Turn Off Self-Service Purchases in Microsoft 365

Microsoft 365 has a route for users to buy their own products rather than products purchased and licenced by the company. This blog outlines how to turn this off. Install the MSCommerce PowerShell module with Install-Module MSCommerce Connect to the MSCommerce endpoint with Connect-MSCommerce and login with the administrator account List all the products you… Continue reading Turn Off Self-Service Purchases in Microsoft 365

MFA and End User Impacts

This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see… Continue reading MFA and End User Impacts

Read Only And Document Download Restrictions in SharePoint Online

Both SharePoint Online (including OneDrive for Business) and Exchange Online allow a read only mode to be implemented based on certain user or device or network conditions. For these settings in Exchange Online see my other post at https://c7solutions.com/2018/12/read-only-and-attachment-download-restrictions-in-exchange-online. When this is enabled documents can be viewed in the browser only and not downloaded. So… Continue reading Read Only And Document Download Restrictions in SharePoint Online

Improving Password Security In the Cloud and On-Premises

Passwords are well known to be generally insecure the way users create them. They don’t like “complex” passwords such as p9Y8Li!uk%al and so if they are forced to create a “complex” password due to a policy in say Active Directory, or because their password has expired and they need to generate a new one, they… Continue reading Improving Password Security In the Cloud and On-Premises

Azure AD Single Sign-On Basic Auth Popup

When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018… Continue reading Azure AD Single Sign-On Basic Auth Popup

Exchange Online Migration Batches–How Long Do They Exist For

When you create a migration batch in Exchange Online, the default setting for a migration is to start the batch immediately and complete manually. So how long can you leave this batch before you need to complete it? As you can see from the below screenshot, the migration batch here was created on Feb 19th,… Continue reading Exchange Online Migration Batches–How Long Do They Exist For

The New Rights Management Service

This blog is the start of a series of articles I will write over the next few months on how to ensure that your data is encrypted and secured to only the people you want to access it, and only for the level of rights you want to give them. The technology that we will… Continue reading The New Rights Management Service

Installing and Configuring AD RMS and Exchange Server

Earlier this week at the Microsoft Exchange Conference (MEC 2012) I led a session titled Configuring Rights Management Server for Office 365 and Exchange On-Premises [E14.314]. This blog shows three videos covering installation, configuration and integration of RMS with Exchange 2010 and Office 365. For Exchange 2013, the steps are mostly identical. Installing AD RMS… Continue reading Installing and Configuring AD RMS and Exchange Server

Creating GeoDNS with Amazon Route 53 DNS

UPDATE: 13 Aug 2014 – Amazon Route 53 now does native GeoDNS within the product – see Amazon Route 53 GeoDNS Routing Policy A new feature to Exchange 2013 is supported use of a single namespace for your global email infrastructure. For example mail.contoso.com rather than different ones for each region such as uk-mail.contoso.com; usa-mail.contoso.com… Continue reading Creating GeoDNS with Amazon Route 53 DNS

How To Speed Up Exchange Server Transport Logging

In Exchange 2010 SP1 and later any writing to the transport log files for activity logging (not the transaction logging on the mail.que database) is cached in RAM and written to disk every five minutes. In a lab environment you might be impacted by this as you might have sent an email and want to… Continue reading How To Speed Up Exchange Server Transport Logging

Highly Available Geo Redundancy with Outbound Send Connectors in Exchange 2003 and Later

This is something I’ve been meaning to write down for a while. I wrote an answer for this question to LinkedIn about a week ago and I’ve just emailed a MCM Exchange consultant with this – so here we go… If you configure a Send Connector (Exchange 2007 and 2010) or Exchange 2003 SMTP Connector… Continue reading Highly Available Geo Redundancy with Outbound Send Connectors in Exchange 2003 and Later

Publishing ADFS Through ISA or TMG Server

To enable single sign-on in Office 365 and a variety of other applications you need to provide a federated authentication system. Microsoft’s free server software for this is currently Active Directory Federation Server 2.0 (ADFS), which is downloaded from Microsoft’s website. ADFS is installed on a server within your organisation, and a trust (utilising trusted… Continue reading Publishing ADFS Through ISA or TMG Server

Creating Subject Alternative Name Certificates with Microsoft Certificate Server

A new feature in digital certificates is the Subject Alternative Name property. This allows you to have a certificate for more than one URI (i.e. www.c7solutions.com and www.c7solutions.co.uk) in the same certificate. It also means that in web servers such as IIS you can bind this certificate to the site and use up only one… Continue reading Creating Subject Alternative Name Certificates with Microsoft Certificate Server