Controlling Autodiscover with the Registry or GPO

Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.…

Continue Reading →

Step By Step: Adding Email Phishing Report Button to Office 365

Email security is a war between security professionals and malicious actors. Security professionals are often following malicious actors and reacting to changes. Unfortunately, success in this war is dependant on information. To aid in that effort, every major security vendor that works in the email world has some way to report bad emails. Each report can be examined to figure out what techniques were used to bypass existing security.…

Continue Reading →

Step by Step: Enable MFA for All Users in Office 365

Update: Due to some changes in how MS handles MFA in O365, I’ve had to completely re-write this article. Updated instructions follow.

MFA in O365

Office 365 MFA is probably the best thing to enable for securing the environment. Microsoft has gone through a number of iterations on setting this up, but has finally ended with the existing settings.…

Continue Reading →

Intune RBAC – Delegate Permissions Explained

There are lots of permissions that can be delegated in Intune/Microsoft365 Device Management. Understanding what each of those permissions is for and when to assign them is, therefore, a little difficult. With this post, I’ve gone through the task of outlining all of the delegate permissions in Intune as of September 2019. I’ll try to keep this up to date, but if I fail to, just leave a comment telling me something has changed and I’ll get things fixed.…

Continue Reading →

Step by Step: Intune Delegation with RBAC #3

< Previous |

So far, this guide has covered terminology and theory used to develop Delegated Administrator roles for Intune’s RBAC system and how to create users with limited rights to Intune in Step by Step: Intune Admin Delegation with RBAC #1
Next, we covered building RBAC scope tags and assigning those tags with device groups in Step by Step: Intune Delegation with RBAC #2
For this article, we’ll cover the creation of an actual Role in Intune.…

Continue Reading →

Intune – Permissions for iOS and Android Devices

I was going to include this in part 3 of my Intune RBAC guide, but it’s a lot of stuff, so I’m making a separate post for it. With that said, here are the permissions you will want to set for a normal, run of the mill iOS and Android device manager in Intune. This permission set has no Windows device permissions, so you will need to add those if you want a management role for all devices.…

Continue Reading →

Microsoft 365 Content Search – Can’t Preview or Download Results

Problem

Here’s a problem that comes up regularly when running searches in the Microsoft 365 Security and Compliance portal (As of this date, these portals are scheduled to be separated with the upcoming changes to the admin portal). When you run a search, you can’t preview or download search results. In the search preview, you get this message: “to preview search results, please ask your compliance admin to grant you preview permission.”

Continue Reading →

AC Brown’s Cloud Guide – Part 4 – Cloud Service Providers

What are Cloud Service Providers

Moving from a traditional IT infrastructure to a cloud-based or hybrid infrastructure is a complicated undertaking. Cloud systems will reduce the level of control an organization has over their application, and getting the right setup is sometimes difficult. This is where Cloud Service Providers (CSP) come in. I should first point out that CSP is a Microsoft term for organizations that partner with them to provide migration, administration, architectural, security, and development services to their customers.…

Continue Reading →

AC Brown’s Cloud Guide – Part 3 – Shared Responsibility Model

What does “Shared Responsibility” Mean

“Shared Responsibility” explains the demarcation line between what a cloud provider controls and what a cloud consumer controls. In a traditional DIY IT environment, responsibility for everything rests entirely on the business and its IT personnel. Electricity, physical security, hardware, software, and everything else has to be purchased, installed, maintained, and administered by the company directly or through an intermediary.…

Continue Reading →