Brian Reid – Microsoft MVP and Microsoft Certified Master

  • Upgrade Teams Room Basic Licences To Teams Room Pro

    Upgrade Teams Room Basic Licences To Teams Room Pro

    Teams Room Pro licences come at a licence cost, but provide considerably more features than Teams Room Basic licences (which are free, and limited to 25 rooms per tenant). One of the features available in Teams Room Pro is dual display, and another is the Microsoft Teams Rooms Pro Management portal, but for me the…

  • Bulk Token Retrieval Failed

    Bulk Token Retrieval Failed

    The Windows Configuration Designer (WCD) application (installed from the Microsoft Store) allows you to bulk convert standalone Windows 10+ clients to Azure AD Joined clients, and if you have Intune auto-enroll enabled then the client will enrol with Intune as well. But there are a number of issues with this application that result in errors…

  • Entra ID and Parental Consent

    Entra ID and Parental Consent

    For organizations that store the data of young adults and children, and in some legal regions, adults who cannot consent to their own legal affairs, you need to record the Age Group for the user, along with any Consent Provided in the case of Minors. There are three categories of Age Group in Entra ID…

  • Migrating from AADConnect Sync to Entra Connect Cloud Sync Correctly

    Migrating from AADConnect Sync to Entra Connect Cloud Sync Correctly

    At the time of writing this blog post, the Microsoft guide for doing an AADConnect to Entra ID Cloud Sync migration is lacking quite a lot of detail. It contains the sum of two self referencing documents, one of which is a guide to doing the migration in a lab environment and the other is…

  • SharePoint Org Assets Library Missing Read Permissions for “Everyone Except External Users”

    SharePoint Org Assets Library Missing Read Permissions for “Everyone Except External Users”

    A SharePoint Organization Assets Library allows you to have a central location for Office templates, fonts and images. Various Microsoft 365 apps show this location when in use, for example when creating a new document in Word, the organization templates library can be listed as a source of templates. To create an Organization Assets Library…

  • Upgrading to Information Barriers v2

    Upgrading to Information Barriers v2

    Information Barriers are a compliance feature of Microsoft 365, and until March 2023 a version, now known as v1 or legacy mode Information Barriers was the only option in place. Legacy (v1) Information Barriers allowed a user to be a member of a single Information Barrier segment and so communications where limited between all users…

  • Seamless Office 365 Message Encryption (OME) Never Works

    Seamless Office 365 Message Encryption (OME) Never Works

    Microsoft 365 Purview Message Encryption, previously known as OME (Office Message Encryption) and before that Microsoft Rights Management, allows you to share protected email with anyone on any device. Users can exchange protected messages with other Microsoft 365 organizations, as well as third-parties using Outlook.com, Gmail, and other email services. The feature is part of…

  • Adding App Tokens To Intune From Apple Business Manager  (VPP)

    Adding App Tokens To Intune From Apple Business Manager (VPP)

    Documentation on this process is hard to come by. Either Microsoft says “download the Apple Business Manager location token (Apple VPP token) for your account” but does not say how, or other documentation covers other bits of the process, but not this step. So, how do you download and create a Apps Content Token so…

  • LAPS for Beginners

    LAPS for Beginners

    This is a simple blog post to outline how to turn on Windows LAPS via Intune to ensure that all your managed devices have a local admin account that has a unique password per device. A unique, and frequently changed, local admin password stops lateral movement by malicious actors from a compromised machine across some…

  • Domain Tenant Move and Device Join Issues

    Domain Tenant Move and Device Join Issues

    I discovered recently an issue following a tenant to tenant Microsoft 365/Azure AD migration. The issue was that devices would not enroll with Intune in the old tenant because the settings the device was getting was mixed up between the old and new tenants. In the case I had, the new tenant was not yet…

  • Post Tenant To Tenant Migration Calendaring Issues

    Post Tenant To Tenant Migration Calendaring Issues

    When you perform a Microsoft 365 tenant to tenant (T2T) migration and run a migration that is either staged over some time or sometime after the migration has completed you cutover the domains from the old tenant to the new tenant (that is, you were doing a rebrand and the new tenant had a new…

  • Blocking More Obvious Phish – Attachment Filtering

    Blocking More Obvious Phish – Attachment Filtering

    One relatively easy way to block some categories of phishing email is to block the attachment type that is sent with some of these messages. For example, I have had a few of these recently: Hovering over the attachment I see the filename, and it ends .shtml. This attachment is for server-side HTML (SSI includes…

  • Exchange Hybrid Wizard – New Tenants and Missing Errors

    Exchange Hybrid Wizard – New Tenants and Missing Errors

    Rumoured to be fixed end of June 2023 A short blog post on this issue – you see in the Microsoft Exchange Server Hybrid Configuration Wizard logs the following error “Connecting to remote server failed with the following error message: Connecting to remote server outlook.office365.com failed with the following error message : For more information,…

  • Adobe Creative Cloud and Conditional Access Restrictions

    Adobe Creative Cloud and Conditional Access Restrictions

    In Azure Active Directory it is possible to create Conditional Access rules that restrict applications to only running on company owned or managed devices. Conditional Access approves or rejects the login based on that knowledge – so what happens if the app in question is running on a company (managed or compliant) machine, but the…

  • More Frequent Quarantine Notifications in Exchange Online Protection

    More Frequent Quarantine Notifications in Exchange Online Protection

    Available from the end of April 2023 there is now an option to increase the notification interval to end users about items in the quarantine. The Microsoft 365 Quarantine is at https://security.microsoft.com/quarantine and though this is a good link to add corporate intranets, its also a useful one for users to remember and bookmark. Up…

  • Join Button Not Working In Teams

    Join Button Not Working In Teams

    If you have any URL rewriting software in place outside of Microsoft 365 (i.e. not Defender for Office Safe Links) then you may find that functionality such as the Join button in the Teams Calendar view is broken and the only way to join is via the URL to the meeting: The only way you…

  • Restricting OneDrive To Multiple Tenants

    Restricting OneDrive To Multiple Tenants

    You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization. But if you look at all the documentation and examples others…

  • Zoom For Intune 5003 and Network Connection Errors

    Zoom For Intune 5003 and Network Connection Errors

    This was an interesting error to track down and fix. Its probably not going to affect a lot of my readers, but its was an interesting problem to get to the bottom of and it might apply for any Intune based app and not just Zoom. The specific scenario I have is a tenant to…

  • Migrating MFA Settings To Authentication Methods

    Migrating MFA Settings To Authentication Methods

    Released to Azure AD in December 2022 there is now a process for migrating from the legacy MFA methods and Self-Service Password Reset (SSPR) authentication methods to the unified Authentication Methods policies in Azure AD. This migration window is open until Jan 2024 when the legacy methods will be disabled. This change will allow you…

  • Managing Hybrid Exchange Online Without Installing an Exchange Server

    Managing Hybrid Exchange Online Without Installing an Exchange Server

    In April 2022 Microsoft finally released the ability to manage Active Directory synced attributes (Hybrid Identity) to Azure Active Directory for Exchange without a full Exchange Server installation. Instead, you install the Exchange Management Tools (EMT). You need to install Exchange Server 2019 CU12 or later to do this, and you either uninstall your existing…

  • Conditional Access in Defender for Cloud (MCAS)

    I was asked this question last week at Microsoft Ignite following a talk that I did, and as it was a question it was clearly not as clear cut as maybe I thought it was. The question was, “why is Conditional Access found in Azure AD and Defender for Cloud?” (Defender for Cloud was previously…