Change default email address Office 365 group (Manual)

Office 365 Groups are easy to create. However, changing the primary domain name when creating the group might not be that easy from the GUI. However, with Power Shell you can change this easily.

First we will need to open a Power Shell Window, and connect with Exchange Online.

$Credential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Next, we just need to change the 2 value’s below, and run it. After running, you don’t get a confirmation. It might take up to 30 minutes before changes are visible in all Office 365 and/or Azure portals.

Set-UnifiedGroup –Identity "Group name" –PrimarySmtpAddress primaryaddress@2azure.nl

Sources:
https://docs.microsoft.com/en-us/powershell/module/exchange/users-and-groups/set-unifiedgroup?view=exchange-ps

Credits: Martin van de Giessen

Office 365 Set language and time zone for all users with PowerShell (Manual)

When you create a new Office 365 tenant, all user mailboxes will have the default timezone and language. In my case, I work in the Netherlands, the preference for most companies is to set the Time zone to Central European Time (GMT +1) and the language of the users default folders to Dutch.

You can either ask the users to logon to webmail using https://outlook.office.com and fill in the first time question to set the time zone and default language. But how cool would it be to do this for all your users using PowerShell?

First time login screen Outlook Web Access
Continue reading “Office 365 Set language and time zone for all users with PowerShell (Manual)”

Change default send items behavior of Auto-mapped Shared Mailboxes

A commonly heart end-user frustration with Auto-mapped shared mailboxes is that Send emails from the shared mailbox end up in the send items of the user it self. In the past you would need to set a registry key on the client computer to get this resolved. But with Office 365, there is an easy way to change this behavior for every user.

PowerShell

With PowerShell this job is done in less than a minute in just 2 simple steps.

STEP 1: First connect to Exchange Online using the following commands:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session 

STEP 2: Now run the following command to set the default behavior for all Shared Mailboxes in your Exchange Online environment.

Get-Mailbox | Where {$_.RecipientTypeDetails -eq “SharedMailbox”} | Foreach-Object {Set-Mailbox -identity $_.Alias -MessageCopyForSentAsEnabled $True } 

How to solve Failed to sync the ArchiveGuid in Office 365 (Manual)

Last few weeks I’ve been struggling with an very difficult Office 365 / Exchange Online case, that got escalated to multiple Microsoft departments to be fixed. I already found one part of the solution, but Microsoft found the second part. Today I would like to take you through all the steps to fix possible causes and resolutions. So the initial problem started with the following error in the Office 365 admin portal with the affected users:

Failed to sync the ArchiveGuid 00000000-0000-0000-0000-000000000000 of mailbox MailboxGuid because one cloud archive CloudArchiveGuid exists.

Another symptom is the mailbox provisioning gets stuck, and hangs on “We are preparing a mailbox for this user”

You will only see this error with AD connect sync enabled environments. The problem occurs when the on-premise value mismatches with the Online Archive Guid. With just a few easy steps we can fix this issue.

Resolution

We will need to fill multiple Active Directory user attributes to resolve this issue.

Continue reading “How to solve Failed to sync the ArchiveGuid in Office 365 (Manual)”

How to block non-modern authentication to Office 365 services. (Manual)

With Azure Conditional access you get more control over your data, get better security and visibility! To use this feature you will need to buy and assign Azure AD Premium or EM+S E3/E5 licenses to your users.

This manual can be used to enforce the use of the Outlook app on IOS and Android devices by blocking all apps that do not support Modern Authentication like iOS mail and Google mail client.

Step 1: In the Azure Portal go to Conditional Access. On the first page that you get create a New policy

Continue reading “How to block non-modern authentication to Office 365 services. (Manual)”

Office 365 Set mailbox default language

When you do large migrations, it might be convenient to change the default mailbox language settings for all your end users. By default each user needs to set the default language and time zone at first login to OWA in Office 365.

With the following PowerShell Script you should be able to change it within a few seconds. In this script we used the Dutch language code and Western European Standard time. Change it accordingly.

get-mailbox | Set-MailboxRegionalConfiguration -LocalizeDefaultFolderName: $true -DateFormat dd-MM-yy -Language 1043 -TimeZone "W. Europe Standard Time"
Continue reading “Office 365 Set mailbox default language”

Backup your Office 365 environment!

In the past two years, Over 50 percent of businesses experienced an unforeseen interruption, and the vast majority (81%) of these interruptions caused the business to be closed for one or more days.

Did you know that 80 percent of businesses suffering a major disaster go out of business in three years, while 40 percent of businesses that experience a critical IT failure go out of business within one year. In the case of suffering a fire, 44 percent of enterprises fail to reopen and 33 percent of these failed to survive beyond 3 years…

It’s a common mistake to think that Microsoft takes core of backups for your Office 365 environment. Yes, they do make backups, every 12 hours with a retention of 14 days. However, this is only designed for emergency purposes, and if you need it your self, they will charge you for that.

But then you might think that there is a recycle bin and versioning, yes, but these are limited as well. For email the retention is just 30 days, and for SharePoint it is 90 days. This can extended with the E3 and E5 subscriptions. But is this a real backup? and can this guarantee save data retrieval in case of a disaster? the answer is NO!

Continue reading “Backup your Office 365 environment!”

Deploy Office 365 plugins using the Admin Portal

From the Office 365 Admin portal it is possible to deploy Office plugins to users, both specific as all users. With this manual we will deploy a plugin from the store, but you can deploy custom apps as well. The advantage of using plugins from the store is that the plugins get automatically updated, so nothing you have to worry about anymore!

Step 1: Login to the office portal, go to the admin center, and from there go to Settings, Services & add-ins, and Deploy Add-in

Continue reading “Deploy Office 365 plugins using the Admin Portal”

Office 365 MFA is free of charge!

Where Azure MFA is only included in the paid Azure Active Directory Premium subscriptions (P1/P2 and EM+S suites), there is a free version for the Office 365 apps.

It is always a good idea to enable multi factor authentication, in case your credentials get stolen, the thief will not be able to use them because of the 2nd authentication factor. Microsoft is encouraging all their users to start using MFA, so the made it free of charge for all the apps of the office 365 suite, including Outlook, Teams, Excel, Word and many more.

First Sign in screen

The 2 factor authentication can be setup up fairly easily by the end users self. This can be enforced by the administrator by requiring 2 factor authentication. The first time a user logs on, he or she will get a notification message to setup MFA. Or you can redirect your users to the following portal to setup MFA: https://aka.ms/mfasetup

How to setup MFA for your end users?

In the office 365 portal go to the Active Users tab, and go to the Setup multifactor authentication page (see below)

In the preview version of the admin center, the More menu on the Active Users page, with Setup Azure multi-factor auth selected.
Continue reading “Office 365 MFA is free of charge!”

Uninstall Office 365 Click-To-Run Updates

There are cases where you want or need to uninstall an Office update. Office 365 installations use a different update than the old Office 2013 & 2016 installations. Where the old installations are a point in time installation, click-to-run always downloads the latest version and then runs the setup. You can revert to an older version but its different than in the past where you could just uninstall an KB update.

Steps

Step 1: Check build number and find previous build number

In one of your office programs go to the options menu and go to Office Account. Find your current and previous version on the Microsoft website: Update history Office365 ProPlus by date

Continue reading “Uninstall Office 365 Click-To-Run Updates”

Sync existing office 365 tenant with local active directory

Recently we created an AAD tenant that has no on-premises AD domain counterpart.
Now we are facing an issue where we want to be able to use the identities in this tenant to log into some servers. It would appear that we would need to domain join these servers, but we can’t do this without AD. The question is, how can we continue to setup these servers?

If the servers are hosted on the Azure IaaS platform you can choose to go ahead with Azure AD Domain services as I wrote before:
https://www.cordenboer.nl/2019/04/22/azure-ad-domain-services-an-option-or-not/

But today we are going to install a new domain on-premise. The domain name isn’t relevant for the sync with Azure AD / Office 365. But the UPN for the end users is important! So first we can add the UPN domains by going to the Domain and Trusts console. Add the required domain names.

Continue reading “Sync existing office 365 tenant with local active directory”

Microsoft Advanced Threat Protecion

Microsoft bied op verschillende diensten Advanced Threat protection aan. Helaas zit er marketing technisch nog steeds hier en daar de naam Defender aan vast, waar het onder water een compleet ander product is. Het is inmiddels geen simpel antivirus pakket meer, maar een all-in-one oplossing tegen aanvallen van buitenaf en binnenuit. Dit gebeurt door Windows ATP voor bescherming van je device, Office 365 ATP voor bescherming van je Email, SharePoint, OneDrive en teams data en als laatste Azure ATP voor bescherming van alle identiteiten.

Als kers op de taart is er voor on-premise omgevingen is het Azure Security center ontworpen, die net als Windows, constant in contact staat met de Microsoft Azure datacenters om data en informatie uit te wisselen. Inmiddels zijn alle bedreigingen zo uitgebreid en geavanceerd geworden dat 1 enkele computer de rekenkracht ontbreekt om alles te analyseren. De kracht van de Cloud komt hier om de hoek kijken. Informatie die verzameld is bij andere klanten wordt gebruikt om jouw omgeving en apparaat veilig te houden. Het mooie is dat de ATP client standaard in Windows 10 is ingebouwd waardoor er relatief weinig hoeft te gebeuren om het in te zetten.

Continue reading “Microsoft Advanced Threat Protecion”

Modernizeer je identiteits en toegangs beheer met Azure AD

Door Azure AD als je centrale Identiteit opslag te gebruiken word beheer een stuk makkelijker en veiliger. Door Azure AD te gebruiken kan je voortaan makkelijk samen werken met andere bedrijven. Door gebruikers van een andere organisatie uit te nodigen, is het niet meer noodzakelijk om deze ook nog is lokaal in je eigen AD aan te maken. Mocht een medewerker van een ander bedrijf uit dienst gaan hoeft deze alleen nog maar uitgeschakeld te worden in de partner organisatie. Doordat er alleen een koppeling is vanuit jouw Azure AD wordt ook automatisch de toegang ontzegt tot de data van jouw organisatie.


Hoe zorg je er voor dat je huidige Active Directory modern beschikbaar komt?

Microsoft heeft een tool beschikbaar gesteld waarmee je alle identiteiten, of een selectie daarvan, kan synchroniseren naar Azure AD. Deze tool heet AD Connect en dient lokaal geïnstalleerd te worden op een server. Er zijn 3 mogelijke synchronisatie scenario’s.

Continue reading “Modernizeer je identiteits en toegangs beheer met Azure AD”

Microsoft Secure Score

Microsoft Secure Score is een manier om te meten hoe veilig je organisatie is in Office 365, Windows 10 en EM+S (Enterprise Management + Security). Hiermee kan je zien hoe veilig je organisatie is ten opzichte van het door Microsoft geadviseerde beleid, als ook andere bedrijven in dezelfde sector.

Microsoft laat met deze tool, die beschikbaar is via EM+S E3 of E5, zien hoe veilig je organisatie nu is, maar ook in het verleden. Door analyses en trends te bekijken kunnen er specifieke aanbevelingen voor jouw organisatie gemaakt worden waardoor je snel ziet hoe je je beveiliging kan verbeteren.

Door de aanbevelingen van Microsoft op te volgen kunnen we de ideale bedrijf score bepalen en deze samen behalen. Het kan soms wenselijk zijn om een aanbeveling niet op te volgen omdat dit de bedrijfsprocessen teveel beperken. In alle aanbevelingen word ook aangegeven wat de mogelijke gebruiksimpact kan zijn door een impact classificatie: Low, Medium en High.

Continue reading “Microsoft Secure Score”