User Profile
RGijsbersRademakers
Iron Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Re: How to add a URL not to rewrite into the Standard preset security policy for Safe Link?
Hi SRAJAKUMARM365AZURE, You can't change the detailed settings for neither preset security policies. The only thing you can change for these policies are the users, groups and domains the policies apply to. If you want more granular control, you will need to use Custom policy: Fundamentally, you can't modify the individual policy settings in the protection profiles. This is explained https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide#policy-settings-in-preset-security-policies I hope this helps. Regards, RuudRe: Update telephone notes in AD with powershell
Hi AresWare, I'm not sure how to get them al underneath each other, but you could try the following like in your starting post: $UserNamesCSV = Import-CSV 'C:\temp\users.csv' -Delimiter "," foreach($user in $UserNamesCSV){ $usersplit = $user.answer -split ';' | Out-String Set-ADuser -identity $user.user -replace @{info=$usersplit} } Regards, RuudRe: On Premise Exchange 2019- Issue sending to external addresses
Hi DoohickyMicky, The easiest way would be to add the example.com domain as an accepted domain to your Exchange Server. After adding it as an accepted domain, you can change the default email address policy to make the example.com domain the primary domain and apply the policy to everyone (https://learn.microsoft.com/en-us/exchange/email-addresses-and-address-books/email-address-policies/email-address-policies?view=exchserver-2019) After you applied the new settings, everyone will have a Primary Email address of email address removed for privacy reasons. If your send connector is scoped to only whatever.example.com, you should add example.com as well. If your send connector is not scoped, you should be fine and your email will be send to your ISP. To make sure that it's not marked as Junk, you should add an SPF record with the external ip address of your mail server to the public DNS of example.com. I hope this helps. Regards, RuudRe: Update telephone notes in AD with powershell
Hi AresWare, I'm assuming that your CSV file contains two headers: User and Answer. Your first line will import the the CSV file into the Variable $UserNamesCSV. The variable will automatically be created as an array with User and Answer. So, each line of $UserNamesCSV will contain a user with its corresponding Answer. Therefor there's no need for the $usersplit variable to be created. You can check that by calling $UserNamesCSV[0] which will show the very first line of the variable. $UserNamesCSV[1] will show the second line and so fort. Therefor you only need to loop through all the lines of $UserNamesCSV with the foreach statement to set the corresponding values. The script would end up looking like this: $UserNamesCSV = Import-CSV 'C:\temp\users.csv' -Delimiter "," foreach($user in $UserNamesCSV){ Set-ADuser -identity $user.user -replace @{info=$user.answer} } Let me know if that doesn't work. Regards, RuudRe: Using Get-AADGroupMember to show Groups only
Hi LeeGee76, Because the Azure AD PowerShell module will be deprecated later this year, I would focus on the Microsoft Graph PowerShell module to be future proof. You can use the following to get the list you want: Install-Module Microsoft.Graph.Groups Import-Module Microsoft.Graph.Groups Connect-MgGraph (Get-MgGroupMember -GroupId xxxxxxx | where {$_.AdditionalProperties.'@odata.type' -contains '#microsoft.graph.group'}).AdditionalProperties.displayName or $MemberGroups = Get-MgGroupMember -GroupId xxxxxxx | where {$_.AdditionalProperties.'@odata.type' -contains '#microsoft.graph.group'} $MemberGroups.AdditionalProperties.displayName The Microsoft Graph PowerShell generates the output a bit different from what you're used to. Most information is within the Additional Properties. I hope this helps. Regards, RuudRe: Finding computer names in a hashtable
Hi robmo, With the following statement, you're dumping all CanonicalNames indeed. $allADComputers.CanonicalName I think this should do the trick: $report = @() foreach ($computer in $computers) { foreach($comp in $allADComputers) { if($computer -eq $comp.Name) { $report += New-Object -TypeName PSObject -Property @{"ComputerName" = $computer;"ActiveDirectoryPath" = $comp.CanonicalName} } } } In the second foreach loop you'll retrieve the full record and only match on name in the if statement. In the report you can make use of the CanonicalName value for that specific computer entry. Regards. RuudRe: IMPOSSIBLE TO VERIFY ACCOUNT INFORMATION FROM THE MAIL APP EXCHANGE - IPHONE TRYING TO SIGN IN
Have you checked the AzureAD SignIn logs? There's an AzureAD App registration related to modern authentication for the apple mail app. You probably need to give consent to that app registration and add the user to it to be able to authenticate correctly. In the SignIn logs you should see SignIn failures to that app.Re: How do I restart a service - via intune
Hi AB21805 , Your detection script would look like this: #============================================================================================================================= # # Script Name: Detect_Stopped_Services.ps1 # Description: Detect stopped service #============================================================================================================================= # Define Variables $results = @() try { $results = Get-Service wildsvc if (($results.status -eq "Stopped")){ #Below necessary for Intune as of 10/2019 will only remediate Exit Code 1 Write-Host "Match" exit 1 } else{ #Service is still running Write-Host "No_Match" exit 0 } } catch{ $errMsg = $_.Exception.Message Write-Error $errMsg exit 1 } Your remediation script would look like this: #============================================================================================================================= # # Script Name: Remediate_Stopped_Service.ps1 # Description: Start the stopped Service #============================================================================================================================= try { Start-Service wildsvc exit 0 } catch{ $errMsg = $_.Exception.Message Write-Error $errMsg exit 1 } Regards, RuudRe: How do I restart a service - via intune
A few examples can be found here: https://learn.microsoft.com/en-us/mem/analytics/powershell-scripts In the try sections, you would put something like $result = Get-Service wildsvc If ( $result.status -eq stopped){ Write-Host "Match" Exit 1} Else { Exit 0 } The remediation script would then contain a Start-Service wildsvc Regards, RuudRe: How do I restart a service - via intune
Hi A, Depending on your license, you could make use of proactive remediations. You can create a detection script which will check if the service is running. If that's not the case, the remediation script will kick in which starts the service. More info can be found here: https://learn.microsoft.com/en-us/mem/analytics/proactive-remediations If you don't have the required licences, you could create a custom powershell script which deploys a scheduled task that regularly checks the service and starts the service if it's stopped. Regards, RuudRe: How to migrate ADFS servers to Azure while keeping a backup setup on-premise?
Hi David, That can definitely be done. There are several methods for that, depending on your configuration. Assuming you're using a single dns name for your ADFS environment. Something like sts.domain.com. If sts.domain.com is behind a load balancer, you can just configure your on-premises servers as passive servers in the load balancer. That way, these will not be used for authentication unless the servers in Azure are down. This would require a load balancer in front of your ADFS Proxy servers for the external authentication and a load balancer for your internal ADFS Servers for the internal authentication. Another solution would be to do it based on DNS. For the external authentication you would only create A records for your Azure hosted ADFS Proxy server in the public DNS for sts.domain.com. When the Azure hosted ADFS Proxy servers are down, you need to add the on-premises ADFS Proxy servers to the public DNS. For the internal authentication you would do the same. Only create a records for sts.domain.com that point to your Azure hosted ADFS Servers on your internal DNS servers. When the Azure ones go down, you would add your on-premises servers to sts.domain.com on your local DNS servers. Let me know if you have additional questions. Regards, RuudRe: How to migrate ADFS servers to Azure while keeping a backup setup on-premise?
Hi David, I do have experience with several different types of ADFS deployments, including deploying to Azure. You can find some architectural guidance here: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adfs I don't think it's a good idea to shutdown the on-premises servers. If these servers are shutdown too long, they will loose their device trust to the domain. Is there a specific reason you want to shutdown the on-premises servers? Regards, RuudRe: Upgrade a cloud pc (Windows 365) - Help Please
Hi druhorman , You're welcome, happy to help. Gen1 and Gen2 is related to your image. You can use Gen1 and Gen2 custom images with Windows 365. If you don't use custom images, you don't have to worry about that. Otherwise, you can check your custom images and validate if you're using Gen1 or Gen2 images. You can also convert a gen1 image to a Gen2 image as described https://learn.microsoft.com/en-us/windows-365/enterprise/device-images-convert-generation-2 Regards, Ruud
