CIAOPS Secwerks 1 is now totally virtual

In the face of continued COVID uncertainty locally I have decided to move the whole Secwerks 1 event online. The event will now be conducted fully using Microsoft Teams. Registrations are still open for the event starting on August the 5th, but now spread over 4 half day sessions to lower fatigue levels. You can register now and find a link to more details at:

www.ciaops.com

The event times will be during Thursday and Friday afternoons here in east coast Australia (GMT+10) and may not suit other locations. However, every business that registers will receive a copy of the recordings as well as the training materials. Registration is also now per business not per individual.

The Secwerks event is focused on giving you actionable information around Microsoft 365 as well as best practices, automations and understandings about how to improve the security of these environments. If you manage an Office 365 or Microsoft 365 environment, this, now, virtual event is for you.

I am working hard to add some unique sessions to the agenda and will be confirming those soon. Thanks to those who have already registered for being so accommodating in the face of this unexpected pivot but I look forward to seeing you at the event from the 5th of August 2021.

Creating a file location with unique permissions in Microsoft Teams

I wrote and article about:

Creating unique file permissions with Microsoft Teams

but I thought I’d also do a video:

https://www.youtube.com/watch?v=13BifpwKTt4

as I do get this question a lot about having a different set of file permissions for users inside a Microsoft Team. Best practice is NOT to alter any of the existing permissions that are provisioned by channel creation. Instead, create a separate area, with the permissions you want, and then link that back into your team.

That provides a lot more flexibility and doesn’t ‘break’ any of the standard settings.

Getting Message Center information into Teams

Recently, I wrote the following article:

Syncing M365 Message Center to Microsoft Planner

which took you through the process of getting Message Center information into Microsoft Planner. as good as that it is, the best place for that information should really be in Teams. The reason? With Teams people can ‘chat’ about the topics which adds far more value for an organisation in my opinion.

The good news is that it is very easy to not only sync messages with Microsoft Planner but also have them displayed in Microsoft Teams. It is all accomplished using Power Automate.

Create a new Flow and use the When a new task is created trigger as shown above. You’ll then need to configure this trigger action to point to the same Microsoft Plan into which you have already set up to sync with the Microsoft Message Center.

The next action should Get task details as shown above. You’ll need this to actually read the notes from each task, which contains the details of each item from the Message Center.

In my case, I save the Description field from the task into a string variable using the Initialize variable action as shown. I then use a number of separate Compose actions to search and replace text inside that variable to tidy up and format the Description field for posting into a Teams chat.

For example I remove the /r/n characters and replace them with the HTML line feed tag </br> using the following expression:

replace(variables(‘description’),decodeUriComponent(‘%0D%0A’),'</br>’)

Once I have the Description field formatted the way I want it then I use the Post a message (V3) action as seen above. The Title of the new task from Planner is the subject of the thread and the body is my now nicely formatted Description field, which is the data from the Message Center item.

You can see the result in a channel in Microsoft Teams above. Now others can easily add their reactions, comments and generally collaborate far easier than within Microsoft Planner.

I think having the Message center information delivered to Microsoft Teams make a lot of sense since it is a place more people will be spending more of their time generally. However, getting the Message Center information into Microsoft Teams still requires the sync configuration to a Plan first. However, once that is done, Power Automate allows you to achieve just about anything!

Need to Know podcast–Episode 270

Join me for this episode with Microsoft MVP James Arber who’ll spend some time with us talk about Teams Voice. In short, he’ll help us demystify what it takes to get Microsoft Teams connected to the plain old telephone system. Microsoft’s world wide partner conference, Inspire is this week, and I’ll be tuning in to catch all the announcements from the event. I’ll bring you all those in the next episode, but not to be be outdone, I have a few handy links and news from the Microsoft Cloud to tide you over till then.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-270-james-arber/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

James Arber – Twitter, Linkedin

UCMadScientist.com

Teams and Skype for Business tools

@directorcia

Getting started with Microsoft Endpoint Manager

Three new voice features for Outlook mobile—now on iOS, and coming soon to Android

What’s new for admins in Microsoft 365 Apps for enterprise – June 2021

Enabling automation with Microsoft 365 Apps for enterprise

Get nostalgic with new Microsoft Teams backgrounds

New updates to the SharePoint admin center in Microsoft 365

Syncing M365 Message Center to Microsoft Planner

If you want to stay up to date with what Microsoft is developing and implementing with Microsoft 365, then you should be paying attention to information from the Microsoft 365 Message Center. You’ll find this in the Microsoft 365 Admin Center as shown above.

One of the options with this information is to have it delivered via email. To do this, select the Preferences cog as shown above.

Doing so will then display a number of configuration options on the right. Select the Email option from the menu at the top as shown.

You can now select whether to deliver these messages to the original tenant admin account, which is selected by default, but also up to two email addresses, which need to be separated by a semicolon. You can then select what emails you wish to received. Be warned, there are options for all Microsoft 365 services (like Exchange, SharePoint, Teams, etc) as well as major updates and privacy. Be careful of information overload here!

Select the Save button at the bottom of this dialog to update your preferences.

Another very handy option is to sync these messages with Microsoft Planner. To enable this option, select the Planner syncing menu item as shown above.

A dialog will now appear on the right, as shown above, that allows you to set up this process using a wizard. Simply select the Set up syncing button at the bottom of the page to commence this process off.

You’ll need to have a Microsoft Plan into which the Message Center will sync. If you don’t already have one, you can select the link on the page as shown to create one.

Your destination Microsoft Plan doesn’t need to be anything special. You need at least one bucket into which all the Message Center items will end up. In this case, that bucket will be the standard ‘To-do’ bucket.

Select the appropriate Microsoft Plan and the destination plan bucket, or select to create a new one.

Select the Next button at the bottom of the page to continue.

Like the email option, you now need to select which messages you wish to receive.

Select the Next button at the bottom of the page to continue.

You can now elect to import messages from a previous period i.e. messages already in the Message Center from the last X days.

Select the Next button at the bottom of the page to continue.

Review the settings.

Select the Next button at the bottom of the page to continue.

If you wish to set up an automatic process to sync the Message Center messages on a recurring basis, set the desired update time options and select the Create Flow with Power Automate button as shown.

Select the Continue button.

You’ll also need to sign in to allow access to the Message Center connector. Simply select the ‘+’ icon and the current account you are logged in with will be used. Ensure that a green check appears to the right of the Microsoft 365 message center as shown above.

Review the configuration and automatic syncing if enabled, and select the Done button to complete the process.

If you now visit the Power Automate service and look My Flows and Shared with me, you should see a Sync Microsoft 365 message center to Planner flow as shown above.

If you edit that Flow, you should see it simply has a recurrence trigger and a Sync messages to planner (preview) action, as shown above. The owners of this Flow will be the group associated with the Microsoft Plan you selected as your destination as well as the user who configured this process. You can always add more owners if you wish to this Flow. The Microsoft 365 message center connection will be authorised by the account you used to set up this process. This can also be altered if needed.

When Message Center data is synced to Planner it will look like the above, with all messages being delivered to the bucket that you nominated in the setup as individual tasks.

If you select any of these new Message Center tasks in Planner, they will appear as shown above, with details about the notification in the Notes of the task. These can now be used as any task would be inside Microsoft Planner.

As good as delivering Message Center information to Planner is, I feel that a better destination or this is actually Microsoft Teams. I’ll be covering off how to deliver it to a Microsoft Teams channel in an upcoming post, so stay tuned for that.

Security test script walk through video – Update 1

I have made some updates to my free security test script:

https://github.com/directorcia/Office365/blob/master/sec-test.ps1

The main improvement is the inclusion of a menu that allows you to select which test you want to run.

You can use the CTRL and SHIFT key to make multiple selections here.

The video also shows the results when the test script is run on a Windows 10 environment with Trend Micro and a Chrome browser.

Don’t forget to keep checking back for further script updates and improvements.

Windows Print Spooler Remote Code Execution Vulnerability–CVE-2021-34527

Information about this from Microsoft can be found here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

At the moment one of the work arounds is:

Option 2 – Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

You must restart the Print Spooler service for the group policy to take effect.

Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

You can also make that settings change via Endpoint Manager and Intune.

You’ll need to ensure you have an Administrative template (ADMX) profile in the Device Configuration profiles. If not, then simply create one.

In that Administrative policy settings do a search for ‘spool’ or the like. You should find the above setting under \printers – Allow Print Spooler to accept client connections, which you should then set to Disable as shown.

if you then save the policy it should be pushed out to all machines. According to the CVE, you’ll also need to restart the spooler service as well. You can do this with the following PowerShell command once the policy has taken effect:

restart-service –name spooler

Perhaps a reboot is easier anyway?

You’ll need to be careful about potential disabling existing printing configurations with shared machines, so it will be best to monitor the impact just in case.

Hopefully, a patch will become available soon for this but even when it does, I think leaving the setting disabled in general is a good idea!

CIAOPS Need to Know Microsoft 365 Webinar – July

laptop-eyes-technology-computer

Last months attempt at using Microsoft Teams Webinars went well and I’ll be continuing to use this going forward. Registration for this month is here:

https://bit.ly/n2k2107

Shortly after this you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite!

This month we’ll dive into email security with Microsoft 365, particularly the best practice configurations for Exchange Online. So please join us for this and all the latest news from the Microsoft Cloud.

You can register for the regular monthly webinar here:

July Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – July 2021
Friday 30th of July 2021
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.