In case you missed it, this has been updated so no need to go updating those pesky XML files by hand.
Author: Philip Flint
Connect to Exchange Online with Powershell
This can be done in 3 easy steps (taken from the article at https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps)
$UserCredential = Get-Credential
When prompted, enter your tenant logon (username@<tenant>.onmicrosoft.com) information including password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
This creates a session object holding the connection to Exchange Online.
Import-PSSession $Session -DisableNameChecking
This imports the session (places it live) inside your current Powershell session. You could, of course, also do a
Enter-PSSession $Session
if you want to connect and run the commands remotely / directly on Exchange Online but then you lose all sorts of things like auto-complete.
Do I really really need a new SSL certificate for Office 365 ?
When migrating to Office 365 from on premise Exchange, you may be following the hybrid route where an Exchange server is placed on site to act as a broker or intermediary between the Office 365 mail organisation and the on premise org.
For the on premise Exchange servers, you may well have a wildcard SSL certificate in place which serves you very well thank you very much. When you stand up your hybrid server, its easy to think “I know, I’ll just use my wildcard cert, that’s good enough as it will cover any names I need”.
Well, no, it doesn’t actually. Microsoft do have a list of pre-reqs for deploying the hybrid role at https://docs.microsoft.com/en-us/Exchange/hybrid-deployment-prerequisites where they make it nice and clear:
The important word there is must. It’s so important that the name used for autodiscover (usually autodiscover.yourdomain.com) is present in the SAN portion of the certificate that they even repeat the advice under the certificate requirements section at https://docs.microsoft.com/en-us/Exchange/certificate-requirements.
What happens if you are feeling brave and still want to use that wildcard certificate for your Exchange hybrid server ? All sorts of weird things. For a start, you will get certificate errors mentioning the name of the underlying host…. even though that’s not mentioned in autodiscover.
On top of that, you’re free busy information might not work instead displaying “Free / Busy information is not available”
So, do yourself a favour and buy yourself a nice shiny new cert with all of the names you need on it…. it’s far cheaper in the long run than to spend ages troubleshooting why things aren’t working… as I learned the hard way.
Block Store in Office 2016
When you install Office 2016, your users gain access to the Microsoft Store (no reason not to try and sell when you can, right, am I right, am I right ?)
You may not want to have your user base downloading and installing applications onto your internal estate. So, how do you disable the behaviour ?
Microsoft have provided a GPO to turn off the store / remove the button but it only works in Outlook !
This GPO setting is available in the User Configuration section at Microsoft Outlook 2016 –> Outlook Options –> Other. Enable the policy “Hide the Office Store button”
Like I say, it’s under “Outlook Options” so only affects Outlook. How to disable for other Office Applications ?
The article at https://docs.microsoft.com/en-us/previous-versions/office/office-2013-resource-kit/cc178992(v=office.15) does prove a reg key (for 2013) that will block access to the stores and this will likely work for 2016 (with an appropriate adjustment to the path of the key for 2016 to access). However, there is a simpler way.
Just use GPOs to drive the “Trust Center” to not allow Store Apps to start. This setting is at Microsoft Outlook 2016 –> Security Settings –> Trust Center –> Trusted Catalogs. IN there is a value “Block Office Store” – simply enable that.
Now, when users access the store, rather than getting this 👇
Users will see this 👇
i.e. the Store button is still visible but they cannot download or use apps from the Microsoft Store but you, as an administrator, can still release applications you do want them to use to them.
Configure Windows Defender Antivirus exclusions on Windows Server 2016 | Microsoft Docs
Great article on Windows Server 2016 includes automatic exclusions, based on server role. You can also add custom exclusions but be aware there are some caveats such as folder exclusions are recursive whether you like it or not. Also, these exclusions are there by default (you can disable them with PowerShell) but they AREN’T exposed in the GUI…. so you wouldnt know that hey are there !
While I have links on my links page to the exclusions, this is a nice article as it shows you what Microsoft now apply by default ni case you want the same exclusions for your vendor of choice.
Configure Windows Defender Antivirus exclusions on Windows Server 2016 | Microsoft Docs
Trouble getting OneDrive to start up on Windows 10 login ?
If One Drive will not start when you log in to Windows 10, that’s because they’ve changed the way in which auto-launched applications start on logon. Not only do you have to tock the check box in OneDrive, you also have to enable it at startup which, fortunately, is very easy to do.
- Go to task manager
- Click on the “Startup” tab
- Select “Microsoft OneDrive”
- Click on Enable
- Reboot and you are good to go
Connecting to Azure with PowerShell
There’s been lots of posts about this in the past by various people so here’s my contribution.
Below is a screenshot of the steps I take.
You can see that I have powershellget installed as part of PowerShell but I don’t, yet, have the Azure module downloaded or installed so I Get that module and then I install that module.
I have had to force it to install alongside the one that’s already on my machine. When I run the Get-Module command, I still don’t “see” the Azure model and so I must import it at which point it is then available for use.
Once the module has been downloaded, installed and imported (the three steps that need to be performed when connecting for the first time) I can them move on to making a connection to Azure.
NOTE: Once the Azure module has been downloaded and installed, it only needs to be imported for future connections just like any other PowerShell module on your computer.
To connect in, I enter the “Login-AzureRMAccount” command which pops up the “modern” logon dialog box.
After being successfully authenticated, my subscription details are played back to me and I can then manage Azure from the command line.
Of course, the much easier way is to simply download the MSI installer from the Azure web site (https://azure.microsoft.com/en-gb/downloads/) under the command line tools section ;>)
Hope this helps you out.
PowerShell Cheat Sheet
Nice handy chart with common commands and expression structures available to download from http://ramblingcookiemonster.github.io/images/Cheat-Sheets/powershell-cheat-sheet.pdf
Use SysMon and finding it hard going ?
Nifty little GUI to help you interpret that capture much faster
https://nosecurecode.blog/2017/07/29/visualizing-tracking-sysmon-events-with-sysmon-view-1-2/amp/
Royalty Free Images for Presentations
Need some high quality royalty free images for your presentations ? Why not try one of the following sites ?
Enjoy.
Philip Flint 