Purge deleted users from Azure recycle bin

Hi,

To purge deleted users you have to run the following syntax using Azure Powershell cmdlets:

List deleted users:

Get-MsolUser -ReturnDeletedUsers

Purge deleted users:

Remove-MsolUser -UserPrincipalName user@domain.com -RemoveFromRecycleBin

Regards

Anuncios

Diferences between basic and modern authentication with SSO on Outlook and O365

Hi,

On the project where I’m working (staged migration to O365) the costumer asked me about secure authentication for ActiveSync devices (iPhone/iPAD) and  computers (outlook 2010 SP2). I have implemented ADFS 3.0.

If you use Office 2010, the first time you configure Outlook it promt for credentials and it saves this on the Windows Credentials Manager. After, Outlook go to autenticate to Office 365 using Basic Authentication and is Office 365 who go after to ADFS.

O365BasicAuth

With Outlook 2013/2016 Outlook use Windows Authentication. It´s a real SSO because doesn’t save your user credentials on any place and it is who goes to ADFS and not O365. It is using Modern Authentication.

MAuth

Summarizing: Use Outlook 2013 or 2016 to have a real Single Sign On.

Note 1: Outlook 2013 by default uses Basic Auth, you need to activate Modern Auth.

Note 2: iOS built in email client uses Basic Auth. Install and use Outlook 2016 App.

References:

Modern Authentication:

https://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/

https://blogs.office.com/2015/03/23/office-2013-modern-authentication-public-preview-announced/

https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/

https://support.office.com/en-us/article/How-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517?ui=en-US&rs=en-US&ad=US

https://blogs.office.com/2015/06/10/new-access-and-security-controls-for-outlook-for-ios-and-android/

Basic Authentication:

https://blogs.technet.microsoft.com/askpfeplat/2014/08/24/adfs-deep-dive-primer/

https://www.microsoft.com/en-us/download/details.aspx?id=28971

 

How to configure specific services with GPO

Hi!

If you want to configure specific services for a lot of computers you can do this with GPO.

In the GPMC go to Computer Configuration\Preferences\Control Panel Settings\Services. There you can configure all services that you want.

Captura1

Captura2

ALso, If you want to configure standard services, go to Computer Configuration\Policies\Windows Settings\Security Settings\System Services

Imagen

Regards

How to indicate a proxy to connect to Office 365 thru powershell

Hi,

It’s possible that you can’t connect to O365 thru powershell directy because a Proxy in the middle between Inet and your corporate network so it is necessary to indicate it if we want to establish a session against Office365.

To do that execute the following lines:

  • $cred = Get-Credential
  • $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection  -SessionOption $proxysettings
  • Import-PSSession $Session

To close session:

  • Remove-PSSession $Session

Regards

How to fix duplicated MACs on Hyper-V hosts

Hi!

Days ago a costumer reported that saw duplicated MACs in all hosts of a Hyper-V Failover cluster.

DupMAC

And Powershell showed that was true, in both teamings (Look on VM and MGMT) in every host we saw duplicated MAC.

DupMAC2

The solution was force MAC Address in both teamings with a new MAC.

To do that, I went to Device Manager and I added 90-E2-BA-7B-DD-A7 and 98-BE-94-2B-92-C6 for my case in that host (Of course on the others Hyper-V hosts I did the same but with different MACs).

DupMAC3

Remark that Hyper-V and SCVMM use different MAC Address scopes and doesn’t overlap.

Regards!

How to solve MigrationInvalidTargetAddressException error

Hi!

I’m involved in a Staged Migration project from Exchange 2007 Sp3 to O365 and I found various problems uploading identites to O365.

My Scenario is:

Forest A with FFL and DFL 2003 with Resources Subdomain with Exchange 2007 SP3 and Users Subdomain where are all user accounts.

Forest B with FFL and DFL 2008 R2 where have a syncro of all users from Subdomain on Forest A.

After I configuring AD Connect and execute users syncronization to Office 365 I saw the following error:

Error: MigrationInvalidTargetAddressException: A valid primary email address user@domain.com couldn‎’t be found on the target.

My problem was that not all user attributes were syncronized from Users subdomain in Forest A to Forest B.

Cheking all attributes I found that I needed the following attributes to syncro from Forest A to Forest B:

extensionAttribute1
legacyExchangeDN
mailNickname
msExchMailboxGuid
msExchRecipientDisplayType
msExchRecipientTypeDetails
proxyAddresses 

Once done, the problem disappeared automatically.

Here you can see all attributes that Exchange Online need from users, contacts and groups.

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-attributes-synchronized/

Regards!