Activating Privileged Identity Management Roles within PowerShell

As more and more organizations move to Office 365 the challenge shifts from “How do we get into Office 365?” to “How do we manage our data within Office 365?” Keeping your organization’s data secure inside the service is a major concern for many organizations, as well as for Microsoft itself.

To that end, Microsoft has put a lot of work into new features in both Office 365 and Azure that can help organizations better secure their data.  One of those features is Privileged Identity Management (PIM). PIM is a feature that allows Just in Time administrative rights to be assigned to Office 365 accounts. This means that it is no longer necessary to maintain accounts with administrator privileges always assigned. With PIM your organization can setup accounts for your Office 365 administrators that do not have administrative rights until they are needed. When an administrator in your organization needs to make changes within the service, they can request elevation of their account though an automated process.

Read More
Nathan OBryanComment
New Features in Microsoft Teams

Teams is Microsoft’s collaboration hub within Office 365. Teams was originally introduced as a direct answer to Slack, but it’s become a much bigger solution than that over the last two years it has been publicly available within Office 365.

According to recent numbers from Microsoft, Teams is now in use at more than 500,000 organizations across the world. With a new service of this scope there is going to be a long adoption period, while organizations wrap their collective heads around how to use a service like this. Hopefully this blog post will start that education and adoption process for a few more Office 365 customers.

Read More
Nathan OBryanComment
Unpublished Exchange Book Chapters

Sometimes things don’t go as planned.

I, and a few of my fellow Exchange MVP/MCM friends, tried to write an Exchange book. That book never ended up going anywhere, so now I have these chapters sitting on my computer that no one has ever seen.

I figure it’s time to publish them somewhere, so here goes. You can download these chapters at the link below. They are free, just click through the store and don’t put in any credit card information.

These chapters have not been edited, or cleaned up, or even read in over a year. Read them at your own risk.

https://www.mcsmlab.com/downloads

Read More
Nathan OBryanComment
How to track Office 365 guest users

Office 365 and Azure are where many enterprises do their work, and IT pros need to understand how to keep these tenants secure.

As Office 365 has continued to mature, Microsoft has added more options to share information and work with people outside your organization.

However, inviting external users opens the company to some degree of risk when an outsider gains access to your organization's data. This tip will cover the ways to monitor Office 365 guest users to see who has access to what data and how to modify those rights.

Read More
Nathan OBryanComment
Exchange 2019 on Windows Server Core - Installation Guide

The current version of Exchange can, and in most cases should, be installed on Windows Server Core. Windows Server Core is a version of the Windows Server operating system that does not have a Graphical User Interface (GUI). Since “windows” are well ingrained into the administrative habits of most of us Windows Server administrators, it’s reasonable to expect that most Exchange administrators are going to be a bit hesitant to go down this route.

In this blog post I’m going to look how to install Exchange 2019 on Server Core, the reasons why you should be installing all your new Exchange servers on Server Core, and how using Server Core is going to make you a better administrator.

Read More
Nathan OBryanComment
Compliance with GDPR in Exchange requires extra effort

Regulation covers and what they can do with their messaging platform to maintain compliance.

The General Data Protection Regulation (GDPR) protects the personal information of people living in European Union (EU) countries by setting rules on how that data can be collected, used and stored. Compliance with GDPR affects IT professionals who work in organizations with an EU footprint no matter where they are based. For example, if a U.S. company falls victim to a data breach that leaks the personal data of EU citizens, then that company could be penalized heavily as a result.

Read More
Nathan OBryanComment
Thinking About Exchange 2019?

In October of last year Microsoft released a new version of on-premises Exchange server. Here at the ENow's Solution Engine blog, we realized we had a lot we could cover. Normally I focus mostly on writing about Office 365 and Azure features and updates, but I think there is still room in the blog-o-sphere for a post about on-premises software too.

Since Exchange 2019 came out almost 3 months ago, I don’t see a lot of point in doing another blog post that lists “What’s New in 2019.” I’m going to try a slightly different approach here and assume that you’ve had a chance to review the new features in Exchange 2019. If not, there are plenty of places to find that information already.

Read More
Nathan OBryanComment
Exchange Online - Recap of 2018 Updates

As we come to the end of 2018, or the beginning of 2019 depending on when you’re reading this, it seems like a good time to look at how Exchange Online has changed over the last year. It wouldn’t be too hard for an email administrator these days to think of Exchange Online as a static service. If you are not actively paying attention to the updates in the service, you may have missed some of the changes that have rolled out recently. I thought this would be a good time to take a quick look back at some of the more important changes that have come into Exchange Online.

In this blog post, I’ll give a quick overview of three new features for Exchange Online. I’m not going to go into a full implementation guide for any of these features, but I will link to the appropriate documentation for each of these new features.

Read More
Nathan OBryanComment
Deploying Windows Hello for Office 365 or Hello World for Office 365

Having grown up with personal computers in the 70s and 80s my introduction to computer science was a simple two-line program.

10 PRINT "Hello, World!"
20 END

I’m sure that most of those who read this blog post will have started their career in a similar manor. Our next step was often to modify this program to repeat “Hell, World!” infinitely, then modify it again to repeat that message a finite number of times.

Microsoft has evoked this heritage with the service it calls “Windows Hello” and the related (but much more clumsily named) “Windows Hello for Business.” These services are a new way to authenticate to your computer, your Active Directory, your Office 365, and your Azure resources. The Hello services are one of the foundational pieces in Microsoft’s strategy to move us away from an authentication model that is dependent on usernames and passwords. In this blog post I’m going to explain what the Hello services do, and what you’ll need to deploy them in your organization.

Read More
Nathan OBryanComment
Conditional Access in the Field - Part 2

In part 1, I talked about some of the basics for Conditional Access. In this blog post, I’ll walk through the technical settings to get it working for an example user I’ll call “John Tester”.

Configuring Conditional Access for “John Tester”

For the purposes of this blog post, John is an end-user who works both in and out of the Office. We’ll say John is on your sales team, and he needs to be able to access Office 365 resources from the road as well as from the office.

For this example, we’ll say that your security team has decided that users logging into Office 365 resources outside of the corporate network need to setup and use Multi-Factor Authentication, but that they don’t need to be bothered with the extra authentication steps of MFA when they are in the office.

Read More
Nathan OBryanComment
conditional Access in the Field - Part 1

Securing your data in Office 365 can be a challenging task. The problem is that using user names and passwords as the basis of our authentication protocols is not a very successful way to run our technology.

One of the major failings of the username and password system is that it does not include any awareness of the situation in which a user is attempting to authenticate. A user may be trying to authenticate from a new location or may be attempting to authenticate to access an unusual set of data. There are a lot of situations where it may be prudent for the authentication process to be more or less involved.

As more and more organizations move to a cloud based IT infrastructure, security is becoming more of a concern. By definition, cloud-based IT resources are available to be accessed from anywhere on multiple device types. While this convenience is valuable, it can also be dangerous.

Read More
Nathan OBryanComment
Breaking down the Exchange Online vs. on-premises choice

The continuous feature release model of Exchange Online might be a boon for some, but others might consider the need for constant training to be a detriment.

We all know the cloud is there, but how does an organization determine if a move from an on-premises platform is the right one?

Many companies currently using Exchange Server cannot escape from the siren call of the cloud. Untold numbers of organizations will weigh the pros and cons of Exchange Online vs. on-premises Exchange Server. There are many reasons to move to the cloud, just as there are ones to stay put.

Read More
Nathan OBryanComment
Intune Explained

Intune was born as Microsoft’s Cloud based Mobile Device Management platform. Since then, it has grown into a management platform for both mobile devices and P.C.s. Intune can now manage iPhone, Android, Windows Phone, and some versions of Windows. It’s clear that Microsoft intends to grow Intune into a complete cloud-based device management platform.

The process of planning for an Intune roll out can be difficult. The features and functionality within Intune are ever evolving, so knowing how to deploy Intune effectively takes some studying. In this blog post, we’ll provide an introduction into Intune's current capabilities. We will test out what Intune can do to make your data more secure in a “Cloud First, Mobile First” world. 

Read More
Nathan OBryanComment
Office 365 Message Tracking Improvements

Microsoft has been working on improving the message tracking experience in Office 365. In this blog post we’ll look at the new message tracking features that are available in Office 365, and compare how the new interface is different from the old message tracing feature.

Message tracking within your messaging environment is the easy part. Office 365 keeps track of messages as they move around your tenant, and it gives you access to that data. So message tracking is very useful for finding out what happened to messages that were sent to your tenant, or that were sent within your tenant.

Read More
Nathan OBryanComment