FIX: Windows 2019 CIS Benchmark Image Stopping the Azure VM Becoming the NTP Server After Transferring the PDC Emulator

In a Windows Domain environment the time is always working in a hierarchical manner. Server that holds the PDC emulator role holds the NTP Server and the other DCs will sync time from it and the members will sync time from those domain controllers.

At times you have to change the FSMO Roles to a differnt DC and most oftenly that server can be a VM sitting in Azure.

In most cases the VMs spinning up in the Azure environment must adhear to security policies and a well known benchmarking framework is the CIS Benchmarking images (Center for Internet Security). This has the policies defined and vetted into the server images and will be activated once the server is up and running.

Continue reading “FIX: Windows 2019 CIS Benchmark Image Stopping the Azure VM Becoming the NTP Server After Transferring the PDC Emulator”

Effective use of Azure AD Administrative Units [Azure AD AUs]

I look at the Azure AD portal with curiosity to see what are the new features and then want to play around with them to better understand it’s usage. This is not a latest feature, but it’s out of the preview mode and this is me writing the effective use of Azure AD AUs.

Continue reading “Effective use of Azure AD Administrative Units [Azure AD AUs]”

Quick Guide: Exchange Online Add-in to Report Phishing Emails to Microsoft

Why not use when Microsoft has free tools to make everyone’s lives easier? Even though all the protection has been added to the Exchange Online environment with Exchange Online Protection, Exchange Online Advanced Threat Protection or any any other 3rd part SPAM gateway or BEC detection (Business Email Compromise) setup, chances are a well crafted email can survive all the hurdles and still be delivered to the user’s mailbox and it comes down to the decision making time by the user. If the user is well educated with identifying phishing attacks and suspicious emails, chances are they won’t click on that link and enter the credentials.

Continue reading “Quick Guide: Exchange Online Add-in to Report Phishing Emails to Microsoft”

Preparing workstations for the Cloud Journey with Hybrid Azure AD Join

In almost all the cases, the organization is not in a position to get away from the local domain as its tightly connected with other services that are running on-premises and maintaining the on-premises identity is vital.

Further, you have the on-premises domain and the workstations are joined to it, GPOs being pushed across and everything is being managed centrally with the ACLs/ security groups and etc.

Enter Azure AD Connect Sync that combines the on-premises with the Cloud world.
In most cases, the journey to cloud will start by migrating the Exchange workloads to Exchange Online and by installing Office 365 suite and consuming the benefits that comes with the cloud license, and with this way the hybrid identity is made and will be a part of a much bigger universe.

Continue reading “Preparing workstations for the Cloud Journey with Hybrid Azure AD Join”

Azure AD Connect Cloud Provisioning. The new feature that may come in handy!

Microsoft have finally answered the prayers of the IT admins! Long story short, gone of the days where the IT admins had to make sure 2 AD forests can see each other and the ports are opened, before it adds to the Azure AD Sync tool as another directory, so the users from that directory will be synced to the portal.
Once I saw this in Microsoft’s roadmap, I thought I’d read more and play with it and see how it can be helpful for anyone who is curious about it.

Continue reading “Azure AD Connect Cloud Provisioning. The new feature that may come in handy!”

Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!

Microsoft have announced that they will retire the Basic Authentication method from Office 365 Exchange Online and make Modern Authentication method the standard way of authenticating going forward.
There are continues updates in the M365 Admin Center messages and what admins need to do to prepare for the change.

Companies now have to prepare for the change and Microsoft is sending continuous updates on what we need to do and how to identify how many clients are using Basic Auth to connect Outlook/ Exchange Server.

I have written a quick set of guidelines that will help you to see all the important points in on go.
This will include the steps to enable Modern Authentication and block the Basic Authentication.

Continue reading “Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!”

How to Extract Organization Hierarchy from Office 365 and represent in MS Visio Org Charts

While the Office apps are capable of showing the reporting structure of the staff, if you need to extract that data into a Visio Diagram, that’s easy and just few click away.

Continue reading “How to Extract Organization Hierarchy from Office 365 and represent in MS Visio Org Charts”

Azure AD Group Based Licensing

As opposed to adding cloud based licenses per user basis or via PowerShell to automate license assignment with a security group, Azure’s group based licensing is easy to do and will save a lot of time.
This setup is ideal for the organizations which has a number of licenses for different types of users. Also will be beneficial for the scenarios when not all the features needs to be activated for a given user group/ type to perform their specific role.

Continue reading “Azure AD Group Based Licensing”

Known Folder Move With OneDrive for Business

As Microsoft 365 evolves, to store user data and sync them easily across the devices, apply security, collaborate easily, OneDrive for Business (ODB) is the way. This article explains some basic operations you can perform to manage ODB drives in your tenant. This is my approach on making OneDrive for Business to replace user’s traditional AD mapped Home drive and folder redirection quotas. This article talks about the nitty-gritty of OneDrive for business and some of the things you need to check before implement the Known Folder Move.

Continue reading “Known Folder Move With OneDrive for Business”

The Hybrid Exchange Server Dilemma

This article is for anyone who is struggling and thinking how to get rid of the On Premises Exchange Server now all the mailboxes have been migrated to the cloud and no need of coexistence, federation and mail flow required. As you may already know (maybe) Microsoft recommends us to keep the last Exchange Server leave in the environment but NOT to be removed as it will remove the Exchange related attributes from the schema and after that managing the users will be impossible when it comes to Exchange related matters. Yes ADSI can be a life saver, but hold on! playing with ADSI edit is not a good idea and again, not recommended and supported by Microsoft.

Continue reading “The Hybrid Exchange Server Dilemma”

TLS 1.0 and TLS 1.1 End is Near!

If you are an Office 365 admin like myself, you may have received many notifications from Microsoft regarding the TLS 1.0 being deprecated in their infrastructure which in result will affect their customers if they don’t move to TLS 1.2 in time. They’ve 1st informed this will be valid from 31st Oct 2018, but have extended the support until 15 October 2020.

This has been announced as they’ve found out vulnerabilities with current TLS versions as it causes many security issues, specially the POODLE attack.
And almost all the web services are preparing for the change.

Continue reading “TLS 1.0 and TLS 1.1 End is Near!”