March 2022 Blog Posts
Hi All,
Yesterday a new version of PowerToys has been released. What a long List in the Release Notes.
PowerToys v0.57.0 Release Notes
https://github.com/microsoft/PowerToys/releases/tag/v0.57.0
Regards
Andres Bohren
Hi All,
I've been using Windows Hello for Busindess with Face recocnition since a long time on my Surface Laptop 3. This week it stopped working suddently with the Message "Couldn't turn on the Camera".
Even the Driver and Firmware Update did not help.
The Camera App is working just fine. Also in Teams the Camera works fine.
In the End i remved the two Cameras in the Device Manager (devmgmt.msc) and searched for new Hardware. The Camera where added back again and Windows Hello for Business Face recocnition did work again.
Regards
Andres Bohren
Hi All,
Just a few Days ago, a new Version the Drivers and Firmware for Surface Laptop 3 have been released.
Surface Laptop 3 with Intel Processor Drivers and Firmware
https://www.microsoft.com/en-us/download/details.aspx?id=100429
Regards
Andres Bohren
Hi all,
It's time to celebrate!
I've written a whopping 2'000 Blog Posts in this Blog https://blog.icewolf.ch
As you can see, i've started this Blog back in 2007 - it's now almost 15 Years old.
At first, 2'000 Blog Posts does not seem to be impressive. But if you take that number and divide it by 365 you will get this result: 5.479.
That means if you write a Blog Article every day, it takes you about five and a half year to get to these 2'000 Blog Articles.
And now the number is much more impressive
Another impressive Number:
For the last two Years i...
Hi All,
There is a new Setting in M365 Admin Portal called "Idle session timeout" - which is in Preview. This setting is currently supported by the following Web Apps - more apps are expected to come.
Outlook Web App
OneDrive for Business
SharePoint Online (SPO)
Office.com and other start pages
Office (Word, Excel, PowerPoint) on the web
Microsoft 365 Admin Center
Idle timeouts are Tenant wide settings and can't be targeted like Conditional Access Policies.
Idle session timeout for Microsoft 365 (Public preview)
https://docs.microsoft.com/en-US/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide
You can...
Hi All,
Recently Microsoft announced an update to "Every Meeting Online" (EMO) Feature. Not only can you configure to have Meeting Links for every Meeting, you can also configure the Default Online Meeting Provider
TeamsForBusiness
BlueJeans
GoToMeeting
Webex
Zoom
GoogleMeet
JioMeet
RingCentral
AmazonChimePublic
AmazonChimePrivate
AlibabaDingTalk
FacebookWorkplace
AppleFacetime
ClaroVideoconferencia
Make every meeting online
https://support.microsoft.com/en-us/office/make-every-meeting-online-70f9bda0-fd29-498b-9757-6709cc1c73f0
To Activate you have to Configure the Exchange Online...
Hi All,
Two Days ago, Microsoft has released a new Version of Azure AD Connect that fixes an Error, when there is a model db corruption.
Resolve Model database corruption in SQLLocalDB
https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/resolve-model-database-corruption-sqllocaldb
Azure AD Connect: Version release history
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history
Microsoft Azure Active Directory Connect 2.1.1.0
https://www.microsoft.com/en-us/download/details.aspx?id=47594
On the M365 Admin Center in the Health > Directory Sync Status you can find the new Version Number
https://admin.microsoft.com/#/dirsyncmanagement
Regards
Andres Bohren
Hi All,
There has been an update to Plus addressing in Exchange online.
Plus adressing will be enabled by default starting from 17. April 2022
If you wish to Opt-Out of Plus Adressing you will need to use this command
Set-OrganizationConfig -DisablePlusAddressInRecipients $true
Plus Addressing in Exchange Online
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online
If you want to check your current Recipients for Plus addresses you can use my Script from GitHub
https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/ExchangeOnline/CheckPlusEmailAddresses.ps1
You can review your Exchange Online Settings in your tenant with the following Command
Get-OrganizationConfig | fl *plus
In the Exchange Admin Center there is also a...
Hi All,
In this Blog Article, i want to talk about how to protect your Azure SQL Databases with Firewall Rules at Server or Database level.
Azure SQL Database and Azure Synapse IP firewall rules
https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure
The Server Level you can find on your Server Object
You can also find this when query the master Database
--Database: master
SELECT * FROM sys.firewall_rules
At the Database level use this
sp_set_firewall_rule (Azure SQL Database)
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-firewall-rule-azure-sql-database?view=azuresqldb-current
--Database: db_home_icewolf
Select * FROM sys.database_firewall_rules
To allow Azure Services add the following
-- Enable Azure connections.
EXECUTE sp_set_database_firewall_rule N'Allow Azure', '0.0.0.0', '0.0.0.0';
to add a custom IP or IP Range use these
-- Create database-level firewall setting for only IP 0.0.0.4
EXECUTE...
Hi All,
I wanted to check the amount of Commands available in the Microsoft.Graph Powershell Modules
Get-Command -Module Microsoft.Graph* | measure
That seemed a bit much and it turned out, i had multiple Versions of Microsoft.Graph PowerShell Module installed.
Here is a Script do remove the Old Modules and install only the newest Version.
$Modules = Get-Module Microsoft.Graph* -ListAvailable | Where {$_.Name -ne "Microsoft.Graph.Authentication"} | Select-Object Name -Unique
Foreach ($Module in $Modules)
{
$ModuleName = $Module.Name
$Versions = Get-Module $ModuleName -ListAvailable
Foreach ($Version in $Versions)
{
$ModuleVersion = $Version.Version
Write-Host "Uninstall-Module $ModuleName $ModuleVersion"
Uninstall-Module $ModuleName -RequiredVersion $ModuleVersion
}
}
#Uninstall Microsoft.Graph.Authentication
$ModuleName = "Microsoft.Graph.Authentication"
$Versions = Get-Module $ModuleName...
Hi All,
Did you notice that there are new Azure AD Diagnostic Settings in AzureAD?
NetworkAccessTrafficLogs
RiskyServicePrincipals
ServicePrincipalRiskEvents
After the Change i've checked the LogAnalytics - did not see any change.
Checked again a few days later and could only see that the Table "AzureDiagnostics" has been addet. But no Data in it.
What is your Experience?Do you see new Tables? Is there Data in it?
Regards
Andres Bohren
Hi All,
Did you hear about the "Modern Dynamic Distribution Groups in Exchange Online"?
Little less dynamic but with more caching 😊
Modern Dynamic Distribution Groups in Exchange Online
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-dynamic-distribution-groups/modern-dynamic-distribution-groups
Create a new Dynamic Distribution Group in Exchange Online
New-DynamicDistributionGroup -Name DDG-Icewolf-UserMailbox -IncludedRecipients MailboxUsers -ConditionalCompany "Icewolf"
Show the Details - note the Recipient Filter
Get-DynamicDistributionGroup -Identity DDG-Icewolf-UserMailbox | fl
If you check for the Members - it's still empty
Get-DynamicDistributionGroupMember -Identity DDG-Icewolf-UserMailbox
You chan check for the Member with the Recipient filter
Get-Recipient -RecipientPreviewFilter "((((Company -eq 'Icewolf') -and (RecipientType -eq 'UserMailbox'))) -and (-not(Name -like'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue...
Hi All,
Yesterday PowerShell v7.2.2 has been released
PowerShell 7 Downloads
https://github.com/PowerShell/powershell/releases
Regards
Andres Bohren
Hi All,
Today the ExchangeOnlineManagement Preview 5 PowerShell Module has been released to the PowerShell Gallery.
As you can see it's the first time you can use Certificate Based Authentication (CBA) to Authenticate with Connect-IPPSSession.
ExchangeOnlineManagement Preview5
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.6-Preview5
Installing the Module (PowerShell must be startet "As Administrator")
Find-Module ExchangeOnlineManagement -AllowPrerelease
Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
How to set up the Azure AD App i have documented here
https://blog.icewolf.ch/archive/2021/04/04/exchange-online-powershell-v2-authentication-with-app-in-azuread-update.aspx
Connect to Exchange Online with a Certificate stored in your CurrentUser Certificate Store
$AppID = "f38d26a7-740e-425f-aef5-2da3f3d595db"
$CertificateThumbprint = "4F1C474F862679EC35650824F73903041E1E5742"
$TenantId = "icewolfch.onmicrosoft.com"
Connect-ExchangeOnline -AppID $AppID -CertificateThumbprint $CertificateThumbprint -Organization $TenantId
Connect to Security and Compliance with a Certificate stored in your CurrentUser Certificate Store
$AppID = "f38d26a7-740e-425f-aef5-2da3f3d595db"
$CertificateThumbprint = "4F1C474F862679EC35650824F73903041E1E5742"
$TenantId =...
Hi All,
The March Version of Jabra Direct for Windows has been released
Release Notes
https://www.jabraheadsets.ch/support/release-notes/release-note-jabra-direct
Regards
Andres Bohren
Hi All,
I did feel to write a simple PowerShell Script to demonstrate how to Send a Mail via Microsoft Graph.
You need to create an Azure AD Application with the following Permission "Application -> Mail.Send".
Authentication with a SelfSigned Certificate.
The whole Script is published at my GitHub Repo
https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/ExchangeOnline/GraphAPI/SimpleGraphSendMail.ps1
###############################################################################
# Limiting application permissions to specific Exchange Online mailboxes
# https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access
#
# Limit Microsoft Graph Access to specific Exchange Mailboxes
# https://blog.icewolf.ch/archive/2021/02/06/limit-microsoft-graph-access-to-specific-exchange-mailboxes.aspx
###############################################################################
#Mail Enabled Security Group
Get-AzureADGroup -SearchString PostmasterGraphRestriction | Format-Table DisplayName, ObjectId, SecurityEnabled, MailEnabled, Mail
New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId c1a5903b-cd73-48fe-ac1f-e71bde968412 -PolicyScopeGroupId PostmasterGraphRestriction@icewolf.ch -Description "Restrict this app to members of this Group"
Get-ApplicationAccessPolicy
Test-ApplicationAccessPolicy -AppId c1a5903b-cd73-48fe-ac1f-e71bde968412 -Identity postmaster@icewolf.ch
Test-ApplicationAccessPolicy -AppId c1a5903b-cd73-48fe-ac1f-e71bde968412 -Identity SharedMBX@icewolf.ch
For...
Hi All,
Did you notice you can enable Azure Active Directory Preview Features?
Since February 2022 you can enable Azure AD Recommendations.
As soon as i had enabled it, the followin Info was shown under Overview > Recommendations
Detail View of the Recommendation
So i have changed the MFA Service Settings
https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx?BrandContextID=O365
Regards
Andres Bohren
Hi All,
I don't check daily if there are any new PowerShell modules in PSGallery.
So i wrote me a Script of my most used Modules to Inform me if there are any new Modules available.
With the following Code i check for the current Version of the Modules and put them into a PSCustomObject with the Attributes Release, Module, Version (for GA and Prerelease Versions).
###############################################################################
# Check PSGallery Modules
###############################################################################
#Create Empty Array
$MyArray = @()
$Modules = @("AZ","MSOnline", "AzureADPreview", "ExchangeOnlineManagement", "Icewolf.EXO.SpamAnalyze", "MicrosoftTeams", "Microsoft.Online.SharePoint.PowerShell","PnP.PowerShell" , "ORCA", "O365CentralizedAddInDeployment", "MSCommerce", "WhiteboardAdmin", "Microsoft.Graph", "MSAL.PS", "MSIdentityTools" )
foreach ($Module in $Modules)
{
#Check GA Version
$Result = Find-Module -Name $Module
$Version = $Result.Version
...
Hi All,
It's that time of the Month again and Microsoft has released Patches for Exchange 2013 up to Exchange 2019
Released: March 2022 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2022-exchange-server-security-updates/ba-p/3247586
Description of the security update for Microsoft Exchange Server 2019 and 2016: March 8, 2022 (KB5012698)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-march-8-2022-kb5012698-440c5421-dc0e-448f-93ef-4e686c18f7c3
Security Update For Exchange Server 2016 CU22 (KB5012698)
https://www.microsoft.com/en-us/download/details.aspx?id=103999
Don't forget to start the msp from an elevated cmd Prompt
Regards
Andres Bohren
Hi All,
I was inspired to look a little bit deeper into the Update Mechanism of Microsoft Teams by the "Teams MSI Override" GitHub Project.
You can check your Version in Teams by Settings > Info > Version
Then the current Version and update Date is shown in the top bar
You can invoke a update check in Settings > check for updates
Then Teams will search for updates
I've traced this Action in Fiddler
Now you can do your own Check in PowerShell
$Version = "1.5.00.1870"
$Url = "https://teams.microsoft.com/desktopclient/update/$Version/windows/x64?ring=general"
Write-Host "Sending request to $Url"
$updateCheckResponse = Invoke-WebRequest -Uri $Url -UseBasicParsing
$updateCheckJson = $updateCheckResponse | ConvertFrom-Json
$updateCheckJson
If you send the Current Version you...
Hi All,
Release Notes and Download
https://github.com/microsoft/PowerToys/releases/
There is a new Activation method for "Find my Mouse" by Shaking it. I've tested it and you have to shake quite hard. I'll stick with the "Press Left Control twice".
Regards
Andres Bohren
Hi All,
VMware published a Security Advisory for the VMware Tools on Windows.
VMSA-2022-0007
https://www.vmware.com/security/advisories/VMSA-2022-0007.html
VMware Tools 12.0.0 Download
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1200&productId=1259&rPId=85322
On my ESXi the VM's the VMware Tools are currently running Version 11.3.5
I've extracted the "windows.iso" and renamed it to "WMwareTools12_Windows.iso"
Then uploadet it to the Datastore
Attached it to the VM
And started the setup64.exe
Regards
Andres Bohren
Hi All,
Over a Year ago i did wrote a Azure Automation Script to check your M365 Licenses.
Check your M365 Licenses with Azure Automation
https://blog.icewolf.ch/archive/2021/04/18/check-your-m365-licenses-with-azure-automation.aspx
I did rewrite that code to support Microsoft Graph for query the Licenses and also send the Mail via Microsoft Graph.
Setup Environement
I first created a new AzureAD Application (just to make a clear separation of Graph Permissions for the purpose of this Demo).
Then i uploaded a Certificate wich i also use for several other Azure AD Apps
This Script will need the following Microsoft Graph Permissions with Admin Consent
Directory.Read.All
Mail.ReadWrite
...