TagOffice 365

Get started with MFA – part two

So in the previously post I went through how to activate MFA for Administrator roles i a really simple and effective way.

In this post we will focus on activating MFA for all regular users. And first off all we need to evaluate who should be activated first or should we activate on all users at the same time and do a evaluation on service accounts! If we enable MFA on for example a serivce account used for scan to email on “multi functional printers” or on a mailbox account witch are used on a thirdparty ticketingsystem (POP/IMAP) we could break those service by just enabling MFA on all users.

My recomandation is when you are more then 30 users in your company you should select a few ambasadeurs who is getting the MFA activated first and can therefore be the power users who can help others with the registration if there is any hick-ups (should not be many).

And to activate MFA for end users I highly recomend to use Conditional Access for

  • all users and exclude a AzureAD Group which contains a “Break the glass Admin” and other service accounts.
  • All cloud apps (no exeptions)
  • Grant Access – but require MFA

Easy like that! And It`s a realy quick solution for your company.

Drawback here is that you need “Azure AD Premium P1” licenses to use Conditional Access and a second drawback is that it`s not scored at the Microsoft Secure Score.

Change language – Office 365 Mailbox

To change the Language for a Office 365 mailbox (Exchange Online), run the following commands:

$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection

Import-PSSession $O365Session

Set-MailboxRegionalConfiguration -Identity “USER” -Language nb-no -LocalizeDefaultFolderName

For full list of cultureinfo classes (Languages) see:
https://msdn.microsoft.com/en-us/library/system.globalization.cultureinfo(VS.71).aspx

Enable/disable Office 365 serviceplans

I was asked today how you can disable and enable individual features included in an Office 365 license (like Exchange Online, Yammer.. etc) from Powershell

Launch Powershell and log on to your tenant (connect-msolservice)

To see which features which is included in a license use the following code:

$lic = Get-MsolAccountSku | Out-GridView -OutputMode Single -Title “Select SKU to look up”
$lic.ServiceStatus

This will show a list of features and their status

Next, if you want to disable Exchange online for one specific user:

$skuid = Get-MsolAccountSku | Out-GridView -OutputMode Single -Title “Select SKU to edit”
$user = Get-MsolUser | ? {$_.isLicensed -EQ $true} | Out-GridView -title “Select user to modify” -OutputMode Single
$Disable_ExchangeOnine = New-MsolLicenseOptions -AccountSkuId $skuid.AccountSkuId -DisabledPlans “EXCHANGE_S_ENTERPRISE”
$Enable_ExchangeOnline = New-MsolLicenseOptions -AccountSkuId $skuid.AccountSkuId -DisabledPlans $null
Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $Disable_ExchangeOnine

The sku must match the sku assigned to the user you want to change.

servicefeature

Then run this line in the same script to re-enable Exchange Online

Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $Enable_ExchangeOnline

How to add a user as a Site Collection administrator – Office 365

To add users as site Collection admins follow this procedure:

  1. Connect to the SharePoint admin center
  2. Select User Profile, then Manage User Profiles
  3. Find a profile
  4. Manage Site Collection Owners
  5. Change the primary or secondary site collection administrator
  6. Repeat for every single user

Azure VPN – Change Local Site Public IP

If a Clients Local site public IP changes the VPN tunel betwen Azure and the Local Site will disconnect. To fix this do the following:

Connect to Azure using powershell and run the following command:

New-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName [ClientRG] -Location ‘northeurope’ -GatewayIpAddress ‘[Public wan IP 2.4.6.8]’ -AddressPrefix ‘[LAN IP Net 192.168.1.0/24’

 

(Change the RG and Public wan IP and the LAN IP Net to the correct settings)

Office 365 Add calendar permissions with powershell

To add permissions on a Exchange Object in Office 365 using PowerShell the cmdlet set-MailboxFolderPermission or add-MailboxFolderPermission can be used.

In this example we add editor permissions for user2 to user1’s calendar. This will enable user2 to edit, add or delete content of user1’s calendar.

set-MailboxFolderPermission -Identity user1@domain.no:\calendar -user user2@domain.no -AccessRights Editor

Note: kalender is the Norwegian Word for Calendar

To bulk add all users in a Tennant as Reviewer to user1@domain.no’s calendar run the following cmdlet.

$Users = Get-Mailbox | Select-Object -ExpandProperty userprincipalname
ForEach ($user in $Users )
{
Add-MailboxFolderPermission -Identity “user1@domain.no:\calendar” -User $User -AccessRights Reviewer
}

For full details of this cmdlet:
https://technet.microsoft.com/en-us/library/dd298062(v=exchg.160).aspx

And for my original Source:

Add Calendar Permissions in Office 365 via PowerShell

Installing modules is easy – Azure and Office365

This little post is to get you up and running with Azure PowerShell so that you can manage your Azure subscriptions and Office365 tenants in 10 minutes after booting up an fresh install of Windows 10.

I have tested this in the following Windows builds:
10586 (1511 build – Windows 10)
10586(TP4 build – Windows Server 2016)
14328 (insider build – Windows 10)

Simply start PowerShell in Elevated mode (right click on PowerShell and start in Admin mode.

type these 3 lines – one at a time.

“Install-Module AzureRM -force:$true”
“Install-Module Azure -force:$true”
“Install-Module MSOnline -force:$true”

When the installation is finished you need to set the execution policy to “Unrestricted” to be able to connect to Office365 tenants.

“Set-ExecutionPolicy Unrestricted”

You are good to go! 🙂
Good luck playing around with Azure and Office365

 

 

Managing Office 365 and Exchange Online with Windows PowerShell

Connect to Office 365 PowerShell
Connect to Exchange Online PowerShell
Connect to Office 365 Compliance Center PowerShell
Connecting to Skype for Business Online by using Windows PowerShell
Set up the SharePoint Online Management Shell Windows PowerShell environment

Sorurce: https://support.office.com/en-gb/article/Managing-Office-365-and-Exchange-Online-with-Windows-PowerShell-06a743bb-ceb6-49a9-a61d-db4ffdf54fa6?ui=en-US&rs=en-GB&ad=GB

SMTP Relay in Office365

When sending email from i.e. Visma or other 3. party applications you need a SMTP server. Some times you can use the local ISP SMTP server, but then you need to add that SMTP server to yours domain SPF record. You might don`t wnat to do this.

 

Here is the solution:

Log in to the tennant, and start Exchange management console.

Create a connector filtering on the public IP address beeing used for the server that hosts Visma.

In Visma add a SMTP server using your MX record for that tennant (i.e. itstyring-no.mail.protection.outlook.com​ ) and port 25.

 

This connector will relay email with from addresses containing a valid domain for that tennant.

OneDrive for Business – ​The server you are trying to access is using an authentication protocol not supported by this version of Office.

OneDrive for Business – ​The server you are trying to access is using an authentication protocol not supported by this version of Office.

We ran into this error and found the following fix at community.office365.com

1.Accessed Control Panel > Selected the Microsoft Office Subscription > right clicked > change > Selected Online Repair
2.Removed all the stored credentials in the credentials manager (control panel > credentials manager)
3. Restarted the computer
4. Deleted the folder’s below:
C:\Users\username\AppData\Local\Microsoft\Office\Spw
C:\Users\username\AppData\Local\Microsoft\Office\16.0\OfficeFileCache
5. Sign in Word (opened blank document > file > account > signed out and signed in office 365 account)
6. Started OneDrive for Business. ( from the search bar typed OneDrive for Business> clicked on the app > sync a different library instead >pasted the url of the team site “Public documents” > sync now​

Source:
https://community.office365.com/en-us/f/154/t/410059

© 2019 IdefixWiki

Theme by Anders NorénUp ↑