Author archives: Gert Kjerslev

ATP safe links has been extended to iOS and Android mobile devices

A new feature of Office 365 Advanced Threat Protection, can help protect your organization from malicious links used in phishing, malware, and other cyber threats. When enabled, this update will provide users with time-of-click protection for links that are inside their Word documents, Excel spreadsheets, and PowerPoint presentations when they access them through iOS and Android devices. To Enable this, just go to the Security & Compliance Admin center, navigate to threat management\policy\safe links, under ‘Policies that apply to the entire organization, click ‘Default’ and Edit it. Check the ‘Office ProPlus on Windows, Office for iOS and Android’ checkbox to enable the feature. All done!
 

Update management, inventory, and change tracking in Azure Automation

 It is now possible in Azure Automation to use update management, inventory, and change tracking directly from the Azure VM. One of the cool things I found was the ability to create scheduled deployment of windows updates within a defined maintenance windows. You can see the status of update deployment directly on the VM, just like you can in OMS. Nice work Azure Team. All this is still in Preview, but I suspect it will go GA soon. 🙂
 
 For more about the new Update management, inventory, and change tracking in Azure Automation see this blog post from the Azure team, and the Microsoft doc on how to set this up.
     

Public preview: PowerShell in Azure Cloud Shell

PowerShell in Azure Cloud Shell is now available in public preview. Azure Cloud Shell is a Microsoft-managed admin machine running on Azure, for Azure. It enables you to:
  • Choose to use a PowerShell experience in Cloud Shell as an alternative to the existing Bash experience (also in public preview) while retaining the benefits of Cloud Shell, including:
    • Authenticated access to Azure from virtually anywhere.
    • A shell maintained and updated by Microsoft that comes equipped with commonly used CLI tools.
    • Language support for several popular programming languages.
    • The ability to persist data across sessions in attached Azure File storage.
  • Browse and discover all your Azure resources by using a familiar file-system-like navigation with Azure drive (Azure:).
  • Edit PowerShell scripts in VIM with built-in syntax highlighting and IntelliSense for PowerShell files.
  • Add new commands from PowerShell Gallery that will persist across your Cloud Shell sessions.
Learn more about Cloud Shell by visiting the Cloud Shell documentation, and try it from the Azure portal. Azure Shell Powershell

Howto sync msExchHideFromAddressLists attribute to Office 365

 So today I had a customer witch has move there On-prem Exchange to Office 365 (Exchange online). The old Exchange server was long gone and therefore not more Exchange management tools. The customer wanted to hide a user form the global address list (GAL), and had found the msExchHideFromAddressLists attribute in the attribure editor on that user and set it to “TRUE”. However in the user still was showing up in the GAL.
 User properties
When I ran the PowerShell command to see the state of the msExchHideFromAddressLists attribute “get-Mailbox -Identity user@domain.dk | fl HiddenFromAddressListsEnabled” I the result : “HiddenFromAddressListsEnabled : False” back, witch was not what I where looking for. After some poking around I found a post on a MS forum, talking about this and it turned out the “msExchHideFromAddressLists attribute” was not being synced at all and it should be added to the Synchronization rule. You can do this with the “Synchronization Rules Editor” witch can by found on the server with Azure AD Connect install.
 Sync Ruld Editor
In the “Inbound” rule select “in from AD – User Common” click Edit and “No” to continue editing the current rule.
Sync Ruld Editor

Add msExchHideFromAddressLists attribute

Then select “Transformations” and click “Add Transformation” The new transformation should be : FlowType=Direct, Target Attribute=msExchHideFromAddressLists and Source=msExchHideFromAddressLists. Merge type=update. Then click Save. Now from Powershell, on the server with Azure AD Connect sync installed, type “Start-ADSyncSyncCycle -PolicyType Delta” and wait (I waited about 5-8 min.) for the update to take effect. You can the “get-Mailbox -Identity user@domain.dk | fl HiddenFromAddressListsEnabled” command, this should result in: “HiddenFromAddressListsEnabled : True”.
I hope you can use this information and thank you for reading. Leave comment below and have a nice day!

Azure Active Directory Application Proxy Connector Ports Test Tool

Here is a cool tool for trubleshooting connection to Azure AD. https://aadap-portcheck.connectorporttest.msappproxy.net/      

How to get one year Azure credits for free

 
Update: You can also get this benefit with Microsoft IT Pro Cloud Essentials Here is a quick tip if you want to setup a test lab or some test development i Azure for free. Normally you can get a 30 day Free Azure trial subscription but what if you want to test for more then one month? Azure is a big topic and will take most more then one month to test out. Good new! Microsoft have a 1 year free Azure subscription as well. There are some limitations but all in all I think that it perfect for testing in my lab.What you need to get the free subscription is:  
  • An Azure Account (If this you first time testing/trying Azure, I will recommend signing up for the free 30 day trial first and then add this one year free subscription when the trial runs out.)
  • Sign up for a free “Visual Studio Dev Essentials” account. BTW: You also get free 3 months pluralsight access here as well.
  Go the the “Visual Studio Dev Essentials” site and sign up with you’r Microsoft account (This is the same account you use for Azure) Then you can claim the $25 azure credit per month for one year. Now you can use the free credits to test all the great things in Azure :-). One limitation I have see is that not all locations are supported eg. I live in North Europe and wanted to use the datacenter here, but was limited to the West Europe datacenter, not a show stopper but a thing to note. 🙂   I hope you can use this post for some free testing in Azure. Leave a comment below and let me know what you think.
 Dev Essintials
Dev Essentials
 Not all
   

Installing Nano Server on non US windows

Today I wanted to try out the new Nano server the comes with Windows Server® 2016 Technical Preview 4. The installation steps has been improved much sins I tried Nano server in TP 2. The detailed information on deploying at http://www.aka.ms/nanoserver are good but I still had some problems setting up a Nano server VM on my Windows 10 in Hyper-v. First problem was the good old Execution Policies in Powershell. You need to allow RemoteSigned. To do that run this command “Set-ExecutionPolicy -ExecutionPolicy RemoteSigned”. Next problem was that I have a Windows 10 setup for Danish (dk-DK) keyboard and timezone, but not en-us as the default is in the “NanoServerImageGenerator.psm1”. In my case I got an error saying : The ‘da-dk’ directory does not exist in the ‘Packages’ directory (‘D:\NanoServer\Packages’). It is stated on the Getting started guide, some lines down that there is a -Language parameter (for example, -Language dk-DK) but on the Preview ISO there is only a en-us folder so you will have to use -Language parameter like eg : “New-NanoServerImage -MediaPath D:\ -BasePath .\Base -TargetPath .\Nano1\NanoServerVM.vhd -ComputerName Nano1 -GuestDrivers -Language en-us”

Installing Windows 10 using the media creation tool

Creating the media for a Windows 10 installations have never been easyer. You just have to download the Microsoft media creation tool from Microsoft and then choice installing on a USB or DVD/ISO file. You also have the option to upgrade the PC you are running the tool on.

To make a clean installation of Windows 10 I went with the old-school method of creating a ISO for burning on to at DVD.
First select if you want to install on the PC you are current on or another PC. MCT1
Then select Language, Edition (Home or Pro) and Architecture (32bit or 64bit or both). MCT2q  
 Now you will need to make the choice of USB or ISO. For USB you need a minimum 6GB stick on for a midia with both 32bit and 64bit you will need a dual layer DVD. MCT3  
 You will then have to wait for the bits to been downloaded. MCT4
 Lastly you can burn the ISO file to at DVD and you’re all done. 🙂 MCT5
 I hope you can use the mini guide and thanks for reading.
 

Recommended hotfixes, updates, and known solutions for Windows Server 2012 R2 Hyper-V

Microsoft Hyper-v         I found this list on a blog from Micosoft with recommended hotfixes, update and more for Window Server 2012 R2. Hyper-V: Update List for Windows Server 2012 R2 Also the KB from Microsoft points out some recommeded hotfixes and update for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments. Recommended hotfixes, updates, and known solutions for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments  

“StalledDueToMailboxLock” when migrating Publicfolder to Exchange 2013

Some time ago I moved a customers public folder from Exchange 2010 to Exchange 2013 CU5. I flowed this excellent KB from Microsoft http://technet.microsoft.com/en-US/Library/jj150486. But when I got to the part of finalizing the move I got this error when I ran “Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics” StalledDueToMailboxLock and a message that the job will resume i 5 minutes or so. It turns out that the information store was locking the PF mailbox, after a restart of the information store service the job completed 100% at the next retry.!