Missing calendar icon in Microsoft Teams

I recently ran a Live Event in Microsoft Teams and wanted to get back to the event resources but found my calendar was missing as seen above. This was evident on both the desktop and web interface.

When I attempted to use the link from the Live Event appointment in the calendar in my Outlook I was greeted with the above message:

Unable to connect to your Exchange calendar at the moment

I thought this strange as i had scheduled the Live Event using the calendar icon in Teams?

Turns out that what I had done in the meantime was disable Exchange Web Services (EWS) in my environment. Doing so affects a number of services in my environment including Teams and Exchange Add-ins as it turns out.

If you are seeing the same issues you can use PowerShell to check the EWS status of your environment. You’ll firstly need to connect to Exchange Online with PowerShell which you can do using my script:

https://github.com/directorcia/Office365/blob/master/o365-connect-exo.ps1

then run the following command to see what the EWS settings are at the tenant level:

Get-organizationconfig | fl ews*

to which you should see something like:

From what I understand you’ll need to ensure that EWSEnabled and EWSAllowOutlook are NOT False (i.e. disabled). This will take care of allowing EWS for any new mailboxes created from this point forward.

Also run the command:

Get-CASMailbox | fl identity, ews*

which should result in a list of all the EWS for each user like so:

Make sure that users do not have EwsEnabled or EwsAllowOutlook set to False (i.e. disabled). If it is you can use the command:

set-casmailbox –identity user@domain.com –ewsenabled $true –ewsallowoutlook $true

command to re-enable it and set it to True.

If you change an EWS setting for an individual mailbox it can take 4 – 24 hours for that change to flow through according to documentation I’ve seen. In my case however, I found by logging out and back in the change appeared almost immediately.

It should then re-appear in Teams as shown above. If it doesn’t, simply use the three dots (ellipse) at the bottom of the list to add it back in. You may also need to right mouse click it once you have added it back in and “pin” it to the side menu, so it stays there.

So in a nutshell, don’t disable EWS in your environment because things like Microsoft Teams needs it! If you are missing your calendar in Microsoft Teams or have issues with Outlook Add-ins, check EWS is enabled.

May Microsoft 365 Webinar resources

Slides from this month’s webinar are at:

May 2021 Microsoft 365 Need to Know Webinar

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

Configure Azure Lighthouse

Azure Lighthouse:

“enables cross- and multi-tenant management, allowing for higher automation, scalability, and enhanced governance across resources and tenants.”

In essence, it allows you to manage multiple ‘client’ Azure tenants from a single ‘master’ tenant. There is no cost for Azure Lighthouse and it is simple to enable. However, I would caution you to pay close attention to the permissions you assign the ‘master’ tenant inside the ‘client’ tenants and follow the best practice of least privilege security.

You are going to need a few things before you start configuring Azure Lighthouse.

1. A ‘master’ Azure tenant with a paid subscription

2. ‘Client’ Azure tenants with a paid subscription in each

3. For each ‘client’ Azure tenant you will require a login to that tenant who has the Owner built-in role for the subscription being onboarded. Typically, there is only one subscription in an Azure tenant and the initial administrator has that role. You will use this user, inside each ‘client’ tenant to permit access from the ‘master’ tenant.

4. The Tenant ID of the ‘master’ tenant.

You will find that on the front page of the Azure Active Directory blade in the ‘master’ Azure tenant portal as shown above.

5. The Object ID for the controlling entity (user or group) in the ‘master’ Azure tenant. This is basically the individual user or Azure AD security group who you wish to give access rights to the ‘client’ Azure tenants.

You will find the Object ID on the front page of that item in Azure AD as shown above. The above example show this for a single user.

The above example is for a group.

6. You now need to deicide what permissions you will give this Object ID from the ‘master’ Azure tenant inside the ‘client’ tenants. You can find all the Ids for Azure built-in roles here:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

So, if you want for the ‘master’ tenant Object ID to have effectively full rights inside the ‘client’ Azure tenants use:

Contributor – ID = b24988ac-6180-42a0-ab88-20f7382dd24c

Remember, best practice is to follow least privilege and as such if you just want to view Azure Sentinel information in the ‘client’ Azure tenant use:

Azure Sentinel Reader – ID = 8d289c81-5878-46d4-8554-54e1e3d8b5cb

but as I said, be very, very careful about the rights you assign the ‘master’ Object ID inside the ‘client’ tenants.

Once you have all the above information, you’ll need to login to the ‘client’ Azure tenant with the user account in step 3 above (i.e. an owner of the ‘client’ Azure tenant).

In the same browser session open a new tab and navigate to:

https://github.com/Azure/Azure-Lighthouse-samples/

and select the Auto-deployment button in the first row as shown:

A custom deployment template should launch

and look like the above. Here, select the Subscription and Region appropriate in the ‘client’ Azure tenant. You can put any custom text you wish into the Msp Offer Name and Msp Offer Description field.

Into the Managed by Tenant Id field enter the value you recorded in step 4 above (i.e. the Tenant ID of the ‘master’ Azure subscription).

The Authorizations field needs to be in the format of:

[{“principalId”:”ee8f6d35-15f2-4252-b1b8-591358e8a244″,”roleDefinitionId”:”acdd72a7-3385-48ef-bd42-f606fba81ae7″,”principalIdDisplayName”:”PIM_Group”},{“principalId”:”ee8f6d35-15f2-4252-b1b8-591358e8a244″,”roleDefinitionId”:”91c1777a-f3dc-4fae-b103-61d183457e46″,”principalIdDisplayName”:”PIM_Group”}]

where the principalId field will be the item you obtained in step 5 above (i.e. who in the ‘master’ Azure tenant do you want to have rights to the ‘client’ Azure tenant) and roleDefinitionId will be the information obtained in step 6 above (i.e. what permissions you want to gibe inside the ‘client’ Azure tenant). You can assign the principalIdDisplayName field any meaningful text you wish.

As you can see from the example you can chain multiple permission assignments together. So in this example, let’s say that I want to assign my one user full contributor rights and a security group only Azure reader rights. The entry would then look like:

[{“principalId”:”b75e7296-a058-4000-0000-000000000000″,”roleDefinitionId”:”b24988ac-6180-42a0-ab88-20f7382dd24c”,”principalIdDisplayName”:”User_contributor”},{“principalId”:”8d3a5c5a-0d1e-4639-0000-000000000000″,”roleDefinitionId”:”8d289c81-5878-46d4-8554-54e1e3d8b5cb”,”principalIdDisplayName”:”Group_Sentinel_reader”}]

It is very, very important that you get the formatting of the Authorizations field correct. I suggest you compose it in something like Notepad (with word wrap = off) and paste it in. If you see any errors during deployment, double check you have this field EXACTLY correct!

Once you have entered all the information, select the Review + create button an the bottom of the screen.

Your options will then be validated, and if passed, select the Create button at the bottom of the screen.

You should then see the deployment commence as shown above. The deployment will take a few minutes to complete, after which it take at least another 15 minutes for the Azure Lighthouse configurations to appear in the ‘master’ and ‘client’ tenants, so be patient.

After the 15 minutes, navigate to Azure Lighthouse in the ‘client’ tenant and look at Service Provider offer as seen above. This basically tells you that this ‘client’ tenant has single delegation (i.e connect to a ‘master’ Azure tenant).

Now head over to the ‘master’ Azure tenant and view Azure Lighthouse there, but look at the My customers then Customers option as seen above. Here you should see the ‘client’ Azure tenant just added to the current ‘master’ Azure tenant. Again remember, this takes around 15 minutes to appear once configured.

Congratulation you have successfully used Azure Lighthouse to link a ‘client’ Azure tenant to a ‘master Azure tenant. Look out for upcoming articles on what you can now do once you have enabled Azure Lighthouse.

Register your interest for a hands on, deep dive Microsoft 365 Security event

If you are interested in attending a hands on in person 2 day deep dive event into Microsoft Security including:

– Exchange Online

– Windows 10 hardening

– Effective incident monitoring

– Identity security

– Data protection

and more then I encourage you to register your interest now for CIAOPS Secwerks 1 in Melbourne CBD over 2 days, Thursday the 5th and Friday the 6th of August 2021. I expect demand to be extremely high for this event and I will have more to share when I have confirmed all the details. However, feel free to reach out to me if you want more information. Please register your interest here to be kept up to date with the event:

http://bit.ly/ciaopsroi

The theme of this event will be to help you understand all the technologies that the Microsoft Cloud provides, how to configure them appropriately and get your Microsoft Secure Secure above 80%. The material covered will be technical and cover all the basics but then to extend beyond Level 400. The course is specifically designed for those who need to provide security for environments connected to Microsoft 365.

I hope to see you there.

IAMCP Presentation

Here’s the slides from my presentation at the International Association of Microsoft Channel Partners Quarterly Briefing today providing an overview of Microsoft Security. You can also access the slides via:

https://www.slideshare.net/directorcia/microsoft-365-security-overview

Thanks to all who attended and the International Association of Microsoft Channel Partners for the opportunity.

Need to Know podcast–Episode 267

I speak with Aaron Dinnage from Microsoft who is the author of the great licensing resource Microsoft 365 maps. Aaron shares the history of this project and it takes to update it every month. We also get some great insights and suggestions when it comes to Microsoft 365 licensing.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-267-aaron-dinnage/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Aaron Dinnage – Linkedin, Twitter

https://m365maps.com/

https://m365maps.com/guide.htm

Office 365 Platform Service Descriptions

Microsoft Teams now brings family and friends together to call, chat, and make plans

OneDrive Roadmap Roundup

Announcing Public Preview of OneDrive Sync Admin Reports

New Azure AD Capabilities for Conditional Access and Azure VMs

Introducing Webinars in Microsoft Teams: Easy, professional webinars to engage customers

A fluent new look for the Azure icon

Business email compromise: How Microsoft is combating this costly threat

Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave

Connect to SharePoint PnP using PowerShell

The SharePoint PnP module is a handy way to get access to more granular aspects of the SharePoint Online that the standard administration modules doesn’t. You’ll find more details about the module here:

PnP PowerShell

I’ve created a free script to allow you to connect to SharePoint Online PnP that supports MFA logins. You’ll find the script here:

https://github.com/directorcia/Office365/blob/master/o365-connect-pnp.ps1

When you run this script it will firstly connect to Microsoft Online so it can determine what the correct name of your tenant is. Next, it will use this to connect to the SharePoint Online administration service to determine all the SharePoint sites you have in your tenant. It will then allow you to select from a list of all these site after which it will connect to your selection using SharePoint PnP.

The first time a connection is made to SharePoint PnP it will require you to accept a swag of permissions as shown above. These are required to allow SharePoint PnP to perform it administration role, so you’ll need to accept these. You’ll only need to this once for each user that needs to use SharePoint PnP PowerShell.

Once connected you can perform any of the SharePoint PnP commands:

SharePoint PnP commands documentation

The case of the missing Azure Sentinel ingested data

Recently, I have seen my Azure Sentinel overview look like the above. I was puzzled why I had so many hours without any data being ingested? In short, it turned out that I had exceeded my storage tier capacity. Here’s where to look if you see something similar.

From the menu on the left of the Azure Sentinel workspace scroll to the bottom and select Settings as shown. Then from the pane that appears on the right select Workspace settings at the top as shown.

This will take you to the Azure Log Analytics workspace that underpins Sentinel. From the menu on the left here select Usage and estimated costs. Note on the right what is highlighted under Free pricing tier I was using:

(The log data ingestion includes the 500 MB/VM/day data allowances from Azure Security Center.)

That is the limit for my current tier. Any ingested data over that quota was not being ingested. Not ingested data, nothing recorded in the Sentinel overview report.

If you select the Daily cap button at the top of the page you’ll get more information appear from the right as shown.

The two important things to note are that the daily volume cap is 0.5 GB/day and that the limit is reset at 2am UTC (12pm Sydney time).

When I checked the Workspace Pricing tier details, shown above, there is indeed a daily cap of 512MB.

Then when I looked at the overview report in Sentinel I see that data did indeed start begin re-ingest at 12pm local time (2am UTC) as expected.

So the next question was, how is it going to cost me avoid this situation and ingest all my data? Looking at the Pay-as-you-go pricing tier I see the estimated cost per month would only be AU$4.79. Easy choice. SELECT.

The important thing to remember with this ingested data is that you always get the initial 512MB per day free. Anything above that you won’t get any captured data unless you upgrade your pricing tier. But then you’ll only pay for the amount above the 512MB per day, which in my case was only about 34MB per day on average.

A good way to keep track of this sort of data, before it becomes and issue as it did for me, is to use the Workspace usage Report workbook which you can access from the Sentinel console as shown above.

Here you’ll see everything you need to keep on top of this total data you are ingesting and where it is coming from.

The reason I’m so much data is that I’m pulling security events from local devices. Most Microsoft cloud services include free ingestion, which is the place you should start. However, I had added a number of demo devices to my tenant which pushed me over the free 512MB limit. Most people should be able to stay well below this quota by default, at least to start with. However, if you ever need to upgrade, like I have, it’s still cheap for it provides!