As you all know, attackers, use widely malicious attachments to perform “Initial access”. Safe attachments is one of our defences in order to prevent that in our Environment Safe Attachments provides an additional layer to the Antimalware Exchange protection. Safe Attachment works with Machine Learning in order to protect your users inbox Policies may take … Continue reading 365 Defender – Safe attachments’ policy & Safe Documents
Advanced Features 365 Defender
Advanced features in 365 defender could be updated & Added as we go. For this particular reason, is a good exercise to keep up with news & the advanced features on the 365 portal. We're going to review all possible features you can enable in Defender First step. How to access the Features? https://security.microsoft.com/securitysettings Click … Continue reading Advanced Features 365 Defender
Phish delivered due to an ETR override – Defender & Sentinel
This alert fires when message containing phish was delivered due to an ETR override. ( mail flow rule ) In order to resolve and troubleshoot . We have to get into the exchange mail flow portal and investigate why could potentially a mail flow rule allow phising emails . In the following scenario we have … Continue reading Phish delivered due to an ETR override – Defender & Sentinel
Azure Sentinel Query—Monitor USB data Exfiltration
This article understands that you already configured Sentinel in your Environment Data exfiltration can be caused intentionally or by mistake Malicious insiders can be considered as trusted actors that can cause damage to your organization to their own gain There are many types of exfiltration ( Email , Sharing Links , USB .. ) In … Continue reading Azure Sentinel Query—Monitor USB data Exfiltration
Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel
A common way to protect your azure & Office 365 tenant, reducing the exposure, is a conditional policy allowing only to perform logins on the source country of origin. Since there are as many countries as you can guess, the attackers or adversaries will also have to guess such country. The idea of this monitoring … Continue reading Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel
Detect and Secure PNP Sessions In Sentinel in your Sharepoint
PNP PowerShell is a .NET Core 3.1 / .NET Framework 4.6.1 based PowerShell Module providing over 600 cmdlets that work with Microsoft 365 environments such as SharePoint Online, Microsoft Teams, Microsoft Project, Security & Compliance, Azure Active Directory, and more. Knowing that, what can we do to proactively secure and Monitor this changes Malicious actions … Continue reading Detect and Secure PNP Sessions In Sentinel in your Sharepoint
Monitor 365 OneDrive Sync Failures in your tenant
A new preview feature is now available to Monitor Sync problems with OneDrive As proactive measure , if you recently migrated to Teams/Sharepoint . Many companies are relying on in OneDrive sync to give an experience for the user similar to a File Server. Once you enabled the Monitoring, you also need to deploy in … Continue reading Monitor 365 OneDrive Sync Failures in your tenant
Cleaning up old Sharepoint Files
Download /Install the PNP module : https://www.powershellgallery.com/packages/PnP.PowerShell/1.12.0 I have find a very usefull script To archive files in Sharepoint This script is setup to clean up 8 Year Old files but you may modify this on the script The files will go into the recycle bin site . Effectively you have a rollback from disaster … Continue reading Cleaning up old Sharepoint Files
Event 659 – Error while retrieving password policy sync configuration. System.InvalidOperationException: The ADSync service is not allowed to interact with the desktop to authenticate This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account.
Hi If you have recently implemented MFA ( Enforced mode in your tennant). I have found that there is no much information about the Dirsync Account status. As per now if you do enforce mfa the account will be affected. Hence breaking the sync as shown In order to resolve: You will have to exception … Continue reading Event 659 – Error while retrieving password policy sync configuration. System.InvalidOperationException: The ADSync service is not allowed to interact with the desktop to authenticate This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account.
Onboarding Deploy Defender for endpoint via intune –
As part of security measures , enviorments should be monitored and gaining visibility of threats . For this you can integrate defender for endpoint so all your machines report any threats in form of alerts or automated responses. Make sure you get covered all the licensing requeriments Go in the endpoint Security blade in intune … Continue reading Onboarding Deploy Defender for endpoint via intune –
Redirect your user folders to onedrive using Intune
Redirecting your user folder to onedrive in your 356 enviorment provides ensurance that files wont be lost if a machine is lost , broken or any other situations . The functionality is called : known folders From a file governance perspective , we also can control using the admin governance center what files are being … Continue reading Redirect your user folders to onedrive using Intune
How to create alerts from Azure sentinel in log analytics
The requirements: Experience for log analytics and setting up alerts ( the guidance assumes you have configured all the requirements)Azure Sentinel integration data sourcesLog Analytics Workspace linked to SentinelAzure Sentinel Alert RuleIntegration in Analytics workspace of Azure AD, Virtual machine logs for analysis Usefull Links https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/ Create the alert rule from analytics in … Continue reading How to create alerts from Azure sentinel in log analytics
Self service password reset – Intune
Self service reset password . Introduces the ability to the users on your enviorment to reset their own passwords ( requires a pre - registration ) . and enabling password writeback if using AD sync ( Hybrid model ). Requeriments for the change in intune Impement SSPR in your tentant(Azure AD & All your computers … Continue reading Self service password reset – Intune
Edit host file powershell 1 Liner – Windows OS
In this chapter we are going to explain a little bit what the host file does and how we can make use of it via this powershell 1 liner. Possible uses: Testing a new Server or connectionTesting resolution problems Quick fixes for DNS issues in your enviorment A little bit of history ( wikipedia ) … Continue reading Edit host file powershell 1 Liner – Windows OS
Managed Android System apps & Identifier for Intune . Samsung Phone Dialer
You may come in situations where as you have for example to configure Kiosk mode or enterprise apps or device shared mode. Certain apps you will need the package name ( examples as for example Samsung phone calls) - Enterprise system android app Note: As per MS post you may have to work with your … Continue reading Managed Android System apps & Identifier for Intune . Samsung Phone Dialer
Update ring for Windows 11 – Intune
How to upgrade from Intune your pcs into Windows 11 Windows 10 & 11 Important Update informationThe feature quality update contains all the previous updates , Unlike with previous versions of Windows, you now must install the entire update instead of part of an update. Pre-Requisites: Windows 10 version 1607 or later, or Windows 11.TelemetryIntune … Continue reading Update ring for Windows 11 – Intune
This storage type is not supported by azure backup
This is a comon error when trying to action a backup in recovery services vault in azure using a non supported disk or storage that Azure vault cant supportin your tenant . In order to resolve you will have to check the support matrix and check the limitations or how you configure the vault in … Continue reading This storage type is not supported by azure backup
Cloud app Security : Remove PASSWORD NOT REQUIRED. ACTIVE DIRECTORY USERACCOUNTCONTROL 544 VALUE
After enabling defender for identity( integrate defender and Active Directory & Cloud app security ) . There is a remote possibility in your enviorment to face the following alert: REMOVE PASSWORD NOT REQUIRED. What does this alert mean? The alert picks up when an account is set to allow blank passwords. This is actually something … Continue reading Cloud app Security : Remove PASSWORD NOT REQUIRED. ACTIVE DIRECTORY USERACCOUNTCONTROL 544 VALUE
Azure VPN: Your Computer Trusted Platform Module Malfunctioned 80090034 . Encryption Failed
Error Code: 80090034 Related with AzureAD / Azure Cloud VPN P2S This error has been detected using Azure VPN ( Cloud based ) . Also can be related in Azure Logins. Resolution: 0.Upgrade Bios 1.Clear TPM using TPM.mSC ( run as admin) Press Action → Clear TPM 2.Clear TPM using Troubleshoot In Device Security 3.Registry … Continue reading Azure VPN: Your Computer Trusted Platform Module Malfunctioned 80090034 . Encryption Failed
Azure Vault backup Error: The storage type is not supported by Azure backup.
Today we are going to treat a common error when backing up Azure Virtual Machines If you use ZRS storage: This error is commonly associated when you try to backup an unsupported storage as for exammple zone redundant storage. In this case this backup failed because ZRS ( zone redundant managed disk storage is not … Continue reading Azure Vault backup Error: The storage type is not supported by Azure backup.
Workbook Azure Automation NSG Rules AzureRunAs connection
Hi here is a piece of coude you could use to open or either close ports in the NSG Azure VMS running a schedule and using automation. Requeriments Automation Account configurated and createdRun as Account configurated and createdRunbook experience-> https://docs.microsoft.com/en-us/azure/automation/manage-runbooksRun as connections : https://docs.microsoft.com/en-us/azure/automation/automation-connections?tabs=azure-powershell Code : #region BoilerplateAuthentication #This requires a RunAs account #AzureServicePrincipal - … Continue reading Workbook Azure Automation NSG Rules AzureRunAs connection
Log query For Heart beat Alerts in VMS with Exemption Azure Log Analytics
Heartbeat Alert is often something that you would configure to see if a VM has been not responding to azure for more than 5 minutes ( either a failure or a shutdown). If you plan to monitor your servers but you have some that are test or either get shut down at night to save … Continue reading Log query For Heart beat Alerts in VMS with Exemption Azure Log Analytics
Custom RBAC role Contributor no delete JSON – restrictions
I managed to test and work taking out all delete actions from the Contributor role in azure This is still in test but the code is here in case you interested. It restricts any delete actions . This could be good for a tiered access or maybe for security reasons on the daily bases I … Continue reading Custom RBAC role Contributor no delete JSON – restrictions
Authentication server could not be deleted. Authentication server is used as primary or secondary authentication server – Sophos XG
Sophos XG AD integration problem. This usually can occur when trying to decommission a Dc server used for AUTH in Sophos XG. You cant remove such servers if there is still a config pointing to them in Services Solution: Make sure you add the new AD servers in the AUTH or either if you going … Continue reading Authentication server could not be deleted. Authentication server is used as primary or secondary authentication server – Sophos XG
Data Collection Stopped due to daily limit of free data reached . Ingestion status = OverQuota(1). Log Analytics
Screenshot of the error on Log analytics: This problem is due to have a limit on the data log collection . You can increase this limits in your Work Analytics section ( cost management ) - Usage and estimated costs. You can look at the Usage charts and try to Match your Daily cap volume … Continue reading Data Collection Stopped due to daily limit of free data reached . Ingestion status = OverQuota(1). Log Analytics
Exchange: The execution of cmdlet Enable-Mailbox failed: An unknown error has occurred. Refer to correlation ID: 9b09bf27-e1ea-40ee-bc1d-294ddf168a12
Exchange: The execution of cmdlet Enable-Mailbox failed: An unknown error has occurred. Refer to correlation ID: 9b09bf27-e1ea-40ee-bc1d-294ddf168a12 Note: Beware this could be not your solution. This post exposes an issue when using certain character's on cloud users specifically using in the fields Name, First name or last name the character "*" or other characters forbidden … Continue reading Exchange: The execution of cmdlet Enable-Mailbox failed: An unknown error has occurred. Refer to correlation ID: 9b09bf27-e1ea-40ee-bc1d-294ddf168a12
Migrate to Managed Disk Azure Advisor
How to migrate to managed disks via Advisor : You will notice in your VM that now you have an option to migrate to managed disk This process STARTS/Stops the VM for at least 10 minutes plus restart. Beware doing this in high production servers. Click in migrate an azure will do all the work … Continue reading Migrate to Managed Disk Azure Advisor
Linux VM Using ARM templates + Snapshot & Disaster recovery
I strongly recommend to NOT do this in a production enviorment This guidance is meant to create all the related resources after a deletion In this guidance , we do create a resource group to save the Snapshot , even deploying an ARM template would recreate the VM , we would be loosing the data … Continue reading Linux VM Using ARM templates + Snapshot & Disaster recovery
[Error] Dialing VPN connection , Status = Server did not respond properly to VPN Control Packets. Session State: Reset sent – Azure VPN
This common error in azure VPN when a miss configuration has been made in the process in the gateway settings . I will attach a list of possible solutions that you may find useful .Which also covers local machine time problems. This guidance is meant for engineers that have implemented Azure VPN ( open vpn … Continue reading [Error] Dialing VPN connection , Status = Server did not respond properly to VPN Control Packets. Session State: Reset sent – Azure VPN
Migrate Jira Service Desk ( Linux ) to Jira cloud Atlassian Service Management
This is a resumed guide of how to migrate a Linux Server - Jira Servicedesk Instance to Atlassian cloud. This guidance is meant for people trying yo migrate to the cloud . Certain Jira Administration & Linux knowledge is required to follow the guide successfully Migrating attachments will be done in the next post 🙂 … Continue reading Migrate Jira Service Desk ( Linux ) to Jira cloud Atlassian Service Management
The last operation performed on this VM failed . The VM still running Azure VM backup failed
The resource operation completed with terminal provisioning state 'Failed'.This can be cause either for an error on the hyper visor or either a component that has been deployed and failed. If this is not your case please check logs before following any steps of this guide As mentioned earlier this resolution may not work for … Continue reading The last operation performed on this VM failed . The VM still running Azure VM backup failed
Import & Export Transport rules in 365 Exchange
On this article we will learn how to export and import transport rules in our exchange What Transport rules do? You can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your Exchange Online organization. Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web … Continue reading Import & Export Transport rules in 365 Exchange
The Restore point Collection max limit has reached . – Resolve Azure Backup Restore points issues
Today we will cover the several reasons for a collection limit - azure backup can fail Here we can detect the error as shown: UserErrorRpCollectionLimitReached OperationNotAllowed : The number of restore points across restore point collections and resource groups for a VM cannot exceed 18. To create a new restore point, please delete existing restore … Continue reading The Restore point Collection max limit has reached . – Resolve Azure Backup Restore points issues
Install DC Core 2019 with 0 trust NSG in Azure
Firstly well look at the specs that in this case I have used for this matter In this case since is a Core server we selected B1mS with premium SSD Ensure you patch the server using Sconfig. Beforehand raising it as a Domain controller . Recommended 0 trust config NSGS ( only for AD , … Continue reading Install DC Core 2019 with 0 trust NSG in Azure
The Kerberos ticket instant refresh and Security Legacy Protocols
If you ever wondered why when applying permissions on Windows Enviorment takes time to apply to the user the response is : the Kerberos ticket The trick is simple just running the following command you should refresh the permissions without having to reboot Open cmd.exe run Klist purge Now I would like to go through … Continue reading The Kerberos ticket instant refresh and Security Legacy Protocols
Repairing trust relationship in azure Windows VM using Serial console
There is going to be some times that you may restore a VM from a snapshot and the vm effectively is crashed its relationship with the domain since the snapshot was maybe performed long ago In cases like this whether Remote desktop may not be available we should be able to re-join the machine using … Continue reading Repairing trust relationship in azure Windows VM using Serial console
System Centre Endpoint Protection Azure VMS – blocked –
I'm back Well be covering over this next year loads of Azure Technologies . Recently I've got my MCSE Core Infrastructure + Azure Admin AZ04 Today we will cover an issue with Endpoint protection when the extension is Deployed in Azure and you wish to interact with the Defender directly on the vm , you … Continue reading System Centre Endpoint Protection Azure VMS – blocked –
About this blog Creator (Updated) – Tony
IT professional since 2008 I'm From Barcelona , Spain living in UK ( London ) Since 2016 I'm a tennis enthusiast and Cryptocurrency trader when Im not doing IT . I'm now on my way to complete the Azure Architect Certification . I wanted you all to know we are going to focus this 2021 … Continue reading About this blog Creator (Updated) – Tony
Powers hell set timezone for UK ( and others )
UK , where do I live! But sometimes I find users laptops , even servers out of my timezone Also there can be gpos blocking you to change the timezone! ( and the system just goes by the US time or European ! ). yes it does! other colleages of you could have set this … Continue reading Powers hell set timezone for UK ( and others )
Configure External Access for Teams between tenants
Advise: This will not work as expected if both companies are still using skype. Ideally what you want is to be full Teams mode To configure external access and users being able to talk between different 365 Tenants Log into Tenant 1 365 Admin console / Teams section / org Wide section / External Access … Continue reading Configure External Access for Teams between tenants
Teams sound & camera not working?
Hi Team Opening new section for Teams and Windows tips & today we will cover the most famous one Camera and sound not working. Obviously this can be because your mic is not connected or either speakers.But there is another classic and its Windows preventing it! Here we spot the problem on a test call … Continue reading Teams sound & camera not working?
How to manual backup & restore Jira Linux Edition
How to do a quick backup in easy steps: 1.We will Go to section Jira : System / Backup 2.We will Name the file as the date and time as for example 25022021721 ( 25 FEB 2020 17h 21 min ) 3.Now the backup will be place on the linux computer /home/jira/jira-home/export ( beware it is … Continue reading How to manual backup & restore Jira Linux Edition
Exchange AD Objects with an Incorrect Target Address Attribute
Within an Hybrid environment , you can notice that a new accepted domain is in the Exchange portal Mail.onmicrosoft.com This domain is going to be used by the on premises to route mail of the account that has been migrated A quick way to view an objects Active Directory targetAddress attribute is through the Active … Continue reading Exchange AD Objects with an Incorrect Target Address Attribute
Restore Windows 10 Store APP via Powershell
If you have lost you Windows10 Store , there is a quick fix that can bring it back. We will not require admin rights for this fix and is advisable to do it with user permissions as W10 apps mainly work via user context The first that we will do is search for our package … Continue reading Restore Windows 10 Store APP via Powershell
AD PowerShell Get all Security/ Distribution groups including email assigned
Script for quickly getting any security/distribution list group and if so, they have an email assigned ; #import-module activedirectory $user="Example" $array = Get-ADPrincipalGroupMembership $user | Get-ADGroup -Properties * | select name, description,mail,groupcategory echo "All DL groups and email groups for the user" foreach($i in $array.count){echo $array}