User Profile
manojviduranga
Iron Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Exchange Server Vulnerability - Vulnerable Schema Class (CVE-2021-34470)
Howdy ! Exchange Brain Trust, Working with a customer who's fully on 365 with no Exchange servers left on-prem but the Vulnerable Schema Class exists from a previous implementation of Exchange. Even after uninstallation of all Exchange servers, the schema extensions made by Exchange to the Active Directory are not removed. Therefore, customer is currently vulnerable to CVE-2021-34470 and should execute this script to address this vulnerability. If anyone have dealt with this before or can help me clarifying what implications this change can have to the normal operations and future objects provisioning (or any risk at all to the environment), that'd be really appreciated!. Changes: Schema Modification If the -ApplyFix parameter is used, the script modifies the schema by clearing the possSuperiors propertyof thems-Exch-Storage-Group entry. Thank you!Admin quarantine option is unavailable for malware detected files in MDCA
Howdy! MDCA Brain Trust, I've configured Admin Quarantine location as per the following Microsoft guidance. Created a brand new SPO site and assigned it in the setting. It's been about 3 days (waited before I post this here as it may take a while to reflect the change). https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-admin-quarantine Admin quarantine option however, is still not available for Files detected by MDCA as malicious. Ideally, I should be able to Admin quarantine OneDrive, SPO files detected as malware. I can however, see the Admin Quarantine option in the governance actions in policies but, this isn't the option we're after. Also, Microsoft says MDCA will provision a new folder (See below) in the site which I don't see either. Has anyone experienced/worked around this issue? Appreciate any suggestions to sort this out! Thank you! ManojSharePoint site security configurations for Defender Cloud Apps Admin Quarantine Feature
Referring to Microsoft official documentation below which is very high-level, has anyone done/would recommend hardening or applying security measures to secure the SharePoint site dedicated for "Admin Quarantine" purpose?. It shouldn't be just as simple as creating a separate site and setting in the Defender portal as this should not be exposed to the rest of the organization, in my view. Shouldn't we at a minimum, restrict the permissions of the site? Official reference -Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn Any ideas are greatly appreciated ! Thank you!SharePoint Online Admins don't get the option to create sites from Start page ?
I have a requirement of disabling the normal users' ability to create sites in SharePoint online. Followed Microsoft official guide on this and unchecked the option as below. Reference -https://learn.microsoft.com/en-US/sharepoint/manage-site-creation?WT.mc_id=365AdminCSH_spo The problem is, this checkbox also takes off SharePoint Admin's ability to create sites from the start page(Admin page is fine) which is not ideal. Once checked off, anyone with "SharePoint Administrator" role assigned in Entra ID won't be able to create sites. SharePoint Admin Role Assigned: Behaviour: Create site option is gone. Knowing the role assignment can take up to an hour, I waited for extra long 24 hours only to find no luck. Is this expected (given that Admins can leverage Admin tooling to provision sites) or has anyone got ideas on what could potentially cause this? Appreciate any thoughts. Cheers! ManojSCPE and Trusted Root Certificate deployment for macOS
Howdy Folks, I'm trying to deploy a Wi-Fi Profile to macOS device group. As the first step is to get the root certificate in place, I've exported the root cert from our CA and created a Trusted Certificate profile using that cert file. Profile deployment status in Intune portal, shows successful but when I try to verify this in mac through Keychain, Root certificate is not visible in "System Roots", which is probably the reason why I see the SCEP certificate is untrusted?. Has anyone done this successfully? wondering what I might have missed here. Appreciate any ideas! Thank youExchange Server 2016 Security update version is not reflected in Management Portal or PowerShell
I've update a two node Exchange 2016 DAG environment with "August 2023 Security update (15.1.2507.32)" Everything went well and the control panel, Update History shows the relevant version butExchange Management console/PowerShell. Control Panel: Correctly Shows updated Update History: Correctly Shows Updated PowerShell/Admin console: Still shows the old version I've tried restarts etc. with no luck. Has anyone faced this issue? Any inputs are greatly appreciated ! Thank you MKFree-busy sharing across two M365 tenants (full cloud) doesn't work
I was hoping the Organization Sharing would allow two Exchange Online Tenancies (full cloud) to share calendar availabilities across. i.e. If user 1 in Tenant A trying to schedule a meeting with user 2 from Tenant B, user 1 in Tenant A should be able to see the availability of user 2 upfront in the scheduling window (just like how the availability works internally). I've created the relationship from Organization sharing (see below) using Microsoft's official guidance. Ref:Create an organization relationship in Exchange Online | Microsoft Learn Command used: New-OrganizationRelationship -Name "Contoso" -DomainNames "contoso.com","northamerica.contoso.com","europe.contoso.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel LimitedDetails This was done from both tenancies but the availability deosn't seem to work (see below. Greyed out question marks are the users from tenant B as user 1 from Tenant A tries to schedule a Outlook meeting). Has anyone implemented this ? am I missing anything here? any inputs are highly appreciated ! Thank youCan Purview recognize watermarks/labels applied via 3rd party tools?
Information Protection question here folks. We have a customer who's currently using a 3rd party tool to classify documents across their business. Does purview offer any capability to recognize existing watermarks/labels in the documents stored in SharePoint so that we can use these existing marking to classify content in Purview without overlapping (the idea is to gradually depart from the 3rd party and adopt Purview) ? Appreciate your thoughts ! Thank youExchange Online Mailbox Items Disappeared across all mailboxes??
One of our clients migrated their mailboxes from on-premises to EXO using a 3rd party tool as part of the staged migration process (the cut-over is not done yet as they're gradually doing pre-seed batch by batch). It all went well and after a few weeks, they noticed a significant decrease in the migrated mailbox items volume across all mailboxes which appears to be a purge and they have no clue of how/when it occurred. Here's a sample mailbox. If they do a content search, the result returns with reasonable volume of content but the number doesn't match with the actual EXO mailbox. Content search result: It should be more than 2GB Actual Mailbox status: Online archive is enabled but nothing has moved there anyway. We've checked the audit logs and found nothing relevant towards purge or move. Any idea what's going on here?Question on configuring SAM-R to enable lateral movement path detection
Hey Defender Peeps, Referring to this KB from MS -Configure SAM-R to enable lateral movement path detection - Microsoft Defender for Identity | Microsoft LearnSeeking some advice on "configuring SAM-R to enable lateral movement path detection in Microsoft Defender for Identity". Customer don't currently have the"Network access - Restrict clients allowed to make remote calls to SAM"policy defined within their environment, and unsure of the implication of doing so – assume by enabling the policy across their domain (excluding Domain Controllers) and adding the Directory Service account with Remote Access, any other accounts currently making remote calls to SAM will start failing?. The MS documentation around the policy setting itself mentions the ability to configure audit-only mode for the change, but applying that across the PROD environment means we'd be needing to look for 8 different event IDs across every server/workstation in every domain in order to figure out what other accounts are making remote calls to SAM and what (i.e. it will take a significant amount of time). Can someone advise what Best Practice would be followed for enabling the policy/what accounts should be added in addition to the Directory Service account? Any thoughts/advises are highly appreciated Thank you !!
