User Profile
Technodude
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Prevent users from Syncing sharepoint document libraries from unmanaged devices
Almost 18 months on and still no answer to this problem which is a bit of a shame... so I'll re-write what I'm trying to achieve below:- We run a native O365/M365 environment with over 1200 users on AzureAD only. All our files are held in SharePoint/OneDrive. 500+ users are volunteers, using their own equipment that is not managed via Intune. Staff devices run ThreatLocker zero-trust protection that prevents any code running that hasn't been pre-approved by IT. Ransomware will most likely be picked up on an un-managed device being used by one of our Volunteers. Only files on the end-users local device will become infected as there is no LAN/Network to spread anything over. If a volunteer syncs a SharePoint site (using OneDrive for Business) onto their local device, we risk the contents of the SP site document library being affected by the ransomware encryption. I would like to do 2 things... Firstly - list all folders within SP libraries that are being synced and by which user. Secondly - block unmanaged devices from syncing any SP doc libraries. ...or block the use/login of OneDrive for Business on unmanaged devices. The first will assist me in identifying the scale of our current problem/risk. The second will mitigate the risk almost entirely. If I try to force our volunteers to install Intune management on their personal devices, they would undoubtedly leave us so this is not an option unfortunately. Any ideas would be very gratefully welcomed.2.8KViews1like0CommentsRe: Prevent users from Syncing sharepoint document libraries from unmanaged devices
Would love to know if this is possible as it fits in perfectly with a zero trust philosophy. We have over 500 volunteers using their own devices (unmanaged) that need access to SharePoint (via browser) but who present a ransomware risk if they sync SharePoint libraries. I don't want to disable sync on the individual sites/libraries as staff using InTune managed devices still need to access files offline.4KViews0likes2CommentsRe: Received-SPF: TempError (protection.outlook.com: error in processing during lookup of "domain-name":
I am getting this as well with delivery to .ph domains in the Philippines. Unfortunately it's the Banks and Legal firms that have followed strict process in how they setup DMARC (set to reject), and so DNS timeouts on the SPF lookup result in email being bounced back as undeliverable/rejected. We don't relay our outbound mail... all goes through O365. DNS for our sending domain is sat on Cloudflare.33KViews0likes1CommentRe: Direct Routing setup still not working or documented
Well... I logged a ticket with Microsoft at the same time as posting on here and they've been brilliant and got the issue resolved. So... for anyone reading this... 1) Microsoft are currently working on the documentation and hope to have it live soon. 2) The old CS- cmdlets are all included within the latest 2.5.1 module but... I had to do the following to resolve the issue.... Uninstall-Module MicrosoftTeams (to remove 2.5.1) Install-Module MicrosoftTeams (without version number) ... this errored and came back telling me I had the MicrosoftTeams module v0.9.6 already installed and to use -force to sideload the 2.5.1 module. Instead, I was asked to delete the v0.9.6 module from the location specified in the error message Afterwards, re-ran Install-Module MicrosoftTeams and it installed without error. Once installed I was able to run the CS- commands without issue. š1.9KViews0likes0CommentsDirect Routing setup still not working or documented
I am currently unable to add new users to our Direct Routing setup in MS Teams. This is broken since the S4B module was deprecated. Some basics... I am running Powershell v5.1 I have installed module Microsoft Teams v2.5.1 I am 'connected' to MicrosoftTeams module as a Global Admin who also has the S4B Admin role assigned (although it should need a separate role assignment). I have 'imported' the Microsoft Teams module I am trying to run: Set-CsUser -Identity "xxxxx@yyyyy.org" -OnPremLineURI tel:+44000000000 -EnterpriseVoiceEnabled $true -HostedVoiceMail $true I receive back: Set-CsUser : The 'Set-CsUser' command was found in the module 'MicrosoftTeams', but the module could not be loaded. For more information, run 'Import-Module MicrosoftTeams' If I try: Set-CsOnlineVoiceUser -Identity "xxxx@yyyy.org" -TelephoneNumber tel:+440000000000 I receive back: Set-CsOnlineVoiceUser : The 'Set-CsOnlineVoiceUser' command was found in the module 'MicrosoftTeams', but the module could not be loaded. For more information, run 'Import-Module MicrosoftTeams' 'Import-Module Microsoft Teams' has already been run and running it again does not provide any additional information. None of the cmdlet reference guides Microsoft have published even list the cmdlets from the S4B module that needed to be used for Enterprise Direct Routing so this leads me to ask... 1) When will Microsoft update the documentation for the new MicrosoftTeams module to include the full cmdlet list? 2) What commands 'should' I be using to add users to our Direct Routing and to grant OnlineVoiceRoutingPolicy (s)? Many thanks in advance to anyone who has the answers.Solved2KViews0likes3CommentsRe: Change User Number to Service Number
Mike Crowley Do you know what the process is for changing from a USER to a SERVICE number when using Direct Routing? I would like to think there might be some PowerShell script for this? The process you outline is what I use with a Business Voice tariff but I guess MS won't do that if a number is presented via a non-MS SBC route.11KViews0likes0CommentsRe: black screen is displayed on the client (after the user logs in with username and password)
StefanKi I'm getting the same issue. I use Intune Autopilot to push a single configuration (AAD only) to all devices. All devices are Surface Pro 4 so similar hardware. I successfully used Autopilot to roll out to 20+ devices over the last 2 weeks but yesterday, 5 devices came to a Black screen after login with just a mouse cursor. By sending an Autopilot Reset request it instantly moved the client off the Black screen and continued setup but, after completing it did another reset (as per the reset request) and then completed without issue. This is a bit annoying for the end user and now means I have to pre-warn the users that this may happen. It also breaks what was a seamless process. The fact that it 'was' working fine and then started Black screening suggests an issue at Microsoft's end? This is further backed up by the fact the Autopilot Reset kicks it back into life. The device is obviously in contact with Intune but no idea why it gets to this point and then stops. Hope this helps??13KViews0likes0CommentsRe: Have an O365 E2 subscription (non-profit) need about 25 licenses with email encryption.
Short answer... yes. You can just buy however many E3 licenses you need. To pick up on the other reply.. you will only get the extra features on the accounts you add the E3 licenses to.3.9KViews0likes2CommentsRe: Upgrade for non-profit organziation?
Easiest answer I can think of... Subscribe to 1x O365 E3 license for yourself and then allocate E1 licenses to all users. The E1 licenses are free for non-profits. I work for a mid sized non profit. We have 100x E3 but 1000x E1 for all our volunteers. We also have multiple Admins for Teams. Hope that helps.837Views0likes0CommentsRe: Is using DKIM with Office 365 email recommended by MSFT, and is there a simple way to enable it?
It can all be done through the Exchange Admin centre. Theres a menu option in the middle of the screen titled DKIM. Very simple process to implement and definitely recommended.1.1KViews2likes0CommentsRe: OneDrive for Business Makes It Easy to Request Files
C_the_S Happens so often! They were really pushing Secure Score at Ignite... I've been using it for 6 months, had a ticket logged for nearly 2 of those... it just doesn't work (numbers are all wrong) but would be awesome if it did!4.4KViews0likes0CommentsGlobal sensitivity label
I love the sensitivity label functionality and have been using it for about a year to encrypt, label and protect various documents. What I would like to do though is create a 'generic' label with a really discrete watermark in the footer (and no other functionality) and have this auto applied to every single document on our tenant. I can create the label but I have to have a defined 'sensitive information type' against which to apply it. None of these let me choose 'every document', I have to use some form of data pattern. Any way around this at all? Thanks in advance.1.1KViews1like1Comment
Recent Blog Articles
No content to show