Hi All,
Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery.
Az 9.5.0
Release Notes
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
Do you know the User reported Settings in Microsoft 365 Defender for Office 365?
For instance, you can send the Mails that a user reports with the "Report Message" Add-In to Microsoft also to a reporting Mailbox that you own.
User reported settings
User Reported Settings
https://security.microsoft.com/securitysettings/userSubmission
I've enabled that a while ago.
As you can see the Reporting Mailbox receives all types:
- Junk
- Phishing
- Not Junk
The Mail contains the Header and the Original Mail as Attachment.
In a past Project the Security Team was only interested in Reported Phishing Messages.
I've created the following Transport Rule to solve that
$AdminEmailaddress = "postmaster@icewolf.ch"
if ($Null -eq (Get-TransportRule -identity "[EOP] Bcc Messages Reported to Microsoft" -ErrorAction SilentlyContinue))
{
Write-Host "INFO: Create Transport Rule: [EOP] Bcc Messages Reported to Microsoft"
New-TransportRule -Name "[EOP] Bcc Messages Reported to Microsoft" -RecipientAddressContainsWords phish@office365.microsoft.com -BlindCopyTo $AdminEmailaddress -Mode Enforce -Comment "Bcc Messages Reported to Microsoft" -Enabled $true
}
The Transport Rule looks like this
Now i report a Message as Phishing
Now i only receive Mails that are reported as Phishing
You can see in the MessageTrace that the Transport Rule has worked
Get-MessageTrace -StartDate (get-date).AddDays(-1) -EndDate (get-date) -RecipientAddress phish@office365.microsoft.com
Get-MessageTrace -StartDate (get-date).AddDays(-1) -EndDate (get-date) -RecipientAddress phish@office365.microsoft.com | Get-MessageTraceDetail
You can argue, that this is very dependent on the Userbase and how good they understand the diffrence between Junk- and Phishing Emails. You're absolute correct on that. Such a "technical" approach has to be accompanied by a well designed user communication strategy.
Regards
Andres Bohren
Hi All,
I wanted to monitor the Performance of my Blog. I've added Application Insights to my Azure Subscription and under "Availablility" i have added a "Classic test"
Monitor availability with URL ping tests
URL Ping
Add the URL, the Regions where you want to test from, the Response Code and Timeout. In my case i don't need an Alert.
After a few days you can se now the Availability is at 100%
The Average response Time is about 500 ms in Europe less than 300 ms.
You can view the Logs in LogAnalytics Workspace
availabilityResults
| where timestamp > datetime("2023-03-07T20:17:00.000Z") and timestamp < datetime("2023-03-08T20:17:00.000Z")
| where true
| where name == "blog-icewolf-ch" and true
| extend durationInSeconds = duration / 1000
// limit samples to work with 'render scatterchart'
| take 5000
| summarize avg(durationInSeconds) by name, timestamp
| render scatterchart with (ycolumns=avg_durationInSeconds, xcolumn=timestamp)
Or figure out the details of each Record
Regards
Andres Bohren