User Profile
manojviduranga
MCT
Joined Sep 02, 2016
User Widgets
Recent Discussions
Migrating large number of Nintex based SPS 2019 Workflows to SPO
Hi SP Brain trust, We’re migrating a SharePoint 2019 on-prem farm (200+ sites) to SharePoint Online, which includes massive 100+ Nintex workflows heavily used across the business and we’re working within a tight timeline which makes it a massive challenge to go down the modernisation path. Has anyone migrated a large number of Nintex workflows (100+ ) from SharePoint 2019 to SharePoint Online using 3rd party tooling? What approach or tools did you use, how much manual rework was involved, and what was your overall success rate and effort like? Thank you!Re: Intune Connection Issues in Defender for Endpoint
Curious_Kevin16 Had the exact issue until yesterday. Microsoft article is not up to date and below is what you need to do. 1. Create a new EDR Policy, use "Onboard" option as "Auto from connector" is now deprecated by Microsoft. 2. For the device key, navigate to Defender portal --> Settings --> Endpoint --> Select following and download the package. 3. Open the zip file and copy the code this is a lengthy text which you have to copy. 4. Paste the key in the field "Onboarding (device)" 5. Onboarding will not occur through the connector and this is the new look of the automatic onboarding. Hope that helps.iPhone Unable to Add 365 Account After Password Change – Hybrid Exchange
Hi all, We have an Exchange Hybrid setup. All mailboxes are hosted in Exchange Online, and our on-prem Exchange server is only used for SMTP relay (e.g., for MFPs). One of our users is currently unable to add their account to their iPhone. It was working fine until a few days ago. The issue started right after the user changed their password. Since then, the Outlook app or Office apps on the iPhone doesn't accept the user's credentials. However, everything works perfectly fine on their PC and even on another test iPhone using the same credentials. It validate the credentials but then throws a generic error after entering credentials. What we’ve tried so far: Resetting the user’s MFA settings Resetting the password again Excluding the user from MFA temporarily Factory resetting the iPhone Despite all that, the issue persists. Since the account works on a different iPhone, and even a full reset didn’t resolve it on the affected device, I’m at a bit of a loss. Has anyone encountered this or have any ideas? Any suggestions would be much appreciated. Thanks in advance!Recover a Domain from an Old Microsoft 365 Test Tenant
Hi everyone, I’m trying to register my domain abc.com in a new Microsoft 365 tenant, but I’ve discovered that it was previously associated with a test tenant set up by a former colleague. I no longer have access to that old tenant and would like to reclaim the domain so I can use it in my current M365 environment. Has anyone tried any alternatives in addition to Microsoft support? Can Microsoft release the domain if I can prove ownership (via DNS or registrar)? Has anyone dealt with a similar situation, and how long does the process usually take? Appreciate any guidance or shared experiences! Thanks in advance.Exchange Server Vulnerability - Vulnerable Schema Class (CVE-2021-34470)
Howdy ! Exchange Brain Trust, Working with a customer who's fully on 365 with no Exchange servers left on-prem but the Vulnerable Schema Class exists from a previous implementation of Exchange. Even after uninstallation of all Exchange servers, the schema extensions made by Exchange to the Active Directory are not removed. Therefore, customer is currently vulnerable to CVE-2021-34470 and should execute this script to address this vulnerability. If anyone have dealt with this before or can help me clarifying what implications this change can have to the normal operations and future objects provisioning (or any risk at all to the environment), that'd be really appreciated!. Changes: Schema Modification If the -ApplyFix parameter is used, the script modifies the schema by clearing the possSuperiors propertyof the ms-Exch-Storage-Group entry. Thank you!Re: Exchange Hybrid Configuration Wizard error - root element is missing when connecting to 365
We had this issue for the last two days in one of our customers tenant. 365 service health have listed the advisory and it looks like a waiting game now. We had Microsoft support involved yesterday and spent a couple hours but they didn't pick this up. Thanks so much for initiating this thread.Admin quarantine option is unavailable for malware detected files in MDCA
Howdy! MDCA Brain Trust, I've configured Admin Quarantine location as per the following Microsoft guidance. Created a brand new SPO site and assigned it in the setting. It's been about 3 days (waited before I post this here as it may take a while to reflect the change). https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-admin-quarantine Admin quarantine option however, is still not available for Files detected by MDCA as malicious. Ideally, I should be able to Admin quarantine OneDrive, SPO files detected as malware. I can however, see the Admin Quarantine option in the governance actions in policies but, this isn't the option we're after. Also, Microsoft says MDCA will provision a new folder (See below) in the site which I don't see either. Has anyone experienced/worked around this issue? Appreciate any suggestions to sort this out! Thank you! ManojSharePoint site security configurations for Defender Cloud Apps Admin Quarantine Feature
Referring to Microsoft official documentation below which is very high-level, has anyone done/would recommend hardening or applying security measures to secure the SharePoint site dedicated for "Admin Quarantine" purpose?. It shouldn't be just as simple as creating a separate site and setting in the Defender portal as this should not be exposed to the rest of the organization, in my view. Shouldn't we at a minimum, restrict the permissions of the site? Official reference - Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn Any ideas are greatly appreciated ! Thank you!SharePoint Online Admins don't get the option to create sites from Start page ?
I have a requirement of disabling the normal users' ability to create sites in SharePoint online. Followed Microsoft official guide on this and unchecked the option as below. Reference - https://learn.microsoft.com/en-US/sharepoint/manage-site-creation?WT.mc_id=365AdminCSH_spo The problem is, this checkbox also takes off SharePoint Admin's ability to create sites from the start page (Admin page is fine) which is not ideal. Once checked off, anyone with "SharePoint Administrator" role assigned in Entra ID won't be able to create sites. SharePoint Admin Role Assigned: Behaviour: Create site option is gone. Knowing the role assignment can take up to an hour, I waited for extra long 24 hours only to find no luck. Is this expected (given that Admins can leverage Admin tooling to provision sites) or has anyone got ideas on what could potentially cause this? Appreciate any thoughts. Cheers! ManojSCPE and Trusted Root Certificate deployment for macOS
Howdy Folks, I'm trying to deploy a Wi-Fi Profile to macOS device group. As the first step is to get the root certificate in place, I've exported the root cert from our CA and created a Trusted Certificate profile using that cert file. Profile deployment status in Intune portal, shows successful but when I try to verify this in mac through Keychain, Root certificate is not visible in "System Roots", which is probably the reason why I see the SCEP certificate is untrusted?. Has anyone done this successfully? wondering what I might have missed here. Appreciate any ideas! Thank youRe: Enterprise Wifi Profiles Deployment for Non-User Based (Kiosk) macOS devices via Intune and NDES.
Hi LeonPavesic Very keen on this one as I'm facing a similar situation. I'd assume, {{AAD_Device_ID}} or {{AzureADDeviceId}} won't be recognized if the macs are AAD Joined (not Hybrid joined hence the device object is missing in local AD which apparently won't work in a NPS environment) Also, do you happen to know how would this work with non-user based (no user affinity) macOS devices in a NPS enabled environment ? Any thoughts anyone ? Cheers!Re: Exchange Server 2016 Security update version is not reflected in Management Portal or PowerShell
Thanks Dan_Snape for your swift response ! My concern is, why would it then show the build numbers inconsistently across these two nodes? They both have the latest CU (23) and SU (.32). If the AdminDisplayVersion does't show the SUs, I suppose it should still be the same for both servers. One of the nodes clearly reflects the SU build (15.01.2507.017) whereas the other is still sticks to the CU (15.01.2507.006) so it's still confusing to me. Thanks again for your response ManojExchange Server 2016 Security update version is not reflected in Management Portal or PowerShell
I've update a two node Exchange 2016 DAG environment with "August 2023 Security update (15.1.2507.32)" Everything went well and the control panel, Update History shows the relevant version but Exchange Management console/PowerShell. Control Panel: Correctly Shows updated Update History: Correctly Shows Updated PowerShell/Admin console: Still shows the old version I've tried restarts etc. with no luck. Has anyone faced this issue? Any inputs are greatly appreciated ! Thank you MKRe: Free-busy sharing across two M365 tenants (full cloud) doesn't work
VasilMichev Thanks for your swift response. Default permissions are on. FolderName User AccessRights Calendar Default {AvailabilityOnly} Calendar Anonymous {None} Back to basics, I'm wondering if cross-tenant free-busy sharing is even supported because none of the official documentation specify that point.Free-busy sharing across two M365 tenants (full cloud) doesn't work
I was hoping the Organization Sharing would allow two Exchange Online Tenancies (full cloud) to share calendar availabilities across. i.e. If user 1 in Tenant A trying to schedule a meeting with user 2 from Tenant B, user 1 in Tenant A should be able to see the availability of user 2 upfront in the scheduling window (just like how the availability works internally). I've created the relationship from Organization sharing (see below) using Microsoft's official guidance. Ref: Create an organization relationship in Exchange Online | Microsoft Learn Command used: New-OrganizationRelationship -Name "Contoso" -DomainNames "contoso.com","northamerica.contoso.com","europe.contoso.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel LimitedDetails This was done from both tenancies but the availability deosn't seem to work (see below. Greyed out question marks are the users from tenant B as user 1 from Tenant A tries to schedule a Outlook meeting). Has anyone implemented this ? am I missing anything here? any inputs are highly appreciated ! Thank youCan Purview recognize watermarks/labels applied via 3rd party tools?
Information Protection question here folks. We have a customer who's currently using a 3rd party tool to classify documents across their business. Does purview offer any capability to recognize existing watermarks/labels in the documents stored in SharePoint so that we can use these existing marking to classify content in Purview without overlapping (the idea is to gradually depart from the 3rd party and adopt Purview) ? Appreciate your thoughts ! Thank youExchange Online Mailbox Items Disappeared across all mailboxes??
One of our clients migrated their mailboxes from on-premises to EXO using a 3rd party tool as part of the staged migration process (the cut-over is not done yet as they're gradually doing pre-seed batch by batch). It all went well and after a few weeks, they noticed a significant decrease in the migrated mailbox items volume across all mailboxes which appears to be a purge and they have no clue of how/when it occurred. Here's a sample mailbox. If they do a content search, the result returns with reasonable volume of content but the number doesn't match with the actual EXO mailbox. Content search result: It should be more than 2GB Actual Mailbox status: Online archive is enabled but nothing has moved there anyway. We've checked the audit logs and found nothing relevant towards purge or move. Any idea what's going on here?
