Monday, March 27, 2023
Hi All,
Welcome to the new era of Microsoft Teams
According to the Video the New Teams Client starts double as fast, change a channel is double as fast, joining a Meeting is faster and it uses only half of the Memory as the Classic Teams Client.
Regards
Andres Bohren
Friday, March 24, 2023
Hi All,
Yesterday Microsoft has released a new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery.
Microsoft.Graph 1.24.0
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Let's use one of the PowerShell Modules
Connect-MgGraph -Scopes 'Group.Read.All'
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual | fl
Regards
Andres Bohren
Thursday, March 23, 2023
Hi All,
The Citrix Workspace App for Windows 2303 has been released.
I really like the new Features around the Authentication
Regards
Andres Bohren
Wednesday, March 22, 2023
Hi All,
I've heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack.
Sadly i don't know the exact details of that Attack.
What came to my mind was to block OneNote Attachments in the Malware Filter.
Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant
Also Microsoft want's to improve here according to the M 365 Roadmap
I've checked the OneNote file Extensions on my Computer
Microsoft OneNote File Extensions according to thefile.org
Let's go to work. List the Malware Filter Policys in Exchange Online
Connect-ExchangeOnline
Get-MalwareFilterPolicy | ft Name
Look at the Details. As you can see the Extensions are in the FileTypes Attribute (without dot before the Extension).
Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01
Let's add the OneNote File Extensions
$FileTypes = (Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01).FileTypes
$FileTypes.Count
$FileTypes.Add("one")
$FileTypes.Add("onepkg")
$FileTypes.Add("onetoc")
$FileTypes.Add("pwi")
$FileTypes.Add("sig")
$FileTypes.Add("onechache")
$FileTypes.Add("onetmp")
$FileTypes.Add("onetoc")
Set-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 -FileTypes $FileTypes
As you can see the Filetypes are now in the Policy
Regards
Andres Bohren
Tuesday, March 21, 2023
Hi All,
Yesterday a new Preview Version of the ExchangeOnlineManagement PowerShell Module has been released to the PowerShell Gallery.
ExchangeOnlineManagement 3.2.0-Preview2
Check what Module is installed and what's available from the PowerShell Gallery.
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease
To install the Module Side by Side you have to use the -Force Parameter
Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
Get-InstalledModule ExchangeOnlineManagement -AllVersions
Make sure the new Module is loaded
Import-Module ExchangeOnlineManagement
Get-Module
If you run "Connect-ExchangeOnline" multiple times you can now Disconnect-ExchangeOnline a specific Connection.
Connect-ExchangeOnline
Disconnect-ExchangeOnline
The new Commands are still in a Private Preview
Get-VivaModuleFeaturePolicy
Get-VivaModuleFeature -ModuleId VivaInsights -FeatureId Reflection
Get-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection
Regards
Andres Bohren
Thursday, March 16, 2023
Hi All,
There is a Outlook Escalation of Privilege Vulnerability in Outlook. Tony Redmond has explained that very well
Outlook Elevation of Privilege Vulnerability Leaks Credentials via NTLM
Microsoft Outlook Elevation of Privilege Vulnerability
Exchange CSS has released a Script to test and mitigate
CVE-2023-23397 script
Exchange On Prem
You need to have an RBAC Admin Role that allows Application Impersonation and assign an Account.
If you don't have that Role you can create it
New-RoleGroup -Name "CVE-2023-23397-Script" -Roles "ApplicationImpersonation" -Description "Permission to run the CVE-2023-23397 script
You can also create a Throttling Policy
New-ThrottlingPolicy CVE-2023-23397-Script
Set-ThrottlingPolicy "CVE-2023-23397-Script" -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Set-Mailbox -Identity "ewservice@icewolf.ch" -ThrottlingPolicy "CVE-2023-23397-Script"
Let's check that Throttling Policy
Get-ThrottlingPolicy -Identity CVE-2023-23397-Script | fl ews*, cpa*
Download the Script and run it in a Exchange Management Shell
Get-Mailbox | .\CVE-2023-23397.ps1 -Environment Onprem -EWSServerURL http://<ExchangeServerName>/ews/exchange.asmx
You will need to provide the Credentials of the Account you are using to connect to EWS
No Mailbox with a vulnerability found
Exchange Online
You will need to have the AzureAD PowerShell Module installed
Install-Module AzureAD
Now you need to create the AzureAD Application and you need to have the Global Administrator or an Application Administrator Role.
.\CVE-2023-23397.ps1 -CreateAzureApplication
This will Create an AzureAD Application
And set the Permission "full_access_as_app" which is like Impersonation.
Now you need to connect to Exchange Online
Connect-ExchangeOnline
Now you can scan your environement
Get-Mailbox | .\CVE-2023-23397.ps1 -Environment "Online"
You need to Authenticate to register a new Client Secret. That's why the Script has to wait for 60 Seconds
Every time you run the Script it will register a new Client Secret
I have a lot of Test Mailboxes with no Licenses assigned.
If no vulnerable Items are found the Azure AD Application can be deletet
.\CVE-2023-23397.ps1 -DeleteAzureApplication
Regards
Andres Bohren
Hi All,
Yesterday i've got again a Message that a new Version is available for Jabra Direct.
Release Notes
Regards
Andres Bohren
Tuesday, March 14, 2023
Hi All,
Today the March 2023 Exchange Server Security Updates have been released.
Released: March 2023 Exchange Server Security Updates
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)
Security Update For Exchange Server 2016 CU23 SU7 (KB5024296)
The downloaded exe File extracts then starts the Installation in a elevated Promt
After the Security Update is installed, it is a good idea to restart the Server.
Make sure the Exchange Services are started afterwards. Then run the Exchange HealthChecker
Exchange HealthChecker
.\HealthChecker.ps1
After the Update run it again
.\HealthChecker.ps1
No yellow Lines i need to investigate. All good. Happy updating 😁
Regards
Andres Bohren
Monday, March 13, 2023
Hi All,
A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings
- EnrichedOffice365AuditLogs
- MicrosoftGraphActivityLogs
I've enabled all those logs
But i could not see any new Tables in the Log Analytics Workspace
So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :(
Integrate Azure AD logs with Azure Monitor logs
Regards
Andres Bohren
Saturday, March 11, 2023
Hi All,
GitHub recently announced that they will make Two Factor Authentication (2FA) mandatory.
Raising the bar for software security: GitHub 2FA begins March 13
Let's enable that straight away. I've logged into my Github Account. Under "Password and Authnentication" you can enable Multifactor Authentication.
In my Case GitHub Mobile was used to verify my Access
The Website showed a code i had to Enter in the GitHub Mobile App
Now the QR Code showed up and i added an Account in Microsoft Authenticator and verified it with the Code it was showing.
In the second step you receive 16 Recovery Keys. Store them in a safe Place like your Password Manager.
Everything is now set up
Regards
Andres Bohren