Getting Rid of Passwords in Azure AD / Office 365

Posted on Leave a commentPosted in Authentication, Azure Active Directory, Azure AD, AzureAD, FIDO, modern authentication, Multi-Factor Authentication, password, yubikey

This article is based on the public preview of the use of hardware tokens/Microsoft Authenticator to do sign-in without passwords released in July 2019 Using Microsoft Authenticator for Passwordless Sign-in You used to be able to do this by running the following in PowerShell for the last few years New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn Interestingly, if you have done this in the past, the new Azure AD portal settings for doing […]

Exchange Transport Rules Corrupt On Installing New Exchange Server Version

Posted on Leave a commentPosted in 2013, 2016, Exchange Server, ndr, rules, transport

When you install Exchange Server into an existing Exchange organization, your existing configuration typically remains intact and associated with the previous servers and some configuration, that is global in nature, also works across both versions. I can across a scenario where this does not work the other day. The scenario was the installation of Exchange Server 2016 CU12 as a brand new Exchange installation into an existing Exchange Server 2013 deployment. This AD forest has […]

Register For Azure AD MFA From On-Premises Or Known Networks Only

Posted on 4 CommentsPosted in Azure Active Directory, Azure AD, conditional access, enterprise mobility + security, Office 365, security, self-service password reset, sspr

A long request within Azure AD/Office 365 has been the request to be able to register your security info from a known location or only on certain other conditions. Well it looks like this has appeared in Azure AD in the last few days!! Its visible under Azure AD > Conditional Access > New/Existing Policy > Cloud Apps or Actions: So, what does this look like in practice? Lets put this preview to the test. […]

Review and Audit Offensive Language in Office 365 Communications

Posted on Leave a commentPosted in cyber bullying, exchange, exchange online, Exchange Server, offensive, Office 365, supervision

A new feature as of May 2018 in Office 365 is to filter communications based upon the offensive language machine learning filter. This is part of the Supervision settings that have been available for a number of years. The Offensive Language model uses a combination of machine learning, artificial intelligence, and keywords to identify inappropriate email messages as part of anti-harassment and cyber bullying monitoring requirements. Here we will walk through the process of setting […]

Teams Calendar Fails To On-Premises Mailbox

Posted on Leave a commentPosted in 2016, 2019, autodiscover, autodiscover v2, calendar, exchange, exchange online, Exchange Server, Microsoft Teams, Teams

In Microsoft Teams, you have a calendar icon in the main display that shows your diary and meetings etc. – except it does not work if your mailbox is not either in Exchange Online or, if if your mailbox is on-premises, you are not using Exchange Server 2016 CU3 or later. The reason for this is that the Teams calendar uses AutoDiscover v2, which is only supported by Exchange Server 2016 CU3 and Exchange Online […]

Save Time! Have All Your Meetings End Early

Posted on 3 CommentsPosted in calendar, exchange online, Exchange Server, monthly channel, Office 365, Office 365 ProPlus, Outlook, semi-annual channel

I am sure you have been in a meeting, where the meeting end time rolls around and there is a knock at the door from the people who want the meeting room now, as their meeting time has started and yours has finished. What if you could recover five, eight, ten or more minutes per meeting so that the next meeting party can get into the room on time, and you have time to get […]

Too Many Folders To Successfully Migrate To Exchange Online

Posted on 1 CommentPosted in activesync, android, email, exchange, exchange online, Exchange Server, iPad, iPhone

Exchange Online has a limit of 10,000 folders within a mailbox. If you try and migrate a mailbox with more than this number of folders then it will fail – and that would be expected. But what happens if you have a mailbox with less than this number of folders and it still fails for this same reason? This is the problem, with resolution, I outline below. I was moving some mailboxes to Exchange Online […]

Exchange Move Requests | Large Items | And Setting TCP KeepAliveTime To A Large Value

Posted on Leave a commentPosted in exchange online, Exchange Server, mailbox, move, networking

I have seen this situation a number of times. A large mailbox (or mailbox and archive) wont move to the target because the process of checking what the changes are in the mailbox take too long, the network or Exchange Server times out the users move and then reports the mailbox is locked. The fix for this is counter though to everything else you read online about this. Often you will see to reduce the […]

bin/ExSMIME.dll Copy Error During Exchange Patching

Posted on Leave a commentPosted in 2013, 2016, exchange, Exchange Server, update, upgrade

I have seen a lot of this, and there are some documents online but none that described what I was seeing. I was getting the following on an upgrade of Exchange 2013 CU10 to CU22 (yes, a big difference in versions):      The following error was generated when “$error.Clear();           $dllFile = join-path $RoleInstallPath “bin\ExSMIME.dll”;           $regsvr = join-path (join-path $env:SystemRoot system32) regsvr32.exe;          start-SetupProcess -Name:”$regsvr” -Args:”/s `”$dllFile`”” -Timeout:120000;         ” was run: “Microsoft.Exchange.Configuration.Tasks.TaskException: Process execution failed with exit […]

Decommission ADFS When Moving To Azure AD Based Authentication

Posted on Leave a commentPosted in ADFS, ADFS 3.0, Azure, Azure Active Directory, Azure AD, AzureAD

I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. This guide is for Windows 2012 R2 installations of ADFS. There are guides for the other versions online. This guide assumes you were using ADFS for one relying […]

Hardware Tokens for Office 365 and Azure AD Services Without Azure AD P1 Licences

Posted on 4 CommentsPosted in Azure Active Directory, Azure AD, AzureAD, MFA, multi-factor auth, Multi-Factor Authentication, token2

A recent update to Azure AD Premium 1 (P1) licence has been the use of hardware tokens for multi-factor authentication (MFA). This is excellent news if your MFA deployment is stuck because users cannot use phones on the shop floor or work environment or they do not want to use personal devices for work activities. But it requires a P1 licence for each user. Now a P1 licence gives lots of stuff in addition to […]

Convert Office 365 Group to Microsoft Team Totally Failing

Posted on Leave a commentPosted in groups, Microsoft Teams, Office 365, Office 365 Groups, Teams

This one has been annoying me for a while – I had an Office 365 Group that I created many years ago in Office 365 that I cannot convert to a Microsoft Team. This is what I see in Teams to do this process. First, click “Create a team” Followed by “Create a team from an existing Office 365 group” which is found at the bottom of the creation dialog in the Teams app: I […]

CRM Router and Dynamics CRM V9 Online–No Emails Being Processed

Posted on Leave a commentPosted in crm, Dynamics, exchange, exchange online, Exchange Server, router

This one is an interesting one – and it was only resolved by a call to Microsoft Support, who do not document that this setting is required. The scenario is that you upgrade your CRM Router to v9 (as this is required before you upgrade Dynamics to V9) and you enable TLS 1.2 on the router server as well (also documented as required as part of the upgrade). Dynamics is updated and all your email […]

Exchange Server Dependency on Visual C++ Failing Detection

Posted on Leave a commentPosted in exchange, Exchange Server, install, vc++

Exchange Server for rollup updates and cumulative updates at the time of writing (Feb 2019) has a dependency on Visual C++ 2012. The link in the error message you get points you to the VC++ 2013 Redistributable though, and there is are later versions of this as well. I found that by installing all versions VC++ 2011, 2012 and 2014 I was able to get past the following error – which I had on only […]

451 4.7.0 Temporary server error. Please try again later. PRX2

Posted on 1 CommentPosted in DNS, error, Exchange Server

There are a few articles online about this error, but none were correct for the scenario i found a clients network in. Not that I think the specifics matter, but this was Exchange Server 2016, Windows Domain Controllers running 2012 R2 and Exchange Hybrid. All the mailboxes had already moved to the cloud and the Exchange Server is used for attribute management and SMTP relay. Sometimes, randomly it would seem, the applications fail to send […]