Azure & PowerShell: Service Plan Information

Hey dudes and ladies! Malaysia Movement Control Order has announce extend till 12th May but with relax conditions. Before the announcement, there was a decrease in number of reported cases and we had hope that there won’t be another extend announcement. However, the reported cases increases. Anyway, hope you guys are doing good at home, to those are infected by Covid-19, hope rapid recovery and to those are getting racism attack or getting criticism from past infection, hope you don’t hurt yourself which is not your fault.

Have you ever have customers that wanting to disable certain service plans in subscription or license? Are you going to manually click person by person to disable? Of course not! Things like these is best to use PowerShell, you could even generate/export a report.

Note:

  1. Don’t call Microsoft Support to identify your service plans because they have no idea and they most likely don’t take your case. Trust me I been there.

 

There are 2 type of command library you could use to extract these information either Azure AD PowerShell or MSOnline PowerShell. Play around with the service get to know which is the service that it belongs to and which service has dependency.

Below the list of service plans for Office 365 Enterprise E3 and E5;

  • I grab the below information using MSOnline PowerShell, this was during the year 2017. I will post up a new update.
Office 365 Enterprise E3
-------------------------
Deskless
FLOW_O365_P3
POWERAPPS_O365_P3
TEAMS1
ADALLOM_S_O365
EQUIVIO_ANALYTICS
LOCKBOX_ENTERPRISE
EXCHANGE_ANALYTICS
SWAY
ATP_ENTERPRISE
MCOEV
MCOMEETADV
BI_AZURE_P2
INTUNE_O365
PROJECTWORKMANAGEMENT
RMS_S_ENTERPRISE
YAMMER_ENTERPRISE
OFFICESUBSCRIPTION
MCOSTANDARD
EXCHANGE_S_ENTERPRISE
SHAREPOINTENTERPRISE
SHAREPOINTWAC

Office 365 Enterprise E5
-------------------------
Deskless (StaffHub)
FLOW_O365_P2 (Flow)
POWERAPPS_O365_P2 (PowerAPPS)
TEAMS1 (MsTeams)
PROJECTWORKMANAGEMENT (Planner)
SWAY (Sway)
INTUNE_O365 (Mobile Device)
YAMMER_ENTERPRISE (Yammer)
RMS_S_ENTERPRISE (Azure Right management)
OFFICESUBSCRIPTION (O365ProPlus)
MCOSTANDARD (Skype For Business)
SHAREPOINTWAC (Office Online)
SHAREPOINTENTERPRISE (SharePoint Online)
EXCHANGE_S_ENTERPRISE (Exchange Online)

Below Microsoft 365 Enterprise E5 using Azure PowerShell;

*the list is too long so I’m just going to show partial only.

Capture

This below is using the MSOnline Powershell;

Capture

 

References:

  1. https://docs.microsoft.com/en-us/office365/enterprise/powershell/view-account-license-and-service-details-with-office-365-powershell
  2. https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolaccountsku?view=azureadps-1.0

 

 

Azure Storage & Office 365 Import PST: Troubleshoot Error “HttpStatusMessage: Bad request”

Hey guys and girls, just hope everyone are good during this Covid-19, movement control. Those that are hospitalize, hope that you recover. Those that have recovered, hope that you don’t face any criticism from others and not fall for Covid-19 again.

Well for IT field workers, our work still continues. In my lab environment, I was testing out Office 365 Import PST feature in Security and Compliance. Personally I feel this is a good feature but there is too much manual work on it.

Note:

Using network upload to import PST files is free.

Check out license plan to have this import feature at the reference below.

So just a brief explanation of what I was performing, in the Office 365 Import PST has 2 option for us on how we want to upload the PST, either network upload (free) or physical (Charges). I choose network upload to upload my PST, it require to use AzCopy command to run the upload. I have a PST that the size is more than 1 GB, and the upload failed with the following error message on the AzCopy console shows “HttpStatusMessage: This request is not authorized to perform this operation using this permission.

At first I thought that there could be limitation on the upload size, due to the given Azure Storage is temporary only. Looking through the documentation it didn’t state any upload limitation. Hence, further research.

The resolution to this was to disable the ATP agent that was in my lab PC, to prevent blocking the upload. Rerun the AzCopy command again to reupload the PST.

If you have any third party or applications that has network control or ATP functionality, would recommend that you disable to avoid this problem happen to you.

 

References:

  1. https://docs.microsoft.com/en-us/microsoft-365/compliance/faqimporting-pst-files-to-office-365?view=o365-worldwide
  2. https://www.microsoft.com/en-us/microsoft-365/business/compare-more-office-365-for-business-plans

Office 365: What to know about Data Investigation?

“A data spill occurs when a document containing confidential, sensitive, or malicious content is released into an untrusted environment. When a data spill is detected, it’s important to quickly contain the environment, assess the size and locations of the spillage, examine user activities around it, and then delete the spilled data from the service. “

If you would like to try this preview out, I highly recommend that you test it out in a new test tenant. Please review the reference below for further explore. 

There is one functionality in this that caught my attention, is it even investigate unsupported files, example, files that are password protected cannot be processed since the files are locked or encrypted. Using error remediation, investigators can download files with such errors, remove the password protection, and upload the remediated files.

How to get to this?

  1. Login to your https://protection.office.com
  2. Scroll to the bottom of the left taskbar
  3. Data Investigation is just after eDiscovery

Capture

Before you could start using this preview, you have to read the Terms of Service and either approve or cancel to proceed. If you cancel, the agreement it will redirect you back to Home tab.

Microsoft takes its preview seriously.

Capture

References:

  1. https://docs.microsoft.com/en-us/microsoft-365/compliance/overview-data-investigations?view=o365-worldwide

Outlook: Why People Online Status is Grey Out?

Ever faced grey out present status in your outlook? You start to wonder was it the settings block from office 365, or is your firewall blocking, or is there registry configured?

If you have ask above questions and also checked that none above related then the next question you should ask yourself is “What Office 365 license I’m on?“. The answer is if you are not using any Office 365 enterprise license, or your Office installer is “Home and Business” you will not have the online status feature. Is a limitation based on type of license that you subscribed.

Hence, get consultation and get to understand about the licenses that you are going to purchase.

How to check?

Open your Outlook App > Click on File at top left

Capture01

Click on Options at the left side bar

Capture02

Click on People > Scroll down you will see this grey out

Capture

My Office Application are using ProPlus

Capture

OneDrive and Active Directory: Error Code 0x8004de40

First time experience such error and behaviour, so the situation is that this user has problem getting her OneDrive to work on her desktop, it was her first time setting it up and she receive the above error code after she sign in and authenticate her account.

Capture

Well from Azure AD, it will shows that her login activity for OneDrive is successful, but Azure AD doesn’t shows that her setup was failed. At first I suspect it could be network issue, tested another account it went through the setup successfully. Hence, running PowerShell (Msol), to query the user account information and perform comparison and everything was showing in good condition.

Another thing is that she can successfully use the web based on SharePoint Online and OneDrive online.

As I went through to the Exchange Admin center and notice her email addresses missing a type, that is the SPO. This type of email address is generated once the user is assigned with the Office 365 license with Sharepoint Online and OneDrive online features.

The only resolution to this is to recreate the account. 

  1. Backup mailboxes to PST and files to a local drive or external drive
    • There are many ways to backup
  2. Unassign the user license
  3. Go to Active Directory and disable the account and move it to a unsync Organization Unit
  4. Go to Azure AD Connect Server and perform the sync
  5. Go to Office 365 make sure that the account has been move to deleted users, well you could use PowerShell to query -ReturnDeletedUsers.
    • Get-MsolUser -UserPrincipalName <username>@domain.com.my -ReturnDeletedUsers
    • Once it is found, then run the remove command, you can use GUI to remove them at the Azure portal “portal.azure.com”
      • Get-MsolUser -UserPrincipalName <username>@domain.com.my -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
  6. Go back to your Active Directory and recreate the user account, and make sure it is in the sync OU
  7. Run another sync at your Azure AD Connect Server
  8. Go to Office 365 > Active Users > Search for the user and assign the license

 

There are few reasons why this happen, for my case was the old Azure AD Connect server died or corrupted and had to re-provision a new one. Users are some still on Exchange on-premise and some are in cloud, due to budget. Sometime things happen.

Anyway, hope this helps! 

 

How to export Online Archived Calendar to a CSV file from Outlook App 2016 and above?

Heyyy dudes and ladies! So I was stressing out this problem today and I wanted to share the resolution for this, as you know by now you cant find any resolution much now on the Web for this case.

Firstly, you could only view your online archived calendar from Outlook App. By default you couldn’t view it on Outlook Web.
*Note:
Please try not to re-import the online archived to your current calendar, imagine the amount of reminders it will prompt you. Yes, I did that test on myself, and I am getting a re-prompt of reminders of my 1 year calendar . hahaha. I’m such an idiot!

To view it for your Outlook Web;

  1. At your Outlook App > File > Save Calendar
  2. Choose your directory/location to save your calendar
  3. Modify the options to save full details or whatever you wish
  4. Rename it and click save
  5. Go to Office 365 portal > Calendar
  6. Add/Create a new calendar > Give it a Name
  7. Import calendar > Select from a file > Browse for the save calendar file
  8. Now you got to view your online archived calendar in Outlook Web

To save your online archived and entire current calendar to a CSV file;

  1. At your Outlook App > File > Save Calendar
  2. Choose your directory/location to save your calendar
  3. Modify the options to save full details or whatever you wish
  4. Rename it and click save
  5. Locate your saved calendar file and double click it to open at your Outlook App
  6. At your Outlook App > File > Open & Export > Import/ Export
  7. Then it will prompt you > Export to a file > Select the saved calendar > next all the way
  8. If there is a reoccurrence prompt that is asking to set a date range, just set your prefer date range.
  9. Last is finish, now you have a list of your all meetings, based on the date range into a CSV file.

Office 365: Delete users the 2019 way

Today I discover something new, now office 365 given more details to administrators to delete a user.  Before direct execute to delete the user, administrators are given the few choices on how they can delete this user.

 

Let’s see what are the choices;

Capture

I have a resource account that I wish to delete,  when I execute the delete, it direct me to a page to ask how should I delete it or what are the choices that I can do with delete user.

I find it pretty useful because I do not need to open up Exchange Online portal to alter the mailbox permission to another user or permission to the delete user’s OneDrive.

If there were delegation on this user account that you wish to delete you could see it just from this page, instead of open up Exchange Online Portal.

Pretty cool right?

Office 365: Disable Office 365 Group, the year 2019 way

Mockup-Banner2_0209

Yesterday, I discovered that Microsoft has change the way how to disable office 365 group creation from users. You may refer from this Microsoft Docs and it was last updated in September 2019. It seems that it requires a minimum license of Azure AD Premium Plan 1. You may find this plan in your M365 E3 license. Before this, this was the way on how to disable office 365 group creation from users.

Looking through this blog post, on the Azure portal image, and comparing the current one has changed a lot. Now the group settings in the current Azure portal looks like this;

capture.png

As you can see above the Office 365 Groups settings, you can only control users from creating office 365 groups via Access Panel or Azure portals.

This is an Access Panel;

accesspanel

Why you should control Microsoft Teams creation?

Mockup-Banner2_0209.jpg

One of my customer informed me that why is his Office 365 Groups got big? I went in and help the customer to have a look at it together. I notice the email addresses are different and not normal looking kind. So I was thinking and checking the utilization dashboard and asked customer “Is Teams being launch?”. Answered “In the process”. Hurried that I had to run a disable Teams creation script and to prevent unnecessary Office 365 Groups created.

I saw Office 365 Groups with naming like “Jom Makan-Makan”, “I hate this Job”, “Boss Convo”, “What is Life” and etc.. This is why you should disable Teams creation capability to tenant wide, when you first deployed Office 365.

So what is the right way?

  1. Disable Teams creation tenant wide
  2. Create a security group
  3. Include only champions or Head of Departments as privileged owners to create Teams / Office 365 groups.

References:

  1. https://docs.microsoft.com/en-us/office365/admin/create-groups/manage-creation-of-groups?view=o365-worldwide

aOSKL 2019: My First Ever Workshop – Coming Soon

EFUkVdgUEAAmDba.jpg

I am glad to got accepted again for this aOSKL event, but there is a challenge to this, that is it is a workshop, 2 hours of workshop. Am I going to just read through slides? (That will be so boring….duhhh) What will my workshop consist? Well, are you interested to know? Come register and join my workshop! Seats are limited, first come first served.

“Sabrina Kay always hunger for challenges!”

Here is the link aOSKL 2019, to help you to find out more what this events has 🙂