March 2023 Blog Posts
Hi All,
Welcome to the new era of Microsoft Teams
https://www.microsoft.com/en-us/microsoft-365/blog/2023/03/27/welcome-to-the-new-era-of-microsoft-teams/
According to the Video the New Teams Client starts double as fast, change a channel is double as fast, joining a Meeting is faster and it uses only half of the Memory as the Classic Teams Client.
Regards
Andres Bohren
Hi All,
Yesterday Microsoft has released a new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery.
Microsoft.Graph 1.24.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.24.0
Release Notes
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Let's use one of the PowerShell Modules
Connect-MgGraph -Scopes 'Group.Read.All'
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual
Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel...
Hi All,
The Citrix Workspace App for Windows 2303 has been released.
About this release
https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/about.html
I really like the new Features around the Authentication
Regards
Andres Bohren
Hi All,
I've heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack.
Sadly i don't know the exact details of that Attack.
What came to my mind was to block OneNote Attachments in the Malware Filter.
Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant
https://www.heise.de/news/Microsoft-Besserer-Schutz-vor-riskantem-OneNote-Phishing-geplant-7543318.html
Also Microsoft want's to improve here according to the M 365 Roadmap
https://www.microsoft.com/de-ch/microsoft-365/roadmap?filters=&searchterms=122277
I've checked the OneNote file Extensions on my Computer
Microsoft OneNote File Extensions according to thefile.org
https://de.thefile.org/program/microsoft-onenote
Let's go to work. List the Malware Filter Policys in Exchange Online
Connect-ExchangeOnline
Get-MalwareFilterPolicy | ft Name
Look at the Details. As you can see the Extensions are in the...
Hi All,
Yesterday a new Preview Version of the ExchangeOnlineManagement PowerShell Module has been released to the PowerShell Gallery.
ExchangeOnlineManagement 3.2.0-Preview2
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.2.0-Preview2
Check what Module is installed and what's available from the PowerShell Gallery.
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease
To install the Module Side by Side you have to use the -Force Parameter
Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
Get-InstalledModule ExchangeOnlineManagement -AllVersions
Make sure the new Module is loaded
Import-Module ExchangeOnlineManagement
Get-Module
If you run "Connect-ExchangeOnline" multiple times you can now Disconnect-ExchangeOnline a specific Connection.
Connect-ExchangeOnline
Disconnect-ExchangeOnline
The new Commands are still in a Private Preview
Get-VivaModuleFeaturePolicy
https://learn.microsoft.com/en-us/powershell/module/exchange/get-vivamodulefeaturepolicy?view=exchange-ps
Get-VivaModuleFeature -ModuleId VivaInsights -FeatureId Reflection
Get-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection
Regards
Andres Bohren
Hi All,
There is a Outlook Escalation of Privilege Vulnerability in Outlook. Tony Redmond has explained that very well
Outlook Elevation of Privilege Vulnerability Leaks Credentials via NTLM
https://practical365.com/cve-2023-23397-ntlm-vulnerability/
Microsoft Outlook Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
Exchange CSS has released a Script to test and mitigate
CVE-2023-23397 script
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/
Exchange On Prem
You need to have an RBAC Admin Role that allows Application Impersonation and assign an Account.
If you don't have that Role you can create it
New-RoleGroup -Name "CVE-2023-23397-Script" -Roles "ApplicationImpersonation" -Description "Permission to run the CVE-2023-23397 script
You can also create a Throttling Policy
New-ThrottlingPolicy CVE-2023-23397-Script
Set-ThrottlingPolicy "CVE-2023-23397-Script" -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Set-Mailbox -Identity "ewservice@icewolf.ch"...
Hi All,
Yesterday i've got again a Message that a new Version is available for Jabra Direct.
Release Notes
https://www.jabra.com/support/release-notes/release-note-jabra-direct
Regards
Andres Bohren
Hi All,
Today the March 2023 Exchange Server Security Updates have been released.
Released: March 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-14-2023-kb5024296-e13b0369-2102-4c95-bee2-456514630727
Security Update For Exchange Server 2016 CU23 SU7 (KB5024296)
https://www.microsoft.com/en-us/download/details.aspx?id=105091
The downloaded exe File extracts then starts the Installation in a elevated Promt
After the Security Update is installed, it is a good idea to restart the Server.
Make sure the Exchange Services are started afterwards. Then run the Exchange HealthChecker
Exchange HealthChecker
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
.\HealthChecker.ps1
After the Update run it again
.\HealthChecker.ps1
No yellow Lines i need to investigate. All good. Happy updating 😁
Regards
Andres Bohren
Hi All,
A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings
EnrichedOffice365AuditLogs
MicrosoftGraphActivityLogs
I've enabled all those logs
But i could not see any new Tables in the Log Analytics Workspace
So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :(
Integrate Azure AD logs with Azure Monitor logs
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics
Regards
Andres Bohren
Hi All,
GitHub recently announced that they will make Two Factor Authentication (2FA) mandatory.
Raising the bar for software security: GitHub 2FA begins March 13
https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/
Let's enable that straight away. I've logged into my Github Account. Under "Password and Authnentication" you can enable Multifactor Authentication.
In my Case GitHub Mobile was used to verify my Access
The Website showed a code i had to Enter in the GitHub Mobile App
Now the QR Code showed up and i added an Account in Microsoft Authenticator and verified it with the Code it was showing.
In the second step you receive 16 Recovery Keys. Store them in a safe...
Hi All,
Yesterday i stumbled across something odd. Did not see the M365 Groups in Outlook for Windows anymore. They seem to be gone in the newest Version.
Let's start at the beginning. Office in the Current Channel
Outlook Profile is set up with Cached Mode (without Chached Mode you don't see the M365 Groups either).
As you can see the Groups are listed here
The cached Files are stored in C:\Users\<Username>\AppData\Local\Microsoft\Outlook
As you can see the *.nst File is here. It is the offline Cache for M365 Groups - similar to the *.ost for the Mailbox.
Another Computer with current Channel Preview
Missing the M365 Groups in...
Hi All,
Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery.
Az 9.5.0
https://www.powershellgallery.com/packages/az/9.5.0
Release Notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
Do you know the User reported Settings in Microsoft 365 Defender for Office 365?
For instance, you can send the Mails that a user reports with the "Report Message" Add-In to Microsoft also to a reporting Mailbox that you own.
User reported settings
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide
User Reported Settings
https://security.microsoft.com/securitysettings/userSubmission
I've enabled that a while ago.
As you can see the Reporting Mailbox receives all types:
- Junk
- Phishing
- Not Junk
The Mail contains the Header and the Original Mail as Attachment.
In a past Project the Security Team was only interested in Reported Phishing Messages.
I've created the following Transport Rule to solve that
$AdminEmailaddress = "postmaster@icewolf.ch"
if ($Null -eq (Get-TransportRule -identity "[EOP]...
Hi All,
I wanted to monitor the Performance of my Blog. I've added Application Insights to my Azure Subscription and under "Availablility" i have added a "Classic test"
Monitor availability with URL ping tests
https://learn.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
URL Ping
Add the URL, the Regions where you want to test from, the Response Code and Timeout. In my case i don't need an Alert.
After a few days you can se now the Availability is at 100%
The Average response Time is about 500 ms in Europe less than 300 ms.
You can view the Logs in LogAnalytics Workspace
availabilityResults
| where timestamp > datetime("2023-03-07T20:17:00.000Z") and timestamp < datetime("2023-03-08T20:17:00.000Z")
| where true
| where name...
Hi All,
Somehow i missed, that already yesterday Microsoft has released a new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery.
Microsoft.Graph 1.23.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.23.0
Release Notes (Not yet listed there)
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Let's use one of the PowerShell Modules
Connect-MgGraph -Scopes...
Hi All,
I've stubled across the Message below in the Microsoft 365 Message Center and decidet to give it a try.
Turn pronouns on or off for your organization in the Microsoft 365 admin center
https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide
Pronouns on your profile in Microsoft 365
https://support.microsoft.com/en-us/office/pronouns-on-your-profile-in-microsoft-365-232c3bfb-a947-4310-86db-b22d63663d85
Pronouns best practices
https://support.microsoft.com/en-us/office/pronouns-best-practices-ef1701ad-711d-4c6e-b664-64c3ee188d68
Frequently asked questions about pronouns in Microsoft 365
https://support.microsoft.com/en-us/office/frequently-asked-questions-about-pronouns-in-microsoft-365-48135f04-e822-49b5-ba6b-e9bae2ce503a
M365 Admin Center > Org Settings > Security & privacy > Pronouns
It's disabled by default and has to be enabled by an Administrator
I've switched to Teams Preview and onmy Contact Card i can add my pronoun
Visible also in Outlook Web
Not yet visible in Outlook for Windows
Not visible in Azure Active Directory - so...
Hi All,
Yesterday the PowerToys v0.68.0 have been released.
PowerToys Release v0.68.0
https://github.com/microsoft/PowerToys/releases/tag/v0.68.0
In Teams or Browsers you can use "CTRL + SHIFT + V" to paste as Plain Text.
Now there is a General Shortcut to do that everywhere "CTRL + WIN + V"
Regards
Andres Bohren
Hi All,
A few hours ago a new Version of the Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) Module has been released.
ORCA 2.2
https://www.powershellgallery.com/packages/Orca/2.2
To check the installed Module and what's available on PowerShell Gallery use the commands below
Get-InstalledModule ORCA
Find-Module ORCA
Uninstall the old and install the new PowerShell Module
Uninstall-Module ORCA
Install-Module ORCA
Get-InstalledModule ORCA
The Module only contains two Commands
Get-Command -Module ORCA
Now let's run the ORCA Report
Get-ORCAReport
The Report is in HTML and will be shown here
I've created an additional Outbound Spam Policy with Higher Values (Correct but intentionally made so).
Safe Attchments not enabled on Domains (due Licensing restrictions)
No DKIM for the Domain used for...
Hi All,
Just a few Hours ago, Microsoft has released the MicrosoftTeams PowerShell Module 5.0.0 to the PowerShell Gallery.
MicrosoftTeams 5.0.0
https://www.powershellgallery.com/packages/MicrosoftTeams/5.0.0
Microsoft Teams PowerShell Release Notes
https://learn.microsoft.com/en-us/MicrosoftTeams/teams-powershell-release-notes
Check installed Module and what's available in the PowerShell Gallery
Get-InstalledModule MicrosoftTeams -AllVersions
Find-Module MicrosoftTeams
Uninstall the old Module and install the newest Module
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams
Install-Module MicrosoftTeams
Testing
Connect-MicrosoftTeams
Get-CsOnlineUser -Identity <Identity>
Some new Filering
Get-CsOnlineUser -Filter {City -eq 'Bern'} | ft UserPrincipalName
Get-CsOnlineUser -Filter {Company -like 'Ice*'} | ft UserPrincipalName
Get-CsOnlineUser -Filter {FeatureTypes -contains "PhoneSystem"} | ft UserPrincipalName
Regards
Andres Bohren
Hi All,
Today i realized that there is a new version of PowerShell 7.
v7.3.3 Release of PowerShell
https://github.com/PowerShell/PowerShell/releases/tag/v7.3.3
I have downloaded the x64 *.msi and these are the Screenshots from the Installation.
I always enable "Enable PowerShell remoting" wich is not enabled by default.
Let's start and see
pwsh
Get-Host
Regards
Andres Bohren