Items related to Office 365
Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.
Note that some links have KQL queries and IOCs related to that specific attack.
12-July-2022
Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure? Great! While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project. That will be true if all of the required planning, remediation and preparation was done. If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”
As part of your regular security and operations review, it is important to check and verify the configuration of Azure AD Connect. Ensuring the OS and Azure AD Connect are up to date is one aspect. In this post we want to look at the scope of objects which connect is synchronising. This is valuable for a few reasons. For example:
The error message "Sorry, that didn’t work. Please go back to office.com and try again” is probably one of the most vague that I've seen. It's up there with "please contact your administrator", which is fine unless you are the administrator...
The below is a repro of a case where all users were unable to sign into Office 365. They would receive the aforementioned "Sorry, that didn't work" message… Read the rest “Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys”
Despite the current versions of Azure AD Connect running the main synchronisation task every 30 minutes, there are still times when we want to force the task. As a result of this, a question was floated if that changed the existing schedule. If the next scheduled instance is in 10 minutes, and we run a manual task right now does that mean that another task will execute in 10 minutes?
In shor… Read the rest “Does Manually Running Azure AD Connect Change Schedule?”
In the Tailspintoys environment the AD FS Proxy was offline for month. It was unable to contact the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire. At this point the AD FS Proxy was "dead to me" as far as the AD FS server was concerned. The internal AD FS server was OK, the issue was just with the proxy.
Bummer....
How do we fix this? … Read the rest “AD FS Web Application Proxy Re-Establish Proxy Trust”
There have been some recent feature additions to Azure AD Connect. If we look at the Azure AD Connection Version History after a brief hiatus, there are newer versions as of March 2021. At the time of witing, the latest version is 1.6.4.0 and was released on the 31st May 2021.
There are multiple new features and changes in this build.
As more people are starting to use the Exchange Online V2 module (yay!), there are some new and different issues appearing.
In this case, the command to connect to the tenant was failing when App-Only authentication was used. A certificate was installed onto the machine where PowerShell was running.
The command used is shown followed by a glorious error.
Error Acquiring Token:
System.Exception:… Read the rest “Exchange Online App-Only Authentication Error AADSTS70011 Invalid Scope”
When running /PrepareSchema in an Exchange organisation with an existing Exchange Hybrid deployment you may run into an error which states:
"A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the /TenantOrganizationConfig switch"
This is shown below:
A similar issue will occur if you specify only /PrepareAD
Note that the /TenantOrganizationConfig switc… Read the rest “TenantOrganizationConfig Required When Preparing Active Directory”
When you try to install a PowerShell module or connect to the PowerShell Repository you may get the below error messages:
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
For make most glorious benefit engine of search:
PackageManagement\Install-Packag… Read the rest “Unable To Install PowerShell Modules – Unable To Download From URI Error”