Category: Azure

New Microsoft French Datacenters:

  • 3 new datacenters in Paris working synchronously + 1 datacenter in Marseille working asynchronously with Paris.

Interesting in the context of GDPR rules and sovereign data. But also important will be the Multi-Geos offer coming to provide worldwide presence:

Control where each user’s data is stored

  • Meet your data residency needs in the cloud by storing your Office 365 data at-rest, on a per-user basis, in chosen Office 365 datacenter geographies

Empower global collaboration

  • Migrate from on-premises to a single Office 365 tenant and enable a unified communication & collaboration experience across your company

Supported DATA: Exchange, Sharepoint, Onedrive

Some links:

Microsoft Trust Center

Data Resiliency in Microsoft Office 365

Cloud for Good

LinkedIn: Yes, you can put your toxic data in Office 365


By default Microsoft does not provide tools to migrate OneDrive; sharpoint; exchange mailboxes data from a tenant to another tenant: Here is the lList of software vendors for Azure/Office 365 tenant data migrations:





cloud fastpath by tervela




cloud migrator 365






Deciding which protocol to use for which service

The key distinguishing factor for our service will be found in the URL of the resource… If our URL looks like X, then it is a Y service, and you use Z tool to get to it

URL Service Type Cmdlet
Ends in .asmx or ?WSDL SOAP New-WebServiceProxy
Contains API, especially api/v2 REST Invoke-RESTMethod
Ends in .php PHP/Form Invoke-WebRequest

REST v. Soap, whats the difference?

Both REST and SOAP are simply methods of accessing information presented via web services. It will suffice to say that REST is now in vogue, and is generally believed to be easier to use and manage than SOAP, which tends to be a bit heavier on XML.

“A nice analogy for REST vs. SOAP is mailing a letter: with SOAP, you’re using an envelope; with REST, it’s a postcard. ”


Working with Web Services, SOAP, PHP and all the REST with PowerShell

Office 365 – Microsoft Teams

Related Links and resources:

TEAMS and permissions:

SharePoint Site behind TEAMS:


Those laptops must run the latest Windows 10 OS with all the new security features and security best practices like:

  • Apply a Hardening Security Baseline from Microsoft Security Compliance Manager (SCM)
  • Enable Secure Boot with UEFI
  • Impose Software Restrictions using AppLocker
  • Enable Full Disk Encryption.
  • Impose Restrictions on USB ports.
  • Implement Network Isolation via host firewall
  • Install and configure the Device Guard, Windows defender ATP or equivalent + Crowdstrike or equivalent
  • Don’t allow Internet access from a browser.
  • Install Minimal Software.
  • Allow Minimal Administrative Accounts (gad-xxxx accounts in our case)
  • Implement a Hardened OU for the PAWs into the GAD of MUCMSPDOM


Office 365 Groups

Office 365 groups:

Manage Office 365 groups with PowerShell:

Allow/Block guest access to Office 365 groups:

Office 365 groups naming policies: (I know how to use PowerShell to apply naming convention for new and current groups and blacklisting words in group names!)


PowerShell connection to exchange online:

Office 365 group => management using PowerShell => not part of AzureAD or MSOnline module => only available online ! But need Basic authentication on the client:

PS C:\WINDOWS\system32> Set-ExecutionPolicy -scope currentUser RemoteSigned

PS C:\WINDOWS\system32> $UserCredential = Get-Credential     <== do not use an account with Azure MFA enabled

Note: if you are using Azure MFA to connect to Exchange online, follow this article:

PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

In case of problem due to Message: “The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration”

PS E:\–DEV WORK–> winrm get winrm/config/client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false [Source=”GPO”]
Basic = false [Source=”GPO”]
Digest = false [Source=”GPO”]
Kerberos = true [Source=”GPO”]
Negotiate = true [Source=”GPO”]
Certificate = true
CredSSP = true [Source=”GPO”]
HTTP = 5985
HTTPS = 5986


Import-PSSession $Session

ModuleType Version    Name                                ExportedCommands
———- ——-    —-                                —————-
Script     1.0        tmp_0gtrs5dm.juw                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-MailboxFolderPermission, Add-MailboxLocation…}

PS C:\WINDOWS\system32> Get-Mailbox | Get-MailboxStatistics


For Office 365 groups:


PS C:\WINDOWS\system32> get-unifiedgroup “All Guest users”

After your work, dont forget to stop the remote session:

Remove-PSSession $Session

To monitor activityID and ADFS in general:

The module file name is ADFSDiagnostics.psm1, is located under “%programfiles%\Microsoft AD Health Agent\Microsoft AD Diagnostics Service”. Note that it requires elevated access, and PowerShell 4.0 to run. Below are the cmdlets available in the module:

PS C:\Program Files\Microsoft AD Health Agent\Microsoft AD Diagnostics Service> Get-Command -Module ADFSDiagnostics

Monitor ActivityID:

Sometimes it is useful to have it in a table format. For that, use the parameter OutHtmlFilePath, and the cmdlet will format the output to an HTML file and opens up the browser:

import-module ADFSDiagnostics.psm1

Get-AdfsServerTrace -ActivityId 00000000-0000-0000-ce70-0080000000df -OutHtmlFilePath .\report.htm




Did you see on the top of the URL below:

that you can subscribe to a RSS feed to be notified of the changes

and you can download the PAC or XML file:

Else using PowerShell scripts:

If you’re looking for a deep-dive course on strategic approaches to building better cybersecurity defenses in your organization, look at the Microsoft Cybersecurity Reference Architecture.

Planning and implementing a security strategy to protect a hybrid of on-premises and cloud assets against advanced cybersecurity threats is one of the greatest challenges facing information security organizations today. Microsoft has built a set of strategies and integrated capabilities to help you solve these challenges and is continuing to invest in making this easier.

This training course explore real-life use cases to help address your organization’s security issues, and offer guidance on protecting an enterprise that spans cloud and mobile devices outside your network controls. Explore common challenges and recommended approaches for threat protection, building an identity-based security perimeter, information protection, and software as a service (SaaS) security. Plus, take a look at device and datacenter security, along with threat detection along the kill chain.

The course outline includes:

  • Overview
  • Building an Identity Security Perimeter
  • Threat Detection
  • Server and Azure Security

Watch the deep dive