0

End of Exchange 2019 Mainstream Support

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 Support Lifecycle Policy

Today marks the end of Exchange 2019’s mainstream support.  This will likely resurface the discussion about what do we do with on-premises Exchange, where is the next version and do we even still need Exchange Server if all mailboxes are in Exchange Online?  While there is a solution to removing the last Exchange Server from on-premises it does have it's caveats and considerations.  Please ensure … Read the rest “End of Exchange 2019 Mainstream Support”

1

Enable DMARC For OnMicrosoft.com Domains

Posted on by Rhoderick Milne [MSFT]
DMARC Record For onmicrosoft.com Domain

It is possible to add a Domain Based Message Authentication Reporting and Conformance (DMARC) record for your onmicrosoft.com domain in M365.

Is that a good thing?

Well, your viewpoint may depend on your experiences with this domain.  If you actually use the onmicrosoft.com domain to send email, then yes!  Adding the DMARC record enables the DMARC alignment check to pass and the mail to be successfu… Read the rest “Enable DMARC For OnMicrosoft.com Domains”

1

How To Generate File Hash Using Certutil

Posted on by Rhoderick Milne [MSFT]
Create File Hash using Certutil

Windows has the ability to easily generate a hash for a given file using the Certutil.exe utility.  Administrators may have previously used to this tool when they need to generate TLS certificates or to perform other tasks against AD Certificate Services.  As an example of the former, this was a common task for AD FS certificates as described in this post.

To generate the file hash we will use the … Read the rest “How To Generate File Hash Using Certutil”

0

Quick Tip – How Do I View The Deleted Objects Container

Posted on by Rhoderick Milne [MSFT]

Windows Server 2008 R2 Active Directory added the AD Recycle Bin feature.  This allowed for an easier way to recover from an “oops” moment when a small number of objects were mistakenly deleted.  The option to perform an authoritative restored remains to recover from mass deletion events.  The AD Recycle Bin can be enabled via the AD Admin Centre or AD PowerShell using the Enable-ADOptionalFeatureRead the rest “Quick Tip – How Do I View The Deleted Objects Container”

0

MDI Readiness Test Script

Posted on by Rhoderick Milne [MSFT]
MDI Test Readiness Script

Before deploying Microsoft Defender for Identity (MDI), administrators  traditionally have relied on the MDI Test Readiness script to validate domain controller prerequisites. The script is intended to catch configuration issues early, such as missing directory permissions or insufficient system resources, before sensor installation begins. However, a recent update has caused a question to be raise… Read the rest “MDI Readiness Test Script”

0

MDI–Assign & Verify Permissions To Deleted Objects Container

Posted on by Rhoderick Milne [MSFT]
Granting Permissins to Deleted Objects Containter for MDI

In Active Directory, the Deleted Objects container is a hidden location where objects reside temporarily after they have been deleted, before they are fully removed by the tombstone or recycle bin process. This container plays a critical role in object recovery and directory hygiene.  By default, permissions on it are limited and the container itself is often overlooked since it is out of sight.

Th… Read the rest “MDI–Assign & Verify Permissions To Deleted Objects Container”

0

Time To Stop Using The Legacy Azure MFA & SSPR Portal

Posted on by Rhoderick Milne [MSFT]
Legacy Azure MFA Portal - Time To Migrate

In today's threat landscape, passwords alone are no longer sufficient to protect access to cloud systems. Enter Multifactor Authentication (MFA): a security mechanism that requires users to present two or more independent validation factors—typically something you know (e.g. password), something you have (e.g. a mobile authenticator or hardware key), or something you are (e.g. biometric data)—befo… Read the rest “Time To Stop Using The Legacy Azure MFA & SSPR Portal”

0

MDI Sizing Tool

Posted on by Rhoderick Milne [MSFT]
MDI Sizing Tool

Deploying Microsoft Defender for Identity (MDI) requires more than just installing the sensor on a domain controller.  MDI demands careful capacity planning to ensure reliable performance and accurate threat detection. Each MDI sensor analyses authentication traffic, monitors Active Directory activity, and reports telemetry to the MDI cloud service. If the underlying domain controller is undersize… Read the rest “MDI Sizing Tool”

1

Using PowerCfg To Set Server Power Plan From Command Line

Posted on by Rhoderick Milne [MSFT]
Set Power Plan Via Command Line

Being able to automate and set Power Plan options via the command is useful for both automation and tasks on Server Core.  We can use powercfg.exe to control power plans - also called power schemes - to use the available sleep states, to control the power states of individual devices, and to analyze the system for common energy-efficiency and battery-life problems.

Below are multiple examples of the … Read the rest “Using PowerCfg To Set Server Power Plan From Command Line”

1

Unable To Access OWA Externally Via WAP 2019

Posted on by Rhoderick Milne [MSFT]
Unable To Access OWA - Still Working On It

After upgrading Web Application Proxy (WAP) to Windows Server 2019 you may run into an issue with certain applications that are published via WAP to the Internet.

In the below example the AD FS upgrade went well with no issues.  The AD FS farm and WAP servers were upgraded to Windows Server 2019 and all appeared to be going well.  Too well that was, as when the external tests were validated against… Read the rest “Unable To Access OWA Externally Via WAP 2019”