Exchange/EXO/Outlook performance and troubleshooting

Troubleshooting Logs and Tools https://blogs.technet.microsoft.com/exchange/2016/05/31/checklist-for-troubleshooting-outlook-connectivity-in-exchange-2013-and-2016-on-premises/ SaRA tool to assess OUTLOOK client: https://diagnostics.outlook.com/#/ Also on CTRL + right click on OUTLOOK icon on the system tray! to get the connection status Test connectivity from outside using: https://testconnectivity.microsoft.com/ Also check potential source of problems: Check ADFS policies Check set-CASmailbox – (post authentication) ; if POP or imapContinue reading “Exchange/EXO/Outlook performance and troubleshooting”

Microsoft – Reminders of Good Information Sources

Microsoft Security Response Center: Protection, detection, and response. Malware Protection Center: The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft’s range of security products and services. With laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new malicious andContinue reading “Microsoft – Reminders of Good Information Sources”

Azure AD B2B resources

https://docs.microsoft.com/fr-fr/azure/active-directory/b2b/what-is-b2b The partner uses their own identities and credentials; Azure AD is not required. You don’t need to manage external accounts or passwords. You don’t need to sync accounts or manage account lifecycles. Managing externals: https://predica.pl/blog/guests-in-the-cloud-how-to-safely-manage-external-users-using-azure-ad-b2b/ SharePoint Online Azure AD B2B – Custom email invites for users using PowerShell Powershell to invite B2B users: https://github.com/Azure/azure-docs-powershell-azuread/blob/master/azureadps-2.0/AzureAD/New-AzureADMSInvitation.md https://www.adamfowlerit.com/2017/03/azure-ad-b2b-powershell-invites/Continue reading “Azure AD B2B resources”

Security – Privileged Admins workstation (PAW)

Securing Privileged Access: http://aka.ms/privsec http://aka.ms/credtheftdemo Microsoft technet guide: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations MS Sites: https://Aka.ms/cyberPAW https://Aka.ms/SPAroadmap https://Aka.ms/breakglass Requirements: Microsoft technet guide: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations Those laptops must run the latest Windows 10 Operating System with all the new security features and security best practices like: Apply a Hardening Security Baseline from Microsoft Security Compliance Manager (SCM) or Security Compliance ToolkitContinue reading “Security – Privileged Admins workstation (PAW)”

Security – knowledge center, web sites, tips and tricks

A collection of security articles and web sites, KB, tips and tricks especially for System and Network Administrators, DevOps, Pentesters or Security Researchers. https://github.com/trimstray/the-book-of-secret-knowledge   hacking web sites: https://thehackernews.com/ https://www.bleepingcomputer.com/ https://www.zataz.com/   Passwords databases: https://haveibeenpwned.com/ https://www.dehashed.com/ https://ghostproject.fr/ https://leaksify.com/   The Cyber Swiss Army Knife – a web app for encryption, encoding, compression and data analysis:Continue reading “Security – knowledge center, web sites, tips and tricks”

AADConnect and disabled AD user accounts

By default Azure AD connect will synchronize disabled accounts from AD to AAD. It is normal and is it recommended due to Exchange hybrid and EXO requirements.   It is possible to create a custom rule on AD Sync rules editor to not synchronize disabled AD accounts: https://spanougakis.wordpress.com/2016/02/28/how-to-stop-disabled-user-accounts-from-syncing-with-azure-ad-connect/  

Office 365 – Assigning licenses

Managing licenses with AzureAD module: https://practical365.com/blog/managing-office-365-licenses-with-azure-ad-v2-powershell-module/   Managing licenses with MSonline module: https://gcits.com/knowledge-base/get-office-365-users-specific-license-type-via-powershell/ https://www.morgantechspace.com/2018/02/check-if-office-365-user-is-licensed-or-not-powershell.html   Assign licenses with AzureAD groups: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-assignment-azure-portal      

Microsoft Message Analyzer resources

Basic network capture methods: https://blogs.technet.microsoft.com/askpfeplat/2016/12/27/basic-network-capture-methods/ Network Monitor 3.4 (Netmon) – https://www.microsoft.com/en-us/download/details.aspx?id=4865 (NOTE: Network Monitor is no longer under active development) Wireshark (v 2.2.2 as of 11/16/16) – https://wireshark.org/#download Netsh Trace – built-in to operating system Microsoft Message Analyzer (MMA) (v 1.4 as of 6/13/16) – https://www.microsoft.com/en-us/download/details.aspx?id=44226 Message analyzer operating guide: http://technet.microsoft.com/en-us/library/jj649776.aspx How to message analyzerContinue reading “Microsoft Message Analyzer resources”

AADConnect filtering options

With AAD Connect, https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-configure-filtering/ The following filtering configuration types can be applied to the Directory Synchronization tool: Group based: Filtering based on a single group can only be configured on initial install using the installation wizard. It is not further covered in this topic. Domain-based: This option enables you to select which domains will synchronizeContinue reading “AADConnect filtering options”

Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress

As we prepare for the migration from on-premises Skype for Business to Skype for Business Online, there are a few important considerations to bear in mind before you take the leap. I will be covering these in a series of posts (hopefully), today I want to share with you a common scenario we will faceContinue reading “Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress”