User Profile
AlanBinHu
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Re: Azure Key Vault, what is the best practice when accessing is from Power Platform?
Just to close the loop, in the end I added the IP ranges from which Power Platform connectors will be connecting in my geography regions. Not ideal, hope in the future the Key Vault firewall supports Service Tags. Tested and everything works.1.1KViews0likes0CommentsAzure Key Vault, what is the best practice when accessing is from Power Platform?
Whenever we think about storing secrets, keys securely we use Azure Key Vault, but by default the key vaults are accessible from Internet, and when the client app is built in Power Platform there isn't a way to secure the Azure Key Vault with private endpoint, virtual networking, or firewall. So apart from the usual access policies, monitoring, and alerts, what other defence mechanisms we can utilize to prevent snooping eyes? The https://learn.microsoft.com/en-au/azure/key-vault/general/overview-vnet-service-endpoints#trusted-services list does not include Power Platform, as expected.1.2KViews0likes1CommentRe: Anyone knows a way to create a retention policy for EXO Inactive mailboxes?
VasilMichev It has been answered by Mark mailto:Johnson@MSFT https://github.com/MicrosoftDocs/microsoft-365-docs/issues/6549 You are correct to assume that you can't add an existing inactive mailbox to a retention policy. The guidance in this article implies that you would have to add a mailbox to a retention policy before the mailbox is made inactive. So the sequence would be to add active mailbox to an explicit retention policy and then make the mailbox inactive.1.5KViews0likes0CommentsRe: Anyone knows a way to create a retention policy for EXO Inactive mailboxes?
PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2} #Note: this LitigationHold is manually enabled PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds LitigationHoldEnabled : True InPlaceHolds : {} PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location Name : Retain mailboxes forever SharePointLocation : {} ExchangeLocation : {All} PublicFolderLocation : {} SkypeLocation : {} ModernGroupLocation : {} OneDriveLocation : {} TeamsChatLocation : {} TeamsChannelLocation : {} AdaptiveScopeLocation : {} PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2} #Note: this LitigationHold is manually enabled PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds LitigationHoldEnabled : True InPlaceHolds : {} PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location Name : Retain mailboxes forever SharePointLocation : {} ExchangeLocation : {All} PublicFolderLocation : {} SkypeLocation : {} ModernGroupLocation : {} OneDriveLocation : {} TeamsChatLocation : {} TeamsChannelLocation : {} AdaptiveScopeLocation : {} According to documentation https://docs.microsoft.com/en-us/powershell/module/exchange/new-retentioncompliancepolicy?view=exchange-ps -ExchangeLocation The ExchangeLocation parameter specifies the mailboxes to include. Valid values are: A mailbox A distribution group or mail-enabled security group (all mailboxes that are currently members of the group). The value All for all mailboxes. You can only use this value by itself. To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example: Name Distinguished name (DN) Email address GUID So the pain starts...... PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS" The specified recipient "DiegoS" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=42a03677-62f2-4792-a1b4-6e7d08d879d2,TimeStamp=8/10/2021 9:13:35 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] 3930D393,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistingishedName Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907 ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204 UserPrincipalName : DiegoS@ahu001.onmicrosoft.com PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistinguishedName Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907 ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204 UserPrincipalName : DiegoS@ahu001.onmicrosoft.com DistinguishedName : CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "426d751b-c0e4-4f14-b6ab-3897abd64907" Creating a new Remote PowerShell session using Modern Authentication for implicit remoting of "Set-RetentionCompliancePolicy" command ... WARNING: Your connection has been redirected to the following URI: "https://aus01b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.19041.1237" This operation requires a unique source object, but multiple objects have been found for the recipient "426d751b-c0e4-4f14-b6ab-3897abd64907". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=44ed850e-2bb9-4630-82da-14733e41fce6,TimeStamp=8/10/2021 9:18:50 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] 455E7C8D,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "e5364dd8-1716-468b-8e28-16731a7740df" This operation requires a unique source object, but multiple objects have been found for the recipient "e5364dd8-1716-468b-8e28-16731a7740df". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=ab2f2837-9a15-470d-89e6-16a87a3691e6,TimeStamp=8/10/2021 9:19:16 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] 75D0ECB8,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "f720391d-f654-40d7-a84e-c57a1c74d204" This operation requires a unique source object, but multiple objects have been found for the recipient "f720391d-f654-40d7-a84e-c57a1c74d204". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=80788e3c-3d66-4650-ad35-57a3ae467eb6,TimeStamp=8/10/2021 9:19:34 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] BD2815F1,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS@ahu001.onmicrosoft.com" The specified recipient "DiegoS@ahu001.onmicrosoft.com" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=3cde8e9a-a17b-4199-94bf-02959e663820,TimeStamp=8/10/2021 9:19:50 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] B9C63728,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM" The specified recipient "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=0ea3c23c-1f35-4266-936f-690389166c63,TimeStamp=8/10/2021 9:20:14 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] 1DEF8726,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com1.5KViews0likes0CommentsAnyone knows a way to create a retention policy for EXO Inactive mailboxes?
In the article section of "https://docs.microsoft.com/en-us/microsoft-365/compliance/inactive-mailboxes-in-office-365?view=o365-worldwide#inactive-mailboxes-and-microsoft-365-retention-policies" it specifies: You might consider creating a Microsoft 365 retention policy specifically for inactive mailboxes. Here are some reasons for doing this and things to keep in mind. You can configure the retention policy to retain mailbox content only as long as necessary to meet your organization's requirement for former employees. It's a good way to identify inactive mailboxes because the retention policy will only be applied to inactive mailboxes. You are able to quickly identify the retention policy that's assigned to inactive mailboxes in your organization. This makes it easier to change the retention (or deletion) settings if necessary. It will also make it easier to permanently delete an inactive mailbox because you can remove it from the policy by using the Microsoft 365 compliance center. Otherwise, you have to use Exchange Online PowerShell to remove a Litigation Hold from an inactive mailbox or use Security & Compliance Center PowerShell to exclude an inactive mailbox from an organization-wide Microsoft 365 retention policy. If you create a Microsoft 365 retention policy specifically for inactive mailboxes, you can add a maximum of 1,000 mailboxes to the policy. If you're a large organization, you might have to create more than one Microsoft 365 retention policy to use for inactive mailboxes. These are exactly what my organization wants. However, I wonder whether it is possible to create a retention policy targeting all the inactive mailboxes. If so, what are the process to create such a retention policy. This article did not provide any feasible way to create such a policy. Could anyone advise whether it is possible and how this retention policy can be created? In https://docs.microsoft.com/en-us/microsoft-365/compliance/create-retention-policies?view=o365worldwide#configuration-information-for-exchange-email-and-exchange-public-folders It mentions: When you apply the retention settings to All recipients, any inactive mailboxes are included. However, if you change this default and configure specific inclusions or exclusions, inactive mailboxes aren't supported and retention settings won't be applied or excluded for those mailboxes.1.7KViews0likes3CommentsApp Protection Policies not support multiple accounts/profiles in Microsoft Teams apps
We would like to use MAM-WE (MAM without Enrollment) to manage Teams client on iOS/Android/Windows10, however with Teams' multiple account support, users can have one work/school account and a personal account in Teams app and the app protection policy will restrict the app without checking which account is currently active. Wonder if there is a solution?Solved8.9KViews0likes1Comment
Recent Blog Articles
No content to show