Category: IdefixWiki

BitLocker issues after upgrading to Windows 11

After upgrading my machine from Windows 10 to Windows 11 (Insider) i stumbled onto an issue with BitLocker witch was not enabled anymore on my machine.

I have compliance policies in Microsoft Endrpoint Manager (Intune) witch need`s BitLocker enabled to give the machines the “Compliant” stamp.

When trying to enable BitLocker we got the error message:

So a work-arround to fix this is to delete some registry entries from this location

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

In my system I deleted all marked entries and rebootet the machine.
After the reboot I could enable BitLocker as normal.

List all users and their manager

Sometime we need to gain a list of all users and their managers so the managers can get a review of “their” staff!

An easy oneliner within PowerShell using AzureAD ps module is this one. this takes the first 4000 users and export them to CSV


Get-AzureADUser -Top 4000 | select UserPrincipalName,@{n="Manager";e={(Get-AzureADUser -ObjectId (Get-AzureADUserManager -ObjectId $_.ObjectId).ObjectId).UserPrincipalName}} | Export-Csv C:\Temp\YOURUSERS_usr_with_manager.csv -Encoding UTF8

EO Archive issue

So! Today I got an issue from a client of mine! One of his mailboxes where full! meaning that 99GB of emails was in that mailbox. So! We need archiving.

Wen`t on it and created a Archive mailbox for that mailbox and wanted to start the Folder assistant to actually do some archiving for me!

For the record I created a Retention tag that should archive emails older that 1 year and then added that to a Retention Policy witch i added to the user, then runned the Foler assistand! BOOOOM! Error..

After checkin a bit and tried several commands i went for the last option by using GUID while running the command and you know what? That works!

Why? Yes because when you run it against the UPN or Identity the command just picks the first and best GUID for that user and that`s the Archive mailbox (facepalm).

So by manually adding the right GUID everything works fine and the mailbox was “fixed” 🙂

get-mailboxLocation –user username@domain.no | fl mailboxGuid,mailboxLocationType

MailboxGuid         : 636aad27-xxxx-463c-xxxx-d256c8c18716
MailboxLocationType : Primary

MailboxGuid         : cd4dbe38-xxxx-4d2b-xxxx-0237bf1a2f78
MailboxLocationType : MainArchive

Start-ManagedFolderAssistant 636aad27-xxxx-463c-xxxx-d256c8c18716

Change to Opt-In in MyAnalytics

Since MyAnalytics is an “Opt-Out” feature in Office 365, some companies wants to change this behavour for their users, meaning that each users should enable this feature them self instead of the service being automatically enabled when users are created.

Changing settings in Office 365 to change this behavour:

Remove the three ticks on the MyAnalytics service window to change the default behavour for new users. removing these ticks will ensure that users need to “opt-in” their self by accessing “Myanalytics.microsoft.com” and change settings there.

And in each user can ustomize their own MyAnalytics settings by opt-in or opt-out in the dashboard “myanalytics.microsoft.com”

Remove the service from each user forcing the users to enable the service themself

#Connect to Exchange Online with MFA
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1) #download module from Exchange Online Admin Center under "hybrid" and using IE.
#Connect to Exchange Online
Connect-EXOPSSession -UserPrincipalName julian.rasmussen@xxxxxxxxxx.no
#This will make sure when you need to reauthenticate after 1 hour that it uses existing token and you don't have to write password and stuff
$global:UserPrincipalName="julian.rasmussen@xxxxxxxxxx.no"

#check what state the users is in today
Get-UserAnalyticsConfig –Identity julian.rasmussen@xxxxxxxxxx.no

#Opt-out from service - users can opt-in again at https://myanalytics.microsoft.com/ 
Set-UserAnalyticsConfig –Identity julian.rasmussen@xxxxxxxxxx.no -PrivacyMode Opt-out

#multiple opt-out
$privacyMode = "Opt-Out"

$users = Get-Mailbox *
ForEach ($user in $users)
{
$user.Userprincipalname
$upn=$user.UserPrincipalName

Set-UserAnalyticsConfig –Identity $upn -PrivacyMode $privacyMode
Get-UserAnalyticsConfig –Identity $upn
}

SharePoint Online PowerShell module

To install, update og uninstall the SharePoint Online PowerShell module there are some few simple PowerShell commands you can use.

First of all, set your Execution policy to restricted

Get-ExecutionPolicy #for checking the current ExecutionPolicy setting
Set-ExecutionPolicy -ExecutionPolicy  Unrestricted

Install

 Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Check current version

Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

Update

Update-Module -Name Microsoft.Online.SharePoint.PowerShell

Uninstall

Uninstall-Module -Name Microsoft.Online.SharePoint.PowerShell

Block AdHoc subscriptions in Office 365

To block users from creating trial and adhoc subscriptions for Office 365 services or even PowerPlatform services you can turn a switch and block it.

Set-MsolCompanySettings -AllowAdhocSubscriptions $false

To check if this is set to “False” for your tenant you can run this

Get-MsolCompanyInformation |fl AllowAdhocSubscriptions 

Reset folder language to match Outlook Web Access language

So in the recent time i have been working with a customer to integrate Exchange Online mailboxes into a customer support application witch are using POP. The application throwed a error message:

02:47:34.513 Trc 21628 [MsgIn-2] <pop-client1> Mailbox account 'yourmailbox@domain.no'[https://outlook.office365.com/EWS/Exchange.asmx:443]: opening mail folder 'INBOX'
02:47:34.748 Std 21627 [MsgIn-2] <pop-client1> No INBOX Folder found on Corporate Email Server

This indicates that the software witch is polling emails need the inbox folder to be “Inbox” and not “innboks” (witch is Inbox in norwegian). So we need to change the default folders to match the language set in OWA.

  1. Logon to your account on outlook.office.com
  2. Head into to the Gear icon next to your profile picture in the top-right corner and in the bottom select: Your app settings-> Mail

3. Select General in the left pane and then click on: Region and timezone.

4. In language, set your language for OWA and check the checkbox witch also renames the default folders to match the selected language and hit the save button.

OneDrive for Business – Known Folder Sync fails

When activating Known Folder Sync in OD4B the sync never starts due to folders that cannot be synced.
These folders are Junction folders on the drive and needs to be deleted.

First do a dir in the users document folder and look for hidden files like this:
C:\Users\USER\Documents>dir /ah
Volume in drive C is Windows
Volume Serial Number is 903B-D31E

Directory of C:\Users\USER\Documents

18.04.2018 10.10 2 230 Default.rdp
26.09.2018 11.59 402 desktop.ini
26.09.2018 11.59 Intern video [C:\Users\USER\Videos]
26.09.2018 11.59 Min musikk [C:\Users\USER\Music]
26.09.2018 11.59 Mine bilder [C:\Users\USER\Pictures]
2 File(s) 2 632 bytes
3 Dir(s) 55 879 593 984 bytes free

Then delete the junctions like this:

C:\Users\ÙSER\Documents>rmdir “Intern video”
C:\Users\ÙSER\Documents>rmdir “Min musikk”
C:\Users\ÙSER\Documents>rmdir “Mine bilder”

Other files in conflict with the sync needs to be removed from the local machine before the cloud sync can start. Backup and move the files in case of future needs.

Happy OneDriving.

Keep private Teams private in Microsoft Teams

As of 23. of march 2018 all private teams will be searchable for all users.
Users can then apply for group membership.
If you have groups in your organization that you still want to keep completly private then the Office 365 unified group should be hidden from the Global Address List (GAL).

Run this Powershell command to hide it from GAL:

“Set-UnifiedGroup -Id “Groupname”-HiddenFromAddressListsEnabled $True”