Sep 21
Microsoft Teams – New audit logging

As Microsoft Teams is growing up, Microsoft is adding new functionalities or features.

This time this is about audit logging to be updated.

With the update currently being deployed, administrators will have the ability to audit additional Teams events in the compliance portal.

This covers:

  • Adding/Removing a bot
  • Adding/Removing a tab
  • Adding/Removing a connector
  • Adding/Removing a channel

image 

Sep 20
Exchange Online – Shared Calendar is coming on mobile devices

This has been long waited request: getting shared calendars available on mobile device.

An update is currently being rolled out to Exchange Online which will make available on mobile shared calendar.

Even better, the update is coming to support all type of permissions (read, edit or delegate).

All new shared calendar invitation sent and accepted after your tenant is updated will be automatically available on your mobile device; existing shared calendar will not be affected. In this case, just share again the calendar.

This is expected to be completed by the end of September.

Full details available here https://support.office.com/en-us/article/Calendar-sharing-in-Office-365-b576ecc3-0945-4d75-85f1-5efafb8a37b4

Sep 20
Azure – New version of the Azure Information Protection Client

A new version (1.10.56.0) of the Azure Information Protection Client has been released and is available for download at https://www.microsoft.com/en-us/download/details.aspx?id=53018.

As part of this new release, you can now:

  • enable recommended classification also for Outlook
  • hide the Do Not Forward button in Outlook
  • hide the custom permission options to end-user
  • integrates with Office 365 DLP
  • and more Smile

 

To configure these options, go to your Azure administration portal (https://portal.azure.com) and access the Azure Information Protection blade

image

 

Enable Recommended Classification in Outlook

From the AIP blade access the Scoped policies

image

Open the contextual menu of an existing policy and access the Advanced settings

image

Add the following details

  • Name: OutlookRecommendationEnabled
  • Value: True

image

And finally publish the updated policy

image

 

Hide the Do Not Forward button in Outlook

This will hide the Do not Forward image button from the Ribbon – this does not apply to Office menu

From the AIP blade access the Scoped policies

image

Open the contextual menu of an existing policy and access the Advanced settings

image

Add the following details

  • Name: DisableDNF
  • Value: True

image

And finally publish the updated policy

image

 

Remove custom permissions options from the AIP client and add-in

From the AIP blade access the Scoped policies

image

Open the contextual menu of an existing policy and access the Advanced settings

image

Add the following details

  • Name: EnableCustomPermissions
  • Value: False

image

And finally publish the updated policy

image 

Sep 19
Windows 10 – Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection (ATP) is a security functionality built in Windows 10 to help detecting, investigating and protecting against threats, introduced with Windows 10 build 1607 (or known as Anniversary Build).

In this post, I’m going to implement ATP integrated with SCCM Current Branch (you can request a trial for ATP here http://aka.ms/register-wdatp)

Once you have requested the trial and get approved, you will receive an email to activate the trial.

 

Setting up ATP cloud instance

For this post I already have activated the trial and added it to my Azure/Office 365 tenant.

Then you can logon to the ATP Portal (https://securitycenter.windows.com) to complete the onboarding.

image

You have then to define where the data will be stored. This location can not be changed.

image

Then you define the ATP data retention policy to match your requirements (and probably legal/regulatory needs) – from 30 days to 180 days.

image

Next you define the size of your organization and your industry

imageimage

You can choose to enable preview experience, allowing to get first hand on what’s new is coming

image

You will be finally reminded that some of the settings can not be updated after the completion of the process

image

Your ATP instance is being provisioned

image

Once the instance is provisioned you can immediately download a packaged script to onboard at least one device. To start using ATP, you need to have at least one device on boarded.

You can complete the onboard process at later stage after you have downloaded the package. You can use either a local script, group policy, SCCM (from 2012 to Current Branch) or an MDM to onboard device(s)

For the purpose of this post, I’m using SCCM Current Branch which will give me a configuration file

image

As there may not be yet any devices on boarded, when you hit next you will be reminded the setup is incomplete; just proceed anyway as the onboarding will be completed at later stage

image

 

Additional ATP Portal Configuration

Once you have completed the initial setup and downloaded the client configuration package, you can access additional settings.

On the ATP Portal, go to the Preferences setup section to update some settings you have completed during the setup (remember the data location can not be changed) and configure additional settings like System Information and Event Management (SIEM), email notifications or Power BI integration for reporting

image

 

Onboarding Device(s)

The process of onboarding device using SCCM Current Branch has been improved with the latest build – previously it was still a preview feature.

Using SCCM console, go to the Assets and Compliance workspace and open the Endpoint Protection\Windows Defender ATP Policies section

image

Create an ATP policy to onboard devices

image

Import the configuration file downloaded from the ATP portal

image

Then you define the level of information sharing for analysis

image

You are done, the SCCM ATP Policy is now created. You just now need to deploy it.

For evaluation purpose I have created a device collection I have manually populated with the device(s) I want to use

image

Once deployed you can wait or force your client to refresh the Computer Policy. You can check if the policy has been deployed by opening the SCCM client and check the Configurations tab to see if the ATP policy is there. You can then also force the refresh by running the Evaluate function.

image

You should also see the Windows Defender Advanced Threat Protection Service set to Automatic start mode and in Started state on your client.

 

ATP Dashboard

After you have completed the ATP setup and have on boarded at least one device, your dashboard will start reporting the state of your users/devices

image

image

And in the mean time you can also use your SCCM console to check the client state. Go to the Monitoring workspace and open the Security\Windows Defender Status section

image

 

Offboarding

If you need to offboard a device (or your organization), you just need to download the offboarding package from the ATP portal.

As for this post I used SCCM to on board, I’m doing the same to off board.

From the ATP Portal, go to the Endpoint Management\Clients section and go to the Endpoint offboarding option

image

Then deploy the offboarding package the same way you have on boarded your devices.

Sep 16
Azure – New feature called Managed Service Identity

A new feature, primarily oriented for developers, has been released on Azure and is called Managed Service Identity.

The idea is to be able to call a cloud services but hiding the credentials used (as you should do for any PowerShell scripts by the way Smile).

After activating Azure Managed Service Identity, Azure will automatically creates a service principal for the Azure service you are going to call with your code (virtual machine, app service or functions – more to come), then you just need to use this Service Principal in your code.

image

To start with Azure Managed Service Identity go to https://docs.microsoft.com/en-us/azure/active-directory/msi-overview

Sep 12
Microsoft Teams – Guest access is now available

Microsoft Teams has been updated to allow guest access with external users.

The guest access is working for anyone which has an Azure AD account (any other Azure AD or Office 365 tenants), no Microsoft account.

The Guest access for Teams is not enabled by default.

 

Managing Guest access

As usual Office 365 administrators can authorize or not guest access for Teams.

NOTE this does not prevent end-users inviting guests but prevent guests to sign-in; if you want to totally turn off guest access (impacting also SharePoint Online and Office 365 Groups), you will need to do it from the Settings\Security & privacy\Sharing

 

To block Teams guest access, logon to your Office 365 administration portal and reach the Settings\Services & add-ins section to open the Microsoft Teams options

image

Reach the Settings by user/license type option and switch from Business & enterprise to Guest and toggle to On (to enable guest access) or Off (to disable guest access)

imageimage

 

As administrator you can also see the list of guests invited to join some services (SharePoint Online, Office 365 Groups or Teams) from the Users\Guest Users section

image

 

Adding Guest

To add a guest to a Teams, just use the Add members from the team/channel menu

image

Type the email address of the guest to be added and then click Add. Ensure you click on the purple message to add the user

image

Wait while the system is adding the guest access, until you get the result showing the guest has been added

image

Joining as Guest

Then the guest will receive a notification he has been added to a Microsoft Teams

image

And then he can access the by clicking the Open Microsoft Teams; this is a mandatory step to get the guest access added to his Microsoft Teams application

This open a web page explaining the sharing organization need to have access to some of the user information (display name, email address)

You can note the page is customized based on the Azure AD tenant customization.

image

When clicking Next the Teams is preparing your access and then ask to launch either the web app or the Teams app if installed (if not you get the link to download it)

imageimage

Once the invitation has been accepted a message is automatically added to the channel thread announcing a new guest member (as it does for internal users) AND a banner indicating the channel has guest as member is added

image imageimage

Sep 10
Azure AD Connect – You can now re use existing AAD Connect database

A new version of Azure AD Connect has been released with an interesting new feature: you can now re use existing AAD Connect database.

As you may know, the previous version did not allow you to re use existing database when deploying a new instance.

With the new version (1.1.614.0) you can now re use the existing database when deploying new instance to replace, if you need to move from a LocalDB to a SQL instance or if you need to restore your SQL instance. To know more about reusing existing DB go to https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-existing-database

You can download the new version http://go.microsoft.com/fwlink/?LinkId=615771

Sep 07
SharePoint Online – Setting default permissions when sharing

An update is currently on his way (deployment starting September 2017 to be completed by end of October) which will allow Office 365 administrators to setup a default permission when end-users are sharing SharePoint Online/OneDrive for Business content.

There has been already an updated to define the default sharing link type (direct, internal, anonymous), this one is to set the default permission to either View or Edit.

To define the default permission for sharing links, go to your SharePoint administration portal (https://<your tenant>-admin.sharepoint.com) and access the Sharing section

image 

Sep 06
Exchange Online – You may see a question mark in place of the photo

As explained in a blog post on MSDN, if you use Exchange Online (or Outlook.com) you may start seeing a question mark (?) image in place of the photo/initial on received emails.

Do not worry, this is an additional information level provided to end-user to protect themselves against spam or phishing.

Microsoft is adding this additional level of information to end-users when the email protection system has not been able to confirm for sure this is a spam/phishing or legitimate email.

This may come from old system generated email, legitimate ‘bulk’ sender (mailing list)… because it failed to be validated/authenticated (using SPF or DKIM).

For those who may be in the sender situation, it may be a good time to take a look at your systems and configuration to ensure you are not getting into the ‘unknown’ category.

All the details here https://blogs.msdn.microsoft.com/tzink/2017/09/05/showing-a-question-mark-in-the-sender-photo-when-a-message-is-not-authenticated/

Sep 04
SCCM – Identify Azure AD Joined device

Following my post to create an SCCM device collection for Windows Core (https://t.co/ZGdL91Vkht), I wanted to do the same to identify all Azure AD Joined device.

So the first thing was to find how to identify an Azure AD Joined device; and the answer is with the following registry key which only exist if the device is joined to Azure AD:

HKLM\System\CurrentControlSet\Control\CloudDomainJoin

You will need to use the sub key TenantInfo\<your Azure tenant ID> to be able to use it with SCCM for the rule membership; just using the CloudDomainJoin seems to have no effect.

As there is a limitation, you will need to rename all the values defined by this key – meaning replace all values containing the Azure tenant ID.

This gives you something like for the MOF file to be imported

// Identify Windows Azure AD Joined
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("<your Azure tenant ID to be replaced>", NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name("<your Azure tenant ID to be replaced>"),SMS_Class_ID("<your Azure tenant ID to be replaced>"),
SMS_Context_1("__ProviderArchitecture=32|uint32"),
SMS_Context_2("__RequiredArchitecture=true|boolean")]
Class <your Azure tenant ID to be replaced>: SMS_Class_Template
{

Content removed from clarify of this post
};

#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("<your Azure tenant ID to be replaced>_64", NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name("<your Azure tenant ID to be replaced>_64"),SMS_Class_ID("<your Azure tenant ID to be replaced>_64"),
SMS_Context_1("__ProviderArchitecture=64|uint32"),
SMS_Context_2("__RequiredArchitecture=true|boolean")]
Class <your Azure tenant ID to be replaced>_64 : SMS_Class_Template
{
Content removed from clarify of this post
};

 

and for the configuration to be added into the configuation.mof file

// Identify Azure AD Joined devices
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("<your Azure tenant ID to be replaced>", NOFAIL)
[DYNPROPS]
Class <your Azure tenant ID to be replaced>
{
Content removed from clarify of this post
};

[DYNPROPS]
Instance of <your Azure tenant ID to be replaced>
{
KeyName="AADJoined_32";
Content removed from clarify of this post
};

#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("<your Azure tenant ID to be replaced>_64", NOFAIL)
[DYNPROPS]
Class <your Azure tenant ID to be replaced>_64
{
Content removed from clarify of this post
};

[DYNPROPS]
Instance of <your Azure tenant ID to be replaced>_64
{
KeyName="AADJoined_64";
Content removed from clarify of this post
};

By the way, the subkeys give you all the AAD Joined configuration details, from the Azure tenant ID to the user which registered the device.

So once the identification method has been identified, just follow the steps detailed in my previous post to include this registry key in the SCCM discovery process (https://t.co/ZGdL91Vkht) and then create the SCCM device collection with the following rule

image

which gives the following query

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_AADJoined on SMS_G_System_AADJoined.ResourceId = SMS_R_System.ResourceId where SMS_G_System_AADJoined.DisplayName is not null

1 - 10Next

 ‭(Hidden)‬ Blog Tools

 About

Benoit is specialized on Microsoft infrastructure (Active Directory, Azure, ForeFront products, Hyper-V, Identity Management, System Center, Windows) and collaboration (BPOS, Exchange, Office 365, SharePoint, Lync/Skype for Business) technologies.

He has been awarded as Microsoft Most Valuable Professional (MVP) since 2002 - on Windows, then SharePoint and finally Office 365. He has been recoginzed as Microsoft Community Contributor for his work on the Office 365 community in 2013 and 2014.

He has been involved in early stage of testing phase for many Microsoft products - from Windows to Office 365, including Exchange, SharePoint or Office client and WindowsUpdate.

He has participated as speaker or Ask The Expert (ATE) at many Microsoft or Quest events. He also participed in writing several books on SharePoint (2003 to 2010).

With more than 10 years of professional experience, he has a deep knowledge of the Microsoft market and his competitors.

 Copyright

​Privacy Information

This blog is using tracking code for analytics purpose.

No personal data are stored and maintained.

 Follow me on

 Share This

 Office365 Undercover by Arnaud ALCABEZ

Retrieving Data

 Certifications

Microsoft Certified Systems Administrator 
Microsoft Certified Systems Administrator - Messaging
Microsoft Certified Systems Engineer 
Microsoft Technology Specialist 
 Microsoft Certified IT Professional

 Translation Tool

Translate this page

 FaceBook Fan's Page

 Books I wrote

Le portail Microsoft SharePoint 
Microsoft Office SharePoint Portal Server 2003 et WSS au quotidien 
Microsoft Office SharePoint Server (MOSS) et Office 2007  
Microsoft Sharepoint 2010