Saturday, January 20, 2018

Windows Autopilot Deployment heading to Azure portal

image

If you go to Intune in the Azure Portal, then select Device enrollment, then Windows enrollment, you see some new options for Windows Autopilot deployment as shown above.

If you need a refresher on where the settings where originally check out my previous article:

Introduction to Windows Autopilot

image

The above is what the deployment profiles option look like when you go there.

Here’s what it looks like in the original Business portal.

image

There isn’t a place to upload the machine identification file as yet in Azure as you can see here:

image

However, I would assume that it is coming.

So, keep your eyes posted to the Azure portal for more additions for Windows Autopilot.

Friday, January 19, 2018

Adding Apple MDM push certificate to Intune

When you start using Intune with services like Microsoft 365 Enterprise or stand alone you’ll need to add an Apple MDM push certificate to allow iOS devices to be managed by Intune. If you don’t, you’ll get errors when you try and add these devices.

Here’s how you create and add an Apple certificate to Intune.

clip_image001

When you initially go into Intune via the Azure portal you’ll need to set the Mobile Device Management Authority as shown above. Simply select the option for Intune MDM Authority and the Choose button to save the choice.

clip_image001[6]

In the list of Intune options, under the Manage heading, select Device enrollment.

clip_image001[8]

From the blade that appears, select Apple enrollment from the menu and the right side will then show a number of boxes.

clip_image001[10]

Select the box in the top left that should have the heading Apple MDM Push Certificate.

clip_image001[12]

Another blade will open. Under Step 1, select the Download your CSR hyperlink.

This will prompt you to save a file called IntuneCSR.csr to your computer.

clip_image001[14]

In Step 2, select the hyperlink Create your own MDM push certificate.

image

This will open a new tab in your browser and take you to the above Apple site. You’ll need to have or create an Apple ID to login here.

clip_image001[16]

You’ll need to accept the Terms of Use.

clip_image001[18]

You’ll need to create a new certificate. To do so, select the option to Browse at the bottom of the window as shown above.

Navigate to the certificate file you downloaded from the Intune portal previously.

Then select Upload.

clip_image001[20]

Next, select to Download the certificate created by the Apple site.

clip_image001[22]

Return to the Intune portal and insert the Apple ID you used to create the certificate in Step 3.

In Step 4, upload the Apple certificate.

When complete, select the Upload button at the bottom of the page.

clip_image001[24]

When you now look at the Intune portal the Apple MDM Push Certificates should now show a green tick, as shown above. This will now allow you to place iOS devices under Intune management.

image

Tuesday, January 16, 2018

Office 365 Cloud App Discovery

In today’s security environment it is really no longer possible for human beings to manage security, it typically needs to be out sourced to software. Signature based security is too slow to keep up with constantly changing attacks and the best way is to look for anomalies in behaviour patterns.

Office 365 Cloud App Security is service that is included in E5 licenses but also available as a separate stand alone purchase (called Microsoft Cloud App Security in the store). Unfortunately, you can’t add Office 365 Cloud App Security to Business plans only Enterprise plans.

Basically, Office 365 Cloud App Security allows you to configure policies that trigger alerts for specific activity as well as suspending accounts exhibiting suspicious activity. Let’s see how.

image

To get to Office 365 Cloud App Security you need to navigate to the Security & Compliance Center as an Office 365 administrator. Open the Alerts heading on the left and select Manage advanced alerts from the options that appear.

On the right you will see a check box to Turn on Office 365 Cloud App Security.

image

Once this has been selected you will be able to select the button to Go to Office 365 App Security.

image

On this page you may see a number of policies in place already. Here, I’m going add a new policy. To get to this page again I select the Control option from the menu across the top of the page and then Policies from the items that appear.

To add a policy I now select the Create Policy button on the right as shown above, and then Activity policy from the items that appear. You may have less items in this list, it depends on what licenses you have in place for your tenant.

image

For the Policy Template option I am going to select from a list of pre existing templates and use the Logon from a risky IP address which is described as:

Alert when a user logs on to your sanctioned apps from a risky IP address. By default, the Risky IP address category contains addresses that have IP address tags of Anonymous proxy, TOR or Botnet. You can add more IP addresses to this category in the IP address ranges settings page. 

image

You can see the list of existing policy templates above and of course, you can create your own custom one.

image

Once I have selected the policy I scroll down to the actual rules which appear in the Create filters for the policy section as shown above.

Basically you’ll see in this case that the rule looks at whether an IP is “risky” and the activity equals logon.

You can of course edit or define your own rules here if you want.

image

If you are wondering where the “risky” IP range is defined you’ll find these sorts of things in the upper left under the COG icon as shown above. In this case, look under the IP address ranges.

image

Once you save the settings you’ll be returned to the Policies page where you should now see the new policy as shown above.

image

To test this policy, I’m going to fire up a Tor browser and login to Office 365.

image

As expected, in a very short space of time (note it isn’t immediate. It may take a moment or two to appear) I get an alert and can view these by selecting the Alert option from the menu across the top of the page.

image

If I then click to open one of these alerts and select the General option in the middle of the page I get more information as shown above. You’ll see on the right that the IP category = “Risky” and this is because of a match to Tor and Anonymous proxy.

image

If I now select the User option in the middle of the page I get further information as to which user triggered this as shown above.

image

Likewise if I select the IP address option I get information about the networking in detail.

From here you can take actions on the alerts such as dismissing or digging deeper into the logs.

image

My advice would therefore be to enable all the default policy templates for your tenant as I have done for mine as shown above.

You’ll notice that I also have some custom policies in place as well. One of these is to provide an alert for repeated failed login attempts by a user.

image

Another policy is the one above that monitors logins by global administrators. You’ll see that I also restrict that policy to only apply when I am not on a corporate (i.e. office LAN) IP address.

My advice with custom policies is to start simply and broadly and tighten the rules up over time. There is nothing worse than setting a policy and getting deluged with alerts, so take it slow and increase restrictions over time to ensure you don’t overload yourself with false positives.

As I dig deeper into what is possible more I’m sure I’ll be adding additional policies to keep my tenant secure and provide a level of monitoring that no human could do. However, in today’s environment of increased attached I’d really recommend you look at adding Office 365 Cloud App Security to your tenant for enhanced protection.

Monday, January 15, 2018

Need to Know Podcast–Episode 173

A solo-cast from me this episode as Marc is busy doing his day job. A bit lonely for the first episode of 2018 but I'll manage somehow. A quick episode to bring you up to date with what's happening in the Microsoft Cloud as well as to introduce Microsoft 365 and what that is all about.

Take a listen and let us know what you think -feedback@needtoknow.cloud

You can listen directly to this episode at

https://ciaops.podbean.com/e/episode-173-marc-less/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Outlook for Mac support creation of Office 365 Groups

Submit feedback request to Microsoft

SharePoint updates rolling out

Office customisation tool

Availability of Microsoft SharePoint Migration Tool

Azure site to site VPN

Azure Essentials

Apply labels to sensitive files

PowerShell V6 now available

American Kingpin by Nick Bilton

Introduction to Microsoft 365

Friday, January 12, 2018

Free legacy SharePoint Documentation and training

pexels-photo-301614

About 3 years ago I opened sourced all my SharePoint on premises documentation that used to be part of my Windows SharePoint Operations (WSSOPS) Guide as I details here:

http://blog.ciaops.com/2015/01/free-sharepoint-documentation.html

and is made available under Creative Commons Attribution-Non Commercial-ShareAlike-4.0 Internation license. In essence means it free to distribute but can’t be resold.

Initially it lived on my web site, then I moved to Docs.com. Unfortunately, Docs.com has now been fully retired so I need to find a new home for this.

I have decided to move everything to the CIAOPS Academy and you can find it here:

https://www.ciaopsacademy.com/p/windows-sharepoint-operations-guide/

All the information remains free to access and download but thanks to the platform I now use I can start adding additional training material, like my YouTube videos, into the curriculum hopefully adding some more value.

Please remember, that all the information here is provided ‘as is’ and is no longer maintained. It remains free to download and re-distribute, so if you want to put it somewhere else on the Internet, be my guest. However, remember it can’t be changed if you do and I’d also appreciate a heads up on where you have placed it just so I can monitor any comments or feedback.

I’ll keep adding to what’s up there but it isn’t a priority so please use it of you need to and let other know who still may require this information.

Thursday, January 11, 2018

My Business Books - 2018

With so many great books out there I’ve updated my list of recommended business books. Don’t worry, there is an upcoming post on other book topics, but these are ones I recommend from a business or professional point of view.

You can follow all the books I read and want to read over at Goodreads where I have an account. You can also view my activity via:

https://www.goodreads.com/director_cia

or just follow me on Facebook:

www.facebook.com/ciaops

Here’s my current top business books in order:

1. The Art of War – Sun Tzu

The all time classic on strategy. As relevant today as it ever was. A very short read but very deep.

2. The Millionaire Fastlane – M.J. DeMarco

I love the brutal honesty of this book. It doesn’t mince words about what it takes to shift from a pay check to actually living the life you want.

3. The Tipping Point – Malcolm Gladwell

The world is all about not what you know but who you know. This book explains exactly how this works and how to use it to your advantage.

4. The Four Hour Work Week - Tim Ferriss

Many people believe this book is about shirking responsibility. It is in fact a blueprint for how to free up your time to do things you want and enjoy. It will challenge the way you look at your career.

5. Secrets of the Millionaire Mind: Mastering the Inner Game of Wealth - T. Harv Eker

The successful are defined by a different mindset. This mindset can be learned. It can be trained. This is a great book to show you how to do just that.

6. Talent is over rated: What Really Separates World-Class Performers from Everyone Else – Geoff Colvin

Demonstrates that the best comes from implementing a system. Having a system allows you to focus on the right thing and do that work that is required. If you want to take yourself to an elite level, beyond just good, then read this book.

7. Book Yourself Solid: The Fastest, Easiest, and Most Reliable System for Getting More Clients Than You Can Handle Even If You Hate Marketing and Selling - Michael Port, Tim Sanders

You can’t survive in business without a steady flow of customers. Selling to people is the wrong approach, you instead need to attract them to your business. This book helps you achieve exactly that.

8. Profit First: A Simple System To Transform Any Business From A Cash-Eating Monster To A Money-Making Machine - Mike Michalowicz

Business is about making a profit. This then gives you the freedom to do what you want with that profit. This book helps you focus on profit and setting up systems to make the most of the profit you generate.

9. Unbeatable Mind: Forge Resiliency and Mental Toughness to Succeed at an Elite Level - Mark Divine

Another mindset book. Business is not always going to be easy or take the intended route. This is when you need to have the determination to see your plans through to success. This book shows you how to develop the mental toughness to make this happen.

10. The E-Myth – Michael Gerber

The classic on ‘procedurising’ your business and creating a structure that doesn’t need you to survive. The simple secrets inside this book can transform any business from hardship to joy.

11. Tools of Titans – Tim Ferriss

There are few books that take the learnings for so many exceptional people and puts them at your fingertips. This is one such book that packs a lot of business and life learnings between the covers.

12. Predictably irrational: The Hidden Forces that Shape our Decisions – Dan Ariley

Although we like to think logic and rationality rule our world emotion is by far the more powerful influence. Understand this in the context of business and you are well on your way to understanding why people make the decisions they do and how to best profit from them.

13. Extreme Ownership – Jocko Willink and Lief Babin

Moving beyond blame is tough. This book illustrates the ownership of the problem and the environment is a key to success in the military or in business. It is a path few will elect to take voluntarily, however more may do so after reading this.

14. Peak Performance: Elevate your game, avoid burnout and thrive with the science of success – Brad Stulberg

Success is largely about developing a winning system. This book show you how to approach that pragmatically. If you want to see results use this book to help you build the system.

15. Blink: The Power of Thinking Without Thinking – Malcolm Gladwell

The older you get the more experience you get. This experience is aggregated in your ‘gut feel’. Trusting your ‘gut’ may not appear rational but this book will help you understand why it is in fact your best option in many cases.

16. The Now Habit: A Strategic Program for Overcoming Procrastination and Enjoying Guilt-Free Play – Neil A. Fiore

Plenty of great productivity learnings in here that help you take action. It shows you how to focus on the right stuff in the right priority. Even if you are not a major procrastinator there is plenty in this book that you can take away.

There are plenty more that I would recommend people read but the above are all 5 out of 5 in my books. I revisit all these titles on a regular basis and continue to extract value after every read.

Let me know what you think. Do these work for you? What’s your top business reads? I’d love to hear.

Wednesday, January 10, 2018

Location of chat history in Microsoft Teams

image

I have a Microsoft Team in my tenant called “Patrons”. In there is a channel called “Social”. In this area CIAOPS Patrons chat about things such a cryptocurrency as you can see.

As an administrator what I want to do is find out how I can view information that is shared by others in this chat location. In short, how do I see chat history in Microsoft Teams?

image

As an example, let’s say I want to find the term ‘kodak’ in these chats. You’ll see from the above that it is part of a link that was pasted into the chat.

image

All the chat history from Microsoft Teams is saved into a mailbox with the name of the Team. So I’m looking for a mailbox called “Patrons”.

Easiest way is to fire up trusty PowerShell and run:

get-mailbox

and as you can see from the results above, I only see user mailboxes.

image

but if I run:

get-mailbox –groupmailbox

I see all the shared mailboxes in my tenant.

As you can see I find one called “Patrons” as shown above.

image

To get the details I run:

get-mailbox –groupmailbox patrons@ciaops365.com

and you can see that I again get all the information but just for that mailbox. So this is the one that is linked to my Microsoft Team.

image

If I now run:

get-mailbox –groupmailbox patrons@ciaops365.com | get-mailboxstatistics | select-object identity, itemsinfolder, foldersize

I basically get a report of what is inside that Teams mailbox. In there I can see a folder:

\conversation history\team chat

this is indeed where the chats are located. You can see there is currently 344 items of 4.38 MB in size.

image

Now I can actually add this mailbox to my Outlook Web Access and view the contents as you can see above. However, I can’t get the folder \Conversation History\Team Chat because it is hidden and probably has other permissions associated with it.

image

I can’t add this shared mailbox to Outlook 2016 on my desktop as you can see above.

image

So now if I try to view/change the permissions on the mailbox using:

get-mailbox –groupmailbox patrons@ciaops365.com | get-mailfolderpermission

I get the message that the mailbox doesn’t exist.

image

If I now try:

get-mailfolderpermission –identity patrons@ciaops.com:\inbox

I again get the message that the mailbox doesn’t exist.

image

If I use that same command on another ‘standard’ shared mailbox the command works. So I know my command does work, it just doesn’t work with a Microsoft Teams mailbox.

image

Again, just changing mailbox identity confirms that the command can’t even see the mailbox.

image

The way to actually see what the contents of the Teams chats are is to use the Content Discovery component of the Security & Compliance center in Office 365 which you’ll find under the Search & Investigation heading on left hand side. You need to be an administrator with appropriate rights to access this area.

You start by creating a new Content Search by pressing the + icon as shown above.

image

Give the new Content Search a title and select the locations where you wish to search. In this case I’ll simply look through all email data.

image

Next, I enter what I want to search for. Here, I’m only looking for the word ‘kodak’.

image

After I finish my configuration, the search commences and I need to wait a few moments while it searches all the nominated locations and generates the results.

image

When the process is complete I select the Preview search results hyperlink on the right as shown above.

image

Another window opens and I can locate the item I’m after as the type is ‘IM’ as shown above. When I select that item on the left I see the full context on the right. I confirm that the search does display the link that is the Microsoft Team chat.

image

If I elect to download the item, it does so as an .EML file which I can open in any mail client as shown above. This indicates that each chat message appears to be a separate email in a sub folder in a shared mailbox in Exchange Online effectively.

image

So I went back in and changed the content search terms to make it broader to encompass more chats.

image

I ran the search and exported the data from the Security & Compliance center into a .PST file and then imported that into Outlook.

Thus, as you can see above, I can now view all the chats that match my search criteria as an administrator.

The problem with this is, from a pure ‘overwatch’ point of view, it is a very manual process to get to the information and secondly you can only look at things you specify in your content search. It would be nice to have the ability for an administrator to export the whole chat content from a Microsoft Teams channel into a single document that could then be viewed.

However, at the end of the day, rest assure that your Microsoft Teams chats are being saved and you can access them if you need to. Hopefully, the above has shown you how to do exactly that.