How to revoke App Access to your Office 365 environment

Today I tested a backup solution for Office 365. Installation was very easy and within seconds I made a connection to my Office 365 test environment. I quickly entered my admin creds and hit enter a couple of times.  Hmmm…. that went very smooth. The backup application made sure that there were enough permissions.

Okay, now I ready with the product evaluation. I want to remove those credentials! But how…. I found out that I had to look for it, so I thought it would be a nice idea to share my experience with my readers..

Login to your Office 365 tenant with Admin creds and go to the upper right and choose the options icon next to your name.

Office_Creds_001

Go to Office 365.

Office_Creds_002

You see all the applications that have (administrative) access to your tenant. You notice many default (web) apps. But notice the last application, Office 365 Backup. Click on details to verify that you have the right application. Ok? Now let’s remove those permissions. You can’t do this in this windows however. First you must go the My Account, and then notice the App permissions Pane. (3rd pane)

Office_Creds_003

Now click on the three dots next to your application:

Office_Creds_004

Choose the remove from tenant option. Et voila, your permissions are removed :

Office_Creds_005

(Notice that the Office 365 Backup permissions are gone)

Nowadays more and more Office 365 tools & software is coming to the market. It would be nice that when uninstalling the product, the vendor also removes the permissions made..

How secure is your Office 365 environment?

More and more companies are using Office 365 (O365) nowadays. Because it’s a SaaS service many people think that they don’t have to think about security. This is a common made mistake.

Log on to https://securescore.office.com with you (admin) Office 365 credentials and you see your current score. (Pictures taken from demo environment)

O365 1

You immediatly notice your score and the maximum score you can achieve. A nice feature is that you can see what your score was days/monts ago.  Maybe someone made an adjustment to your O365 configuration which has security consequences.

Secure o365 time

Notice the information about the security measurements you already took and the one you can/need to take to improve your security score.

Security O365 Done

Security O365 open

It’s very easy to show more information about the steps. Just expand the specific action and choose how to accomplish that step.

Howto: Update Nakivo Backup and Replication V7 NAS Appliance

I like the fact that Nakivo Backup & Replication v7 is extremely easy to use and their interface is very intuitive to use.  Recently Nakivo released 7.0.1 of their Backup & Replication software.   Updating the Nakivo Backup & Replication appliance is an extremely intuitive and straight forward process.  I’m using the NAS appliance of NBR, so let’s take a look at how to update Nakivo Backup and Replication v7 appliance (NBR from now).

nakivo_701_1

In the main interface you see a notice that there is an update available. Click on that notice :

nakivo_701_2

Use the download button to go to the download page.

nakivo_701_3

Choose your NAS vendor, in my case I choose the Synology package.

After downloading to to the Package Center of the Synology NAS:

nakivo_701_4.png

Choose the manual installation option (sorry for the Dutch language :-))

nakivo_701_5.png

Browse to SPK (Synology Package) file and choose next

nakivo_701_6

Read & accept the license agreement.

nakivo_701_7

Choose to apply the update. After applying the update start NBR:

nakivo_701_8

Notice the update notification is gone:

nakivo_701_9

You just upgraded to the latest release of Nakivo Backup & Replication!

nakivo_701_10

For more information please find the release notes here.

You see upgrading to the latest release is very easy.

Nakivo Backup & Replication v7 released

Recently Nakivo released version 7 of Nakivo Backup & Replication!

The new version has the following features:

  • Support for Hyper-V 2016 and 2012 (R2)
  • Support for VMware vSphere 6.5
  • Active Directory integration
  • Skip swap files and partitions

You can find out more about v7 here.

How to troubleshoot your Linux VM running on Microsoft Azure

Many people are running Linux in a virtual machine on Azure. But what if a Linux virtual machine refuses to start?

Go to the Azure portal and open the virtual machine properties. First check out the CPU, network and disk utilization. Is CPU constantly peaking at 100%? Then you know that you must investigate that first. You see absolutely no utilization at all? Then your virtual machine might be down or doing nothing at all. When your virtual machine is slowly but online, maybe you have choosen the wrong virtual machine type and do you require more resources.

Ok… let’s choose the troubleshoot option. (The screendumps are from the dutch Azure website)

When you choose the troubleshoot option, you see the current resource status. A green sign means that there should be no problems with the Azure platform resources you are running on. In my case I see a green sign, so that’s a good! You also see the latest issues and activities. Did someone recently restart your virtual machine? You should see a notice of that. Remember how important it is to take security in mind. Are you and your co-workers all using the same account? Then it can be difficult to identify who rebooted the server.

You also see most common issues regarding your type of virtual machine. Just click on a problem and Microsoft gives you advice. You directly have the option to check for the tips that Microsoft gives you.

Console session

Most system administrators first instinct is to check the console screen. Unfortunately there is no live console screen which you can use. So you can’t monitor the boot process (and see the errors occurring) realtime. But there are ways to monitor it with a alternative method. Let’s go to the first option and click the first link:

After you’ve selected the first option you notice the follow screen:

You notice the latest boot process. You can scroll down this window. Notice the options to download the logfile, and to take a screendump and download it. You can’t see a live screen of the console but you’re able to download a screendump of the console. Not ideally but it can provide you with some interesting info.

Reset password

Sometimes there is a problem with your password.  Maybe you forgot your password!? You can use CLI or Powershell to change it.  You can find more info here and here. When you have full access to azure and the virtual machine you can reset your root password without knowing the current password.

Check for a pending reboot

Maybe some actions required a reboot and for that reason some services are not running. Check if the file /var/run/reboot-required exists or not. If it exists then you first have to reboot your Linux virtual machine before further troubleshooting.

Restart your virtual machine

There could be a resource problem or a hanging process. Choose to restart your virtual machine. Click on restart virtual machine to restart it. Use the console and boot information mentioned earlier to check the progress.

Reset the SSH connection creds

Sometimes there could be an issue with your SSH keys. Choose this option to recreate your SSH keys. (Option 4)

Migrate your Virtual machine to another host

You have the option the migrate (move) your virtual machine to another host. Sometimes there could be a problem with a specific region or host Use this option to make sure that this doesn’t apply to you.

Consider the use of premium storage

Check your number of IO’s. Do you have a application which requires a lot of IO? Consider the use of premium storage. Microsoft Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines running I/O-intensive workloads. VM disks that use Premium Storage store data on solid state drives. You can migrate your application’s VM disk to Azure Premium Storage to take advantage of the speed and performance of these disks. But be aware of the costs! If your disks does not require high IOPS, you can limit costs by maintaining it in Standard Storage, which stores virtual machine disk data on Hard Disk Drives insteads of SSD’s. More info here.

Revert or fallback to your latest snapshot/backup

Sometimes it’s easier not to troubleshoot but to restore your latest backup and/or snapshot. Especially if you have a working (and tested!) backup and are able to restore

Conclusion

Microsoft provides more and more support for Linux virtual machines. The not real time console session is a bummer but Microsoft offers a lot of tips for you to take a clooser look at. I hope that this post will provide you with a good place to start your investigation. Make sure you have a working (and tested!) back-up plan in order. Everyone needs a restore or one point or another. 🙂 Microsoft also provides support plans, costs are $ 250 monthly with a minimum term of 6 months. You can always fallback on Microsoft’s Linux team which has advanced knowledge but for a price..

Script to clear browsing history and cache for IE, Firefox and Chrome

Recently I wrote a couple of scripts to clear the browsing history and cache for IE, Firefox and Chrome

Internet Explorer (Powershell)

$t_path_7 = "C:\Users\$env:username\AppData\Local\Microsoft\Windows\Temporary Internet Files"
$c_path_7 = "C:\Users\$env:username\AppData\Local\Microsoft\Windows\Caches"
$d_path_7 = "C:\Users\$env:username\Downloads"

$temporary_path =  Test-Path $t_path_7
$check_cache =    Test-Path $c_path_7
$check_download = Test-Path $d_path_7

if($temporary_path -eq $True -And $check_cashe -eq $True -And $check_download -eq $True)
{
    echo "Clean history"
    RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1

    echo "Clean Temporary internet files"
    RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
    (Remove-Item $t_path_7\* -Force -Recurse) 2> $null
    RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2

    echo "Clean Cache"
    (Remove-Item $c_path_7\* -Force -Recurse) 2> $null

    echo "Clean Downloads"
    (Remove-Item $d_path_7\* -Force -Recurse) 2> $null

    echo "Done"
}

Firefox (batchfile)

@echo off
set DataDir=C:\Users\%USERNAME%\AppData\Local\Mozilla\Firefox\Profiles
del /q /s /f "%DataDir%"
rd /s /q "%DataDir%"
for /d %%x in (C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\*) do del /q /s /f %%x\*sqlite

and Chrome (batchfile)

@echo off
set ChromeDir=C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data
del /q /s /f "%ChromeDir%"
rd /s /q "%ChromeDir%"

The (dis)advantages of Cloud backup

Cloud backup (online data backup) is a service where data is remotely maintaned, managed and backed up. This service allows the use of storing backup files online, so that they can be accessed from any location due to the use of the internet.

More and more people are backupping their data to the Cloud. Many more people are thinking about it. What are the (dis)advantages?

Cloud backup

Difference between an offline/offsite back-up and a Cloud backup

A cloud backup uses storage in the cloud (provided by a Cloud storage provider) to store the data and is remotely accessible. An offsite backup is a copy of your local backup and is kept offline and offsite. When you have the need for the off-site back-up you have to pick up that storage device, mount it and/or do some configuration and then you are able to restore the data on it.

Disadvantages : the device (data) can be stolen, corrupted (no RAID usage for example), it takes time to use the storage because it’s offsite (you first have to collect the storage device)

Advantages are : data is offsite and any influences on that location (storm, theft, fire) is not appliacable. Data can’t be altered and is safe for malware and corruption.

Advantages of Cloud backups

  • Effeciency, usability and reliability
    Cloud backups are extremely reliable. Due to it being stored in a cloud environment, redundant config compensate for possible hardware corruption and facilitates improved data integrity
  • 24/7 monitoring
    Any decent Cloud storage provider has a 24×7 monitoring solution. So any flaws concering their (Cloud) service are noticed immediatly
  • Scalability & Accessibility
    You can easiliy up- and down scale (pay for usage) and the backup service can be accessed everywhere as long there is access to the internet.
  • Recovery time improvement
    You can increase your recovery time. Because everything is in place all the time. (You don’t have to load tapes etc) It’s as simple as a push on the button.
  • Disaster Recovery out of the box & accessibility.
    You don’t have to build a disaster recovery infrastructure. It’s right there for you to use. It’s important to keep a copy of your backup offsite. Even when all your local backups are in order, there could be a hurricane or flood which could prevent access to your servers. (Cloud backups are offsite too!)
  • Cost savings
    Business and organizations can often reduce operating cost by using cloud storage. But be aware, use of Cloud backup can be more expensive also.
    It’s important to use a solution that makes sense and won’t require to incur a capital expenditure.
  • Your Cloud partner or backup vendor takes care of things for you
    Most of the time it’s a simple one time configuration and afterwards you don’t have to pay any attention about configuring.
  • Protection against physical theft and natural disasters
    A tornado could hit your office, or you could be a victim of burglary of theft. Now you could still rest easy knowing that your personal data is safe offsite in the Cloud.

Disadvantages of Cloud backup

  • A full backup or recovery job can be too time-consuming
    Even if you’ve got a large bandwidth internet connection, it will almost certainly take some time to initially upload and backup your data.
    The same goes for restoring. Slow speeds are, without a doubt, the majority of people’s biggest gripe with online data backup.
  • Limitations of the amount of data that can be uploade to the cloud depending on bandwidth availability. You are completely reliant on your internet connection and on the connection of your Cloud provider. If your internet connection goes down, so does your ability to backup or restore data from the Cloud.
  • No direct control
    When you send your data up into the the Cloud you have less control over it than over the storage you have onsite.
  • Discontinuation of the service. Providers can stop their service
    This is one reason you can’t rely on Cloud storage only. You always need a local backup solution.  For legal reasons you (may) have to hold your backups for several years. What if your Cloud storage provider cancels their service? Then you have to rely on your local backups!
  • Bad or nonexistent service-level agreements
    If a solid agreements with the cloud storage provider is not in place, it could result in disappointment. Make sure your expectations and the provider’s capabilities are cleary spelled out in the contract.(SLA!!)
  • Datasecurity & encryption
    There are concerns with the safety and privacy of important data stored remotely.
    If a Cloud storage provider doesn’t follow adequate data security practices, your data will be exposed to greater risk than with off-site backups.  Any online backup provider worth mentioning will encrypt the data of its customers during both transmissiond and storage using high-level encryption algorothms such as AES or Blowfish, the same used by banks and government agencies. However some provider don’t use those technices and may expose as as security risk.

Conclusion

Backup to the Cloud is easily configured and often works like a charm. But don’t forget to investigate the different vendors and platforms (Amazon, Azure, Google etc) and check the support from your backup application (/solution). There are multiple vendors like for example Nakivo Backup & Replication. There are gigantic differences between costs, possibilities, liabilities and support.

File level restore on Azure

Making backups of virtual machines running on Azure using snapshot technology is a nice feature. But sometimes you don’t want to revert the whole snapshot but only want to restore a single file. Now this is possible. It uses the same backup/Snapshot technology you probably are already using.

Azure_file_level_restore_1

Open the virtual machine properties in the all resources tab. Choose the Back-up option.

Azure_file_level_restore_2

Go to the file level restore option. (more/upper right)

Azure_file_level_restore_3

Select the back-up set containing the file(s) you wish to restore. Then choose to download the script. Upload that script to your Virtual Machine. (winscp, copy/paste into nano/vi or any other way you choose to). It takes approx. 1 minute to generate and download the script.

Execute the script using bash <filename.sh>. First time the VM adds support for the iSCSI service which is required for mounting the back-upset. Choose Y for installation the iSCSI drivers and wait a few seconds. You see that entire back-upset is mounted. Now you can copy all the necessary files you need.

After you are ready, go to the Azure portal and choose to unmount the back-upset. Now you are all finished!

How to show (export) all devices synchronizing with your Office 365

For a MDM project I had to make an dump which users are using which devices to (active)sync with their Office 365 mailboxes. This is how I did that :

Get-Mailbox -ResultSize Unlimited | ForEach {Get-MobileDeviceStatistics -Mailbox:$_.Identity} | Select-Object @{label=”User” ; expression={$_.Identity}},DeviceModel,DeviceOS, lastsuccesssync | Export-csv F:\powershell\activesync.csv

Running the above command showed the following output (in a CSV file format):

As you can see you see the user, the device the user is using, the OS their device uses and last time that devices succesfully synchronized.

I used Excel to import the CSV and sort on LastSuccessSync.

Find out here how to connect to Office 365 using Powershell.

FreeNAS 9.10 Released (how to upgrade..)

FreeNAS 9.10 has just been released.

Based on FreeBSD 10.3, FreeNAS 9.10 combines hundreds of FreeBSD improvements with dozens of bug fixes and feature requests, while retaining the familiar user interface. Topping the list of FreeNAS 9.10 features are greater speed and scalability, dozens of new hardware drivers, USB 3.0 support, and the addition of the bhyve hypervisor.

Intel Skylake CPU and I219-V & I219-LM Gigabit Ethernet controller support stand out from a platform perspective and users can now use USB 3.0 storage and network controllers. FreeNAS plugin jails have been upgraded to FreeBSD 10.3 templates, which are binary compatible with existing jails. For the more adventuresome, FreeNAS 9.10 also includes FreeBSD’s bhyve hypervisor, opening the door to hosting virtual machines on FreeNAS with operating systems such as GNU/Linux and SmartOS.

For more information about FreeNAS 9.10, please see the forum announcement, release notes and change log. Current FreeNAS 9.3 users are encouraged to upgrade to FreeNAS 9.10 to stay current with the latest bug fixes and feature requests

You can easily upgrade to the latest version:

Logon to the management interface:

freenas01

Go to System/Update/Check now.

freenas02

Check the ChangeLog and choose to apply the updates.

freenas03

(Downloading and installing the updates)

freenas04

Finally FreeNAS has to reboot and in a couple of seconds you’re back online!