Categories
AADConnect AADSync Azure AD AzureAD baseline conditional access MFA

MFA, Admin Roles and AADConnect Sync Failures

Come Feb 29th 2020 and Microsoft are turning off the baseline security policies. If you used these policies to do MFA for all admins (as that was an easy way to achieve this), then a replacement Conditional Access rule might cause errors with AADConnect. The reason being is that you could create a new Conditional […]

Categories
Advanced Threat Protection Azure Active Directory Azure AD Deployment EM+S Endpoint Manager Intune mcas mdatp MDM Microsoft Cloud App Security Microsoft Defender Advanced Threat Protection Mobile Device Management Web Application Proxy

Blocking Apps With a Low Reputation

One of the benefits of Microsoft 365 is the interaction across many products and features to create services that otherwise you might not have available to you or need to implement unrelated and unconnected additional software and maybe client agents as well. Recently announced is an interaction between Windows Defender (client AV and other security […]

Categories
Authentication Azure Active Directory Azure AD AzureAD conditional access

Baseline Policy Replacements: Conditional Access MFA for Administrators

From Feb 29th 2020 Microsoft will remove the “baseline policies” from Azure AD. These were very useful in the past to enable blanket settings like MFA for all admin accounts (well, selected admin roles) and to disable legacy auth for the same admin roles. With the removal of the baseline policies you need to ensure […]

Categories
2FA Azure Active Directory Azure AD MFA security self-service password reset smartphone sms text message

Impact of Removing SMS As an MFA Method In Azure AD

There are a number of general recommendations that SMS (text messages) as an MFA method is not a good idea (mainly to do with the ease of porting or moving devices the number is associated with). You should always be looking at MFA with an app (Microsoft Authenticator or other) or hardware device. But the […]

Categories
app password ATP Authentication Azure Azure Active Directory Azure AD Azure Information Protection AzureAD conditional access EM+S email enterprise mobility + security management mcm mcsm MFA microsoft modern authentication multi-factor auth Multi-Factor Authentication sspr

MFA and End User Impacts

This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see […]

Categories
booking calendar exchange online Outlook places room

Making Your Office 365 Meeting Rooms Accessible

Or How to Use Set-Place to Configure Your Meeting Rooms or How Wheelchair Users Can Find The Best Meeting Rooms In Your Organization etc. – there are many different titles I can think of for this blog post. They are all to do with setting useful properties against your meeting rooms so that your users […]

Categories
Authentication Azure Active Directory Azure AD AzureAD FIDO modern authentication Multi-Factor Authentication password yubikey

Getting Rid of Passwords in Azure AD / Office 365

This article is based on the public preview of the use of hardware tokens/Microsoft Authenticator to do sign-in without passwords released in July 2019 Using Microsoft Authenticator for Passwordless Sign-in You used to be able to do this by running the following in PowerShell for the last few years New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault […]

Categories
2013 2016 Exchange Server ndr rules transport

Exchange Transport Rules Corrupt On Installing New Exchange Server Version

When you install Exchange Server into an existing Exchange organization, your existing configuration typically remains intact and associated with the previous servers and some configuration, that is global in nature, also works across both versions. I can across a scenario where this does not work the other day. The scenario was the installation of Exchange […]

Categories
Azure Active Directory Azure AD conditional access enterprise mobility + security Office 365 security self-service password reset sspr

Register For Azure AD MFA From On-Premises Or Known Networks Only

A long request within Azure AD/Office 365 has been the request to be able to register your security info from a known location or only on certain other conditions. Well it looks like this has appeared in Azure AD in the last few days!! Its visible under Azure AD > Conditional Access > New/Existing Policy […]

Categories
cyber bullying exchange exchange online Exchange Server offensive Office 365 supervision

Review and Audit Offensive Language in Office 365 Communications

A new feature as of May 2018 in Office 365 is to filter communications based upon the offensive language machine learning filter. This is part of the Supervision settings that have been available for a number of years. The Offensive Language model uses a combination of machine learning, artificial intelligence, and keywords to identify inappropriate […]

Categories
2016 2019 autodiscover autodiscover v2 calendar exchange exchange online Exchange Server Microsoft Teams Teams

Teams Calendar Fails To On-Premises Mailbox

Article Depreciated: Microsoft now auto-hides the Calendar icon in Teams if your on-premises Exchange Server is not reachable via AutoDiscover V2 and at least Exchange Server 2016 CU3 or later. Once you move your mailbox to Exchange Online (or a supported on-premises version), assuming you did not do any of the below, your Calendar icon […]

Categories
AADConnect AADSync active directory Azure Active Directory Azure AD compliance conditional access device download enterprise mobility + security exchange online microsoft Office 365 OneDrive OneDrive For Business sharepoint

Read Only And Document Download Restrictions in SharePoint Online

Both SharePoint Online (including OneDrive for Business) and Exchange Online allow a read only mode to be implemented based on certain user or device or network conditions. For these settings in Exchange Online see my other post at https://c7solutions.com/2018/12/read-only-and-attachment-download-restrictions-in-exchange-online. When this is enabled documents can be viewed in the browser only and not downloaded. So […]

Categories
calendar exchange online Exchange Server monthly channel Office 365 Office 365 ProPlus Outlook semi-annual channel

Save Time! Have All Your Meetings End Early [or start late]

Updated April 22nd 2021 with new global default settings I am sure you have been in a meeting, where the meeting end time rolls around and there is a knock at the door from the people who want the meeting room now, as their meeting time has started and yours has finished. What if you […]

Categories
activesync android email exchange exchange online Exchange Server iPad iPhone

Too Many Folders To Successfully Migrate To Exchange Online

Exchange Online has a limit of 10,000 folders within a mailbox. If you try and migrate a mailbox with more than this number of folders then it will fail – and that would be expected. But what happens if you have a mailbox with less than this number of folders and it still fails for […]

Categories
exchange online Exchange Server mailbox move networking

Exchange Move Requests | Large Items | And Setting TCP KeepAliveTime To A Large Value

I have seen this situation a number of times. A large mailbox (or mailbox and archive) wont move to the target because the process of checking what the changes are in the mailbox take too long, the network or Exchange Server times out the users move and then reports the mailbox is locked. The fix […]

Categories
2013 2016 exchange Exchange Server update upgrade

bin/ExSMIME.dll Copy Error During Exchange Patching

I have seen a lot of this, and there are some documents online but none that described what I was seeing. I was getting the following on an upgrade of Exchange 2013 CU10 to CU22 (yes, a big difference in versions):      The following error was generated when “$error.Clear();           $dllFile = join-path $RoleInstallPath “bin\ExSMIME.dll”;           $regsvr […]