If you update to the latest version of the Microsoft Teams app for iOS you will now find a What’s new option in the settings as shown above. This will provide you information about everything that has been to the current version of the mobile app.
The above from is from the message center of a Microsoft 365 Business tenants confirming that Shared Computer Access (SCA) will very soon to be available in Microsoft 365 Business SKUs. This will allow those SKUs to install Office desktop software on things such as on premises servers with a Remote Desktop Services (RDS) role (aka on a Terminal Server).
To do so previous required an Enterprise (E) license. This is big news for Microsoft 365 Business and further improves the value of this SKU!
We catch you up with everything in the Microsoft Cloud and then spend some time talking about the new certifications that have just become available from Microsoft for both Microsoft 365 and Azure. I share some of my experiences and thought around doing these exams and their value to all IT Professionals going forward. We’ll be covering more about certifications down the track but this one should get you thinking about which one you should do!
Take a listen and let us know what you think – email@example.com
You can listen directly to this episode at:
Subscribe via iTunes at:
The podcast is also available on Stitcher at:
Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.
A very common need these days is to do an email message trace. This can be done the old way in the Exchange Online Admin center or the new way via Mail Flow in the Security and Compliance center.
You simply enter the details and then run a search.
and the output looks like the above, where you can also drill in and get more detail.
As with all things Office 365, you can achieve the exact same thing using PowerShell as I have shown above. The code to achieve this is quite straight forward but I have uploaded it to my GitHub repo to save you the trouble:
Where PowerShell comes into its own is when you need to a variety of tasks, perhaps an investigation of a breach. Using PowerShell you can easily dump all the information to CSV for further analysis rather than having to root it out in the web interface.
Before much of what is covered here is possible you need to ensure you have enabled all the logging in your Office 365 tenant. I’ve covered how to do that here:
Once you have done that you will be able to track what’s going on in your tenant much better.
In the situation of a compromised mailbox, a bad actor has control of it using legitimate credentials. This eliminates looking for failed logins, because there won’t be any. It also makes the finding the bad actor tougher because their access is most likely mixed in with the legitimate user.
The place to start is to run an audit log search as I have detailed here:
However, as I mentioned, we can no longer search for failed logins, we need to use a different search criteria. I would suggest that you instead run a search using the attribute “User signed in to mailbox” as shown above. That will produce something like shown for all users. Problem with this is that times and dates are in UTC not local time and it is cumbersome to manipulate in a web page. You can of course manipulate by exporting the results to a spreadsheet for more control.
Unsurprisingly, I feel PowerShell offers a much better solution to check the logs and report as you can see above. The script to do this I have made freely available at my Github repo here:
Basically, it will search the Audit log for Exchange Items that are Mailbox logins and send that output to a nice table via the Out-Grid command. As you can see, using Out-Grid you can now easily sort by time by clicking the column heading, and thanks to the script, the times are local not UTC!
By default, the script will check the last 48 hours but you can easily modify that to suit your needs by either entering the scope in hours or entering a start and end date in the variables at the top of the script.
With this output I can now look for suspect IPs that login into the mailbox and begin hunting from there. However, remember, all of this relies on you enable your auditing BEFORE you need it. So, if you haven’t enabled it, go do it now! You’ll find scripts to enable the logs also in my Office 365 repo here:
Hopefully everyone is well aware of the need to protect Office 365 email from inbound spam, however what are you doing about outbound spam?
Hopefully, no bad actor gains access to your environment BUT if they did and they started using you accounts to send spam email how would know?
For this reason, I suggest that it is a good idea to go into the Exchange Administration console, select Protection, then Outbound spam. Edit the default policy (that’s really your only option), then select outbound spam protection on the left hand side. Then I suggest you should enable the option to send an email when there is a suspicious outbound email to somewhere that is monitored.
That obviously, won’t stop outbound spam but it should at least give you a heads up that it is happening.
While setting up a new iPhone that was enrolled in MDM and using Intune, I came across an issue when setting up the Qantas app on iOS.
The lesson here is, that if something is blocked on your device that is managed by Intune, then most likely that setting is being controlled by an Intune policy and you’ll need to make the change there.
The next instructor lead, all day, technical whiteboarding workshop session I’ll be doing on Microsoft Cloud Technologies (Office 365, Microsoft 365, Azure, Intune, Windows 10, etc) will be held in Perth on Friday April 12th, 2019. The course is limited to 15 people and you can sign up and reserve your place now!
The content of these events is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into Intune, security and PowerShell configuration and scripts, however that isn’t finalised until the day.
Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.
The cost to attend is:
Price inc GST
|Non Patron||$ 399|
To register, simply email me – firstname.lastname@example.org and I’ll take care of everything from there.
The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Perth on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (email@example.com) and I can let you know all the details as well as answer any questions you may have about the event.
I hope to see you there.