February 2023 Blog Posts
Hi All,
Yesterday, Microsoft has released the ExchangeOnlineManagement 3.2.0-Preview1 PowerShell Module to the PowerShell Gallery.
ExchangeOnlineManagement 3.2.0-Preview1
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.2.0-Preview1
Whats new in this release:
v3.2.0-Preview1 :
1. Preview Release of new cmdlets:
- Updating Briefing Email Settings of a tenant (Get-DefaultTenantBriefingConfig and Set-DefaultTenantBriefingConfig)
- Updating Viva Insights Feature Settings of a tenant (Get-DefaultTenantMyAnalyticsFeatureConfig and Set-DefaultTenantMyAnalyticsFeatureConfig)
2. Bug fixes in Connect-ExchangeOnline.
Let's check what Version of the Module is installed and what is available from the PowerShell Gallery
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease
I will install the Preview Side by Side with the Parameter Force
Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
Get-InstalledModule ExchangeOnlineManagement -AllVersions
Now let's load the Module and check it out
Import-Module ExchangeOnlineManagement -RequiredVersion 3.2.0
Connect-ExchangeOnline
Get-DefaultTenantBriefingConfig
Get-DefaultTenantMyAnalyticsFeatureConfig
These commandlets refer to these...
Hi All,
Microsoft has announced some new SelfService Purchase Services in Microsoft 365.
Use AllowSelfServicePurchase for the MSCommerce PowerShell module
https://learn.microsoft.com/en-us/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide
During the last Week it was not possible tho review or change it.
Apparently it works again since yesterday.
Connect to M365 and view the Details. As you can see there are two more: One for Power Automate and one for Teams.
Import-Module -Name MSCommerce
Connect-MSCommerce
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase
Now, let's disable the new Services
Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0PW0V -Enabled $False
Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0LSGZ -Enabled $False
Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0J1FV -Enabled $False
Now it looks the way i want
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase
Regards
Andres Bohren
Hi All,
Yesterday, Microsoft has released the Microsoft.Online.SharePoint.PowerShell 16.0.23408.12000. PowerShell Module
Microsoft.Online.SharePoint.PowerShell 16.0.23408.12000
https://www.powershellgallery.com/packages/Microsoft.Online.SharePoint.PowerShell/16.0.23408.12000
Check the installed Version and what is available from the PowerShell Gallery
Get-InstalledModule Microsoft.Online.SharePoint.PowerShell
Find-Module Microsoft.Online.SharePoint.PowerShell
Uninstall the old Version and install the new Version of the Module
Uninstall-Module Microsoft.Online.SharePoint.PowerShell
Install-Module Microsoft.Online.SharePoint.PowerShell
Get-InstalledModule Microsoft.Online.SharePoint.PowerShell
List the Commands of the Module
Get-Command -Module Microsoft.Online.SharePoint.PowerShell
Connect to Sharepoint Online
Connect-SPOService -Url https://icewolfch-admin.sharepoint.com
Get some Settings
Get-SPOTenant | fl
Regards
Andres Bohren
Hi All,
Did you notice that you can download Conditional Access Templates. The Templates are documented in the Conditional Access Doumentation below
Conditional Access templates (Preview)
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common
In Conditional Access Management select "New policy from template"
Now you have a diffrent range of Policys and can download the JSON
Back in Conditional Access select "Upload policy file"
Select your JSON File and choose between "Off", "On", "Report only"
After that your Policy is created
And you can view the details and adopt to your environement. Make sure you don't lock yourself out!
Also Check out the CA Export to HTML
https://github.com/BohrenAn/CA-Export
Regards
Andres Bohren
Hi All,
Just a few Hours ago, Microsoft has released a new version of the MSIdentityTools PowerShell Module.
MSIdentityTools 2.0.42
https://www.powershellgallery.com/packages/MSIdentityTools/2.0.42
Check what Version of the Module is installed and what's available in the PowerShell Gallery
Get-InstalledModule MSIdentityTools
Find-Module MSIdentityTools
Uninstall the old version of the PowerShell Module and install the newest one
Uninstall-Module MSIdentityTools
Install-Module MSIdentityTools
Get-InstalledModule MSIdentityTools
To see what commands are available use the following command
Get-Command -Module MSIdentityTools
To resolve an AppId to ObjectId you can use the Command below
Connect-MgGraph
Get-MsIdApplicationIdByAppId -AppId cd32481c-6da8-47a1-b55b-742d2c3af888
Regards
Andres Bohren
Hi All,
Sometimes you need to check the Exchange Active Directory Versions to see if a Schema Upgrade is needet.
It is well documented on the Website from Microsoft
Exchange Active Directory versions
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019#exchange-active-directory-versions
In this Case we use ADSIEdit.msc
Or you simply run this Script
###############################################################################
# Get Exchange AD Schema Version
###############################################################################
#Needs ActiveDirectory PowerShell Module
# Exchange Schema Version
$sc = (Get-ADRootDSE).SchemaNamingContext
$ob = "CN=ms-Exch-Schema-Version-Pt," + $sc
Write-Output "RangeUpper: $((Get-ADObject $ob -pr rangeUpper).rangeUpper)"
# Exchange Object Version (domain)
$dc = (Get-ADRootDSE).DefaultNamingContext
$ob = "CN=Microsoft Exchange System Objects," + $dc
Write-Output "ObjectVersion (Default): $((Get-ADObject $ob -pr objectVersion).objectVersion)"
# Exchange Object Version (forest)
$cc = (Get-ADRootDSE).ConfigurationNamingContext
$fl = "(objectClass=msExchOrganizationContainer)"
Write-Output "ObjectVersion (Configuration): $((Get-ADObject -LDAPFilter $fl -SearchBase $cc -pr objectVersion).objectVersion)"
Regards
Andres Bohren
Hi All,
Yesterday i've got again a Message that a new Version is available for Jabra Direct.
I still don't understand, why Jabra notifies my every Hour. My Notification Bar in Windows is piled up with these messages.
Release Notes
https://www.jabra.com/support/release-notes/release-note-jabra-direct
Regards
Andres Bohren
Hi All,
Yesterday i have received an update for my OnePlus 9 Android Smartphone. It includes the Android 2023.01 Security Updates.
OxygenOS 13 F.20 / F.74 for the OnePlus 9/9 Pro
https://community.oneplus.com/thread/1256800845157629952
Regards
Andres Bohren
Hi All,
Just a few Hours ago, Microsoft has released Microsoft.Graph PowerShell Module 1.22.0.
Microsoft.Graph 1.22.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.22.0
Release Notes
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Regards
Andres Bohren
Hi All,
In this Article i'll show you how you can "Search and Purge" Emails in Exchange Online.
With Compliance Search you can search for Mails and purge (Soft- or HardDelete) them afterwards. That's usually the case for Phishing or Spam Incidents.
Your search can cover a maximum of 50’000 Mailboxes
A new Compliance Search will create an Alert by default.
First of all you need to have the correct Permissions https://security.microsoft.com/permissions
Select "Email & collaboration Roles"
I'have created a custom Role with the following Roles and assign this to Max Muster
Preview
Search And Purge
Compliance...
Hi All,
There is a new Version of Git and i've updated to the latest release
Git Downloads
https://git-scm.com/
Git v2.39.2 Release Notes This release merges up the fixes that appear in v2.30.8, v2.31.7, v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5, v2.37.6 and v2.38.4 to address the security issues CVE-2023-22490 and CVE-2023-23946; see the release notes for these versions for details.
Let's check the GIT Version before the Update
git --version
Now run the update
Let's check the GIT version after the update
git --version
Regards
Andres Bohren
Hi All,
Last Night the February 2023 Exchange Server Security Updates have been released.
Released: February 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-february-14-2023-kb5023038-2e60d338-dda3-46ed-aed1-4a8bbee87d23
Security Update For Exchange Server 2016 CU23 SU6 (KB5023038)
https://www.microsoft.com/en-us/download/details.aspx?id=104999
The downloaded exe File extracts then starts the Installation in a elevated Promt
After the Security Update is installed, it is a good idea to restart the Server.
Make sure the Exchange Services are started afterwards. Then run the Exchange HealthChecker
Exchange HealthChecker
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
.\HealthChecker.ps1
After the Update run it again
.\HealthChecker.ps1
No yellow Lines i need to investigate. All good. Happy updating 😁
Regards
Andres Bohren
Hi All,
Today i had an interesting case with AzureAD Connect Synchronization from Active Directory to Azure Active Directory.
The Customer is in the middle of a reorganization and was changing the Domain.
I've added the new UPN to the UPN Suffixes in Azure AD (domain.msc > Properties)
We addet the new Domain to the M365 Tenant
Then i've changed the UPN Suffix of a Testuser. But the UPN did not change in AzureAD after the AAD Connect Sync Cycle.
I've never experienced that. And in my Tenant it works finde.
After a while Googling i found out, that this Feature can be configured with the MSOnline...
Hi All,
Yesterday the new Version of the AZ PowerShell Module 9.4.0 has been released to PowerShell Gallery.
Az 9.4.0
https://www.powershellgallery.com/packages/AZ/9.4.0
Azure PowerShell release notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-9.4.0
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
I've stumbled accross the new Microsoft 365 Defender Role-based access control (RBAC). It is still in Preview but i gave it a go.For now you can create the RBAC Roles only in the M365 Defender Portal. But Graph Integration is at least on the Roadmap.
Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/centrally-manage-permissions-with-the-microsoft-365-defender/bc-p/3717432
Microsoft 365 Defender role-based access control (RBAC)
https://learn.microsoft.com/en-us/microsoft-365/security/defender/manage-rbac?view=o365-worldwide
Let's have a look. You can find it under the Microsoft 365 Defender Portal https://security.microsoft.com/mtp_roles
Let's create a custom role
Give it a Name and some Discription if you like
Select one of the Categories
Select the Permissions you need or...
Hi All,
While checking the Devices in my M365 Tenant i was stumbled over the Stale Devices.
The List shows Devices that have an acivity more than 6 Months ago
Let's check if we can get that Information with Microsoft.Graph PowerShell
Connect-MgGraph -Scopes Directory.ReadWrite.All, Directory.AccessAsUser.All
Get-MgDevice
Now we need to get the Devices that are older than six Months
$Devices = Get-MgDevice
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
We can format that a little better
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)} | ft DisplayName,AccountEnabled,OperatingSystem,OperatingSystemVersion,ProfileType,IsManaged,IsCompliant,OnPremisesSyncEnabled,ApproximateLastSignInDateTime
Let's remove these Devices
$StaleDevices = $Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
Foreach ($StaleDevice in $StaleDevices)
{
Write-Host "DisplayName: $($StaleDevice.DisplayName) ApproximateLastSignInDateTime: $($StaleDevice.ApproximateLastSignInDateTime)"
$DeviceId = $StaleDevice.Id
Write-Host "Delete Id: $DeviceId" -ForegroundColor...
Hi All,
Just a few days ago Microsoft has released PowerToys v0.67.0. As always, there are a plenty of news.
PowerToysRelease v0.67.0
https://github.com/microsoft/PowerToys/releases
Regards
Andres Bohren
Hi All,
I had the "pleasure" again this week to Document the Azure AD Policies.
Making several Screenshots in the Azure AD Portal seemed not the best way.
MSGraph: List Conditional Access policies
https://learn.microsoft.com/en-us/graph/api/conditionalaccessroot-list-policies?view=graph-rest-1.0&tabs=http
So tried to use the Microsoft Graph Explorer https://aka.ms/ge
You need the Permission: Policy.Read.All
https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies
While using the JSON could be one way. It's not very good if you have to Document it in a Word Document right.
I tried to use the Microsoft.Graph PowerShell Module
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes Policy.Read.All
$CAP = Get-MgIdentityConditionalAccessPolicy
$CAP
As you can see the Conditions, GrantControls and SessionControls are dedicated Objects
$CAP[1] | fl
If we dig down the Conditions more Objects appear
$CAP[1].Conditions | fl
And...
Hi All,
Just a few Hours ago, Microsoft has released the MicrosoftTeams PowerShell Module 4.9.3 to the PowerShell Gallery.
MicrosoftTeams 4.9.3
https://www.powershellgallery.com/packages/MicrosoftTeams/4.9.3
Microsoft Teams PowerShell Release Notes
https://learn.microsoft.com/en-us/MicrosoftTeams/teams-powershell-release-notes
Check installed Module and what's available in the PowerShell Gallery
Get-InstalledModule MicrosoftTeams -AllVersions
Find-Module MicrosoftTeams
Uninstall the old Module and install the newest Module
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams
Install-Module MicrosoftTeams
I've already blogged how to set up Azure AD App and Certificate Authentication for Microsoft Teams
Microsoft Teams PowerShell Module 4.7.1-Preview with AzureAD App and Certificate Authentication
https://blog.icewolf.ch/archive/2022/09/28/microsoft-teams-powershell-module-4-7-1-preview-with-azuread.aspx
How to connect with the Certificate Parameter
$AppID = "93b64305-ea5b-41f2-be0f-a2235fb91480" #DemoTeamsPS
$TenantId = "icewolfch.onmicrosoft.com"
$PFXPassword = ConvertTo-SecureString -String "SecretPFXPassword" -Force -AsPlainText
$PFX = Get-PfxData -FilePath "C:\GIT_WorkingDir\O365Powershell3.pfx" -Password $PFXPassword
$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$Certificate = $PFX.EndEntityCertificates[0]
Import-Module MicrosoftTeams
Connect-MicrosoftTeams...
Hi All,
When i started the PowerShell 7 yesterday, it told me that there is a new Version v7.3.2 available.
v7.3.2 Release of PowerShell
https://github.com/PowerShell/PowerShell/releases/tag/v7.3.2
I have downloaded the x64 *.msi and these are the Screenshots from the Installation.
I always enable "Enable PowerShell remoting" wich is not enabled by default.
Get-Host
Regards
Andres Bohren