User Profile
Floyds_on_Greenwood
Brass Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Re: Intune - Remote Help - Licensing and Unattended Control
Thank you, NicklasOlsen. I didn't think to drill in to the Remote Help capabilities and requirements on Android for the unattended control ability in the MS realm. My bad. Do you or the forum know if MS has plans to include unattended control via Intune Remote Help for MS Windows 10/11/^ endpoints via a non-active user session (aka admin equivalent/support desk) from a Helper anytime soon? Thanks again.3.5KViews0likes2CommentsIntune - Remote Help - Licensing and Unattended Control
Greetings, First: Like others on the interweb I am struggling to find the value of this solution when it is necessary to license both the helper and sharer. ScreenConnect and/or other secure solutions offer more control and value - IMO. Microsoft - please reconsider the addin license structure and cost. Second Question: The Remote Help claims to offer unattended control. My expectation of this would be - the helper connects to the endpoint when there's no one (as sharer) logged in to approve the connection. Is this possible or not? Thank you,Solved4.5KViews0likes4CommentsRe: Microsoft Defender for Endpoint (MDE) P2 - Deployed to endpoints by only enabling Tamper Protection?
Hello, Thanks again for the help. Looks like a whole bunch of badgers needed the same solution as MS has a configuration in preview: We are going to take advantage of the Defender For Endpoint P1 and P2 mixed tenant (in preview) as it looks to address our needs and desired outcome. This is the PowerShell command we run to verify status. Get-MpComputerStatus | select AMRunningMode This article references Windows Server and Workstation OS'. I believe the ForceDefenderPassiveMode works with Windows 10/11 too? However, when Tamper Protection is turned on - it disables passive mode and changes the registry setting to 0 (active) from 1 (passive) https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide1.4KViews0likes1CommentRe: Microsoft Defender for Endpoint (MDE) P2 - Deployed to endpoints by only enabling Tamper Protection?
Hello rahuljindal. They were acquired before our EDR managed solution engagement. but.. we have 180+ license's for MDE p2. We show two assigned via the tenant (subscription products) assigned licensing. Likewise - reporting via Azure licensing reports the same. However, within the endpoints > licensing the report indicates: 255 /183 used. I will check with the team to ask if the onboarding to our tenant happens via Intune/configuration manager or scripted. Only ADDS joined "Windows" systems show as onboarded. There is currently no AV installed other then WDE/MDE. We intended, and still very much desire to use Windows Defender or MDE P1 as our AV on the endpoints - not P2. Since we have P2 licenses MS automatically deploys this as it is of a higher level than our P1 licenses. It looks like the options to set P1 specifically vs. the higher level P2 is available (in preview). https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide&tabs=mixed Below is the link I have used to discover the active / passive mode and relation to "Tamper Protection". https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide1.5KViews0likes3CommentsMicrosoft Defender for Endpoint (MDE) P2 - Deployed to endpoints by only enabling Tamper Protection?
Greetings. Our Tenant is predominately M365 E3. It is a hybrid ADDS/AZureAD with Configuration Manager and Intune (co-managed). We have a few MDE P2 licenses as well. Our desired outcome is to run MDE P1 or Windows Defender in basic AV passive-mode only. We have a non-MS EDR sensor product (CB). We also have some 3rd party endpoints, joined to our domain that have a different EDR (XDR). We had set up the GPO to run MS Defender in passive mode. Recently I discovered that the MDE on our endpoints was running in active mode. After digging and digging - It looks like one of our IT folks ran the endpoint device wizard on the tenant. This enabled "Tamper Protection". I did find some MS articles that mention if tamper protection is enabled - the MDE runs in "Active Mode". There are no M365 Defender endpoint rules or policy's configured. The only settings are those configured when running the initial endpoint security wizard, without specifying the options when doing so. Those under https://security.microsoft.com/securitysettings/endpoints then --- Settings > Endpoints > Advanced features. Most of these may have been disabled - but "Tamper Protection" remains enabled. My question is - If we tun off tamper protection - will our GPO reapply MDE in "passive mode"? --- Our desired outcome is to run MDE P1 or Windows Defender in basic AV passive-mode only. Thanks in advance.1.7KViews0likes5CommentsRe: Sending Limits External and Internal 300 messages and 30 Messages Per Minute?
Greetings, Re: Outlook sending limits I want to report back on the clarification I have received from Microsoft support. Sending an email to global distribution list created in the O365 Tenant / Active Directory is considered a single recipient. Sending an email to a personal distribution list created in a user’s contact list – is the aggregate of the recipients contained within. • Sending Limits External and Internal 300 messages and 30 Messages Per Minute? Yes • When a user sends more than 300 external emails in a day-They will be blocked. Is this correct? Yes • When a user sends more than 300 emails to internal recipients within their tenant in a day-They will be blocked. Is this correct? Yes • If the aggregate of internal and external emails exceeds 300 in a day -The user will be blocked from sending. Is this correct? Yes • When a user sends more than 30 messages within one minute to internal recipients within their tenant - individual users- They will be blocked and will need to resend. Is this correct? Yes • When a user sends more than 30 messages within one minute to external recipients: - They will be blocked and will need to resend. Is this correct? Yes • If the aggregate of internal and external emails exceeds 30 messages within one minute -The user will be blocked and the messages will need to be resent. Is this correct? Yes I hope this adds clarification.6KViews0likes0CommentsRe: Sending Limits External and Internal 300 messages and 30 Messages Per Minute?
Thanks for the KB. I have been reviewing that and thus - asked the question here to clarify. This is how I interpret the KB: Recipient limit: This is the maximum number of recipients allowed in the To:, Cc:, and Bcc: fields for a single email message. --KW: This is a DAILY (24 hour period) aggregate for all email recipients internal or external that are addressed as a recipient in an email(s). The daily recipient limit is not configurable and is set at a maximum of 300 by Microsoft. Tenant/Global DL's are a considered a single recipient, personal DL's are the sum of the aggregate of their membership. KW Message Rate Limit: This is the maximum number of messages that can be sent in one minute (60 seconds). This is the sum of the aggregate of internal or external recipients. The message rate limit is not configurable and is set to a maximum of 30 messages per minute (60 seconds) by Microsoft. Note For the purposes of the recipient rate limit and the recipient limit, a distribution group that is stored in the organization's shared address book counts as one recipient. In a personal distribution list, each recipient is counted separately. Recipient proxy address limit: The recipient proxy address limit is the maximum number of aliases (email addresses) that a recipient mailbox can have. Note One: Message rate limit: Message rate limits determine how many messages a user can send from their Exchange Online account within a specified period of time. This limit helps prevent over consumption of system resources by a single sender. If a user submits messages at a rate that exceeds the limit via SMTP client submission, the messages will be rejected and the client will need to retry. Note Two (in conflict with note one): footnote #4 When outbound message volumes surpass the message rate limit, any excess in message submission will be throttled and successively carried over to the following minutes. This will typically not block the sender's account, but Exchange Online isn't suited to accommodate bulk-mailing scenarios. For this use case, options 2 and 3 here are recommended instead.6KViews0likes0CommentsSending Limits External and Internal 300 messages and 30 Messages Per Minute?
I want to clarify the outcome/results for the following message sending limits. When a user sends more than 300 external emails in a day- They will be blocked. Is this correct? When a user sends more than 300 emails to internal recipients within their tenant in a day- They will be blocked. Is this correct? If the aggregate of internal and external emails exceeds 300 in a day - The user will be blocked from sending. Is this correct? When a user sends more than 30 messages within one minute to internal recipients within their tenant - individual users- They will be blocked and will need to resend. Is this correct? When a user sends more than 30 messages within one minute to external recipients:- They will be blocked and will need to resend. Is this correct? If the aggregate of internal and external emails exceeds 30 messages within one minute - The user will be blocked and the messages will need to be resent. Is this correct? Thank you7KViews0likes3CommentsADDS trusted forests.domains A. OnPrem EX2013 B.Office 365 into new ADDS and New 0365 Tenant?
Greetings. We have two company's (each with their own forest and single domain) that have operated in a trusted ADDS forest configuration. Each forest contains their own respective mail system. One has on-premise Exchange 2013. The other ADDS forest has O365 and uses Azure AD Connect to sync on-premise ADDS users to o365. These mail systems are utilizing Galsync (enow) to support cross forest GAL's. We are not (yet) using o365 SharePoint, one drive, or other 0365 services other than email. *We will later in the new named entity. We are now going to merge these two environments (ADDS forest(s) / domain(s)) into a new named ADDS entity (forest and domain) - and new o365 tenant. This new named entity will utilize many of the o365 offerings. I have migrated/merged trusted forests, and Exchange on-premise 2010/2013 systems together via ADMT and mailbox moves. This looks to be a bit more challenging. Has anyone performed a similar migration/merge? Would they be willing to share how they did it? Any insight, links, or thoughts are very much appreciated. I found something similar in a forum on reddit -https://www.reddit.com/r/Office365/comments/93f4oq/cross_forest_office_365_migration/ Thanks in advance,1.7KViews0likes7CommentsUsers Office 365 Outlook Crashing - Hyper-V with a VM RDS Server running on Server 2019 RDS
We have a brand new Dell R7515 with a new AMD EPYC Processer. The OS is Windows Server 2019 Hyper-V with a VM RDS Server running on Server 2019 Standard. We decided to go with a shared license Office Pro Plus installed on the RDS Server. Each user is licensed in O365 with an MS 365 Apps for Enterprise License. There was nothing special configured about each user's Outlook except Cached Mode was enabled since employees are using O365 Groups. Shortly after cutting over users, we found that some employees were experiencing crashes when sending emails outbound. The crashes appear to be completely random, unrepeatable and occur only a few times a day. The only consistent theme was 98% of the cases; the employee was hitting send right before the crash. Event Log Errors: Faulting application name: OUTLOOK.EXE, version: 16.0.13328.20356, time stamp: 0x5fa4af94 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xff00ffff Faulting process id: 0x39c0 Faulting application start time: 0x01d6bd0373b5916e Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: unknown Report Id: 1a3e6b0a-890d-4b30-b12f-1474c0ad8dc5 Faulting package full name: Faulting package-relative application ID: -------------------------------------------------------------------------------------------------------------------------------- Faulting application name: OUTLOOK.EXE, version: 16.0.13328.20292, time stamp: 0x5f976a62 Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5f925668 Exception code: 0xc0000005 Fault offset: 0x0005c7d4 Faulting process id: 0x6a70 Faulting application start time: 0x01d6bc4271fa08f9 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll Report Id: b68ac5e5-621c-435d-92cb-182d0771aa6e Faulting package full name: Faulting package-relative application ID: Steps Taken to Troubleshoot: Complete Reinstall ProPlus 64-Bit Complete Uninstall ProPlus 64-Bit Complete Install ProPlus 32-Bit Rolled back the version of Office using officec2rclient.exe /update user updatetoversion=16.0.12827.20470 Complete Uninstall of all Office and Reinstall of 32-Bit Disabled Hardware Acceleration Disabled Add-Ins Sfc /scannow dism online cleanup-image restorehealth Offline Chkdsk repair Brand new build of Server 2019 RDS Server with new 32-Bit Office install Host Firmware Updates Likely more that I cannot think of I attached ProcMon to Outlook.exe to monitor for System.Threading.ThreadAbortException or System.AccessViolationException. Today we experienced a crash at 9:01. Here were the exceptions recorded. [09:01:58] Exception: mailto:E06D7363.?AV?$windows_exception_impl@$0A@@@ [09:01:58] Exception: E06D7363.?AVOException@@ [09:01:58] Exception: E06D7363.?AVOException@@ [09:01:59] Exception: E06D7363.?AVOException@@ [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: mailto:E06D7363.?AVJson_exception@Json@Mso@@ [09:01:59] Exception: 40080201 CLR Version: vv4.0.30319 [09:02:00] Exception: E0434F4D.System.FormatException ("Input string was not in a correct format.") [13:57:27] Exception: E0434F4D.System.Threading.ThreadAbortException ("Thread was being aborted.") [13:57:27] Dump 1 initiated: C:\tools\OUTLOOK.EXE_201124_135727.dmp [13:57:29] Dump 1 writing: Estimated dump file size is 1317 MB.2.3KViews0likes1CommentWindows IPP Printer Driver - Issue with Printer Driver (Feb 8 23) Require Paper in Manual Feed Tray
We started to get support request in the last few weeks. This relates to our Ricoh 6004EX device. It could be others are having a similar issue? Related to the manual feed tray. If there’s no paper in the tray – the print driver on the PC reports, “Out of Paper” – but continues to print. The printer output is slower as there’s pauses between pages. Placing paper in the manual feed – resolves the error and speed issue. *The paper pulls from the correct tray as well. Using Direct TCP/IP print and the IPP driver or WSD and IPP driver.485Views0likes0CommentsOutlook Crashes when O365 emails are sent to or replied from365 groups?
We have discovered an issue when O365 emails are sent to or replied from 365 groups – Outlook crashes. Two different environments (unrelated entities) with the same issue. The issue has been occurring for quite some time (many months). Each troubleshooting team (different groups of folks) has tried everything under the sink to resolve it. The environments are: Entity A: RDS (2019 latest patches) Office 365 (latest version) x32 and x64 Entity B: Windows 10 devices (latest patches). Office 365 (latest version) x32 and x64 It only happens when a user is working with O365 emails sent to 365 groups and replying to them. Happens on different types of equipment ie surface, normal laptops, etc. Tried many different versions of Office (32 bit and 64). Office in safe mode and no addons does not change anything. New profiles (windows and Outlook), new computers, etc you name it.1KViews0likes0CommentsRicoh Devices - Cannot MS UP and PrintUp after wake?
Greetings, We have configured a few (3) of our Ricoh devices for MS Universal Print. Printing works OK. The next day after returning to the office - if we print - the print job fails to output on the printer. When I check the Print Up app on the device - it doesn't show as active. I log in to the device MOP as admin - open the Print Up app - and all is good. We can print again. That is, until the next day. The device does sleep after a period of time. Ricoh support has disabled the hard sleep. Is this a common problem? Anyone have a solution that we might try. I appreciate any help.Solved2.2KViews0likes5CommentsMS EWS EOL Soon - Team Export API M365 E3 option?
Greetings. Microsoft will EOL EWS from their service offering in the near future. Currently, an E5 license is required to acquire the Teams export API. Will Microsoft adapt the API licensing downward to M365 E3 plans or as a M365 E3 add on license? Thanks,1.8KViews0likes2CommentsShared Mailbox for 50 field users who have iPhones
Greetings. We have 50 or so field users with iPhones. These field users all use the same account to connect, via ActiveSync, to the 'field' mailbox. *The field mailbox is used for Contacts and Calendar on iPhones. Very seldom if ever to send or receive email. With our legacy on-premise Exchange we could utilize a 'field' Active Directory account to connect to this user account associated mailbox via ActiveSync. We did have to increase the maximum concurrent connections beyond the default limit- quite a bit actually. We are (forklifting our network) creating a fresh/new on-premise active directory domain (no on-premise Exchange) and using ADConnect to sync the AD User accounts to O365. It looks like we will not be able to increase the maximum concurrent connections in our O365 tenant to facilitate the same 'field' mailbox connectivity across these 50 or so mobile devices (iPhones). I am wondering if we can: Create a 'Field' user account in our ADDS. Create the O365 Mailbox for this ADDS Account. License the O365 account. Convert the O365 'field' user mailbox to a Shared mailbox. Connect to this 'field' shared mailbox using its associated ADDS/0365 account on all 50 of these iPhones using (preferably) ActiveSync without any concurrent limitations (full functionality without error). Is this possible? Will this work as we desire? Are there any concurrent connection limitations with an O365 shared mailbox using ActiveSync? What about The Outlook app using ews (i believe?).937Views1like1CommentHyper-V with a VM RDS Server running on Server 2019 RDS - Users Office 365 Outlook Crashing
We have a brand new Dell R7515 with a new AMD EPYC Processer. The OS is Windows Server 2019 Hyper-V with a VM RDS Server running on Server 2019 Standard. We decided to go with a shared license Office Pro Plus installed on the RDS Server. Each user is licensed in O365 with an MS 365 Apps for Enterprise License. There was nothing special configured about each user's Outlook except Cached Mode was enabled since employees are using O365 Groups. Shortly after cutting over users, we found that some employees were experiencing crashes when sending emails outbound. The crashes appear to be completely random, unrepeatable and occur only a few times a day. The only consistent theme was 98% of the cases; the employee was hitting send right before the crash. Event Log Errors: Faulting application name: OUTLOOK.EXE, version: 16.0.13328.20356, time stamp: 0x5fa4af94 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xff00ffff Faulting process id: 0x39c0 Faulting application start time: 0x01d6bd0373b5916e Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: unknown Report Id: 1a3e6b0a-890d-4b30-b12f-1474c0ad8dc5 Faulting package full name: Faulting package-relative application ID: -------------------------------------------------------------------------------------------------------------------------------- Faulting application name: OUTLOOK.EXE, version: 16.0.13328.20292, time stamp: 0x5f976a62 Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5f925668 Exception code: 0xc0000005 Fault offset: 0x0005c7d4 Faulting process id: 0x6a70 Faulting application start time: 0x01d6bc4271fa08f9 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll Report Id: b68ac5e5-621c-435d-92cb-182d0771aa6e Faulting package full name: Faulting package-relative application ID: Steps Taken to Troubleshoot: Complete Reinstall ProPlus 64-Bit Complete Uninstall ProPlus 64-Bit Complete Install ProPlus 32-Bit Rolled back the version of Office using officec2rclient.exe /update user updatetoversion=16.0.12827.20470 Complete Uninstall of all Office and Reinstall of 32-Bit Disabled Hardware Acceleration Disabled Add-Ins Sfc /scannow dism online cleanup-image restorehealth Offline Chkdsk repair Brand new build of Server 2019 RDS Server with new 32-Bit Office install Host Firmware Updates Likely more that I cannot think of I attached ProcMon to Outlook.exe to monitor for System.Threading.ThreadAbortException or System.AccessViolationException. Today we experienced a crash at 9:01. Here were the exceptions recorded. [09:01:58] Exception: mailto:E06D7363.?AV?$windows_exception_impl@$0A@@@ [09:01:58] Exception: E06D7363.?AVOException@@ [09:01:58] Exception: E06D7363.?AVOException@@ [09:01:59] Exception: E06D7363.?AVOException@@ [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: 40080201 [09:01:59] Exception: mailto:E06D7363.?AVJson_exception@Json@Mso@@ [09:01:59] Exception: 40080201 CLR Version: vv4.0.30319 [09:02:00] Exception: E0434F4D.System.FormatException ("Input string was not in a correct format.") [13:57:27] Exception: E0434F4D.System.Threading.ThreadAbortException ("Thread was being aborted.") [13:57:27] Dump 1 initiated: C:\tools\OUTLOOK.EXE_201124_135727.dmp [13:57:29] Dump 1 writing: Estimated dump file size is 1317 MB.Re: Does MS Defender with ATP require Intune?
Floyds_on_Greenwood We had planned to deploy MS Defender with ATP. However, that offering looks to require M365 E5 licensing? M365 E3 is our desired offering subscription. That could very well prove too costly for folks to absorb with a deployment over a number of users. Does MS have an offering outside of full cost of an M365 E5 subscription, and would deploy Defender with ATP coverage across 300-500 users? Thanks5.3KViews0likes2Comments
Recent Blog Articles
No content to show