Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
Once you have set up your PowerShell environment the next thing is to use it to connect to Microsoft 365 services like Exchange Online and Teams.
I have created several free automation scripts at:
https://github.com/directorcia
to make that process easy.
In this video, I’ll walk you through the steps of using what I have created to make it simple to connect to any Microsoft 365 service using PowerShell quickly and easily.
Here is a direct link to the video:
Keeping all your PowerShell modules up to date for Microsoft 365 is easy using the process in this video along with the free script I provide here:
https://github.com/directorcia/Office365/blob/master/o365-update.ps1
Simply use the script, with elevated privileges, and you can automatically update all the modules. If you then save the script locally, you can use an option to prompt you for each update if you wish.
Here is a direct link to video:
Slides from this month’s webinar are at:
https://www.slideshare.net/directorcia/october-2021-microsoft-365-need-to-know-webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
This video will show you the process of setting up PowerShell on a new clean Windows 10 environment to support working with Microsoft 365. Basically, you grab my free set up script here –
https://github.com/directorcia/Office365/blob/master/o365-setup.ps1
and paste that into an elevated PowerShell window and run it. The required PowerShell cloud modules will then be installed into your environment, making it ready to connect to Microsoft 365, Azure, Intune, etc.
Here is a direct link to the video:
I am happy to announce that Techwerks 13 will be held in Melbourne CBD on November 25th 2021.
The course is limited to 30 people and you can sign up and reserve your place now! You reserve a place by completing this form:
or by sending me an email (director@ciaops.com) expressing your interest.
The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into the Microsoft Cloud including Microsoft 365, Azure, Intune, Defender ATP, security such as Azure Sentinel and PowerShell configuration and scripts, with a focus on enabling the technology in SMB businesses.
Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.
The cost to attend in Melbourne is:
Gold Enterprise Patron = Free
Gold Patron = $33 inc GST
Silver Patron = $99 inc GST
Bronze Patron = $176 inc GST
Non Patron = $399 inc GST
I hope to also have a streaming option available as well. The costs for this will be:
Gold Enterprise Patron = Free
Gold Patron = Free
Silver Patron = Free
Bronze Patron = $33 inc GST
Non Patron = $99 inc GST
I hope to see you there.
This post is part of a series focused on Windows Defender Application Control (WDAC). The previous article can be found here:
Unfortunately, from this point forward, I can find no ‘official’ definition of the syntax of the WDAC XML file anywhere. Thus, I have done my best to try and decipher the file. However, please keep in mind, this is simply the determination that I can make looking at the file.
What I’ll focus on in this post is the FileRules block. This block is defined in the XML with the following boundaries:
<FileRules>
</FileRules>
The documentation I found about FileRules specifically is here:
Windows Defender Application Control file rule levels
which says:
File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary or as general as a CA certificate. You specify file rule levels when using WDAC PowerShell cmdlets to create and modify policies.
Between these headers can be the following definitions:
1. Generic Files
This would typically appear as:
<FileAttrib ID=”ID_FILEATTRIB_F_1_0_1″ FriendlyName=”Microsoft Teams” ProductName=”MICROSOFT TEAMS” />
2. Allow Files
This would typically appears as:
<Allow ID=”ID_ALLOW_A_1B_ONEDRIVE_1_1″ FriendlyName=”C:\Users\user\AppData\Local\Microsoft\OneDrive\21.119.0613.0001\ErrorPage.js Hash Sha1″ Hash=”25D362DEE9A4B04ACDFD0ABBAB7A415AA494DC98″ />
3. Deny files
<Deny ID=”ID_DENY_BASH” FriendlyName=”bash.exe” FileName=”bash.exe” MinimumFileVersion=”65535.65535.65535.65535″/>
Each of these definitions starts off with a ‘ID’ field either: FileAttrib ID, Allow ID or Deny ID. Next, comes a variable that will be used later to refer to the specifics of that file definition. Here those are: ID_FILEATTRIB_F_1_0_1, ID_ALLOW_A_1B_ONEDRIVE_1_1 and ID_DENY_BASH. From what I can determine, these IDs can be any text.
Next, is the FriendlyName field, which again can be any text but typically will be the file name, with or without the path. From what I can determine, this is simply a ‘tagging’ field. If the FileName or is not specified this Friendlyname field will be used as the actual file name.
The next field options are used to actually define the individual file on the system. This can be achieved in a number of different ways specified, including by path and file name, hash, file path, publisher and more as detailed here:
Windows Defender Application Control policy – file rule levels
The most common types of definitions I have found are:
– FileName field, which actually refers to the executable file i.e. bash.exe as shown above.
– FilePath field. which refers to the location of the executables i.e. C:\Program Files\*
– ProductName can be used to identify the file in question. I assume this refers to a product that is registered with the operating system.
– Hash which specifies a unique file hash
It appears that you can also use the field MinimumFileversion when specifying the Fieldname and Productname definitions
These file rule definitions will be utilised by later items in the XML configuration, so they must be present if they are going to referred to.
You can use the
and
for drivers
PowerShell command to generate these file rules.
The precedence order of these file rules is defined here:
but is basically, deny, then allow, then the rest.
That’s the best I can work out from the documentation and experimenting. I’m sure there is more information somewhere, and if you do find any, please let me know.
Part 5 – Specifying Signers
This video:
https://www.youtube.com/watch?v=Xilp56PVltI
will show you the steps to remove an Win32app from a Windows 10 desktop. It will utilise an existing Intune Application deployment policy to achieve this. It is able to do so because part of creating the initial deployment policy was the requirement to specify how to uninstall that same application. Thus, when you create an Application deployment policy in Intune you can use to add and remove that application from your environment.
This video:
https://www.youtube.com/watch?v=OYTye6RoW_c
will show the steps of creating an Intune application policy to deploy Adobe Acrobat Reader to a windows 10 desktop. You can use this same process to deploy just about any Win32 application to your environment.
CIAOPS 