Office365


How to revoke App Access to your Office 365 environment

Today I tested a backup solution for Office 365. Installation was very easy and within seconds I made a connection to my Office 365 test environment. I quickly entered my admin creds and hit enter a couple of times.  Hmmm…. that went very smooth. The backup application made sure that there were enough permissions.

Okay, now I ready with the product evaluation. I want to remove those credentials! But how…. I found out that I had to look for it, so I thought it would be a nice idea to share my experience with my readers..

Login to your Office 365 tenant with Admin creds and go to the upper right and choose the options icon next to your name.

Office_Creds_001

Go to Office 365.

Office_Creds_002

You see all the applications that have (administrative) access to your tenant. You notice many default (web) apps. But notice the last application, Office 365 Backup. Click on details to verify that you have the right application. Ok? Now let’s remove those permissions. You can’t do this in this windows however. First you must go the My Account, and then notice the App permissions Pane. (3rd pane)

Office_Creds_003

Now click on the three dots next to your application:

Office_Creds_004

Choose the remove from tenant option. Et voila, your permissions are removed :

Office_Creds_005

(Notice that the Office 365 Backup permissions are gone)

Nowadays more and more Office 365 tools & software is coming to the market. It would be nice that when uninstalling the product, the vendor also removes the permissions made..


How secure is your Office 365 environment?

More and more companies are using Office 365 (O365) nowadays. Because it’s a SaaS service many people think that they don’t have to think about security. This is a common made mistake.

Log on to https://securescore.office.com with you (admin) Office 365 credentials and you see your current score. (Pictures taken from demo environment)

O365 1

You immediatly notice your score and the maximum score you can achieve. A nice feature is that you can see what your score was days/monts ago.  Maybe someone made an adjustment to your O365 configuration which has security consequences.

Secure o365 time

Notice the information about the security measurements you already took and the one you can/need to take to improve your security score.

Security O365 Done

Security O365 open

It’s very easy to show more information about the steps. Just expand the specific action and choose how to accomplish that step.


How to show (export) all devices synchronizing with your Office 365

For a MDM project I had to make an dump which users are using which devices to (active)sync with their Office 365 mailboxes. This is how I did that :

Get-Mailbox -ResultSize Unlimited | ForEach {Get-MobileDeviceStatistics -Mailbox:$_.Identity} | Select-Object @{label=”User” ; expression={$_.Identity}},DeviceModel,DeviceOS, lastsuccesssync | Export-csv F:\powershell\activesync.csv

Running the above command showed the following output (in a CSV file format):

As you can see you see the user, the device the user is using, the OS their device uses and last time that devices succesfully synchronized.

I used Excel to import the CSV and sort on LastSuccessSync.

Find out here how to connect to Office 365 using Powershell.


Powershell: Start using PowerShell using PowerShell Command Builder

Microsoft TechNet site has a great site that enables you to build your own cmdlets using a web drag and drop interface.

There is support for :

image

Let’s try Office 365 :

image

You notice the drag and drop interface. First select the verb, for example Get. Click get and the send arrow. Now choose a Noun, for example Msol User:

image

After selecting the Verb and Noun you notice the other extra options. Fill them in when needed. Now hit the Copy to Clipboard button to copy the PowerShell command to your Clipboard and start using PowerShell to manage your Office 365.

You can find the site here.


Powershell: Connect to Azure Active Directory and Microsoft O365

Use the following Powershell script to connect to Azure Active Directory and Microsoft O365. This enables you to use all the O365 Powershell commands.

#Connecting to Exchange Online and Azure Active Directory

#This first command will import the Azure Active Directory module into your PowerShell session.
Import-Module MSOnline

#Capture administrative credential for future connections.
$credential = get-credential

#Establishes Online Services connection to Azure Active Directory  
Connect-MsolService -Credential $credential

#Creates an Exchange Online session
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $credential -Authentication Basic -AllowRedirection

#Import session commands
Import-PSSession $ExchangeSession

 

image

(Download the Powershell plugin here)


Office 365 : Disable Clutter (onbelangrijke mail) function

In this post I describe how to disable/enable the Clutter function of O365. The clutter feature is self learning and there are not many options you can specify. You can drag messages to and from the Clutter mailbox so that it can learn how to work. But sometimes you want do disable this function for specific mailboxes.

To disable Clutter for the entire organization you can use the following Powershell command:

Get-Mailbox | Set-Clutter -Enable $false

To disable Clutter for a single mailbox use the following command :

Set-Clutter -Identity helpdesk -Enable $false

To enable Clutter replace $false by $true

 

SNAGHTMLc9d7c89


Office 365 Powershell: Delegate Calender rights

Use the following steps to delegate (Calender) rights to a specific user.

First step specify your (administrator) credentials:

$LiveCred = Get-Credential

Create the session:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

Now import the Office 365 session using the following command:

Import-PSSession $Session

Use the following command to delegate the calender from user1 to specified user2

Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor

SNAGHTMLb41a829

Et voilà! The calender rights are set.


Office 365 Enabling archiving

Use the following steps to enable archiving using Office 365.

Go to http://portal.office.com

image

Select administrator/beheerder. Go to the list of enabled users.

Select Exchange properties

image

Now the specified user has Archiving rights. So all data in the archive folder is not part of the 50 GB storage limitation. Let’s open Outlook Web Access and notice the Archive button:

image

When you select an email message you can easily archive that message. It will appear in the archive folder in your mailbox :

image

or when using Outlook:

image

Emailmessages are still enabled for indexing and search requests.


Powershell : How to identify (and delete) specific email messages from Office 365 1

I was looking for a way to identify messages in my Outlook Mailbox and easily delete them.

First connect to Office 365 with you (admin) credentials using the LiveCred command.

Set the Execution Policy and import the commandlets.

Using the next command creates an export of all emails from the specified user in the emailbox username and puts that export in the mailbox of user target mailbox and creates an folder called Searchlogs.

$LiveCred = Get-Credential

Set-ExecutionPolicy RemoteSigned (Make sure you open Powershell with Administrator Rights!)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
$Session Get-Mailbox username | Search-Mailbox -SearchQuery from:"user@emailbox.nl" -TargetMailbox info -TargetFolder SearchLogs -LogOnly -LogLevel Full

 

In that folder you find the logging of the files specified :

Results_powershell

 

Open the zip file containing the CSV export.

 

When you are ready to delete those files use the following command :

Search-Mailbox -Identity username -SearchQuery From:"user@mail.nl" –DeleteContent

Now all the files from the specified user are deleted. You can also use the -subject:’subjectname” switch.

 


How to publish a remoteapp (Azure)

In this article I describe how to publish a remoteapp using Microsoft Azure. First login to the Azure Portal using your (admin) creds and create a RemoteApp :

image

After you select the +NEW button use the following steps to create a RemoteApp:

image

Give a name, the region you wish the data to be stored and the plan details. Notice that by default there are 3 images to choose from. In this example who use the default available. In a later post I shall describe how to use your own images. After you click Create RemoteApp Collection, your RemoteApp Collection will be created. This can take a couple of minutes. When this task is finished you see something like this :

image

The name, status, address and other information is displayed. Double-click this bar.

You notice this screen:

image

You have several options : Dashboard (this page), User Access (control which users have access), Publishing (choose which applications to publish), Sessions (see the current sessions), Scale (scale your RemoteApp)

Click publish remoteapp programs!

image

Now you can choose from a list of programs installed in the image you choose before. Select any of them. You see the selected program being published. You can go to the publishing menu and you see al the Apps which are published as a RemoteApp.

image

It’s also an option to manually enter programs when you now the exact path or any one which is listed in the start menu. Ok! We are ready to go. Let’s download the Azure RemoteApp client here. After you have installed the client, let’s start the client! Login as the user you gave access to earlier. (users) and you see something like this :

SNAGHTML19a3dfbe

Let’s start Visio for example :

image

The first time to application is set up (profile etc) and so it takes a bit langer to start the application.

Et voila Visio is started! You don’t see the difference between Visio installed locally or as a RemoteApp :

image