blog.icewolf.ch

Let's talk about IT!
posts - 2290, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

March 2023 Blog Posts

New Teams Client for Windows available

Hi All, Welcome to the new era of Microsoft Teams https://www.microsoft.com/en-us/microsoft-365/blog/2023/03/27/welcome-to-the-new-era-of-microsoft-teams/ According to the Video the New Teams Client starts double as fast, change a channel is double as fast, joining a Meeting is faster and it uses only half of the Memory as the Classic Teams Client. Regards Andres Bohren

posted @ Monday, March 27, 2023 11:06 PM | Filed Under [ MicrosoftTeams ]

Microsoft.Graph PowerShell Module 1.24.0 released

Hi All, Yesterday Microsoft has released a  new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery. Microsoft.Graph 1.24.0 https://www.powershellgallery.com/packages/Microsoft.Graph/1.24.0 Release Notes https://github.com/microsoftgraph/msgraph-sdk-powershell/releases Let's check the installed Version and what's available on the PowerShell Gallery Get-InstalledModule Microsoft.Graph Find-Module Microsoft.Graph To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown. #Run Script directly from GitHub $ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1" Invoke-Expression $($ScriptFromGitHub.Content) To list the Modules you can use the following Command Get-Module Microsoft.Graph* -ListAvailable Let's use one of the PowerShell Modules Connect-MgGraph -Scopes 'Group.Read.All' Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel eventual Get-MgGroup -Search "DisplayName:AAD-IcewolfUsers" -ConsistencyLevel...

posted @ Friday, March 24, 2023 8:22 AM | Filed Under [ PowerShell ]

Citrix Workspace App for Windows 2303

Hi All, The Citrix Workspace App for Windows 2303 has been released. About this release https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/about.html I really like the new Features around the Authentication Regards Andres Bohren

posted @ Thursday, March 23, 2023 8:41 AM | Filed Under [ Citrix ]

Add OneNote Fileextensions to the Exchange Online Malware Filter

Hi All, I've heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack. Sadly i don't know the exact details of that Attack. What came to my mind was to block OneNote Attachments in the Malware Filter. Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant https://www.heise.de/news/Microsoft-Besserer-Schutz-vor-riskantem-OneNote-Phishing-geplant-7543318.html Also Microsoft want's to improve here according to the M 365 Roadmap https://www.microsoft.com/de-ch/microsoft-365/roadmap?filters=&searchterms=122277 I've checked the OneNote file Extensions on my Computer Microsoft OneNote File Extensions according to thefile.org https://de.thefile.org/program/microsoft-onenote Let's go to work. List the Malware Filter Policys in Exchange Online Connect-ExchangeOnline Get-MalwareFilterPolicy | ft Name Look at the Details. As you can see the Extensions are in the...

posted @ Wednesday, March 22, 2023 9:01 AM | Filed Under [ Security Exchange ]

ExchangeOnlineManagement 3.2.0-Preview2 released

Hi All, Yesterday a new Preview Version of the ExchangeOnlineManagement PowerShell Module has been released to the PowerShell Gallery. ExchangeOnlineManagement 3.2.0-Preview2 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.2.0-Preview2 Check what Module is installed and what's available from the PowerShell Gallery. Get-InstalledModule ExchangeOnlineManagement Find-Module ExchangeOnlineManagement -AllowPrerelease To install the Module Side by Side you have to use the -Force Parameter Install-Module ExchangeOnlineManagement -AllowPrerelease -Force Get-InstalledModule ExchangeOnlineManagement -AllVersions Make sure the new Module is loaded Import-Module ExchangeOnlineManagement Get-Module If you run "Connect-ExchangeOnline" multiple times you can now Disconnect-ExchangeOnline a specific Connection. Connect-ExchangeOnline Disconnect-ExchangeOnline The new Commands are still in a Private Preview Get-VivaModuleFeaturePolicy https://learn.microsoft.com/en-us/powershell/module/exchange/get-vivamodulefeaturepolicy?view=exchange-ps Get-VivaModuleFeature -ModuleId VivaInsights -FeatureId Reflection Get-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection Regards Andres Bohren

posted @ Tuesday, March 21, 2023 9:47 PM | Filed Under [ Exchange ]

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

Hi All, There is a Outlook Escalation of Privilege Vulnerability in Outlook. Tony Redmond has explained that very well Outlook Elevation of Privilege Vulnerability Leaks Credentials via NTLM https://practical365.com/cve-2023-23397-ntlm-vulnerability/ Microsoft Outlook Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 Exchange CSS has released a Script to test and mitigate CVE-2023-23397 script https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/ Exchange On Prem You need to have an RBAC Admin Role that allows Application Impersonation and assign an Account. If you don't have that Role you can create it New-RoleGroup -Name "CVE-2023-23397-Script" -Roles "ApplicationImpersonation" -Description "Permission to run the CVE-2023-23397 script You can also create a Throttling Policy New-ThrottlingPolicy CVE-2023-23397-Script Set-ThrottlingPolicy "CVE-2023-23397-Script" -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited Set-Mailbox -Identity "ewservice@icewolf.ch"...

posted @ Thursday, March 16, 2023 10:00 AM | Filed Under [ Exchange Office ]

Jabra Direct Update (March 2023)

Hi All, Yesterday i've got again a Message that a new Version is available for Jabra Direct. Release Notes https://www.jabra.com/support/release-notes/release-note-jabra-direct Regards Andres Bohren

posted @ Thursday, March 16, 2023 7:32 AM | Filed Under [ UM/Mobile ]

March 2023 Exchange Server Security Updates

Hi All, Today the March 2023 Exchange Server Security Updates have been released. Released: March 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224 Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296) https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-14-2023-kb5024296-e13b0369-2102-4c95-bee2-456514630727 Security Update For Exchange Server 2016 CU23 SU7 (KB5024296) https://www.microsoft.com/en-us/download/details.aspx?id=105091 The downloaded exe File extracts then starts the Installation in a elevated Promt After the Security Update is installed, it is a good idea to restart the Server. Make sure the Exchange Services are started afterwards. Then run the Exchange HealthChecker Exchange HealthChecker https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ .\HealthChecker.ps1 After the Update run it again .\HealthChecker.ps1 No yellow Lines i need to investigate. All good. Happy updating ūüėĀ Regards Andres Bohren

posted @ Tuesday, March 14, 2023 11:28 PM | Filed Under [ Exchange ]

New AzureAD Logs (but only you where included in Preview)

Hi All, A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings EnrichedOffice365AuditLogs MicrosoftGraphActivityLogs I've enabled all those logs But i could not see any new Tables in the Log Analytics Workspace So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :( Integrate Azure AD logs with Azure Monitor logs https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics Regards Andres Bohren

posted @ Monday, March 13, 2023 9:21 PM | Filed Under [ Azure ]

Enable Two Factor Authentication on GitHub

Hi All, GitHub recently announced that they will make Two Factor Authentication (2FA) mandatory. Raising the bar for software security: GitHub 2FA begins March 13 https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/ Let's enable that straight away. I've logged into my Github Account. Under "Password and Authnentication" you can enable Multifactor Authentication. In my Case GitHub Mobile was used to verify my Access The Website showed a code i had to Enter in the GitHub Mobile App Now the QR Code showed up and i added an Account in Microsoft Authenticator and verified it with the Code it was showing. In the second step you receive 16 Recovery Keys. Store them in a safe...

posted @ Saturday, March 11, 2023 9:59 AM | Filed Under [ Development ]

M365 Groups dumped in Outlook for Windows?

Hi All, Yesterday i stumbled across something odd. Did not see the M365 Groups in Outlook for Windows anymore. They seem to be gone in the newest Version. Let's start at the beginning. Office in the Current Channel Outlook Profile is set up with Cached Mode (without Chached Mode you don't see the M365 Groups either). As you can see the Groups are listed here The cached Files are stored in C:\Users\<Username>\AppData\Local\Microsoft\Outlook As you can see the *.nst File is here. It is the offline Cache for M365 Groups - similar to the *.ost for the Mailbox. Another Computer with current Channel Preview Missing the M365 Groups in...

posted @ Friday, March 10, 2023 9:02 AM | Filed Under [ Exchange Office ]

Azure PowerShell Module Az 9.5.0 released

Hi All, Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery. Az 9.5.0 https://www.powershellgallery.com/packages/az/9.5.0 Release Notes https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps Show Installed AZ Module and what's available in the PowerShell Gallery Get-InstalledModule AZ Find-Module AZ #Run Script directly from GitHub $ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1" Invoke-Expression $($ScriptFromGitHub.Content) The AZ Module is just a Wrapper Module for all AZ* Modules Get-InstalledModule AZ* Regards Andres Bohren

posted @ Thursday, March 9, 2023 8:07 AM | Filed Under [ PowerShell Azure ]

M365 Defender for Office 365 User reported Settings

Hi All, Do you know the User reported Settings in Microsoft 365 Defender for Office 365? For instance, you can send the Mails that a user reports with the "Report Message" Add-In  to Microsoft also to a reporting Mailbox that you own. User reported settings https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide User Reported Settings https://security.microsoft.com/securitysettings/userSubmission I've enabled that a while ago. As you can see the Reporting Mailbox receives all types: - Junk - Phishing - Not Junk The Mail contains the Header and the Original Mail as Attachment. In a past Project the Security Team was only interested in Reported Phishing Messages. I've created the following Transport Rule to solve that $AdminEmailaddress = "postmaster@icewolf.ch" if ($Null -eq (Get-TransportRule -identity "[EOP]...

posted @ Thursday, March 9, 2023 7:30 AM | Filed Under [ Exchange ]

Monitor Website with Azure

Hi All, I wanted to monitor the Performance of my Blog. I've added Application Insights to my Azure Subscription and under "Availablility" i have added a "Classic test" Monitor availability with URL ping tests https://learn.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability URL Ping Add the URL, the Regions where you want to test from, the Response Code and Timeout. In my case i don't need an Alert. After a few days you can se now the Availability is at 100% The Average response Time is about 500 ms in Europe less than 300 ms. You can view the Logs in LogAnalytics Workspace availabilityResults | where timestamp > datetime("2023-03-07T20:17:00.000Z") and timestamp < datetime("2023-03-08T20:17:00.000Z") | where true | where name...

posted @ Wednesday, March 8, 2023 9:38 PM | Filed Under [ Azure ]

Microsoft.Graph PowerShell Module 1.23.0 released

Hi All, Somehow i missed, that already yesterday Microsoft has released a new Version of Microsoft.Graph PowerShell Modules to the PowerShell Gallery. Microsoft.Graph 1.23.0 https://www.powershellgallery.com/packages/Microsoft.Graph/1.23.0 Release Notes (Not yet listed there) https://github.com/microsoftgraph/msgraph-sdk-powershell/releases Let's check the installed Version and what's available on the PowerShell Gallery Get-InstalledModule Microsoft.Graph Find-Module Microsoft.Graph To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown. #Run Script directly from GitHub $ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1" Invoke-Expression $($ScriptFromGitHub.Content) To list the Modules you can use the following Command Get-Module Microsoft.Graph* -ListAvailable Let's use one of the PowerShell Modules Connect-MgGraph -Scopes...

posted @ Sunday, March 5, 2023 1:18 PM | Filed Under [ PowerShell ]

Pronouns on your profile in Microsoft 365

Hi All, I've stubled across the Message below in the Microsoft 365 Message Center and decidet to give it a try. Turn pronouns on or off for your organization in the Microsoft 365 admin center https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide Pronouns on your profile in Microsoft 365 https://support.microsoft.com/en-us/office/pronouns-on-your-profile-in-microsoft-365-232c3bfb-a947-4310-86db-b22d63663d85 Pronouns best practices https://support.microsoft.com/en-us/office/pronouns-best-practices-ef1701ad-711d-4c6e-b664-64c3ee188d68 Frequently asked questions about pronouns in Microsoft 365 https://support.microsoft.com/en-us/office/frequently-asked-questions-about-pronouns-in-microsoft-365-48135f04-e822-49b5-ba6b-e9bae2ce503a M365 Admin Center > Org Settings > Security & privacy > Pronouns It's disabled by default and has to be enabled by an Administrator I've switched to Teams Preview and onmy Contact Card i can add my pronoun Visible also in Outlook Web Not yet visible in Outlook for Windows Not visible in Azure Active Directory - so...

posted @ Friday, March 3, 2023 4:48 PM | Filed Under [ Microsoft365 MicrosoftTeams ]

PowerToys v0.68.0 released

Hi All, Yesterday the PowerToys v0.68.0 have been released. PowerToys Release v0.68.0 https://github.com/microsoft/PowerToys/releases/tag/v0.68.0 In Teams or Browsers you can use "CTRL + SHIFT + V" to paste as Plain Text. Now there is a General Shortcut to do that everywhere "CTRL + WIN + V" Regards Andres Bohren

posted @ Thursday, March 2, 2023 8:45 PM | Filed Under [ Windows ]

Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) 2.2 released

Hi All, A few hours ago a new Version of the Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) Module has been released. ORCA 2.2 https://www.powershellgallery.com/packages/Orca/2.2 To check the installed Module and what's available on PowerShell Gallery use the commands below Get-InstalledModule ORCA Find-Module ORCA Uninstall the old and install the new PowerShell Module Uninstall-Module ORCA Install-Module ORCA Get-InstalledModule ORCA The Module only contains two Commands Get-Command -Module ORCA Now let's run the ORCA Report Get-ORCAReport The Report is in HTML and will be shown here I've created an additional Outbound Spam Policy with Higher Values (Correct but intentionally made so). Safe Attchments not enabled on Domains (due Licensing restrictions) No DKIM for the Domain used for...

posted @ Thursday, March 2, 2023 8:23 PM | Filed Under [ Exchange ]

MicrosoftTeams PowerShell Module 5.0.0 released as GA

Hi All, Just a few Hours ago, Microsoft has released the MicrosoftTeams PowerShell Module 5.0.0 to the PowerShell Gallery. MicrosoftTeams 5.0.0 https://www.powershellgallery.com/packages/MicrosoftTeams/5.0.0 Microsoft Teams PowerShell Release Notes https://learn.microsoft.com/en-us/MicrosoftTeams/teams-powershell-release-notes Check installed Module and what's available in the PowerShell Gallery Get-InstalledModule MicrosoftTeams -AllVersions Find-Module MicrosoftTeams Uninstall the old Module and install the newest Module Uninstall-Module MicrosoftTeams Uninstall-Module MicrosoftTeams Install-Module MicrosoftTeams Testing Connect-MicrosoftTeams Get-CsOnlineUser -Identity <Identity> Some new Filering Get-CsOnlineUser -Filter {City -eq 'Bern'} | ft UserPrincipalName Get-CsOnlineUser -Filter {Company -like 'Ice*'} | ft UserPrincipalName Get-CsOnlineUser -Filter {FeatureTypes -contains "PhoneSystem"} | ft UserPrincipalName Regards Andres Bohren

posted @ Thursday, March 2, 2023 6:26 PM | Filed Under [ PowerShell MicrosoftTeams ]

PowerShell 7.3.3 released

Hi All, Today i realized that there is a new version of PowerShell 7. v7.3.3 Release of PowerShell https://github.com/PowerShell/PowerShell/releases/tag/v7.3.3 I have downloaded the x64 *.msi and these are the Screenshots from the Installation. I always enable "Enable PowerShell remoting" wich is not enabled by default. Let's start and see pwsh Get-Host Regards Andres Bohren

posted @ Wednesday, March 1, 2023 10:28 AM | Filed Under [ PowerShell ]

Powered by:
Powered By Subtext Powered By ASP.NET