blog.icewolf.ch

Let's talk about IT!
posts - 2290, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Monday, March 27, 2023

New Teams Client for Windows available

Hi All,

Welcome to the new era of Microsoft Teams

According to the Video the New Teams Client starts double as fast, change a channel is double as fast, joining a Meeting is faster and it uses only half of the Memory as the Classic Teams Client.






Regards
Andres Bohren


posted @ Monday, March 27, 2023 11:06 PM | Filed Under [ MicrosoftTeams ]

Friday, March 24, 2023

Microsoft.Graph PowerShell Module 1.24.0 released

Hi All,

Yesterday Microsoft has released a  new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery.

Microsoft.Graph 1.24.0



Let's check the installed Version and what's available on the PowerShell Gallery

Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph



To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.

#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)


To list the Modules you can use the following Command

Get-Module Microsoft.Graph* -ListAvailable


Let's use one of the PowerShell Modules

Connect-MgGraph -Scopes 'Group.Read.All'
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual | fl



Regards
Andres Bohren


posted @ Friday, March 24, 2023 8:22 AM | Filed Under [ PowerShell ]

Thursday, March 23, 2023

Citrix Workspace App for Windows 2303

Hi All,

The Citrix Workspace App for Windows 2303 has been released.






I really like the new Features around the Authentication



Regards
Andres Bohren


posted @ Thursday, March 23, 2023 8:41 AM | Filed Under [ Citrix ]

Wednesday, March 22, 2023

Add OneNote Fileextensions to the Exchange Online Malware Filter

Hi All,

I've heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack.
Sadly i don't know the exact details of that Attack.
What came to my mind was to block OneNote Attachments in the Malware Filter.

Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant

Also Microsoft want's to improve here according to the M 365 Roadmap


I've checked the OneNote file Extensions on my Computer


Microsoft OneNote File Extensions according to thefile.org


Let's go to work. List the Malware Filter Policys in Exchange Online

Connect-ExchangeOnline
Get-MalwareFilterPolicy | ft Name


Look at the Details. As you can see the Extensions are in the FileTypes Attribute (without dot before the Extension).

Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01


Let's add the OneNote File Extensions

$FileTypes = (Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01).FileTypes
$FileTypes.Count
$FileTypes.Add("one")
$FileTypes.Add("onepkg")
$FileTypes.Add("onetoc")
$FileTypes.Add("pwi")
$FileTypes.Add("sig")
$FileTypes.Add("onechache")
$FileTypes.Add("onetmp")
$FileTypes.Add("onetoc")
Set-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 -FileTypes $FileTypes



As you can see the Filetypes are now in the Policy



Regards
Andres Bohren



posted @ Wednesday, March 22, 2023 9:01 AM | Filed Under [ Security Exchange ]

Tuesday, March 21, 2023

ExchangeOnlineManagement 3.2.0-Preview2 released

Hi All,

Yesterday a new Preview Version of the ExchangeOnlineManagement PowerShell Module has been released to the PowerShell Gallery.

ExchangeOnlineManagement 3.2.0-Preview2



Check what Module is installed and what's available from the PowerShell Gallery.

Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease


To install the Module Side by Side you have to use the -Force Parameter

Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
Get-InstalledModule ExchangeOnlineManagement -AllVersions


Make sure the new Module is loaded

Import-Module ExchangeOnlineManagement
Get-Module


If you run "Connect-ExchangeOnline" multiple times you can now Disconnect-ExchangeOnline a specific Connection.

Connect-ExchangeOnline
Disconnect-ExchangeOnline


The new Commands are still in a Private Preview

Get-VivaModuleFeaturePolicy


Get-VivaModuleFeature -ModuleId VivaInsights -FeatureId Reflection
Get-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection



Regards
Andres Bohren


posted @ Tuesday, March 21, 2023 9:47 PM | Filed Under [ Exchange ]

Thursday, March 16, 2023

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

Hi All,

There is a Outlook Escalation of Privilege Vulnerability in Outlook. Tony Redmond has explained that very well

Outlook Elevation of Privilege Vulnerability Leaks Credentials via NTLM

Microsoft Outlook Elevation of Privilege Vulnerability

Exchange CSS has released a Script to test and mitigate

CVE-2023-23397 script



Exchange On Prem

You need to have an RBAC Admin Role that allows Application Impersonation and assign an Account.
If you don't have that Role you can create it

New-RoleGroup -Name "CVE-2023-23397-Script" -Roles "ApplicationImpersonation" -Description "Permission to run the CVE-2023-23397 script


You can also create a Throttling Policy

New-ThrottlingPolicy CVE-2023-23397-Script
Set-ThrottlingPolicy "CVE-2023-23397-Script" -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Set-Mailbox -Identity "ewservice@icewolf.ch" -ThrottlingPolicy "CVE-2023-23397-Script"



Let's check that Throttling Policy

Get-ThrottlingPolicy -Identity CVE-2023-23397-Script |  fl ews*, cpa*


Download the Script and run it in a Exchange Management Shell

Get-Mailbox | .\CVE-2023-23397.ps1 -Environment Onprem -EWSServerURL http://<ExchangeServerName>/ews/exchange.asmx

You will need to provide the Credentials of the Account you are using to connect to EWS


No Mailbox with a vulnerability found


Exchange Online

You will need to have the AzureAD PowerShell Module installed

Install-Module AzureAD

Now you need to create the AzureAD Application and you need to have the Global Administrator or an Application Administrator Role.

.\CVE-2023-23397.ps1 -CreateAzureApplication


This will Create an AzureAD Application


And set the Permission "full_access_as_app" which is like Impersonation.


Now you need to connect to Exchange Online

Connect-ExchangeOnline

Now you can scan your environement

Get-Mailbox | .\CVE-2023-23397.ps1 -Environment "Online"


You need to Authenticate to register a new  Client Secret. That's why the Script has to wait for 60 Seconds


Every time you run the Script it will register a new Client Secret



I have a lot of Test Mailboxes with no Licenses assigned.



If no vulnerable Items are found the Azure AD Application can be deletet

.\CVE-2023-23397.ps1 -DeleteAzureApplication



Regards
Andres Bohren


posted @ Thursday, March 16, 2023 10:00 AM | Filed Under [ Exchange Office ]

Jabra Direct Update (March 2023)

Hi All,

Yesterday i've got again a Message that a new Version is available for Jabra Direct.

Release Notes












Regards
Andres Bohren


posted @ Thursday, March 16, 2023 7:32 AM | Filed Under [ UM/Mobile ]

Tuesday, March 14, 2023

March 2023 Exchange Server Security Updates

Hi All,

Today the March 2023 Exchange Server Security Updates have been released.

Released: March 2023 Exchange Server Security Updates

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)

Security Update For Exchange Server 2016 CU23 SU7 (KB5024296)


The downloaded exe File extracts then starts the Installation in a elevated Promt












After the Security Update is installed, it is a good idea to restart the Server.
Make sure the Exchange Services are started afterwards. Then run the Exchange HealthChecker

Exchange HealthChecker

.\HealthChecker.ps1


After the Update run it again

.\HealthChecker.ps1





No yellow Lines i need to investigate. All good. Happy updating 😁

Regards
Andres Bohren


posted @ Tuesday, March 14, 2023 11:28 PM | Filed Under [ Exchange ]

Monday, March 13, 2023

New AzureAD Logs (but only you where included in Preview)

Hi All,

A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings
  • EnrichedOffice365AuditLogs
  • MicrosoftGraphActivityLogs

I've enabled all those logs


But i could not see any new Tables in the Log Analytics Workspace


So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :(

Integrate Azure AD logs with Azure Monitor logs



Regards
Andres Bohren


posted @ Monday, March 13, 2023 9:21 PM | Filed Under [ Azure ]

Saturday, March 11, 2023

Enable Two Factor Authentication on GitHub

Hi All,

GitHub recently announced that they will make Two Factor Authentication (2FA) mandatory.

Raising the bar for software security: GitHub 2FA begins March 13

Let's enable that straight away. I've logged into my Github Account. Under "Password and Authnentication" you can enable Multifactor Authentication.


In my Case GitHub Mobile was used to verify my Access


The Website showed a code i had to Enter in the GitHub Mobile App


Now the QR Code showed up and i added an Account in Microsoft Authenticator and verified it with the Code it was showing.


In the second step you receive 16 Recovery Keys. Store them in a safe Place like your Password Manager.

In addition i also added my FIDO2 Yubikey to GitHub.


Everything is now set up



Regards
Andres Bohren


posted @ Saturday, March 11, 2023 9:59 AM | Filed Under [ Development ]

Powered by:
Powered By Subtext Powered By ASP.NET