Latest Entries »

About Office 365 message encryption:

New Office 365 Message Encryption capabilities built on top of Azure Information Protection, your organization can use protected email communication with people inside and outside your organization. The new OME capabilities work with other Office 365 organizations,, Gmail, and other email services

OME How to:



Those laptops must run the latest Windows 10 OS with all the new security features and security best practices like:

  • Apply a Hardening Security Baseline from Microsoft Security Compliance Manager (SCM)
  • Enable Secure Boot with UEFI
  • Impose Software Restrictions using AppLocker
  • Enable Full Disk Encryption.
  • Impose Restrictions on USB ports.
  • Implement Network Isolation via host firewall
  • Install and configure the Device Guard, Windows defender ATP or equivalent + Crowdstrike or equivalent
  • Don’t allow Internet access from a browser.
  • Install Minimal Software.
  • Allow Minimal Administrative Accounts (gad-xxxx accounts in our case)
  • Implement a Hardened OU for the PAWs into the GAD of MUCMSPDOM

Office 365 pro plus troubleshooting


To get the information about Office 365 Pro Plus products on a computer, we can use ospp.vbs script:

1)Determine whether the 32-bit or 64-bit version of Office 365 ProPlus is installed. To do this, open an Office 365 ProPlus application, such as Word, and choose File > Account > About {name of app}. 64-bit or 32-bit is displayed next to the application version.

2)Determine whether the computer has the 32-bit or 64-bit version of Windows installed. To do this, press the Windows logo key+E, then choose System properties or Computer > System properties. Under System, the System type property will indicate either a 32-bit or 64-bit operating system.

3)Open a command prompt and type one of the following commands, depending on your versions of Windows and Office:

  • If the 32-bit version of Office 365 ProPlus is installed on the 32-bit version of Windows:cscript.exe "%ProgramFiles%\Microsoft Office\Office15\"ospp.vbs /dstatus
  • If the 32-bit version of Office 365 ProPlus is installed on the 64-bit version of Windows:cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office15\"ospp.vbs /dstatus
  • If the 64-bit version of Office 365 ProPlus is installed on the 64-bit version of Windows:cscript.exe "%ProgramFiles%\Microsoft Office\Office15\"ospp.vbs /dstatus

4)Review the LICENSE STATUS. The following table describes what each status means.

License status Description
OOB_GRACE Office 365 ProPlus was recently installed and is fully functional, but hasn’t been activated yet. The user is prompted to enter user ID credentials to activate Office 365 ProPlus.
LICENSED Office 365 ProPlus is fully functional and activated.
EXTENDED_GRACE Office 365 ProPlus is fully functional but at risk of going into reduced functionality mode. This status lasts for 30 days and indicates that the product key wasn’t successfully re-activated. In most cases, this means the computer hasn’t connected to the Internet for some time and Office 365 hasn’t had an opportunity to validate the license.
NOTIFICATIONS Office 365 ProPlus is in reduced functionality mode, and displays messages that the user needs to reactivate.


Office 365 Groups

Office 365 groups:

Manage Office 365 groups with PowerShell:

Allow/Block guest access to Office 365 groups:

Office 365 groups naming policies: (I know how to use PowerShell to apply naming convention for new and current groups and blacklisting words in group names!)


PowerShell connection to exchange online:

Office 365 group => management using PowerShell => not part of AzureAD or MSOnline module => only available online ! But need Basic authentication on the client:

PS C:\WINDOWS\system32> Set-ExecutionPolicy -scope currentUser RemoteSigned

PS C:\WINDOWS\system32> $UserCredential = Get-Credential     <== do not use an account with Azure MFA enabled

Note: if you are using Azure MFA to connect to Exchange online, follow this article:

PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

In case of problem due to Message: “The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration”

PS E:\–DEV WORK–> winrm get winrm/config/client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false [Source=”GPO”]
Basic = false [Source=”GPO”]
Digest = false [Source=”GPO”]
Kerberos = true [Source=”GPO”]
Negotiate = true [Source=”GPO”]
Certificate = true
CredSSP = true [Source=”GPO”]
HTTP = 5985
HTTPS = 5986


Import-PSSession $Session

ModuleType Version    Name                                ExportedCommands
———- ——-    —-                                —————-
Script     1.0        tmp_0gtrs5dm.juw                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-MailboxFolderPermission, Add-MailboxLocation…}

PS C:\WINDOWS\system32> Get-Mailbox | Get-MailboxStatistics


For Office 365 groups:


PS C:\WINDOWS\system32> get-unifiedgroup “All Guest users”

After your work, dont forget to stop the remote session:

Remove-PSSession $Session

 External access for Office 365 applications:


To monitor activityID and ADFS in general:

The module file name is ADFSDiagnostics.psm1, is located under “%programfiles%\Microsoft AD Health Agent\Microsoft AD Diagnostics Service”. Note that it requires elevated access, and PowerShell 4.0 to run. Below are the cmdlets available in the module:

PS C:\Program Files\Microsoft AD Health Agent\Microsoft AD Diagnostics Service> Get-Command -Module ADFSDiagnostics

Monitor ActivityID:

Sometimes it is useful to have it in a table format. For that, use the parameter OutHtmlFilePath, and the cmdlet will format the output to an HTML file and opens up the browser:

import-module ADFSDiagnostics.psm1

Get-AdfsServerTrace -ActivityId 00000000-0000-0000-ce70-0080000000df -OutHtmlFilePath .\report.htm




Full article:

Topic #1: What is the purpose of this tool as opposed to other tools available?

This certainly should be the first question. This tool is focused toward delivering an easy to understand approach to obtaining network captures on remote machines utilizing PowerShell and PowerShell Remoting.

I often encounter scenarios where utilizing an application such as Message Analyzer, NETMON, or Wireshark to conduct network captures is not an option. Much of the time this is due to security restrictions which make it very difficult to get approval to utilize these tools on the network. Alternatively, it could be due to the fact that the issue is with an end user workstation who might be located thousands of miles from you and loading a network capture utility on that end point makes ZERO sense, much less trying to walk an end user through using it. Now before we go too much further, both Message Analyzer and Wireshark can help on these fronts. So if those are available to you, I’d recommend you look into them, but of course only after you’ve read my entire post.

Topic #2: Where can I get this tool?



One of the easiest way to remove the expired SSL Certificate from the Exchange server is using the Powershell command.
When any of the Certificate installed in it get expired , the Outlook starts showing the Security alert. To get rid of that Security alert we need to remove the Expired Exchange Certicate and should install the new one if required.

A) Identify all the Expired Certificates from the Exchange


This command will show all the certificates that were installed in Exchange Server with the Expiry date.  Find out the Certificate whose date is expired.

After finding out the Expired Exchange Certificate, remove them if you want. The Powershell command used to carry out the process is  Remove-ExchangeCertificate. The Syntax of the command is given below: –

The highlighted dates indicate that the date of the Certificate has been expired.

B) Run Remove-Exchange Certificate Command:

Now run Remove-ExchangeCertificate Command along with the thumbprint to remove the expired certificate from the Exchange

Did you see on the top of the URL below:

that you can subscribe to a RSS feed to be notified of the changes

and you can download the PAC or XML file:

Else using PowerShell scripts: