Category: microsoft

  • SSL Inspection and Microsoft 365

    SSL Inspection and Microsoft 365

    There are a number of features in Microsoft 365 that do not work if SSL Inspection (also known as TLS Interception) is enabled on your device or network provider. You need to disable the listed URLs that Microsoft provides in its documentation. The problem is there is a lot of disconnected documentation! This blog post…

  • Conditional Access in Defender for Cloud (MCAS)

    I was asked this question last week at Microsoft Ignite following a talk that I did, and as it was a question it was clearly not as clear cut as maybe I thought it was. The question was, “why is Conditional Access found in Azure AD and Defender for Cloud?” (Defender for Cloud was previously…

  • Turn Off Self-Service Purchases in Microsoft 365

    Microsoft 365 has a route for users to buy their own products rather than products purchased and licenced by the company. This blog outlines how to turn this off. Install the MSCommerce PowerShell module with: Then connect to the MSCommerce endpoint with: Then login with the administrator account. List all the products you are able…

  • MFA and End User Impacts

    This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see…

  • Read Only And Document Download Restrictions in SharePoint Online

    Both SharePoint Online (including OneDrive for Business) and Exchange Online allow a read only mode to be implemented based on certain user or device or network conditions. For these settings in Exchange Online see my other post at https://c7solutions.com/2018/12/read-only-and-attachment-download-restrictions-in-exchange-online. When this is enabled documents can be viewed in the browser only and not downloaded. So…

  • Improving Password Security In the Cloud and On-Premises

    Passwords are well known to be generally insecure the way users create them. They don’t like “complex” passwords such as p9Y8Li!uk%al and so if they are forced to create a “complex” password due to a policy in say Active Directory, or because their password has expired and they need to generate a new one, they…

  • Azure AD Single Sign-On Basic Auth Popup

    When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018…

  • Exchange Online Migration Batches–How Long Do They Exist For

    When you create a migration batch in Exchange Online, the default setting for a migration is to start the batch immediately and complete manually. So how long can you leave this batch before you need to complete it? As you can see from the below screenshot, the migration batch here was created on Feb 19th,…

  • The New Rights Management Service

    This blog is the start of a series of articles I will write over the next few months on how to ensure that your data is encrypted and secured to only the people you want to access it, and only for the level of rights you want to give them. The technology that we will…

  • The Exchange Server Header Firewall

    The below Header Firewall video was recorded as “pre-reading” for the Exchange 2010 MCM program. The website that originally hosted this video is no longer available, so I am reposting the video that I recorded here:

  • Installing and Configuring AD RMS and Exchange Server

    Earlier this week at the Microsoft Exchange Conference (MEC 2012) I led a session titled Configuring Rights Management Server for Office 365 and Exchange On-Premises [E14.314]. This blog shows three videos covering installation, configuration and integration of RMS with Exchange 2010 and Office 365. For Exchange 2013, the steps are mostly identical. Installing AD RMS…

  • Creating GeoDNS with Amazon Route 53 DNS

    UPDATE: 13 Aug 2014 – Amazon Route 53 now does native GeoDNS within the product – see Amazon Route 53 GeoDNS Routing Policy A new feature to Exchange 2013 is supported use of a single namespace for your global email infrastructure. For example mail.contoso.com rather than different ones for each region such as uk-mail.contoso.com; usa-mail.contoso.com…

  • How To Speed Up Exchange Server Transport Logging

    In Exchange 2010 SP1 and later any writing to the transport log files for activity logging (not the transaction logging on the mail.que database) is cached in RAM and written to disk every five minutes. In a lab environment you might be impacted by this as you might have sent an email and want to…

  • Highly Available Geo Redundancy with Outbound Send Connectors in Exchange 2003 and Later

    This is something I’ve been meaning to write down for a while. I wrote an answer for this question to LinkedIn about a week ago and I’ve just emailed a MCM Exchange consultant with this – so here we go… If you configure a Send Connector (Exchange 2007 and 2010) or Exchange 2003 SMTP Connector…

  • Publishing ADFS Through ISA or TMG Server

    To enable single sign-on in Office 365 and a variety of other applications you need to provide a federated authentication system. Microsoft’s free server software for this is currently Active Directory Federation Server 2.0 (ADFS), which is downloaded from Microsoft’s website. ADFS is installed on a server within your organisation, and a trust (utilising trusted…

  • Creating Subject Alternative Name Certificates with Microsoft Certificate Server

    A new feature in digital certificates is the Subject Alternative Name property. This allows you to have a certificate for more than one URI (i.e. www.c7solutions.com and www.c7solutions.co.uk) in the same certificate. It also means that in web servers such as IIS you can bind this certificate to the site and use up only one…