Brian Reid – Microsoft MVP and Microsoft Certified Master
-
Unable To Update Defender Preferences
I was trying to add Microsoft Defender exceptions via PowerShell to a clients server (Windows Server 2016 if that matters) the other day and it was always failing – the error was: This was returning “Failed to modify preferences” on the Add-MpPreference cmdlet and the error code 0x80070073 To fix I needed to uninstall Windows…
-
Why Do Comments In Microsoft 365 Planner Disappear?
So first you need an Exchange Online mailbox for comments to work. Comments to the tasks of Plans are stored in the Microsoft 365 Group mailbox, and you need an Exchange Online mailbox to access the M365 Group mailbox. Behind the scenes, or actually not that behind the scenes, the process for comments is as…
-
Exchange Online Warning On Receipt Of New Email Sender
Released recently to no fanfare at all, Microsoft now has a SafetyTip that appears if you receive email from a first time recipient. Most often phish emails will come from an address you have never received email from before, and sometimes this email will try to impersonate people you communicate with or are internal to…
-
Microsoft 365 From A Raspberry Pi 400 Personal Computer
So my new computer arrived today, its a keyboard and a few cables, and as my first computer was a ZX Spectrum when I was 14, this brings back a few memories. But, is it usable today with services such as Microsoft 365? Lets see… First, the actual computer is in the keyboard, but its…
-
Enabling Better Mail Flow Security for Exchange Online
At Microsoft Ignite 2020, Microsoft announced support for MTA-STS, or Mail Transfer Agent Strict Transport Security. This is covered in RFC 8461 and it includes making TLS for mail flow to your domains mandatory whereas it is currently down to the decision of the sender. You can publish your SMTP endpoint and offer the STARTTLS…
-
Reporting on MTA-STS Failures
This article is a follow up to the Enabling Better Mail Flow Security for Exchange Online which discusses setting up MTA-STS and in this article we cover the reporting for MTA-STS. To get daily reports from each sending infrastructure to receive reports on MTA-STS you just create a DNS record in the following format: It…
-
Enable EOP Enhanced Filtering for Mimecast Users
Enhanced Filtering is a feature of Exchange Online Protection (EOP) that allows EOP to skip back through the hops the messages has been sent through to work out the original sender. Take for example a message from SenderA.com to RecipientB.com where RecipientB.com uses Mimecast (or another cloud security provider). The MX record for RecipientB.com is…
-
Mail Flow To The Correct Exchange Online Connector
In a multi-forest Exchange Server/Exchange Online (single tenant) configuration, you are likely to have multiple inbound connectors to receive email from the different on-premises environments. There are scenarios where it is important to ensure that the correct connector is used for the inbound message rather than any of your connectors. Here is one such example.…
-
What Is The Value of enrollmentProfileName
In Microsoft EndPoint Manager there are a few different device registration scenarios that make use of a property called device.enrollmentProfileName. To find and apply other settings (apps, config, etc) to these devices later on you need to have a Dynamic Device Group based on this property. The problem is the value of the property is…
-
Free Web Content Filtering With Microsoft Defender ATP
Well free as in you need an MDATP licence first, but as this used to be an add on feature on top of MDATP with an additional cost, this is now effectively free once you are licensed for MDATP. The feature enables your organisation to track and regulate access to websites based on their content…
-
Force Mailbox Migration With Bad Items To Complete (2020)
It used to be easy to complete an Exchange Server > Exchange Online move request that had bad items, but this has changed recently. In the last short while Move Requests (and Migration Batches) have begun to include a property called DataConsistencyScore If the result from the above is “Investigate” then you will not be…
-
Why is the Text in my Teams Background Back To Front
With Teams (and Zoom, and probably other video conferencing apps) as well as apps that add to the live camera image such Chromacam and Snap Camera in popular use, you might have noticed that all the example backgrounds have no text on them. So what happens when you or your company roll out a set…
-
Deploying Zoom Add-In To All Outlook Users
With the sudden change in working practices, a (large) number of companies has start to use Zoom as their video conferencing software. Though this software is not from Microsoft, that does not stop an Office 365 or Exchange Server administrator helping their users out in terms of scheduling Zoom meetings via an add-in in Outlook.…
-
Microsoft Teams Live Events For Running a Church Service
Or, how to run a Microsoft Teams Live Event with average technical capability presenters, or how to run a Microsoft Teams Live Event for events that you would not normally consider this service for! So with this title and alternative titles in mind we are going to look at how I set up and ran…
-
MFA, Admin Roles and AADConnect Sync Failures
Come Feb 29th 2020 and Microsoft are turning off the baseline security policies. If you used these policies to do MFA for all admins (as that was an easy way to achieve this), then a replacement Conditional Access rule might cause errors with AADConnect. The reason being is that you could create a new Conditional…
-
Blocking Apps With a Low Reputation
One of the benefits of Microsoft 365 is the interaction across many products and features to create services that otherwise you might not have available to you or need to implement unrelated and unconnected additional software and maybe client agents as well. Recently announced is an interaction between Windows Defender (client AV and other security…
-
Baseline Policy Replacements: Conditional Access MFA for Administrators
From Feb 29th 2020 Microsoft will remove the “baseline policies” from Azure AD. These were very useful in the past to enable blanket settings like MFA for all admin accounts (well, selected admin roles) and to disable legacy auth for the same admin roles. With the removal of the baseline policies you need to ensure…
-
Ignite 2019 Talks
I had the opportunity to speak at Microsoft Ignite 2019 and the below are the videos of the sessions: THR2047 Real-world hybrid Active Directory join and compliance in 20 minutes: One of the easy ways to secure your cloud journey is to ensure that the end user is on a company device. In this session,…
-
Impact of Removing SMS As an MFA Method In Azure AD
There are a number of general recommendations that SMS (text messages) as an MFA method is not a good idea (mainly to do with the ease of porting or moving devices the number is associated with). You should always be looking at MFA with an app (Microsoft Authenticator or other) or hardware device. But the…
-
MFA and End User Impacts
This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see…