Backtrack:  
 
showing posts tagged with 'office365'
 
by lunarg on March 12th 2018, at 12:01

A very useful blog article about killing active sessions to a compromised Office 365 account:

https://blogs.technet.microsoft.com/cloudyhappypeople/2017/10/05/killing-sessions-to-a-compromised-office-365-account/

by lunarg on December 19th 2017, at 09:11
Currently, it's not possible to set up HTML-based auto-reply messages on shared or resource mailboxes, as you cannot directly log on to OWA to set the message. Through Powershell, you can do this quite easily.

First, create two HTML-files containing your internal and external message. You do not have to specify the <html> and <body> tags. Save these to a convenient location. Be sure to save them as regular text files, with extension .txt.

Next, log on to Exchange Online management shell.

cd to the location of the two message files, and load them to variables:

$internalmessage = Get-Content -Path internalmessage.txt

$externalmessage = Get-Content -Path externalmessage.txt  ...
by lunarg on December 19th 2017, at 09:08
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.This is required in order to be able to sign in to Office 365.

Download and install Azure Active Directory Module for Windows PowerShell (64-bit version).Note: 32-bit users, see below.

Optionally, you can also download and install modules to manage Sharepoint Online and Skype for Business Online.

32-bit Azure AD Module
From October 20, 2014, the Azure Ac  ...
by lunarg on December 19th 2017, at 08:58
If you are using multi-factor authentication, it is not possible to use the old method of connecting to Exchange Online. You will have to install the Exchange Online Remote PowerShell Module, and use the Connect-EXOPSSession cmdlet to connect.

You can install the PowerShell module by following these instructions:

Log on to Exchange admin center.

In the left menu, click on hybrid.

Click the configure button for the Exchange Online Remote PowerShell Module. This will start the installation.

In the Application Install that appears, click the Install button.

A shortcut will be placed on your desktop which will start PowerShell with the required modules.

Start Exchange Online Remote PowerS  ...
by lunarg on September 15th 2017, at 14:25
On October 31 2017, RPC over HTTP will be deprecated in Office 365, as stated here. This means that older Outlook versions (those that use RPC over HTTP) will no longer be able to connect to Office 365. The reason for this is that RPC over HTTP will be replaced in favor of the much newer MAPI over HTTP.

This switchover has an impact on all (older) Outlook versions that do not have the required update (incorporating MAPI over HTTP) functionality installed. Only Outlook versions that get this update will be able to connect to Office 365, resulting in the following changes:

Outlook 2007: no longer supported (there is no update).

Outlook 2010: only supported with SP2 and KB 2878264 installed   ...
by lunarg on April 10th 2017, at 11:36

You can manually trigger Azure AD Connect to perform a sync cycle. Open a Powershell on the server running Azure AD Connect, then type:

  • Perform a delta sync:
    Start-ADSyncSyncCycle -PolicyType Delta
  • Perform a full sync:
    Start-ADSyncSyncCycle -PolicyType Initial
by lunarg on April 10th 2017, at 10:41

During the installation of Azure AD Connect, the registration of the Azure AD Connect Health for Sync-agent may fail. When this happens, you can manually register the agent by running this Powershell cmdlet:

Register-AzureADConnectHealthSyncAgent -AttributeFiltering $false -StagingMode $false

You need the credentials of an O365 account with Global Admin rights.

by lunarg on April 6th 2017, at 10:35
Differentiating users that are synchronized from an on-premise AD and users created in Office 365 is easy when logged in through the Office 365 Portal. When using Powershell, it's another matter. While there's a parameter for Get-MsolUser to show only synchronized users, the ability to filter on only cloud users is missing. However, as cloud-only users do not have the ImmutableID set, you can build your own filter.

This one's obvious:

Get-MsolUser -All -Synchronized

You can filter on ImmutableID as it's not set for cloud-only users:

Get-MsolUser -All | ? ImmutableID -eq $null

If you want to filter out external users (i.e. if you shared something in Sharepoint Online with users that aren  ...
by lunarg on January 23rd 2017, at 11:03
In a hybrid Exchange environment, you may get an error when attempting to log in to Office 365 when performing a management task involving Office 365. When clicking the "Sign in to Office 365" link, the following error is displayed:

critical error
The web page isn't loading correctly. Please reload the page by refreshing your browser.

Technical information: Unable to set the property "mkt" of a null reference or undefined

Not really a solution, but you can work around the issue by performing these steps:

In EAC, navigate to Hybrid.

Click Modify.

Click Sign in to Office 365, type in your Office 365 username and password.

Once logged in, click on the Enterprise tab and try per  ...
by lunarg on January 9th 2017, at 16:33
A new Powershell module, called Azure AD v2 is available to manage Office365 from Powershell, and is now the preferred method for managing Office365 tenants from Powershell. Unlike the older MSOnline module, you need to download and install this version from the Powershell Gallery, for which there is no direct download link.

Windows 10 already has the PowershellGet module needed to download modules from Powershell Gallery, so all you need to do is run the following in an elevated Powershell:

Install-Module AzureAD

You may get a message about NuGet provider is required to continue. You can safely confirm this.

Everything pre-Windows 10 and starting from Windows 7 SP1 and 2008R2 SP1, you n  ...
by lunarg on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

List mailboxes to which a user/group has access to:

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
by lunarg on June 30th 2016, at 13:11
When you migrated your mail from an on-premise Exchange to Office 365, and you did not (yet) uninstall Exchange and/or clean up AD, Outlook will still try to configure itself to connect to the on-premise Exchange when adding a new account, even though Autodiscover has been configured correctly (autodiscover.domain.tld pointing to autodiscover.outlook.com).

The reason for this is in the way how Outlook performs its autodiscovery attempts. The first step in the discovery process is trying to configure the account using Service Connection Point (SCP), which is defined in AD (or in rare cases, in the registry of the computer). As the SCP is still configured in AD/registry, Outlook will use thos  ...
by lunarg on April 8th 2016, at 15:57

In-place online archive, this means having your online archive readily available in Outlook, is only available if you have Office ProPlus or a standalone version of Outlook. Outlook from Office Standard (including Office365 Business Premium) does not provide access to the online archive, and as such, it can only be opened from OWA.

by lunarg on November 23rd 2015, at 10:47
You can block Office 2013 Click-To-Run (CTR) from automatically updating to 2016 through a policy (or registry if you're not in a domain).

If you have the Office 2013 Group Policy templates installed on your domain controller, you can use them to set a policy to disable automatic updating.

You can find the setting at:

Computer Configuration → Administrative Templates → Microsoft Office 2013 (Machine) → Updates

Set Enable Automatic Upgrade to Disabled.

You can also disable the upgrade by manually adjusting the registry.

In regedit, navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\15.0\common\officeupdate

Create a registry value:

Type: DWORD

...
by lunarg on November 5th 2015, at 10:49

The Office365 Admin portal clearly shows which users are synced to AD and which are cloud only. In Powershell, this is less clear. To find out which are cloud-only, you need to check the value of LastDirSyncTime. If it is empty, then the user was never synced from AD, and thus, is a cloud-only user.

Log on to your Office 365 tenant through Powershell, then run:

Get cloud-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -eq $null }

Get synchronized-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -ne $null }
by lunarg on October 19th 2015, at 12:59
When users change their passwords of their on-premise AD account, these changes are not replicated to Office365 (Azure AD). In the event log of the server running AD Sync, event 611 is logged:

Event ID 611
Password synchronization failed for domain: constoso.com.

Details:
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.

To resolve the issue, a registry setting has to be changed on the server running AD Sync, followed by a reboot:

On the server running AD Sync, open regedit.

Navigate to the key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ldap

Set the value of LdapClientIntegrity to 0.

Restart the se  ...
by lunarg on October 19th 2015, at 12:59
When running an Office 365 with Active Directory synchronisation from your on-premise domain, you may encounter the issue where passwords for one, some or all accounts do not sync anymore. This can particularly happen if changes were made to the configuration of the AD sync (such as change in OUs, change of rules, etc.).

If you're using Azure Active Directory Sync tool (old method) for synchronisation, on the server running AD sync, start Powershell, then run these:

Import-Module DirSyncSet-FullPasswordSyncRestart-Service FIMSynchronizationService -Force

Run the following Powershell script on the server running Azure AD Sync Service or Azure AD Connect:

$adConnector = "contoso.com&  ...
by lunarg on October 9th 2015, at 11:06
In larger environments, installing Office from Office365 can be tedious work. Because of how the installation works (Click-to-Run principal), every user would have to log on to Office365 Portal to download and run the installer, and then stream Office to each computer. From a management perspective, this isn't really a good idea. Luckily, Microsoft has updated their Office Deployment Tool to support Click-to-Run, and that includes Office365.

Using Office Deployment Tool to deploy Office365 is pretty straight-forward and does not require much in terms of dependencies or prerequisites. It is also possible to use the deployment tool to deploy Office365 through System Center Configuration Manag  ...
by lunarg on October 9th 2015, at 10:06
With the release of Office 2016, Microsoft has also released the Office 2016 Deployment Tool (download here).

New features for Office Deployment Tool:

Specify which update branch to use.

Specify which language accessory packs to install.

The download of Office Deployment Tool contains a sample configuration.xml. Check out the Reference for Click-to-Run configuration.xml file for a complete reference on what can be configured.

Aside of some minor additional options to the configuration XML, using the Office Deployment Tool hasn't change very much, so this article about how to configure and use Office Deployment Tool for Office 365 is still valid.

More information about updating to Offic  ...
by lunarg on August 24th 2015, at 16:20
Occasionally (usually once a year), you may have to renew your SSL certificate of your Active Directory Federation Services server, used for your Office 365 Single Sign-On setup. In past versions, this was done quite easily through IIS. However, since 2012 R2 (a.k.a. ADFS 3.0), ADFS no longer uses IIS and it gets a little bit more complicated.

Outlined in this short article are the steps you need to do in order to renew or replace your SSL certificate on a Windows 2012 R2 server, running ADFS 3.0.

First, renew or request a new SSL certificate through your Certificate Authority (such as GoDaddy, Enom, etc.). How to do this depends greatly on the CA. As ADFS on 2012 R2 no longer uses IIS, yo  ...
 
showing posts tagged with 'office365'