Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
One of the items that I always forget how to configure when working with a new profile is the Publish as PDF option you see here in the Quick Access Toolbar.
I find this to be really handy when trying to live the ‘paperless’ office’ dream.
You can set the same Quick Access Toolbar options in all Microsoft Office documents.
You can take a look back at last year’s gear here:
there were/are some major changes happening with my assortment.
Pixel XL phone – still using this as a ‘secondary’ phone. It has all the Microsoft apps installed on it and is connected to my Office 365 demo account. Most importantly, it has the Microsoft Authenticator app for MFA access to my demo accounts in Office 365. Anther major app I use on this phone is OneNote for accessing all my notes.
I connect this phone in my car for navigation (Waze), Podcast (Podcast Addict) and have recently discovered I can also get Amazon Music there as well via the phone. An upcoming post will detail all the mobile apps I use on my devices for you.
This phone continues to perform all the tasks it needs to well and I have no plans to replace it in the near future.
Summary – No change, still in use every day.
Lumia 950 XL – This Windows Phone continues to work but is beginning to show it’s age and lack of support. My main use of this device is simply to make and receive calls, but of late I’m starting to get issues where this isn’t always happening for some reason. Now that may not be the phone, it may be the sim or the network, however I’m also getting more lock ups and random reboots. Nothing major, but painful when it happens. Would it continue to work as an acceptable phone only device? Sure, but is that really serving my purpose and providing the best benefit? I’m beginning to think not.
Thus, I think one of the changes I’ll need to make in 2019 is to finally retire this device and look at a replacement. Given that I already have a functioning Android phone my choice is probably going to be an iPhone. However, given the outrageous prices of iPhones I’m not looking forward to that day and am waiting for some sort of sale or discount offer to eventuate. I have also read that there will be new iPhones coming soon with better support for e-sims so maybe I’ll hold off until then. It is really just my aversion to paying THAT MUCH for a phone.
So sometime this year it will be bye, bye Windows phone and hello iPhone (as well as bye, bye many dollars unfortunately at the same time).
Summary – will probably be replaced by iPhone sometime in 2019 once I can bear the cost of doing it.
Surface 3 and 4 – Are both working well. I use the Surface Pro 3 as a travelling device and the Surface Pro 4 as my desktop. I am considering getting a new travelling device or maybe a new desktop device, say a Surface Pro 6, and using the Surface Pro 4 for travel. I considered maybe a Surface Go as a new travelling device but decided it would not be powerful for what I need.
Looking a Surface Pro 6 brings into question what specs? I certainly don’t need a lot of local storage any more so a 256 GB SSD is fine. That storage capacity then limits me to 8GB of RAM, which I think is also fine. The final choice is an i5 or i7 processor. Since I’m going for a cheaper device here I’d look at the i5 processor as it does everything I need.
Some things to remember about buying a Surface. You’ll also need to add a keyboard and a pen. Doing so brings the price of such a device up to around AU$2,000! However, the biggest drawback is that these current generation of Surface Pro devices only come with Windows Home! On a Pro device? So, I’d now have also factor in an upgrade to Windows Pro as well. Now, that isn’t a huge issue but all up that is lot to pay for a desktop that I kinda really don’t need given the other two are working fine.
If you also couple that with the desire to get a new iPhone, the costs of hardware for both of those devices combined is approaching AU$5,000 which is madness for things I don’t really need urgently. Thus, I am putting both of these on hold until there is a more burning need for them. If a I see a good deal appear for either of these devices I might jump in, but man, that’s a lotta dollars for computers eh?
Summary – considering a Surface Pro 6 to replace Surface Pro 3 but need a practical and rational reason to make immediate change.
iPad – One of the other reasons I was considering a Surface Go was as a pure writing device to totally replace the pen and notebooks that I have. I have wanted to go totally paperless for years but never found the right device. The Surface Go was a contender but once you added all the bits, it became too expensive and somewhat bulky.
I then decided to go with the bottom of the range iPad (WiFi only) and an Apple pencil which brought the total to around AU$500. The Apple pencil is a tad cumbersome and I would prefer something about half the size. I like that it is re-chargable, which the Surface pens aren’t, but that isn’t a huge issue. The Apple pencil does write well but I see no real difference to a Surface pen in that respect but the Surface pen wins on form factor if I was to make an ergonomic choice.
Another reason for the new iPad was my original iPad 2 is now no longer able to be upgraded to new versions of iOS and has become quite slow. So my thinking was to get a new personal iPad device and repurpose the older iPad for testing. The last thing I need to do before I can fully repurpose the older iPad is move the Google Authenticator app off it to another device. That is going to be a major pain that I have so far put off but will need to be done sooner rather than later.
I’m now using this new iPad for anything to do with writing, business and personal. This new device has probably had the biggest impact on the way I do things in the last 12 months.
Summary – new basic iPad is now a central part of my daily routine. Old iPad 2 soon to be repurposed for testing.
Ubiquiti – After having a consumer grade WiFi setup for ages, and after some connectivity issues (which turned out not to be the WiFi after all) I decided that my whole setup needed upgrading. My greatest concern was that the consumer gear firmware was not being upgraded and that would potentially increase my risk, so it was therefore time to upgrade.
After reading Troy Hunt’s post on Ubiquiti and watching his free online course as well, I decided that I wanted something similar. I thus invested in:
– UniFi nanoHD WiFi access point
I left my old router in place but disabled the WiFi access point and simply use it as a pass through now. I then connected it to the Security Gateway, connected everything else up behind the gateway and then configured it all from a web interface. Very, very impressed with the results. Super simple install. Easy to update the devices and great metrics on usage, devices and so on. Highly recommended.
One of the items that I am considering for 2019 will be a Ubiquiti camera like this:
Again, not really a must have but I can see benefits of having one of these device to monitor things when I’m not there.
In theory, the Australian high speed National Broadband Network (NBN) was supposed to be rolled out to my location in December 2018. I hope that it isn’t too far away so I can complete the final part of the upgrade of my infrastructure and finally get some real high speed connectivity in place. I can’t wait.
Summary – very happy with major upgrade of my networking systems to Ubiquiti gear, with potentially a camera to be added. Awaiting roll out of NBN to complete project.
Docking station – Initially, I though that the cause of my connectivity issues was my old consumer grade WiFi but it turns out that the network port in the my existing Kensington USB 3.0 Docking Station SD3500v was becoming flaky. Problem was the docking station drives a lot of things besides my wired networking, like multiple monitors. The temporary solution was to just unplug the wired connection and go wireless with the Surface Pro 4. The longer term solution is going to be buying a new docking station.
The replacement is going to be:
Kensington SD7000 Surface Pro Docking Station
Unfortunately, there doesn’t appear to any here in Australia at the moment, so I’ve also added that to the 2019 wish list as a priority.
Summary – Kensington SD3500v has flaky network port and will thus probably be replaced with Kensington SD7000.
WD Sentinel DX4000 – I’d also like to upgrade this device as the installed Windows Server 2008 R2 is going into end of life. I’d like to be install Azure File sync on any device and that means Windows Server 2012 R2 or better. I don’t think that it would be a good idea to do an in place upgrade of the equipment, so new infrastructure seems to be required.
Now if I go for a new on prem server, do I get something a bit bigger that can actually function like a ‘normal’ server so I can do more testing? Like I said, I’d really like the ability to install additional software on there but all these wants increase the price. Maybe, I just leave the existing server in place but get a new ‘front end’ box to do what I want?
I still rather undecided on what to do here. Again, the existing server is doing its job well and suits my needs, however having some additional flexibility would be nice, especially for testing hybrid configurations. For the time being I’ve decided to put this on the back burner but would like to do something in 2019.
Summary – on the back burner to upgrade or replace.
Fitbit – The old Fitbit recharging port on the unit has become so broken that the charging cable will no longer attach to it. The cost of replacement items is too high in my books and I really don’t want another watch as I like my analogue one. Having used a Fitbit for many years, I have a lot of accumulated data that I’d be forgoing if I went to another device. However, on the other hand, how often do I look at that data? Rarely, if I’m honest.
The most likely replacement is probably going to be the Oura ring, which I really like all the metrics around it. Now the challenge is I need to get my finger measured to find the right size. Oura does ship a sizing kit that allows you to check the size using plastic mock ups before you confirm but you still need to purchase the whole unit first.
Being a few hundred US$ doesn’t make this item cheap. Being that I also REALLY don’t need this item I’ve still in the due diligence phase, making sure that it is the best investment for my money as I know there are other devices out there. So again, probably something I’ll get in 2019 but no real rush as yet and as yet I’m not 100% sold given the cost.
Summary – Fitbit has died after a long and productive life and it looks like the Oura ring will be the replacement.
Amazon Kindle – In use every day, no change. One of the best devices I have ever invested in.
Xbox One S – Twelve months old now and use it mostly to watch videos on Amazon Prime or YouTube. Play the occasional game when the mood takes me. Makes for a good distraction when the need arises.
Summary – mainly used as a consumption device with some gaming. No change or updates expected in 2019.
My major hardware investments in 2018 where new Ubiquiti networking and a new basic iPad to replace all paper notebooks. On the cards for 2019 are probably a new iPhone, Oura ring and docking station. What also will probably eventuate is a G3 micro video camera, new on prem server and maybe a new Surface Pro.
Let’s see what 2019 brings.
his post my annual post is aimed at bringing the links to everything I have out there on the Internet together into a single place. Here we go.
About me
Social Media
Free Stuff
Regular technical and business information, tutorials, walk throughs, learnings, upcoming courses and more.
Here you’ll find currently almost 200 videos full of tutorials on SharePoint, Office 365, Azure and technology.
Presentations and whitepapers for free download.
Slideshare – https://www.slideshare.net/directorcia
Documentation for older versions of SharePoint on premises, especially the free versions and those that came with SBS.
Whitepapers and superseded documentation lives here.
With almost 200 episodes and now entering it’s 9th year my podcast focuses on providing you news and updates from the Microsoft Cloud around Office 365 and Azure.
You can subscribe using iTunes or Stitcher.
After the course complete this morphs into my Office 365 newsletter.
CIAOPS Yammer network is place you can visit to get answers on everything Microsoft Cloud all in one Yammer network:
Need to Know webinars are held monthly and announced on my blog but you can always register and get the details for the next one here:
Commercial stuff
This stuff helps pay for free stuff above so I appreciate your support for my paid work.
Access to the private CIAOPS community for technical support, product discounts and access to the best Office 365 and Azure information
For end user focused training on Office 365 services and applications:
Lots of courses on Office 365, PowerShell, Azure, SharePoint and the like.
Designed to help technology companies become cloud service providers
General Interest
This accounts sends a tweet to commemorate a significant dates from the Australian battles in France during World War 1.
I’m a big believer in supporting those who want to build their own business but just need a leg up to get started. Kiva is simply and easy way to provide this and I recommend this to everyone.
In 2018 I read over 20 books. That means I do a lot of reading on a variety of topics and with Goodreads you can follow along with the books I’m reading as well as those that I add to my bookshelf. I’ll have an upcoming post on my recommended reads, so watch out for that post coming soon.
In a recent article:
Investigating an Office 365 account compromise
I detailed how, if you go into the Azure AD sign in logs for an individual user you’ll probably see a huge amount of failed logins because automated hacking tools are banging away trying to brute force access into these accounts.
Once you see the sheer volume of attempts, constantly trying to gain access, you’ll hopefully appreciate how important Multi Factor Authentication (MFA) is because it means that even if the password is guessed then to login there is a need for another factor, like a security PIN.
So you think your safe with just MFA eh? Well, perhaps not as safe as you may think, because there is a good chance that basic authentication is still enabled on the tenant. What is basic authentication? Simply a login and password. Why is it still on? Because enabling MFA for users doesn’t disable it, it remains in place as a fall back.
With basic authentication still in place, this allows bad actors to keep banging away on your tenant trying to brute force a password. If you haven’t got MFA enabled for users, it is probably only a matter of time before a user’s password gets brute forced. Even if you have MFA, it is better to not even provide bad actors the ability to get one step closer to actually logging in now is it?
If you are serious about security for your Office 365 tenant then you need to enable MFA AND also disable basic authentication. Is this going to break stuff? If you are using application prior to Office 2013, for example, then yes, but you shouldn’t really be using those anyway.
To understand how to disable basic authentication and the ramifications of doing that, have a look at the following article:
Disable Basic authentication in Exchange Online
Most security conscious people should be using modern applications that mean that switching off basic authentication shouldn’t cause an issue at all.
After you have disabled basic authentication, go back into your logs and see how all the attacks I’ve mentioned previous effectively cease. It ain’t magic, you’ve just hardened your tenant by reducing the risk surface area. For bonus credits on securing your tenant take a look at:
Azure AD and ADFS best practices: Defending against spray attacks
I also have the following script in my GitHub repo:
https://github.com/directorcia/Office365/blob/master/o365-modern-auth.ps1
that will enable modern authentication in your tenant when run. However, beware of enabling this as it can cause issues, especially older (pre-Office 2013) applications.
So remember, yes enable MFA across your Office 365 organisation but ALSO disable basic authentication as well!
Office 365 has a good deal of security available out of the box, however much of it needs to be fully configured from the defaults. Add to this the additional security options Microsoft 365 Business brings to the table on top of what Office 365 provides as standard. Services like Office 365 Advanced Threat Protection (ATP), Data Loss Prevention (DLP), Legal Hold and so on are included with Microsoft 365 Business and most also still need to be configured appropriately.
Configuring security options is nothing new. IT Professionals have been doing it for years. That won’t change just because services are now in the cloud.
Even after you have configured all of these services appropriately, there are more security options you can add on from Microsoft. I think that probably the best add on security service you can bolt on to your Microsoft/Office 365 environment is Office 365 Cloud App Security.
You can simply add the Office 365 Cloud App Security to any existing tenant and then assign it to your users. As you can see from the above (in $AUD), it is pretty cheap for what I’ll show it can do for you.
Now before I get too far down the path of explaining Office 365 Cloud App Security I need to let you know there is a more advanced version of this service called Microsoft Cloud App Security that I’ll cover in more detail in an upcoming article. Here, I’m going to focus on Office 365 Cloud App Security. If you want to know the differences between the two services take a look at:
What are the differences between Microsoft Cloud App Security and Office 365 Cloud App Security
Once you purchase a subscription to Office 365 Cloud App Security and assign the licenses, you will see an extra option appear the Alerts section of the Security and Compliance center, as shown above. Selecting the new Manage advanced alerts menu item will display the Managed advanced alerts screen on the right. Like most security option in Microsoft 365, you’ll need to go in there and enable it the first time you visit.
Once it has been enabled select the Go to Office 365 Cloud App Security button.
You’ll now be taken to the Office 365 Cloud App Security console and a list of policies as you can see above. These are the default policies that are created for you and it is possible to create your own policies which I’ll cover soon.
Take a moment to have look through the list of default policies and you’ll find the cover some very common scenarios.
In this case, I’ve click on the Mass downloaded by a single user policy to view the details.
The real heart of the policy is the Create Filter for the policy section a little down the page as shown above. This is where you create the rules to determine when an alert should be activated.
A little bit further down the screen you’ll find the section to manage the alerts. Here you’ll see the option to send an email, text message and the new preview option to trigger a Microsoft Flow. This new Microsoft Flow feature will allow you to automate just about any action if the alert is triggered.
The Governance section at the bottom of the page shows you the default actions that you can take when an alert is triggered, including the ability to suspend the user and force them to sign in again.
The above shows you a custom policy that I have created that will alert me when an Office 365 administrator logs on outside my corporate network.
Once you have customised the default policies and add any custom ones all you need to do is wait until an alert is triggered.
When you receive an alert via email it will look like the above with links to take you straight to the policy match.
You can now view any alerts in the console as shown above.
When you select an alert you can dig deeper into the details as shown above as well as Dismiss or Resolve it by recoding how it was (these are in the top right corner of the screen).
Not only can you configure and view very detailed alerts but you can also view the Office 365 Activity Log as shown above. This is very, very handy and much easier than having to use the interface in the Security and Compliance center or an exported CSV file.
If you click on an item you again get a huge amount of information as shown above.
The buttons in the top right of the item allow you to search on similar:
– Activity types (i.e. here Log on)
– Activity from the same user
– Activity from same IP
– Activity from same country and region
– Activity in the same time frame
The above shows you the failed logon activities, each of which you can drill into for more information.
So the second things the Office 365 Cloud App Security can provided is a detailed way to browse and investigate the Office 365 Activity log.
Another thing Office 365 Cloud App Security can do is ingest the logs from on premises firewalls and UTM devices and display them in a dashboard as shown above. Here you can see exactly what cloud apps are being used in your environment. The idea is that it helps you identify shadow IT and prevent the leakage of corporate data from non authorised applications.
That’s a lot of power for a very small price in my books and makes Office 365 Cloud App Security a worthwhile investment for your environment. If you want even more power then you can look at Microsoft Cloud App Security which I’ll detail in an upcoming article.
If you are serious about monitoring your Microsoft/Office 365 environment quickly and easily, then nothing beats Cloud App Security. For most, Office 365 Cloud App Security will do what is required but remember that for only about $1 more, Microsoft Cloud App Security has even more power.
You can of course sign up for a 30 day trial of either product in your tenant today and try it for yourself. I’m pretty confident when you see everything that it can do you’ll happy add to the tenant going forward.
So when you get Microsoft/Office 365, I suggest Cloud App Security (either Office 365 or Microsoft) as something that you should add for sure if you are serious about security (and who isn’t these days??).
Join me with Nigel Moore for this episode as he talks about what successful Managed Service Providers (MSPs) are doing and thinking with the Microsoft Cloud and also into the future. Nigel shares his wealth of experience from running a successful MSP and now running a coaching business focused on helping MSPs become more successful. being the last episode before Christmas and New Year, both Brenton and I wish you all the best for the holiday season. We appreciate your support in 2018 and look forward to you joining us again in 2019.
Take a listen and let us know what you think –feedback@needtoknow.cloud
You can listen directly to this episode at:
https://ciaops.podbean.com/e/episode-198-nigel-moore/
Subscribe via iTunes at:
https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2
The podcast is also available on Stitcher at:
http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr
Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.
Resources
Zapier and Microsoft Teams integration
Introducing the Microsoft 365 freelance toolkit
What’s the difference between OneNote and OneNote 2016?
Microsoft 365 update for November 2018
Updates to Azure AD Terms of Use functionality within conditional access
An easy way to bring back your Azure VM with in place restore
I’m starting to get lots of questions about how to determine when exactly an Office 365 account was compromised. Typically, the two most common compromises are phishing and weak passwords. This article is going to focus on one of the ways weak passwords are exploited.
The first thing to appreciate here is that, generally, Office 365 won’t maintain logs needed for detailed investigation beyond 7 days and secondly most logging in Office 365 is disabled by default. There are a number of different audits in the product that you should enable, the major one is Activity auditing which I have detailed how to enable here:
Enable activity auditing in Office 365
The place I suggest you start any investigation is with my free PowerShell Office 365 user login auditing script which I have detailed here:
Auditing Office 365 logins via PowerShell
If you are a CIAOPS Patron subscriber I have an enhanced version of this same script that also outputs the results to a CSV file.
The above shows you the screen output of this script. You’ll see successful logins in green and unsuccessful ones in red.
The indication that an account has been compromised will either be:
1. Successful login from a suspicious IP address (indicating phishing and the fact that the bad actors already have the user’s password)
or
2. A number of failed logins to an account followed immediately by a successful login (indicating that the account password has been guessed via brute force).
In this article I’m going to focus on hunting down item 2, as item 1 is tougher, and means combing through IP addresses.
So, what we now need to do is take a look at the CSV file the script generated and see if we can find the login pattern we are looking for.
I’m using Excel as my primary investigation tool here as it provides more flexibility than other tools for me.
Firstly, I’m going to insert a table to make querying data easier.
Next, I’m going to filter out my know corporate IP addresses so I am only left with those I don’t recognise. In this case, I’m also going to only focus on a single user. Finally, I’m going to sort the times from newest to oldest.
Now what I’m going to do is hone in on an unfamiliar IP – in this case 110.82.6.244. When I filter the file further I find over 85 entries for that IP as shown above. The interesting things is that these entries happen sequentially on the same day and start at 1:16AM and end at 1:35AM. This confirms that my account has probably been the subject of some sort of automated ‘password spray’ attack. This basically means the bad actors have used an automated process to repeatedly try to login to my account using different passwords.
What passwords are they using? There are huge tables out there with all sorts of passwords people like to use. Where did these tables come from? Typically from systems that have been compromised and had all their login credentials stolen. These stolen credentials are now being re-purposed sand used to attack other accounts. Have a look at Troy Hunt’s site:
if you haven’t already to get an idea of the sheer volume of credentials there are in the wild.
You’ll note that in this list I don’t have any filter on the Operation column. Why? Because, I’m look for the pattern of repeated logins failures and THEN a successful login indicating that the account password has been guessed.
Luckily, for this attack IP address I don’t see that pattern. So basically, they tried 85 different attempts over a 20 minutes or so and don’t appear to have gained access. Phew.
When I do a lookup on the location of this IP address, I find it is in China.
I can do some more investigation by digging into the user account details in the Azure Active Directory service inside the Azure portal as shown above.
Basically I’ve gone into the Azure portal, selected the Azure Active Directory service then select Users and then the specific user I want to to investigate.
From the items that appear on the left for that specific user I select Sign-ins and then customise the search so that:
Application = Office 365 Exchange
Status = Failure
You then need to select the Apply button to update the query. Once I have done this I now get a list of login failures as you can see above.
If I select an entry in question (i.e. one from the previous results in the CSV file generated by my script) I see the above details.
The details show it is from the same IP address (110.82.6.244) and that client app in question was SMTP, i.e. the login was attempting to do an email account login.
It is also interesting to note that Microsoft blocked the attack by locking the account because it tried to login in too many times. Thus, Microsoft is detecting this common sort of attack and mitigating it based in the IP address and the repeated attempts from a single IP address. Thanks Microsoft.
You can click through the remaining links at the top of the page to get other information.
Unsurprisingly, there is no device info as you can see above.
This screen also gives you the option to download this log information to a CSV directly from the Azure portal for further analysis if you want. Down side is, that it is simply the single user you see here, not across all the users in the tenant.
Now that tenant wide option is available if you return to the top level options for Azure Active Directory, but you’ll need to have a subscription for Azure AD Premium P1 or better.
What I have therefore shown you so far will work with any Office 365 tenant and that is probably a good place to call and end to this particular article. I’ll be doing more around additional investigation options available in both standard and premium offerings soon, but for now I’ll leave you with an article from Microsoft that everyone managing an Office 365 environment should read:
Azure AD and ADFS best practices: defending against password spray attacks
and watch out for more from me around detecting and blunting attacks on Office 365.
YOUR call to action after reading all this should be to go and check your tenant for attacks like this and ensure you are doing everything you can to prevent their possible success.
I spend a lot of my time logging in and out of various tenants using PowerShell. Some tenants require Multi Factor Authentication (MFA), others don’t. Sometimes I need to just use SharePoint Online or maybe Exchange and Teams.
Already having all the appropriate online services connection scripts in my Github repo here:
https://github.com/directorcia/Office365
I wanted a way to make it easy for me to login to any tenant, MFA or not, as well as an service, or combination of services. Thus my latest script at:
https://github.com/directorcia/Office365/blob/master/o365-connect-bulk.ps1
provides a neat solution I believe.
They way it works is that:
1. You need to copy all the files from my Github repo to a directory on your local environment.
2. Execute the o365-connect-bulk.ps1 script where all the scripts are with following command line options:
-mfa if MFA required for login
-std if Microsoft Online connect required
-aad if Azure AD connect required
-exo if Exchange Online connect required
-s4b if Skype for Business Online connect required
-sac if Security and Compliance Center connect required
-spo if SharePoint Online connect required
-tms if Microsoft Teams connect required
-aadrm if Azure AD Rights Management connect required
You can combine some or all of these onto the command line like so:
.\o365-connect-bulk.ps1 –mfa –exo –tms
which will do a login with MFA for Exchange Online and Microsoft Teams. Or:
.\o365-connect-bulk.ps1 –std –spo
which will login with no MFA to Microsoft Online and SharePoint Online.
The way that I use scripts is to break them down into small scripts. I don’t like the idea of large ‘mega’ scripts that do everything because they are harder to maintain and when they break they are harder to debug. This way, o365-connect-bulk.ps1 relies in the other stand alone scripts in the same directory which it calls as needed.
The down side to this approach is that you may need to login to the tenant multiple times as each independent script runs. That is only initially and a small price to pay for the added flexibility and functionality I would suggest.
If need to login to many different tenants and services throughout the day then this bulk connection script should help you.
CIAOPS 