TagMicrosoft

Get started with MFA – part two

So in the previously post I went through how to activate MFA for Administrator roles i a really simple and effective way.

In this post we will focus on activating MFA for all regular users. And first off all we need to evaluate who should be activated first or should we activate on all users at the same time and do a evaluation on service accounts! If we enable MFA on for example a serivce account used for scan to email on “multi functional printers” or on a mailbox account witch are used on a thirdparty ticketingsystem (POP/IMAP) we could break those service by just enabling MFA on all users.

My recomandation is when you are more then 30 users in your company you should select a few ambasadeurs who is getting the MFA activated first and can therefore be the power users who can help others with the registration if there is any hick-ups (should not be many).

And to activate MFA for end users I highly recomend to use Conditional Access for

  • all users and exclude a AzureAD Group which contains a “Break the glass Admin” and other service accounts.
  • All cloud apps (no exeptions)
  • Grant Access – but require MFA

Easy like that! And It`s a realy quick solution for your company.

Drawback here is that you need “Azure AD Premium P1” licenses to use Conditional Access and a second drawback is that it`s not scored at the Microsoft Secure Score.

Change Default emailadress on Public folder in Office365

The problem:
A public folder in Office 365 Hosted Exchange will be assigned a @onmicrosoft.com address by default. And there is of cource no way of changing this to your primary domain.

Solution:
Conncect to the Windows Azure Active Directory Module for Windows PowerShell using the following commands.
Create a placeholder for your credentials:
$LiveCred = Get-Credential

Popup box will ask for your Office 365 Global Administrator credentials.

Create a placeholder for your Powershell Session towards Exchange Online.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import your Powershell Session to connect to Exchange Online.
Import-PSSession $Session

Run this command to allow all scripts:
set-executionpolicy unrestricted

Then run the following command to disable the Policy for assigning email Adresses in public folders.
Set-MailPublicFolder -Identity “\” -EmailAddressPolicyEnabled $False

Now, in your Office 365 tennant web admin go to Exchange – Public Folders – Highlight the public folder (email enabled) – Click the pencil (edit) – Click on Email Address – highlight the address you want to use as default – Click pencil – Check the default email address checkbox.
Save, close and test.

Powershell: Exchange – Check database size

Here is a one liner to check the database size for exchange databases.

Start Exchange management shell. Then run the following command:

Get-MailboxDatabase | foreach-object {add-member -inputobject $_ -membertype noteproperty -name mailboxdbsizeinGB -value ([math]::Round(([int64](get-wmiobject cim_datafile -computername $_.server -filter (‘name=”’ + $_.edbfilepath.pathname.replace(“\”,”\\”) + ””)).filesize / 1GB),2)) -passthru} | Sort-Object mailboxdbsizeinGB -Descending | format-table identity,mailboxdbsizeinGB

Source:
http://blogs.technet.com/b/gary/archive/2009/08/11/get-exchange-mailbox-database-size-one-liner-version-2.aspx

Finding Exchange Control Pane in Office 365 with new layout

Lately Microsoft have changed its layout in Office365 and in that same change made it harder to find Exchange Control (ECP) Panel.

At the moment the easiest way to open ECP is to log in to your office 365 Outlook Web Access.
Then, change the url from something like this: https://pod51049.outlook.com/owa/ to this: https://pod51049.outlook.com/ecp/

As you can see you change OWA to ECP and youre in!

© 2019 IdefixWiki

Theme by Anders NorénUp ↑