Hi All,
Yesterday i stumbled across something odd. Did not see the M365 Groups in Outlook for Windows anymore. They seem to be gone in the newest Version.
Let's start at the beginning. Office in the Current Channel
Outlook Profile is set up with Cached Mode (without Chached Mode you don't see the M365 Groups either).
As you can see the Groups are listed here
The cached Files are stored in C:\Users\<Username>\AppData\Local\Microsoft\Outlook
As you can see the *.nst File is here. It is the offline Cache for M365 Groups - similar to the *.ost for the Mailbox.
Another Computer with current Channel Preview
Missing the M365 Groups in the Folders
The cached Files are stored in C:\Users\<Username>\AppData\Local\Microsoft\Outlook.
But here i only see *.ost Files - no *.nst available
In Outlook on the Web the Groups are still there
Not long ago, Microsoft have enabled Folders and Rules for M365 Groups.
Looks to me that Outlook for Windows will dump the Groups. What do you think?
Regards
Andres Bohren
Hi All,
Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery.
Az 9.5.0
Release Notes
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
Do you know the User reported Settings in Microsoft 365 Defender for Office 365?
For instance, you can send the Mails that a user reports with the "Report Message" Add-In to Microsoft also to a reporting Mailbox that you own.
User reported settings
User Reported Settings
https://security.microsoft.com/securitysettings/userSubmission
I've enabled that a while ago.
As you can see the Reporting Mailbox receives all types:
- Junk
- Phishing
- Not Junk
The Mail contains the Header and the Original Mail as Attachment.
In a past Project the Security Team was only interested in Reported Phishing Messages.
I've created the following Transport Rule to solve that
$AdminEmailaddress = "postmaster@icewolf.ch"
if ($Null -eq (Get-TransportRule -identity "[EOP] Bcc Messages Reported to Microsoft" -ErrorAction SilentlyContinue))
{
Write-Host "INFO: Create Transport Rule: [EOP] Bcc Messages Reported to Microsoft"
New-TransportRule -Name "[EOP] Bcc Messages Reported to Microsoft" -RecipientAddressContainsWords phish@office365.microsoft.com -BlindCopyTo $AdminEmailaddress -Mode Enforce -Comment "Bcc Messages Reported to Microsoft" -Enabled $true
}
The Transport Rule looks like this
Now i report a Message as Phishing
Now i only receive Mails that are reported as Phishing
You can see in the MessageTrace that the Transport Rule has worked
Get-MessageTrace -StartDate (get-date).AddDays(-1) -EndDate (get-date) -RecipientAddress phish@office365.microsoft.com
Get-MessageTrace -StartDate (get-date).AddDays(-1) -EndDate (get-date) -RecipientAddress phish@office365.microsoft.com | Get-MessageTraceDetail
You can argue, that this is very dependent on the Userbase and how good they understand the diffrence between Junk- and Phishing Emails. You're absolute correct on that. Such a "technical" approach has to be accompanied by a well designed user communication strategy.
Regards
Andres Bohren