Tag: Office 365

Azure AD Connect: Reminder All version 1.x is Retiring this August, 2022

Hi fellow friends, hope you guys are having a good day today, everyday is a brand new day.

Today’s article here is to remind you that the Azure AD Connect all version 1 will be expiring soon, on 31st August 2022, this year this month.

What happen if you don’t upgrade before the due date?

Basically you will face service disruption such as accounts, computers objects and passwords will be affected.

Accounts/User objects:
– New users created in Active Directory will no longer synchronized to Microsoft 365 cloud

– New values added into the accounts/user will no longer reflecting the updates/changes into your Microsoft 365 cloud

– Basically any changes you make towards the accounts/user that you would like to sync to Microsoft 365 would not allowed

Computer objects:

– If your environment has Microsoft Intune or Hybrid join devices then you will have issue onboarding new devices to Microsoft Intune

Passwords:

– If your environment allow users to reset their own password from Microsoft 365 and synchronized back the new password to the Active directory would not be not allowed

– This is affecting the environment that has password writeback feature enabled in the Azure AD Connect

Any concerns should I take in for the current configuration before upgrading?

  1. Remember your Microsoft 365 global administrator credential, because you are require to re-establish the connection when you are performing an upgrade of the Azure AD Connect
  2. Make sure your server’s storage, Operating System and RAM size is still following the best practice
  3. Make sure you are following the new version of Azure AD Connects prerequisite

References:

  1. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history#retiring-azure-ad-connect-1x-versions

Exchange Migration: Windows 10’s Outlook kept prompting after turn off modern authentication

If you had read my previous/recent post about exchange migration on Windows 7, then today I’m writing a post about Windows 10. https://sabrinaksy.com/2021/10/14/exchange-migration-outlook-kept-prompting-for-password-after-migration/

It seems that after we turn off the modern authentication, there was no more further prompt issues with Windows 7 but Windows 10 on the next day is receiving prompt and with the user name shows as “contoso.onmicrosoft.com” domain instead of the “contoso.com” registered domain or default domain.

After research, we notice Microsoft just recently release an enforcement towards basic authentication on 1st October 2021. Hence, we have no choice to look for workarounds for Windows (7 and 10) to support Modern Authentication. The only workaround is to create a registry and amend them to the Windows machines.

Workaround

  1. Create a Group Policy Object in your Active Directory environment
  2. Under the Computer > Preferences > Windows Settings > Registry
  3. Create a new registry item
  4. This is the registry item that we want to create
    • Path: HKEY_CURRENT_USER\Software\Microsoft\Exchange
    • Value Name: AlwaysUseMSOAuthForAutoDiscover
    • Value: 1
    • Type: REG_DWORD
  5. Once you have created this policy and link it to the particular organization unit that contains the Windows machines
  6. Run a force group policy update from the Active Directory server
  7. Go back to the Office 365 admin center portal with Global administrator rights
  8. Settings > Org Settings > Modern Authentication > Turn on modern authentication
  9. Make sure you select all of the items under the modern authentication

  1. Monitor for the next 24 to 48 hours, for further prompt issues
  2. If there’s issues, troubleshoot the machine and check is registry amended if not just manually run it

You can always export the registry settings as .reg file format, so is easier to install on the affected machine(s) just by double clicking the .reg file.

How to export the registry file?

You can use the PowerShell’s Invoke-Command

Invoke-Command {reg export 'HKEY_CURRENT_USER\Software\Microsoft\Exchange' C:\Temp\ModernAuth.reg}

References:

  1. https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210
  2. https://docs.microsoft.com/en-us/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled

Exchange Migration: Outlook kept prompting for password after migration

Hi guys and girls, hope you are doing well, as the pandemic is still on-going, hope that you guys are keeping cleanliness and safety first.

Today’s topic is about exchange migration of mailboxes from on-premises to Office 365. This issue is where the legacy windows client or legacy office apps has issue with their outlook applications keeps prompting for credentials and showing disconnection. The issue also do happen to Windows 10 machines but not as aggressive as the Windows 7 machines.

This environment has the following items,

  1. Exchange server: 1 unit, version 2013, CU23 (latest)
  2. Windows client: Combination of Windows 7 and Windows 10
  3. Office applications: Combination of 2013, 2016, 2019 and Microsoft 365 apps for business in both windows 7 and windows 10 categories
  4. Migration method: Remote move migration
  5. Hybrid establishment: Yes
  6. Microsoft 365 license: Business standard/basic

As we all know that the major pre-requisites must met before starting the hybrid and perform migration.

We notice intermittent connections while running the Wireshark on Windows 7 with M365 business apps, while trying to login using the migrated account credential on an Outlook app. We ran a re-creation of the outlook profile and the prompt for credential has stops. This is definitely not the right solution. Solutions is dependent with what caused the issue.

At first we suspected something got to do whitelisting on the network layer but we had confirmed that the whitelisting are correctly configured. Next, we suspected something go to do with compatibility on windows with/or office apps version. This is not a very good idea. After quick research, I came about modern authentication could be the caused, and there where I had an idea on suggesting to turn off the security default in Azure portal and then turn off the modern authentication in Office 3655 tenant. After 10 to 15 mins, the intermittent connections no longer shows up on the Wireshark.

Modern authentication is enabled by default for every new Office 365 tenants, so please be aware if your environment has legacy windows client running or legacy office applications, do consider to turn them off first before proceeding to deploy Microsoft 365 apps.

Azure portal > Azure AD > Properties > Manage security defaults
Office 365 admin center > Settings > Org Settings > modern authentication

Modern authentication was the one the interfered with the machines and it kept challenging the users to key in credentials due to the compatibility was not met. Once the modern authentication is turn off, the environment now is running basic authentication.

References:

Azure & PowerShell: Service Plan Information

Hey dudes and ladies! Malaysia Movement Control Order has announce extend till 12th May but with relax conditions. Before the announcement, there was a decrease in number of reported cases and we had hope that there won’t be another extend announcement. However, the reported cases increases. Anyway, hope you guys are doing good at home, to those are infected by Covid-19, hope rapid recovery and to those are getting racism attack or getting criticism from past infection, hope you don’t hurt yourself which is not your fault.

Have you ever have customers that wanting to disable certain service plans in subscription or license? Are you going to manually click person by person to disable? Of course not! Things like these is best to use PowerShell, you could even generate/export a report.

Note:

  1. Don’t call Microsoft Support to identify your service plans because they have no idea and they most likely don’t take your case. Trust me I been there.

 

There are 2 type of command library you could use to extract these information either Azure AD PowerShell or MSOnline PowerShell. Play around with the service get to know which is the service that it belongs to and which service has dependency.

Below the list of service plans for Office 365 Enterprise E3 and E5;

  • I grab the below information using MSOnline PowerShell, this was during the year 2017. I will post up a new update.
Office 365 Enterprise E3
-------------------------
Deskless
FLOW_O365_P3
POWERAPPS_O365_P3
TEAMS1
ADALLOM_S_O365
EQUIVIO_ANALYTICS
LOCKBOX_ENTERPRISE
EXCHANGE_ANALYTICS
SWAY
ATP_ENTERPRISE
MCOEV
MCOMEETADV
BI_AZURE_P2
INTUNE_O365
PROJECTWORKMANAGEMENT
RMS_S_ENTERPRISE
YAMMER_ENTERPRISE
OFFICESUBSCRIPTION
MCOSTANDARD
EXCHANGE_S_ENTERPRISE
SHAREPOINTENTERPRISE
SHAREPOINTWAC

Office 365 Enterprise E5
-------------------------
Deskless (StaffHub)
FLOW_O365_P2 (Flow)
POWERAPPS_O365_P2 (PowerAPPS)
TEAMS1 (MsTeams)
PROJECTWORKMANAGEMENT (Planner)
SWAY (Sway)
INTUNE_O365 (Mobile Device)
YAMMER_ENTERPRISE (Yammer)
RMS_S_ENTERPRISE (Azure Right management)
OFFICESUBSCRIPTION (O365ProPlus)
MCOSTANDARD (Skype For Business)
SHAREPOINTWAC (Office Online)
SHAREPOINTENTERPRISE (SharePoint Online)
EXCHANGE_S_ENTERPRISE (Exchange Online)

Below Microsoft 365 Enterprise E5 using Azure PowerShell;

*the list is too long so I’m just going to show partial only.

Capture

This below is using the MSOnline Powershell;

Capture

 

References:

  1. https://docs.microsoft.com/en-us/office365/enterprise/powershell/view-account-license-and-service-details-with-office-365-powershell
  2. https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolaccountsku?view=azureadps-1.0

 

 

Azure Storage & Office 365 Import PST: Troubleshoot Error “HttpStatusMessage: Bad request”

Hey guys and girls, just hope everyone are good during this Covid-19, movement control. Those that are hospitalize, hope that you recover. Those that have recovered, hope that you don’t face any criticism from others and not fall for Covid-19 again.

Well for IT field workers, our work still continues. In my lab environment, I was testing out Office 365 Import PST feature in Security and Compliance. Personally I feel this is a good feature but there is too much manual work on it.

Note:

Using network upload to import PST files is free.

Check out license plan to have this import feature at the reference below.

So just a brief explanation of what I was performing, in the Office 365 Import PST has 2 option for us on how we want to upload the PST, either network upload (free) or physical (Charges). I choose network upload to upload my PST, it require to use AzCopy command to run the upload. I have a PST that the size is more than 1 GB, and the upload failed with the following error message on the AzCopy console shows “HttpStatusMessage: This request is not authorized to perform this operation using this permission.

At first I thought that there could be limitation on the upload size, due to the given Azure Storage is temporary only. Looking through the documentation it didn’t state any upload limitation. Hence, further research.

The resolution to this was to disable the ATP agent that was in my lab PC, to prevent blocking the upload. Rerun the AzCopy command again to reupload the PST.

If you have any third party or applications that has network control or ATP functionality, would recommend that you disable to avoid this problem happen to you.

 

References:

  1. https://docs.microsoft.com/en-us/microsoft-365/compliance/faqimporting-pst-files-to-office-365?view=o365-worldwide
  2. https://www.microsoft.com/en-us/microsoft-365/business/compare-more-office-365-for-business-plans

Office 365: What to know about Data Investigation?

“A data spill occurs when a document containing confidential, sensitive, or malicious content is released into an untrusted environment. When a data spill is detected, it’s important to quickly contain the environment, assess the size and locations of the spillage, examine user activities around it, and then delete the spilled data from the service. “

If you would like to try this preview out, I highly recommend that you test it out in a new test tenant. Please review the reference below for further explore. 

There is one functionality in this that caught my attention, is it even investigate unsupported files, example, files that are password protected cannot be processed since the files are locked or encrypted. Using error remediation, investigators can download files with such errors, remove the password protection, and upload the remediated files.

How to get to this?

  1. Login to your https://protection.office.com
  2. Scroll to the bottom of the left taskbar
  3. Data Investigation is just after eDiscovery

Capture

Before you could start using this preview, you have to read the Terms of Service and either approve or cancel to proceed. If you cancel, the agreement it will redirect you back to Home tab.

Microsoft takes its preview seriously.

Capture

References:

  1. https://docs.microsoft.com/en-us/microsoft-365/compliance/overview-data-investigations?view=o365-worldwide

Outlook: Why People Online Status is Grey Out?

Ever faced grey out present status in your outlook? You start to wonder was it the settings block from office 365, or is your firewall blocking, or is there registry configured?

If you have ask above questions and also checked that none above related then the next question you should ask yourself is “What Office 365 license I’m on?“. The answer is if you are not using any Office 365 enterprise license, or your Office installer is “Home and Business” you will not have the online status feature. Is a limitation based on type of license that you subscribed.

Hence, get consultation and get to understand about the licenses that you are going to purchase.

How to check?

Open your Outlook App > Click on File at top left

Capture01

Click on Options at the left side bar

Capture02

Click on People > Scroll down you will see this grey out

Capture

My Office Application are using ProPlus

Capture

OneDrive and Active Directory: Error Code 0x8004de40

First time experience such error and behaviour, so the situation is that this user has problem getting her OneDrive to work on her desktop, it was her first time setting it up and she receive the above error code after she sign in and authenticate her account.

Capture

Well from Azure AD, it will shows that her login activity for OneDrive is successful, but Azure AD doesn’t shows that her setup was failed. At first I suspect it could be network issue, tested another account it went through the setup successfully. Hence, running PowerShell (Msol), to query the user account information and perform comparison and everything was showing in good condition.

Another thing is that she can successfully use the web based on SharePoint Online and OneDrive online.

As I went through to the Exchange Admin center and notice her email addresses missing a type, that is the SPO. This type of email address is generated once the user is assigned with the Office 365 license with Sharepoint Online and OneDrive online features.

The only resolution to this is to recreate the account. 

  1. Backup mailboxes to PST and files to a local drive or external drive
    • There are many ways to backup
  2. Unassign the user license
  3. Go to Active Directory and disable the account and move it to a unsync Organization Unit
  4. Go to Azure AD Connect Server and perform the sync
  5. Go to Office 365 make sure that the account has been move to deleted users, well you could use PowerShell to query -ReturnDeletedUsers. 
    • Get-MsolUser -UserPrincipalName <username>@domain.com.my -ReturnDeletedUsers
    • Once it is found, then run the remove command, you can use GUI to remove them at the Azure portal “portal.azure.com” 
      • Get-MsolUser -UserPrincipalName <username>@domain.com.my -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
  6. Go back to your Active Directory and recreate the user account, and make sure it is in the sync OU
  7. Run another sync at your Azure AD Connect Server
  8. Go to Office 365 > Active Users > Search for the user and assign the license

 

There are few reasons why this happen, for my case was the old Azure AD Connect server died or corrupted and had to re-provision a new one. Users are some still on Exchange on-premise and some are in cloud, due to budget. Sometime things happen.

Anyway, hope this helps! 

 

How to export Online Archived Calendar to a CSV file from Outlook App 2016 and above?

Heyyy dudes and ladies! So I was stressing out this problem today and I wanted to share the resolution for this, as you know by now you cant find any resolution much now on the Web for this case.

Firstly, you could only view your online archived calendar from Outlook App. By default you couldn’t view it on Outlook Web.
*Note:
Please try not to re-import the online archived to your current calendar, imagine the amount of reminders it will prompt you. Yes, I did that test on myself, and I am getting a re-prompt of reminders of my 1 year calendar . hahaha. I’m such an idiot!

To view it for your Outlook Web;

  1. At your Outlook App > File > Save Calendar
  2. Choose your directory/location to save your calendar
  3. Modify the options to save full details or whatever you wish
  4. Rename it and click save
  5. Go to Office 365 portal > Calendar
  6. Add/Create a new calendar > Give it a Name
  7. Import calendar > Select from a file > Browse for the save calendar file
  8. Now you got to view your online archived calendar in Outlook Web

To save your online archived and entire current calendar to a CSV file;

  1. At your Outlook App > File > Save Calendar
  2. Choose your directory/location to save your calendar
  3. Modify the options to save full details or whatever you wish
  4. Rename it and click save
  5. Locate your saved calendar file and double click it to open at your Outlook App
  6. At your Outlook App > File > Open & Export > Import/ Export
  7. Then it will prompt you > Export to a file > Select the saved calendar > next all the way
  8. If there is a reoccurrence prompt that is asking to set a date range, just set your prefer date range.
  9. Last is finish, now you have a list of your all meetings, based on the date range into a CSV file.

Office 365: Delete users the 2019 way

Today I discover something new, now office 365 given more details to administrators to delete a user.  Before direct execute to delete the user, administrators are given the few choices on how they can delete this user.

 

Let’s see what are the choices;

Capture

I have a resource account that I wish to delete,  when I execute the delete, it direct me to a page to ask how should I delete it or what are the choices that I can do with delete user.

I find it pretty useful because I do not need to open up Exchange Online portal to alter the mailbox permission to another user or permission to the delete user’s OneDrive.

If there were delegation on this user account that you wish to delete you could see it just from this page, instead of open up Exchange Online Portal.

Pretty cool right?