Exchange Online mailbox check script update

I have just updated another of the free PowerShell scripts I provide on Github. This time o365-mx-check.ps1 has been given an update. You will find it here:

https://github.com/directorcia/Office365/blob/master/o365-mx-check.ps1

1. Prior to running the script you will have needed to install the Exchange Online PowerShell module. To set up your PowerShell environment I suggest you check out:

2. Connect to Exchange Online with PowerShell. For that I recommend you use my script:

That should result in you being connected to Exchange Online PowerShell as shown above.

Once you have your PowerShell environment setup, you simply run the o365-mx-check.ps1 script at the PowerShell prompt.

image

After checking that the Exchange Online PowerShell module is loaded and connected, the script will loop through all the mailboxes in your tenant.

image

For each mailbox it will check and display a number of settings as shown above including:

  • Users Display name and principal name
  • The primary outbound email address the mailbox uses
  • When the mailbox was created
  • Whether auditing is enabled for the mailbox
  • What the maximum age limit of audit log entries for the mailbox
  • Deleted items retention period
  • If Litigation Hold is enabled
  • If mailbox archiving is enabled
  • The maximum message send size
  • The maximum message receive size
  • If POP3 is enabled for the mailbox
  • If IMAP is enabled for the mailbox

Items that are not best practices will be highlighted in red for your attention as shown above.

By default, these results will only display on the screen, however if you specify the optional –CSV parameter when you run the script like:

.\o365-mx-alert –csv

A CSV file with the output will be created in the parent directory.

image

You will see the name of the CSV created at the end of the script as shown above.

image

Each CSV file is timestamped to ensure that a unique file will be created each time the script is run.

A log file, o365-mx-alert.txt is also created in the parent directory as well on each run.

image

The log file will be overwritten each time the script is run.

Thus, the o365-mx-check.ps1 script has 1 optional parameter, that can be used:

-csv = output all logs for period to a CSV file in the parent directory. A new CSV file is created for each script execution

The script will also produce a log file (o365-mx-check.txt) in the parent directory, that is overwritten on the each run of the script.

You will find this script and all my publicly available scripts at:

http://github.com/directorcia

Don’t forget to check back there regularly for updates. Also, if you have any feedback or suggestion on this script or what you’d like to see me create, please let me know. I also maintain a large array of additional scripts via a paid subscription. More details of that can be found at www.ciaopspatron.com.

Need to Know podcast–Episode 243

FAQ podcasts are shorter and more focused on a particular topic. In this episode I speak about what Office 365 ATP is and provide some best practice suggestions.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-243-office-365-atp/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

CIAOPS Patron Community

Office 365 ATP

@directorcia

All the Defenders

knight

Microsoft unfortunately has quite a few products under the ‘Defender’ banner that I see causing confusion out there. Most believe that ‘Defender’ is only an anti-virus solution, but that could not be further from the case. Hopefully, I can show you here how broad the ‘Defender’ brand is here and hopefully give you a basic idea of what each ‘Defender’ product is.

To start off with there are products that are considered ‘Window Defender’ products, although I see the Windows and Microsoft brand intermingled regularly. Here is a list of specific ‘Windows Defender’ products:

Windows Defender Application Control – WDAC was introduced with Windows 10 and allows organizations to control what drivers and applications are allowed to run on their Windows 10 clients.

Windows Defender Firewall – By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device.

Windows Defender Exploit Guard – Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps.

Windows Defender Credential Guard –  Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.

In contrast, here are the ‘Microsoft Defender’ products :

Microsoft Defender Smart screen – Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

Microsoft Defender Antivirus – Brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your organization.

Microsoft Defender Application Guard – helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet.

Microsoft Defender Security Center – is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.

Microsoft Defender Advanced Threat Protection – is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Microsoft Defender Browser Protection –  a non Microsoft browser extension helps protect you against online threats, such as links in phishing emails and websites designed to trick you into downloading and installing malicious software that can harm your computer.

So, as you can see, there are quite a lot of ‘Defender’ products out there from Microsoft. How and when you get each of these varies greatly as well as their capabilities, since most will integrate together. That however, is beyond the scope of this article but maybe something I explore in upcoming articles.

For now, just be careful to investigate what is actually meant when it says ‘Defender’ in the Microsoft space!

Audit script update

About two years ago I created a free PowerShell script to report on tenant logins by checking the Unified Audit Log. You’ll find that original article here:

Auditing Office 365 user logins via PowerShell

I’ve now updated the script and added some functionality as well. But before you go off and run the script, make sure you have completed the pre-requisites:

1. You’ll need to ensure that you have enabled your Unified Audit Logs in the tenant. You can see how to do that here:

2. Prior to running the script you will have needed to install the Exchange Online PowerShell module. To set up your PowerShell environment I suggest you check out:

3. Connect to Exchange Online with PowerShell. For that I recommend you use my script:

image

Once you have your PowerShell environment setup, you simply run the o365-connect-exov2.ps1 script as shown above.

image

That should result in you being connected to Exchange Online PowerShell as shown above.

image

At this point you can now run the o365-login-audit.ps1 script which you will find at:

https://github.com/directorcia/Office365/blob/master/o365-login-audit.ps1

image

That should output the list of user logins from the Unified Audit Log for the past day as shown. It will show you both successful and failed login attempts, the time they occurred, the IP that the login came from the user attempting the login as shown above.

image

If you instead run the o365-login-audit.ps1 script with the –fail parameter as shown above,

image

The output will only display failed login attempt details as shown above.

image

If you run the o365-login-audit.ps1 script with the –days parameter as shown above,

image

You will be prompted to enter the number of previous days you wish to check as shown above beyond the default one day. Remember, the more days you specify, the more logs need to be retrieved, and the longer the process will take.

image

The results will be displayed as before. You will notice the message line in the output to the total number of days being checked.

image

If you instead run the o365-login-audit.ps1 script with the –csv parameter as shown above,

image

You will notice the same output but you will also see a line, as shown above, that confirms the total results have also been sent to a CSV file.

image

if you look the parent directory, from where the script ran, you will find the CSV file (o365-login-audit.csv) mentioned previously as well as the script log file (o365-login-audit.txt).

image

The script log file (o365-login-audit.txt), as shown above, contains the output from what was displayed on the screen when you ran the script. This file is always overwritten when the script runs.

image

The CSV file contains all the log file entries for the period specified. This allows you to open the file in Excel and filter, sort and format as needed. A new CSV is created every time the script is run with the –csv option.

Thus, the o365-login-audit.ps1 script has 3 optional parameters, that can be used in any combination:

-fail = display only failed logins

-days = prompt for total number of days to check from current

-csv = output all logs for period to a CSV file in the parent directory. A new CSV file is created for each script execution

The script will also produce a log file (o365-login-audit.txt) in the parent directory, that is overwritten on the each run of the script.

You will find this script and all my publicly available scripts at:

http://github.com/directorcia

Don’t forget to check back there regularly for updates. Also, if you have any feedback or suggestion on this script or what you’d like to see me create, please let me know. I also maintain a large array of additional scripts via a paid subscription. More details of that can be found at www.ciaopspatron.com.

Power Virtual Agents

image

Keeping with the AI theme of late:

A dedicated Microsoft Cloud Search engine

and

Need to Know Q and A Bot

I’ve also been playing around with the ability to create bots in the Power Platform. You can try out what I’ve created here:

https://bit.ly/ciapowerva

Again, remember this is a chat bot not a search engine. I have also been able to integrate this chat bot into my Microsoft Team but the process isn’t as straight forward as clicking a single link and I’ll try to cover that off in more detail in an upcoming article for you.

In many ways the Power Virtual Agent chat bot functions like the Q and A bot mentioned earlier, but it does have some major differences. Behind the scenes there is more flexibility programming than with the Q and A bot:

image

I like the ability to visually create branching logic. This makes it a lot like Microsoft Power Automate to my mind. You can also create your own custom reposes as well as import from web site information, which is what I have done in my case. I also like the follow up and after event survey responses:

image

Which is all built in.

However, from what I can see, it is also much more expensive – https://powervirtualagents.microsoft.com/en-us/

image

Given that price plus the fact that you have to invest your own time to build something, I think this isn’t likely to be too widely adopted in the SMB space as yet. I do like the platform, compared to what I have seen so far but not sure whether it is really appropriate for a ‘casual’ play. If you are serious into automation and have lots of need for this type of thing, then it is probably going to be the platform of choice. We’ll see. I need more time will all of these tools.

I can see how all of these AI platforms utilise the same core abilities that Microsoft is building underneath. They are simply layering different interfaces over the top in essence. Some are aimed more at developers, while others are aimed at power users. I am still working out where all these fit in what I am looking to achieve and I’m sure they will all continue to improve over time. That’s kinda why I’m jumping on the AI band wagon now.

I’ll be diving deep into more of what I have found and how set all this up for yourself in upcoming articles. In the meantime I suggest you go and have a think about what you’d like to automate in your business and then look at what I’ve covered so far. It is all certainly possible, but as with anything in technology, you have to determine the best tool for your own needs.

Microsoft did a good overview video on Power Virtual Agents here: https://www.youtube.com/watch?v=nWxguR5B5-s

Need to Know bot for your Microsoft Cloud Q and A

Recently I wrote an article about using Microsoft At to create,

a dedicated Microsoft Cloud Search engine

Another form of AI that is available is a chatbot service for questions and answers. Many people have seen these already on web sites, where a helpful customer service rep appears on your web page asking if you need assistance. I have now created a similar chat experience which I have christened the CIAOPS N2Kbot.

You’ll find the N2KBot here:

http://bit.ly/n2kbot

image

When you first arrive you’ll see a page like that shown above. simply enter your question in the lower line (where it says type your message” and then press enter). I haven’t as yet automated it greet you as personally I find that annoying. So for now, you can interact manually.

image

You’ll see above that if I ask “what is aip” I get a response back about Azure Information Protection.

SNAGHTML19eeb575

At the bottom of the page, you’ll also find a link to add the N2KBot to your Team if you want, as shown above.

image

You can have it as a private bot or inside a channel if you wish. Once installed you activate the bot by starting a line with @n2kbot and then asking as question, like:

@n2kbot what is aip

as shown in the above example.

What is interesting about this chatbot versus the custom search engine I created previously, is how people so far have interacted with it. Most have treated this chatbot like a search engine, expecting to give them the exact answer to the question they asked. A chatbot really isn’t that. It is basically a list of question and answer pairs. That is, if you type in this (or close to it), then answer with this. It doesn’t search the web, it looks to it’s pre-programmed question and answers pair largely.

You can prime the chatbot with your own custom questions and answers or you can target web links. Sites that have lots of FAQs (frequently asked questions) on it ingest very well into the bot. However, it is important to remember that chatbots are not search engines.

So where could I see chatbot playing a role? I think they would work well for adoption, that is people asking basic questions about OneDrive for example (i.e. “How do I upload to OneDrive”) or things like “What is Sway”. So think of chatbots more as a way to answer common questions in an automated way. When you actually sit down and have a look at how many times the same or similar questions get asked you begin to appreciate the role that chatbots could play.

I am still testing this chatbot concept out in the area of providing information specifically on the Microsoft Cloud but, as I said, I can see an initial benefit in things like adoption, which I have started working on. In an upcoming article, I’ll show you how easy it is to create a chatbot like this in Azure. However, the idea for this preliminary article is to get you thinking about:

1. The differences between chatbots and search

2. Where a chatbot may make sense in your business. That is, what information is going to help with?

Once you have that, then creating an effective chatbot will be much easier in my experience.

In the meantime, feel free to have a play with the N2KBot and let me know your thoughts. It is far from perfect and only runs on the cheapest plan, so it might be a bit slow initially when you use it. However, once ‘awake’ it should perform normally. If you have some suggestions for the questions it should be able to answer, let me know, I’m very interested to hear other people’s thoughts on this.

My aim with all this, is to get the cogs in my head turning about where this new “AI” technology can effectively be applied. They are certainly beginning to turn in mine.

A dedicated Microsoft Cloud Search engine

image

Recently, I have been working with the Microsoft AI tools typically provided via Azure. Personally, I don’t like the term “Artificial” when it comes to AI because I really don’t believe that it is truly ‘Artificial” as yet. I therefore far more prefer the term ‘Automated Intelligence’.

Terminology aside, I have been looking at where these new “AI” style technologies can be utilised effectively. One of most common questions I hear is finding ‘good’ information about Microsoft Cloud technologies. It is all there in traditional search engines but it gets mixed in with everything else. So what I have done is used Azure Search to configure a service at:

http://bit.ly/ciasearch

that only searches through links that I have provided. The idea is to provide a quality set of links from Microsoft and others that provides the best information about the Microsoft Cloud. The idea being is that you get all the benefits of traditional search engines, less the advertising and across a list of high quality but specific sites. Hopefully, that means the chance of you finding what you are looking for to be much higher and of a better quality.

image

When you search for an item, as shown above, it works exactly like any other search engine. It supports the same query syntax (AND, OR, INCLUDES:, etc) and will return you a list of results as shown above from the material that it indexes.

Of course, any search engine is only as good as the information that it crawls, and I continue to add sources on an ongoing basis. However, if you wish to suggest a URL to include in the CIA Search then you can do that via:

https://bit.ly/ciasearchsubmit

I’ll review each submission and all to the engine if it is of a high enough quality.

The more people that use the CIA Search the better it will become, so please share this with others whom you believe may receive benefit.

Need to Know Podcast–Episode 242

In this episode Brenton reports back on his encounters with the AZ-900 certification exam. Spoiler alert – he passed! Congrats. I also speak with Nicki Borell all about information protection and labelling in Microsoft 365. of course Brenton and I bring you up to date with everything in the Microsoft Cloud. We hope you enjoy the listen.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

https://ciaops.podbean.com/e/episode-242-nicki-borell/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@nickiborell

SharePointtalk.net

YouTube – Technology and Me

Nicki Borell – – Linkedin

www.nickiborell.com

www.xpertsatwork.com

@contactbrenton

@directorcia

Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online

Making it easier to stay caught up with Cortana in Microsoft 365

General availability of Azure Files on-premises Active Directory Domain Services authentication

Security baseline (DRAFT): Windows 10 and Windows Server, version 2004

AZ-900 exam

Windows 10 2004 update

Audio