Microsoft Cloud options

Here’s a video of a webinar I did recently on the options you now have with the Microsoft Cloud. I provide an overview of services like Office 365, Enterprise Mobility and Security, Microsoft 365 as well as Windows 10.

The slide can be viewed above or downloaded from:

https://www.slideshare.net/directorcia/microsoft-cloud-options

In short, there are so many options now available to you with the Microsoft Cloud to help you solve just about any business challenge.

Enable mailbox auditing in Exchange Online

Office 365 has the ability to log and audit a lot of actions in your tenant, however much of this logging is not enabled by default but should be by an administrator in my opinion.

Another point to consider is that you have to use Exchange Online PowerShell to enable mailbox audit logging. You can’t use the Office 365 Security & Compliance Center or the Exchange admin center (i.e. the web interface).

image

After you have connected to Exchange Online using PowerShell, run the following command to view what audit settings are currently enabled for your mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | FL Name,Audit*

image

That should produce a result as shown above. As you can see the AuditEnabled option is current set to False for all mailboxes per:

By default, mailbox auditing in Office 365 isn’t turned on. That means mailbox auditing events won’t appear in the results when you search the Office 365 audit log for mailbox activity. But after you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

which is detailed here:

https://support.office.com/en-us/article/enable-mailbox-auditing-in-office-365-aaca8987-5b62-458b-9882-c28476a66918#ID0EABAAA=Step-by-step_instructions

So to turn auditing on for all mailboxes execute the following PowerShell commands.

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditEnabled $true

If you wish to modify what events are actually audited you can use the following. Note, there is a separate one for administrators, delegates and owners of the mailboxes:

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -Auditadmin @{Add=”Copy”,”Create”,”FolderBind”,”HardDelete”,”MessageBind”,”Move”,”MoveToDeletedItems”,”SendAs”,”SendOnBehalf”,”SoftDelete”,”Update”,”UpdateFolderPermissions”}

Get-Mailbox -ResultSize Unlimited | Set-Mailbox –Auditdelegate @{Add=”Copy”,”Create”,”FolderBind”,”HardDelete”,”MessageBind”,”Move”,”MoveToDeletedItems”,”SendAs”,”SendOnBehalf”,”SoftDelete”,”Update”,”UpdateFolderPermissions”}

Get-Mailbox -ResultSize Unlimited | Set-Mailbox –Auditowner @{Add=”Copy”,”Create”,”FolderBind”,”HardDelete”,”MessageBind”,”Move”,”MoveToDeletedItems”,”SendAs”,”SendOnBehalf”,”SoftDelete”,”Update”,”UpdateFolderPermissions”}

You’ll find all the details about these commands here:

Set-mailbox = https://technet.microsoft.com/en-us/library/bb123981(v=exchg.160).aspx

image

In true PowerShell tradition, when you execute these commands correctly, you’ll just be returned to the command line as shown above.

image

If we re-examine our mailboxes we now see that auditing is enabled and that more actions are audited as expected.

By default, entries in the mailbox audit log are kept for 90 days. When an entry is older than 90 days, it’s deleted. You can use the Set-Mailbox cmdlet to change this setting so items are kept for a longer (or shorter) period of time like so:

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditLogAgeLimit 180

which extends the entry limit retention to 180 days.

So, another way to improve the security of your Office 365 tenant is to enable mailbox auditing and extending the properties that are audited. You can only do this with PowerShell but once you have the the script you can re-run it as many times as you like. The power of PowerShell!

Need to Know Podcast–Episode 175

Brenton and I talk about the importance of data compliance in light of recent legislation updates in both Australia and overseas. This means that it is very important to firstly understand what your obligations are when it comes to personal data but to also ensure you own systems are compliant. Technology is not the only solution required here, you’ll need policy as well as training to help people better understand what their responsibility is. We cover off all the major highlights as well as give you some suggestions of how you should be approaching this with your Office 365 tenants.

Take a listen and let us know what you think –feedback@needtoknow.cloud

You can listen directly to this episode at

https://ciaops.podbean.com/e/episode-175-compliance/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@contactbrenton

@directorcia

Non Azure AD accounts can now join Microsoft Teams

Azure AD Connect: Version release history

How Office 365 protects your organisation from modern phishing campaigns

Azure migrate is now generally available

Introducing Azure Advanced Protection

Check those Office 365 forwards

Extending Exchange Online Deleted Items retention period

Many people are unaware of the fact that ALL (yes, I said ALL) Exchange Online plans are configured by default, to ONLY retain deleted items for 14 days. Yes, I said ALL Exchange Online plans, and I quote:

“How long deleted items are kept in the Deletions folder depends on the deleted item retention period that is set for the mailbox. An Exchange Online mailbox keeps deleted items for 14 days, by default. Use the Exchange Management Shell, as shown above, to change this setting, to increase the period up to a maximum of 30 days.”

this is from:

https://technet.microsoft.com/en-us/library/dn163584(v=exchg.160).aspx

You will also note that you can extend this to a maximum of 30 days using PowerShell, which is exactly what you should do IMMEDIATLY you add a user account I would suggest.

To do this you firstly need to connect to Exchange Online using PowerShell. Then to view the current retention periods run the following:

image

that should then display something like:

image

As you can see from the above, all the mailboxes listed are currently only set to a MAXIMUM of 14 days for retention (which is the default).

To extend this to the maximum of 30 days for ALL plans, execute the following command:

image

Now when you re-examine all the deletion period for all mailboxes you should see:

image

they have all been extended to the maximum of 30 days, which should make everyone much happier and provide you the ability to recovered deleted email data out to the maximum period of 30 days for ALL plans. After 30 days however, the deleted data will still be purged and unrecoverable.

If you wish to retain deleted email data beyond the maximum 30 days that can be provisioned generally you’ll need to add the legal hold service to the mailbox and ENABLE it! The legal hold service is available on Exchange Online Plan 2 mailboxes, E3 and E5 suites typically.

To my way of thinking, extending the deleted item retention period of all mailboxes in a tenant is something that should be done immediately and using the above PowerShell commands it is really easy to do. So there should be NO excuse!

Improved security is a shared responsibility

The Internet has ensured that everyone who is connected is connected together. Everyone being connected together has some massive advantages but it also makes us vulnerable to those who wish to exploit this fact. The reason we all get so much spam is because it is so easy and so cheap to send. However, after all these years, why is the dominate email traffic source always spam? It’s because it morphs and evolves to avoid detection. The same applies for other threats such as phishing.

Technology provides some great tools to deal with spam and phishing but they can’t remove 100% of the threats that are out there. Many also rely on people reporting attacks and suspect item in their inbox to security vendors so they can analyse the results and improve their own detection.

The problem with reporting incidents you come across in your own inbox has been a challenge. Who or where do you send your reports to? Now Microsoft has a free add in for Outlook that allows you to quickly and easily report spam and phishing directly to them.

To do this visit:

https://appsource.microsoft.com/en-us/product/office/WA104381180?src=office

and install the Report Message add in for Outlook to your environment.

selected image

Then when a suspect email is detected you can easily report it via a few clicks.

For more information about installing and configuring the Report Message add-in across your Office 365 environment see:

Enable the Report Message add-in

Don’t just sit there and ignore spam and phishing attacks. Report them and potentially help save someone else from becoming a victim! When you connect to the Internet you become part of a global community. Help the community fight back again those seeking to take advantage of others. The more we all report attacks the less there will be.

Join me in the fight to take back the Internet!

Check those Office 365 email forwards

One of the most common tasks that hackers perform after they have compromised accounts in Office 365 (usually via a poor password or phishing attack) is to set up an email forwarding rule on mailboxes so they receive a copy of emails to that user.

Thus, it is good security practice to ensure that you are aware of all the email forwarding configurations that are enabled on your tenant. To do this you simply need to run the following PowerShell command once you have connected to Exchange Online:

Get-Mailbox | select UserPrincipalName,ForwardingSmtpAddress,DeliverToMailboxAndForward

This will produce a result like:

image

which tells you whether forwarding has been enabled and to which address emails are being sent. Obviously, if you don;t recognise any of these you should investigate further.

There are plenty of ways to run this script on a regular basis but I’m not going to cover that here.

CIAOPS Need to Know Azure Webinar–March 2018

pexels-photo-325229

One of biggest challenges people have with Azure is determining pricing. So for March we’ll focus on understanding how pricing works with Azure and how you can optimize your spend There’ll also be news, updates and well as open Q & A so I’d love to see you attend.

You can register for free at:

March Azure Webinar Registrations

The details are:

CIAOPS Need to Know Azure Webinar – March 2018
Thursday 29th of March 2017
2pm – 3pm Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.

CIAOPS Need to Know Office 365 Webinar–March

laptop-eyes-technology-computer

In light of the recent Australia Data Breach Legislation and the upcoming GDPR policies in Europe the March webinar will focus on security in Office 365. You’ll learn what is available and how ton configure it. There will be the usual news, updates and Q & A on Office 365.

You can register for free at:

March Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – March 2018
Thursday 29th of March 2018
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.