Get All AIP encrypted files - SharePoint Online

Ravikaran Patel -
One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention
5 comments

Configure office 365 Mailbox on Outlook

Ravikaran Patel -
How to configure your office 365 Mailbox to Mail client.
There are few per-requisites. 
  1. You should have your autodiscover records set up properly for your domain. i.e Autodiscover.domain.com should point to Autodiscover.outlook.com
  2. Your OS should be updated
  3. Your mail client should be updated with latest SP and other updates 

Automated Process.
  • Go to control Panel > Mail
  • setup new profile 
  • under the New Popup enter your details
    • Name
    • Email Address
    • Your Credentials
  • Hit Next, this is automatically search for the necessary settings and then configure the profile.

Manual Process
  • Go to control Panel > Mail
  • setup new profile 
  • utnder the New Popup Select Manual setup.
  • And Next
 

  •  Select Microsoft Exchange server and then Next
 

  • Enter the server Name - "outlook.office365.com"
  • Enter your email address
  • And click on more settings

 

  • Under New Pop up go to "security" tab
  • Under Logon network security  : select - "Anonymous Authentication"
  • Go to Next Tab "Connection"
  • check the box "connect to Microsoft Exchange using Http"
  • And click on Exchange Proxy Settings.

  • Under the new Pop up fill the following details
  • Https://Outlook.office365.com
  • check the box "only connect to Proxy server that have this principle name in the certificate" and in the below box type "msstd:outlook.com"
  • Check the below two boxes
  • And in Proxy Authentication select "Basic Authentication"
 

  • Now Save this and on the main Pop up select next 
  • This will help to configure your office 365 Mailbox.
-------------------------------------------------------------------------------------------------------------------------------
To manually configure the Office365 account in Outlook, please refer to the following steps: 

1. Use PowerShell connect to Exchange Online.
 http://help.outlook.com/en-us/140/cc546278.aspx
 2. Use the following cmdlet:
 3. Then set related setting as below:

  • ·    Go to Control Panel, and click Mail.
    ·         Click Show Profiles and then click Add.
    ·         Type in a name for the profile, and click OK.
    ·         Click to select the Manual setup, and click Next.
    ·         Click Microsoft Exchange, and then click Next.
    ·         In the Server box, type e9983645-a13a-4334-8003-4f841d055318@domain.com/domain.onmicrosoft.com
    ·         Make sure that the Use Cached Exchange Mode option is selected.
    ·         In the User Name box, type your user name (for example, alias@domain.com), and then click More Settings.
    ·         Click the Security tab, make sure you do not check the box “Encryption” and choose Anonymous Authentication
    ·         Click the Connection tab.
    ·         Make sure that the Connect to Microsoft Exchange using HTTP check box is selected, and then click Exchange Proxy Settings.
    ·         In the Use this URL to connect to my proxy server for Exchange box, type the host address outlook.office365.com
    ·         Make sure that the Only connect to proxy servers that have this principal name in their certificate check box is selected, and then type msstd:outlook.com.
    ·         Click to select the On fast networks, connect using HTTP first, then connect using TCP/IP check box, and then click to select the On slow networks, connect using HTTP first, then connect using TCP/IP check box.
    ·         Under Proxy authentication settings, click Basic Authentication.
    ·         Click OK two times.
    ·         Click Check Names. When the server name and the user name are displayed with an underline, click Next.
    ·         Click Finish.

Comments

Post a Comment

Popular posts from this blog

Error - AttributeValueMustBeUnique in Azure AD connect sync

Ravikaran Patel -
My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD. Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match. However there were error with some users, their identities did not sync and their status still reflected as Azure AD. Error -  Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:user@domain.com;].  Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values. Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx ExtraErrorDetails: [{"Key":"ObjectId","Value":["cd088468-bb6a-4
Read more

Error - QuarantinedAttributeValueMustBeUnique

Ravikaran Patel -
Case History. 1. Client already had users created in office 365 2. Client wanted to setup SSO for office 365 users Approach for requirement fullfilment   1. Deployed and configured Azure AD connect      95% users were synced and soft match was successfully done  5% users were getting error - QuarantinedAttributeValueMustBeUnique  (to view the sync issues -  https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros )  When we checked 2 users were found under Active users  1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox 2. one unlicensed synced with AD Solution - 1. Delete the unwanted user in Azure or AD as per this document.  https://blogs.msdn.microsoft.com/hkong/2017/03/23/how-to-fix-attributevaluemustbeunique-error-message-when-trying-to-sync-an-object-from-on-premises-active-directory-to-office-365/   but  If we delete the user in Azure we will loose
Read more

Add members to office 365 Security Group Using PowerShell and CSV

Ravikaran Patel -
Step 1. Create a CSV file with a column “UserPrincipalName” and add all users under it who are to be added as a member of the group. Note – Sign In address need to be added under the userPrincipleName. Step 2.  Run The below command. $sub = Import-Csv C:\RAhul\sspruser.com.csv   csv   {enter the Path of same/Step1 CSV that was created by you with users details} $sub | Foreach {Get-Msoluser -UserPrincipalName $_.Userprincipalname | select Objectid } | Export-csv C:\RAhul\sspruser.com.csv This will convert the user’s identity to their unique guid details, and export it to the same CSV file. Step 3. Collect the guid ID of the security group. The below command will help with the object ID of the Group. Get-MsolGroup -all | where-object { $_.DisplayName -eq "SSPRSecurityGroupUsers"} | FL I have my object ID as below. ObjectId                  : XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX Step 4. Run the below command to Add members in the CS
Read more

Enforce MFA using CSV

Ravikaran Patel -
Step 1. Connect-MsolService Step 2. Run the following commands. $auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $auth.RelyingParty = "*" Step 3. Choose the MFA State. You can choose between "Enabled" and "Enforced" $auth.State = "Enabled" Step 4: Choose the date . Any devices issued for a user before this date would require MFA setup. Normally, we would select the date of running the command. $auth.RememberDevicesNotIssuedBefore = (Get-Date) Step 5. Activate MFA. For one user Set-MsolUser -UserPrincipalName <UserPrincipalName> -StrongAuthenticationRequirements $auth Using CSV- Create a CSV with column UserPrincipalName and place users under this column. Import-Csv C:\RAhul\userMFA.csv | Get-MsolUser | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $auth}
Read more

Analyze Office 365 Message headers

Ravikaran Patel -
Image
How to get the message headers? From outlook. i. Double click on the mail “This will open the mail in new window” ii. Go to File option in the tool bar. iii. File > Info > Properties In the new pop up window copy all the contents available under “Internet Header” option. From OWA a. Open the mail b. Click on dropdown option available under “reply all” option c. Under the dropdown options select “Message Properties”. Once you have the message headers, open search “EXRCA” on Internet or open https://testconnectivity.microsoft.com/ Once you are the Microsoft remote connectivity site is opened select the option “Message Analyzer” Paste the copied/saved header under “Insert the message header you would like to analyze” and click on analyze. You will see the results in the below order. ·          Summary will give the overview of the mail like o    Subject o    From , To , …etc ·         
Read more