a tenant to…
-
Migrating MFA Settings To Authentication Methods
Released to Azure AD in December 2022 there is now a process for migrating from the legacy MFA methods and Self-Service Password Reset (SSPR) authentication methods to the unified Authentication Methods policies in Azure AD. This migration window is open until Jan 2024 when the legacy methods will be disabled. This change will allow you…
-
Managing Hybrid Exchange Online Without Installing an Exchange Server
In April 2022 Microsoft finally released the ability to manage Active Directory synced attributes (Hybrid Identity) to Azure Active Directory for Exchange without a full Exchange Server installation. Instead, you install the Exchange Management Tools (EMT). You need to install Exchange Server 2019 CU12 or later to do this, and you either uninstall your existing…
-
Conditional Access in Defender for Cloud (MCAS)
I was asked this question last week at Microsoft Ignite following a talk that I did, and as it was a question it was clearly not as clear cut as maybe I thought it was. The question was, “why is Conditional Access found in Azure AD and Defender for Cloud?” (Defender for Cloud was previously…
-
Conditional Access Authentication Strengths
Newly released to Conditional Access in Azure AD is the “Authentication Strengths” settings. These allow you to control the strength of the authentication you need to be used for that conditional access rule. Before this feature was available you had the option of allowing access with no second factor, MFA as a second factor (any…
-
What Is “Multifactor Authentication Trusted IPs”
In Azure AD for location based conditional access rules you can select “Multifactor Authentication Trusted IPs” as a location. This short blog post outlines what this is. As an example of the use of this location, it could be used as follows in Conditional Access: The location selected in the above is “Multifactor Authentication Trusted…
-
Getting Teams Meetings Added to Your Events When Using Apple iOS Calendar App
A user can enable an “All Meetings Online” option in Outlook (all versions) to add a Teams meeting automatically when the meeting is created and an admin can enable this centrally for all users with the PowerShell Set-OrganizationConfig -OnlineMeetingsByDefaultEnabled $true But this does not add the meeting bridge to events created in Apple Calendar on…
-
Improving Exchange Online Email Deliverability Through Third Party Filtering Services – Trusted ARC Sealer
When you receive emails into Exchange Online and you filter the external messages before arrival with a third party filter such as Mimecast, Proofpoint or others, then you can have DMARC failures that result in messages being junked or quarantined in Exchange Online. Trusted ARC Sealer is a feature of Exchange Online to allow you…
-
Fixing the Display of Voicemail In Outlook
Once upon a time voicemail in Office 365 was done in Exchange Online Unified Messaging, but that was retired early 2020. Voicemail is now provided by a service known as Cloud Voicemail but Outlook did not keep up to date if you have a newly created tenant and now when voicemail arrives in Outlook it…
-
Gmail showing “via” in Microsoft 365 Email Headers
I came across this issue the other day. In the headers of an email received from Microsoft 365 / Exchange Online into Gmail (and not other recipients) the message header reads “name@domain via otherdomain.onmicrosoft.com”, for example: In this case the via header for onmicrosoft.com was an old organization name and as tenant rename does not…
-
Safe Links, Microsoft Teams Rooms or Zoom Rooms, and Preset Security Policies
Or “How to customize Microsoft 365 Preset Security Policies“! The Preset Security Policies in Microsoft 365 allow you to assign to users, groups or domains the recommend anti-spam, anti-spoofing and anti-malware settings (amongst others). In the Microsoft 365 Security Portal (https://security.microsoft.com) where you set this there appears to be no way to customize these policies…
-
Improving Security For MFA Approvals – Number Matching
Rolling out in November 2021 is a new feature – that of requiring the user to enter a number rather than just click approve on the MFA prompt. This update to Azure AD requires the use of Push Notifications and therefore requires the use of the Microsoft Authenticator app. It also requires that MFA is…
-
Adding Location To Azure AD MFA
This Azure AD feature is something that a number of other Multi-Factor Authentication providers have already implemented – that of showing the location of the user login (and the app in use) on the MFA prompt. This feature rolled out to Azure AD in mid November 2021 in preview – so use in non-production tenants…
-
External Teams Chat – Voice and Video Not Available
I wanted to look and see the options for the Voice/Video buttons in a Microsoft Teams chat, and why sometimes I do not have these available based on who I add to the chat I see these combinations: Internal User Internal Users (more than one) External User Multi-Party including External User(s) Guest Users Meet Now…
-
Setting Up A Microsoft Teams Room with a Yealink MVC640
This article goes through the steps I needed to set up a new Microsoft Teams Room system using the Yealink MVC640. Updated February 2022 with the latest updates for provisioning meeting rooms. Account Provisioning First, and done in advance of arrival, is the set up of the user account that the Microsoft Teams Room (MTR)…
-
Turn Off Self-Service Purchases in Microsoft 365
Microsoft 365 has a route for users to buy their own products rather than products purchased and licenced by the company. This blog outlines how to turn this off. Install the MSCommerce PowerShell module with: Only PowerShell v5 is supported. You can install it into PowerShell v7 but it will not run. Then connect to…
-
We can’t set up the conversation Teams Chat Error
You want to chat from Teams to a person outside your company who is also using Teams and you get “We can’t set up the conversation because your organisations are not set up to talk to each other”. This is an admin setting, so if you are not the Teams admin you need to speak…
-
Finding Existing Plus Addresses
Exchange Online will automatically enable “Plus Addressing” for all tenants from Jan 2022. This change may cause issues if you have existing mailboxes where the SMTP address contains a + sign. That is, directors+managers@contoso.com would be considered a broken email address from Jan 2022 in Exchange Online. So you need to check you have no…
-
Allowing “Phish” Training Emails in Exchange Online
With the introduction of “Secure by Default” in Exchange Online, where you used to add IPs and other settings such as allow-lists to allow your phish training emails to get through to your users this will no longer work, and shortly it will no longer work to bypass the Exchange Online filters using mail flow…
-
Block Downloads and Other Controls in Microsoft Dynamics
This article will walk you through the use of Microsoft Cloud App Security (MCAS in the rest of the article) to implement data protections in the Microsoft Dynamics product range. This includes Dynamics 365 (the CRM product), Finance and Operations, Talent, Marketing etc. In this walk through we will block copy and paste from the…