Jan 18
Exchange Online–Clearing for good previous mailbox information

This update will be very interesting for migration context to Exchange Online – may be other situation too but can’t see it right now.

Microsoft is introducing a new parameter to the Set-User command to permanently remove previous Exchange Online details.

Imagine the following scenario:

  • User have Exchange On Premises mailbox
  • You have Azure AD Connect in place and synching
  • You prepare to migrate the mailbox and assign an ExO license to the user
  • Unfortunately there was an issue which blocked the Exchange On Prem GUID to be synchronized and so you ended with 2 mailboxes for the user: one On-Prem and one Online

Removing the online mailbox has been always tricky in this situation because you have a 30 days retention period; meaning even when you remove the ExO license, the next time you will re assign the license ExO will automatically reassociate the ‘wrong’ mailbox.

There was no other way than deleting the online user account, but this also impacts other Office 365 workloads.

With this update, you will be able to get rid for good of the ‘incorrect’ Exchange Online mailbox

Set-User <email address> –PermanentlyClearPreviousMailboxInfo

Jan 16
Exchange Online – Real preview of quarantine emails

As you may already know, you had the ability to have a preview of a quarantine email before deciding what to do. But this preview was basically raw data (plain view), meaning if the email was in HTML format you basically got the HTML code displayed, making it complicated to review it.

An update has been deployed which allows you to choose if you want to view the raw data (as before) or switch to HTML view.

This applies to both end-user self service quarantine (accessible using https://admin.protection.outlook.com/quarantine) or for administrators reviewing quarantine emails from the Security and Compliance portal (https://protection.office.com/#/quarantine)

When previewing a quarantine email, just switch to HTML view (end-user) or HTML (administrators)

NOTE end-user will get a notification to remind them even if the content has been sanitized, this still could be dangerous

imageimage

Dec 21
Microsoft Deployment Toolkit (MDT) 8450 is now available

The latest and new release of Deployment Toolkit (MDT) for Windows is now available for download at

https://www.microsoft.com/en-us/download/details.aspx?id=54259

This version supports Windows 10 build 1709 (Fall Creator Update) and SCCM current branch (1710), as well as includes some fixes like:

  • Win10 Sideloaded App dependencies and license not installed
  • CaptureOnly task sequence doesn't allow capturing an image
  • Error received when starting an MDT task sequence: Invalid
  • DeploymentType value "" specified. The deployment will not proceed
  • ZTIMoveStateStore looks for the state store folder in the wrong location causing it to fail to move it
  • xml contains a simple typo that caused undesirable behavior
  • Install Roles & Features doesn't work for Windows Server 2016 IIS Management Console feature
  • Browsing for OS images in the upgrade task sequence does not work when using folders
  • MDT tool improperly provisions the TPM into a Reduced Functionality State (see KB 4018657 for more information)
  • Updates to ZTIGather chassis type detection logic
  • Upgrade OS step leaves behind SetupComplete.cmd, breaking future deployments
  • Includes updated Configuration Manager task sequence binaries

 Enjoy

Dec 21
Office 365 – It is time to move from TLS 1.0 and 1.1

In order to improve the security, Office 365 services are going to stop supporting Transport Layer Security (TLS) 1.0 and 1.1

If you are in hybrid scenarios (either with Exchange or Skype for Business) and/or if you use AD FS for your authentication services, you need to ensure your on-premises services supports TLS 1.2

Starting March 1st, 2018 if you did not upgrade to TLS 1.2, online services will not be accessible.

You can read this article which provides guidance to move to TLS 1.2 https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

Dec 13
Azure – Another security problem with Azure AD Connect

It has just been published (December 12th, 2017), a new potential security hole in Azure AD Connect (at least version 1.1.649.0, the advisory bulletin does not specify the impacted version(s)) which could leads the Azure AD Connect service account with insufficient restriction when Azure AD Connect automatically creates it.

See the advisory bulleting available at https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4056318 for more details and additional actions to lockdown the service.

You are also invited to upgrade to the latest version (1.1.654.0) from http://go.microsoft.com/fwlink/?LinkId=615771

Dec 13
Exchange Online – Clutter end of life date

This has been announced some time ago already (July 2016); Clutter is going to be deprecated and eventually removed and replaced by Focused Inbox.

Now, we have an official end of life date for Clutter: this will be January 31, 2020.

So you still have some time to communicate to your end-users, update your support team and training documentation.

You may also have to deployed Outlook build 16.0.8730 Version 1711 or greater to ensure you are getting Focused Inbox on your Outlook client.

If you are using Outlook 2016 MSI or earlier, you will have to move either to Office Click to Run or deploy the coming Outlook 2019. If you stay with these ‘unsupported’ version of Outlook for Focused Inbox after January 2020, messages will stop being cluttered and will be delivered to the Inbox as usual.

Dec 12
SCCM – You can now easily identify devices with pending reboot

UPDATE additional information and screenshots after Patch Tuesday

This has always been a nightmare for sysadmins, identifying devices with pending reboot.

Now with SCCM, it becomes easier. The latest update for SCCM Current Branch (build 1710) has a new column to use in the Console\Devices to identify such devices with pending reboot

To get this information, access the Assets and compliance workspace from the SCCM console and go to Overview\Devices. Then right click on the header of the device list and scroll down to get Pending Restart

imageimage

With previous version you had to use Configuration Items and Configuration Baseline to identity them.

As a result, when a device is pending a restart, you know the reason of the pending restart

NOTE this attribute can not be used as filtering option neither to create a device collection (or at least I did not find the way to do)

imageimage

Dec 11
Office 365 – Get translated messages in Message Center

This update will probably be more interesting for non-English customer.

An update is currently being deployed to get messages from Message Center translated in a different language than the English one, as messages in Message Center are written only in English.

To check/change your language settings, open the Gear menu from the Office 365 administration portal and update your language/time zone settings to match your language

image

As soon as you have changed your language, the administration portal is refreshing to display the UI in your language, then you can access the Message Center where you will see an option to translate messages in Message Center in different language – you can choose a different language than the one you configured for you – the default selected language for translation will be the one you defined previously

For the purpose of this post I have updated my language from English to French

image

If you click directly to the Traduire en francais (or what ever will be displayed), all message are automatically translated to the corresponding language

image 

Dec 06
Office 365 – ATP is available for SharePoint and Teams too

Office 365 ATP (Advanced Threats Protection) is an advanced protection solution provided by Office 365, already available for Exchange Online and for few months on Office Click To Run (see to learn more about ATP https://support.office.com/en-us/article/Office-365-Advanced-Threat-Protection-e100fe7c-f2a1-4b7d-9e08-622330b83653?ui=en-US&rs=en-US&ad=US)

The solution is used to deeply analyzed URL’s and attachments before letting end-users accessing it.

Now, Office 365 ATP is also available (through Office 365 E5 [enterprise and education] or additional Office 365 subscriptions for other plans) for SharePoint Online and Teams.

This works exactly the same way than it does for Exchange and Office Click to Run.

To enable ATP for SharePoint and Teams, go to the Security and Compliance administration center (https://protection.office.com/)

Then go to Threat Management\Policy

imageimage

Then check the box Turn on ATP for SharePoint, OneDrive and Microsoft Teams to enable ATP for these workloads

image

Then it make take up to 30 minutes to be completed.

Once ATP detects a malicious file a notification will be displayed on the SharePoint web page and blocks access to the infected file (screenshot courtesy of Microsoft)

image

As administrator you can also create an alert to get notified when an infected file is detected on SharePoint, OneDrive or Teams.

While still in the Security and Compliance portal, reach out to the Alerts\Alert policies section

image

And create a new alert policy with the following settings:

  • Name: name the alert policy as you want
  • Severity: set the severity as you wish (between low, medium and high)
  • Category: Threat management
  • Activity is: Detected malware in file
  • Leave other settings as default
  • and finally define the recipient(s) for this alert

imageimageimage

Dec 05
Teams – You can define who can post in the General channel

Each Team is created with a General channel.

By default everyone can post in this channel.

Now you can define with 3 different levels who can post in this channel:

  • Everyone can post (the default setting)
  • Everyone and display an alert that everyone in the Teams will be notified
  • Just the Teams owner

To define this setting, you need to go (as the Team owner) to the Team settings (Manage Team) and then access the Permissions options

imageimage

Below the notification if you choose the second option (Everyone can post but display a notification); you can see how many user will see your post

image

1 - 10Next

 ‭(Hidden)‬ Blog Tools

 About

Benoit is specialized on Microsoft infrastructure (Active Directory, Azure, ForeFront products, Hyper-V, Identity Management, System Center, Windows) and collaboration (BPOS, Exchange, Office 365, SharePoint, Lync/Skype for Business) technologies.

He has been awarded as Microsoft Most Valuable Professional (MVP) since 2002 - on Windows, then SharePoint and finally Office 365. He has been recoginzed as Microsoft Community Contributor for his work on the Office 365 community in 2013 and 2014.

He has been involved in early stage of testing phase for many Microsoft products - from Windows to Office 365, including Exchange, SharePoint or Office client and WindowsUpdate.

He has participated as speaker or Ask The Expert (ATE) at many Microsoft or Quest events. He also participed in writing several books on SharePoint (2003 to 2010).

With more than 10 years of professional experience, he has a deep knowledge of the Microsoft market and his competitors.

 Copyright

​Privacy Information

This blog is using tracking code for analytics purpose.

No personal data are stored and maintained.

 Follow me on

 Share This

 Office365 Undercover by Arnaud ALCABEZ

Retrieving Data

 Certifications

Microsoft Certified Systems Administrator 
Microsoft Certified Systems Administrator - Messaging
Microsoft Certified Systems Engineer 
Microsoft Technology Specialist 
 Microsoft Certified IT Professional

 Translation Tool

Translate this page

 FaceBook Fan's Page

 Books I wrote

Le portail Microsoft SharePoint 
Microsoft Office SharePoint Portal Server 2003 et WSS au quotidien 
Microsoft Office SharePoint Server (MOSS) et Office 2007  
Microsoft Sharepoint 2010