Month: February 2018

Double check those links

Unfortunately, as services like Office 365 become more prevalent so too do the attacks against them. These attacks are going to target people who are the least IT savvy.

image

The above is the first example of an email I received this morning. Being close to Valentine’s Day it would be easy for an ordinary user to click on the link provided inside to download the PDF of their order.

image

However, if you mouse over that link, you see that it actually re-directs you to a malicious web site, but of course a user isn’t going to know that.

image

I gotta say that the malicious web site really does look an Office 365 login page doesn’t it? The only obvious give away is the URL at the top of the page.

image

Upon closer inspection you see that it is in fact not going to the Office 365 login URL which is:

image

You’ll also note that the email address is already in the dialog box so all a user would need to do is press enter as they normally would.

image

At the next page they are prompted for their email address. again, very, very authentic looking Office 365 login page.

Typically, the user would enter their password and hit enter. At this point their login details have been sent to the bad guys and the user is redirected to correct Office 365 login page. The user of course, thinks they entered something wrong and go through the process again. However, their account has now been compromised, pretty much without them realising.

image

Here is the next phishing email that I received moments after getting the first. This one appears to be directly from Microsoft request an update to the security of the Office 365 account.

This prays on the underlying fear most users have of technology in order to get them to click the link.

image

If they do so, they are again taken to another ‘official’ looking Office 365 login page as you see above.

SNAGHTML1c8c4fac

Again, this one has a non Office 365 login URL as shown above. Like the previous case, this site has it’s own certificate (HTTPS) making it appear even more legitimate.

So if you come across these sites, first course of action is to report them to Microsoft.

Submit spam, non-spam and phishing scam messages to Microsoft for Analysis

Because these types of attacks are new into the wild they are typically not picked up by reputation based systems. Eventually they picked up, like in the browser here:

image

but until they are, there really isn’t much that can be done.

I’ve said this before, security is tough:

The bad guys keep winning

and technology can’t be used to solve every issue. We need to couple that with education to help people ask the right question before potentially doing the wrong thing.

if something in your inbox doesn’t seem right, chances are it isn’t. So treat it with caution.

CIAOPS Need to Know Azure Webinar–February 2018

pexels-photo-325229

The February session will build on the knowledge we have covered so far and dive into Azure networking. There’ll also be news, updates and well as open Q & A so I’d love to see you attend.

You can register for free at:

February Azure Webinar Registrations

The details are:

CIAOPS Need to Know Azure Webinar – February 2018
Thursday 22nd of February 2017
2pm – 3pm Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.

CIAOPS Need to Know Office 365 Webinar–February

laptop-eyes-technology-computer

In the February webinar we’ll take a closer look at using PowerApps as a way to capture information and create forms inside SharePoint. There will be the usual news, updates and Q & A on Office 365.

You can register for free at:

February Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – February 2018
Thursday 22nd of February 2018
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.

Offline file conflicts with SharePoint Online

It has been over three years since I wrote an article about file conflicts in Office 365 –

Resolving OneDrive for Business file conflicts

and as you can appreciate a lot has changed since then. Probably the biggest change is that we now have File on Demand and the ability to sync SharePoint Document Libraries. However, there will always remain challenges around shared files going offline when multiple people continue to work on them.

I will preface all this by saying that it is best practice to ‘Check Out’ any files you wish to use prior to you going offline. Doing so will ensure you have exclusive write access to that file while you are offline and until you check that file back in.

Of course, not everyone is going to follow best practice and we are going to end up with the following scenario.

image

Let’s say that Lewis Collins (user 1) creates a new Excel spreadsheet called conflicts.xlsx in a SharePoint Document Library as shown above.

image

If Lewis opens that file using Excel Online and makes a change by adding the entry ‘Online 2’, as shown above, it is automatically saved back to the SharePoint Online Document Library.

image

A second user (Robert Crane – user 2) used OneDrive Files on Demand to sync a copy of that same file to their desktop as shown above.

image

This second user (user 2) now opens the file using Excel on desktop and makes changes to the file by adding the entry ‘Offline 3’ as shown.

You can see that because the user is still connected to the Internet any changes are automatically synced back to the SharePoint Online Document Library.

So, while everyone is online all changes are updated into the one location.

image

We can also look at the version history of the file and see all previous versions thanks to automatic version history in SharePoint Document Libraries. We can roll back or view any of these if we wish.

At this point, user 2 (Robert Crane), goes offline and is no longer connected to the Internet.

image

Now because user 2 didn’t check the file out prior to going offline, user 1 can continue to edit the file. They do so adding the entry ‘Online 4’ to the file, which is then immediately saved back to the SharePoint Document Library.

image

While offline, user 2 adds a new entry to their offline version of the same file. Here they create an entry ‘Offline 4’ as shown above.

Thus, we now have a situation where the file in SharePoint Online is different from the file on the users desktop. This will clearly create a conflict when user 2 return online.

image

User 2 comes back online and at the next sync is informed of a conflict as noted in their file manager as shown above.

image

When user 2 attempts to open the file in conflict they are presented with the warning banner at the top as shown. They are given the option to either Save a Copy or Discard Changes.

If they select Discard Changes, any updates they have made to the file while they have been offline will be overwritten with what is currently in SharePoint Online. Once they select this, any updates they have made to the file while they are offline will be lost and the copy they have on their desktop will be the same as what is currently in SharePoint Online. In short, their local copy is overwritten with that from SharePoint Online. They can’t recover their original file after this happen because the file they changed was only saved to their desktop.

If they select Save a Copy, the file they have changed will be uploaded to SharePoint Online replacing the current version in SharePoint Online.

image

The OneDrive sync client will then kick in and copy the file from user 2’s desktop to SharePoint Online Document Library replacing the version that others have been working on and potentially removing changes they have made.

image

When the sync is complete, user 2 should see the same situation on their desktop, as shown above, prior to going offline.

Now, the file that was changed by user 2 while they were offline has become the primary file in SharePoint Online and on desktops. However, any changes that user 1 made while user 2 was offline are no longer in the most current version of the file.

Before we tackle that situation let’s look another experience for user 2 as they come back online with a different version of the file.

image

When user 2 comes back online with a different version of a file they will also see the system tray icon for their sync client display a warning as shown above.

image

If they select this the sync client will open and display a conflict message as shown above.

image

Clicking that message will show them greater detail on the conflict as shown above.

image

If they click to resolve the issue they will be presented with the above dialog providing two options.

The option Open in Office to merge changes will simply open Excel and take the user through the experience detailed above, i.e. save a copy or discard changes.

The second option Keep both files will rename the changed version on the desktop to conflicts-.xlsx. Thus, the original file they were working on offline will be renamed and the newer version that is in SharePoint Online will be downloaded to the original name on their desktop. The idea is basically to create a second copy of the file, rather than overwriting the original. Users would then need to open both files and manually merge any changes back to a single file. The end result here is two files with different names, each holding the unique changes made by each user.

image

Let’s return to the situation where user 2, who was offline, comes back online, opens the file in conflict and selects to save their copy back into SharePoint Online by using the Save a Copy button.

This means that any changes user 1 made to the file while user was offline are ‘lost’ because user 2 has overwritten the file with their version.

image

However, don’t forget that SharePoint Online Document Libraries include automatic versioning. This means that when user 2 uploaded their file, the file user 1 had been working on isn’t deleted, it is simply saved as a previous version. So, both files are still in SharePoint Online in full fidelity. One is current and one is the previous version.

image

You have the ability to compare previous versions or restore previous versions if you wish.

image

My experience is that Excel is a fairly complex program and in most cases you’ll have to manually merge any changes between the two documents. However, as you can see above, with Word the application can generally merge changes automatically for you using the revisions ability built into the program.

As I said at the beginning of this article, best practice is to check document out prior to going offline to avoid conflicts. If that doesn’t transpire, then you probably need to manually merge changes using versions in SharePoint Online. However, as you can hopefully see SharePoint Online will retain both versions of the file if you do go offline. I would suggest however, you have a play with exactly how this works in your environment prior to requiring it. SharePoint is magic but it doesn’t read minds, yet!

Learning Azure while mining cryptocurrency

One of the things that I advocate when it comes to learning new technologies is to find a use for it that interests you. Typically, that means find a problem you need to solve as I have said here:

Scratch your own itch

I used this approach to learn about Azure many years ago as I detailed here:

I finally get Azure

I continue to try all sorts of things in Office 365 and Azure but I thought I’d share this experience of using Azure to mine cryptocurrencies.

Warning, warning, spoiler alert – it isn’t profitable from what I can see to use Azure to do cryptocurrency mining. In 24 hours I managed to mine $8 and it cost me $50 in Azure credits. Not a good ROI, however what I learning during that same period was huge.

My aim was to determine how well Azure IaaS faired when it came to mining and what was the optimal family of VMs to use. I settled on using Minergate as the software to do the actual mining. Yes, there are better options when it comes to mining software but Minergate is free, is a simple install and can be set up in a few minutes. Minergate allows you to mine multiple coins, but for this experiment I stuck to just trying to mine Monero.

image

I then proceeded to run up various Azure VMs, install the Minergate software and complete a benchmark. I then set the machine to mining and looked at the Hashes/sec as a second data point.

You can see the results from the table above. The winner was the NC12 VM, even though it was the most expensive to run per minute.

So why do I have two entries for NC12 machines in the table above and why are the results so different? Interestingly, when you run an N series VM in Azure it doesn’t include the drivers for the GPUs. Thus, without installing the drivers you get a plain old CPU server. You’ll find the GPU drivers here:

Set up GPU drivers for N-series VMs running Windows Server

As you can see from the above table, with the GPU drivers loaded the benchmark jumps 3x fold!

Obviously, the more CPUs and GPUs you throw at crypto mining the better results you are going to get and that’s why I reckon the DS5_V2 promo machine is also a good option. The downside here is that the promo pricing won’t last forever in this machine. If the pricing goes up, then it will become less economic to mine.

All in all an interesting experiment and learning experience for me. I will continue to fiddle with crypto mining on Azure down the track and try stuff like using Linux instead of Windows as the OS and maybe look at some clustering options. However, my personal take away is that crypto mining on Azure isn’t economically viable and given that Azure rolls up costs like electricity into a single per hour cost, I don’t see how it can work economically for an individual if they use their own on premises hardware. I’m sure some people do make money mining crypto at home but, at this point, I can’t see how it can truly be profitable.

image

Another Azure activity I saw in action was the Security Center which flagged Minergate as malware on my VMs. I’ll now sit down and start playing with this more.

Azure, always interesting but for crypto mining not really profitable (yet!).

Enable activity auditing in Office 365

image

Here’s something I suggest you ensure is enabled in all Office 365 tenants.

Visit the Office 365 Security and Compliance center as an administrator. From the menu on left, select the Search & investigation heading. From the items that appear select Audit log search.

If your audit logging hasn’t been enable you see a hyperlink on the right that says Start recording user and admin activity. If that link is visible, then select it as shown above.

image

You will then receive the above confirmation. Select Turn on.

image

You’ll be taken back to the Audit log search page where you’ll see a message telling you that logging is being enabled.

image

When that process is complete return to the Audit log search and select the Activities drop down.

image

You’ll now be able to audit a huge range of activities and produce a report, like this –

image

Here, I’ve run a report to display any files that have been accessed. From the results I can see the user, IP address and the file that was accessed.

image

You can now also set up an alert on any of these activities.

To do this, select the Alerts option on the left in the Security & Compliance center. From the items that appear select Manage alerts.

image

On the right select the + New alert policy button.

image

Set the Alert Type to Custom.

image

Select the Send this alert when… option and again choose the activity for the alert. The available options should be pretty much the same as you saw before with the audit logs.

image

Then choose which users you wish the alert to apply to as well as an email address to send the alert to.

As with all alert settings ensure that you don’t make these too general because you’ll end up getting too many alerts and end up spamming yourself.

The important thing here is that auditing is no enabled by default. The best practice recommendation is therefore to go and turn it on so you can audit activity in your tenant.