Step by Step: Enable MFA for All Users in Office 365

A new feature currently in preview for Azure AD is Conditional Access Policies (CAP) using pre-built policies. It is currently available for organizations with Azure AD Free (This is pretty much everyone that has Azure AD Connect enabled). Admins can now make use of four conditional access policies. The four policies are:

  1. Require MFA for admins
  2. End User Protection
  3. Block Legacy Authentication
  4. Require MFA for Service Management

For this article, I’ll go over how to enable policy number 2, which will force all users to register with MFA (within 14 days) and force an MFA check during “Risky situations.” I would also recommend enabling policy number 1 in addition.…

Continue Reading →

O365 Hybrid Migration Errors & Fixes

This post will go over some of the many errors that occur when attempting to move a mailbox to Office 365. The error messages you see are discovered when showing the details of a failed migration and then clicking on a failed user in that migration.

Issues

1. “You can‎’t use the domain because it‎’s not an accepted domain for your organization”

Office 365 will not accept migration of a mailbox if that mailbox has an email alias that includes a domain that doesn’t exist in Office 365.…

Continue Reading →

Step by Step: Add a UPN Domain in Windows Server

The Problem

A very common issue when moving an organization from an on-premises Exchange environment to Office 365 is non-usable domain names. The issue happens because a domain name of the Active Directory Domain has one of these issues:

  1. The Domain used by AD is not “owned” by the organization. This issue happens when a company decides to use a specific domain name on their Internal network when they have either lost control of that domain name or never had control of it.

Continue Reading →

Intune RBAC – Delegate Permissions Explained

There are lots of permissions that can be delegated in Intune/Microsoft365 Device Management. Understanding what each of those permissions is for and when to assign them is, therefore, a little difficult. With this post, I’ve gone through the task of outlining all of the delegate permissions in Intune as of September 2019. I’ll try to keep this up to date, but if I fail to, just leave a comment telling me something has changed and I’ll get things fixed.…

Continue Reading →

Step by Step: Intune Delegation with RBAC #3

< Previous |

So far, this guide has covered terminology and theory used to develop Delegated Administrator roles for Intune’s RBAC system and how to create users with limited rights to Intune in Step by Step: Intune Admin Delegation with RBAC #1
Next, we covered building RBAC scope tags and assigning those tags with device groups in Step by Step: Intune Delegation with RBAC #2
For this article, we’ll cover the creation of an actual Role in Intune.…

Continue Reading →

Intune – Permissions for iOS and Android Devices

I was going to include this in part 3 of my Intune RBAC guide, but it’s a lot of stuff, so I’m making a separate post for it. With that said, here are the permissions you will want to set for a normal, run of the mill iOS and Android device manager in Intune. This permission set has no Windows device permissions, so you will need to add those if you want a management role for all devices.…

Continue Reading →

Step by Step: Intune Delegation with RBAC #1

| Next >

RBAC

RBAC, or Role Based Access Control is a methodology for assigning permissions to users based on their job role(s). Administrative Rights delegation benefits from RBAC methodology by restricting rights to the people who need them without granting excessive permission. It contrasts with the most common AD access control methodology, Discretionary Access Control (DAC).…

Continue Reading →

Microsoft 365 Content Search – Can’t Preview or Download Results

Problem

Here’s a problem that comes up regularly when running searches in the Microsoft 365 Security and Compliance portal (As of this date, these portals are scheduled to be separated with the upcoming changes to the admin portal). When you run a search, you can’t preview or download search results. In the search preview, you get this message: “to preview search results, please ask your compliance admin to grant you preview permission.” In addition, there is no visible option for downloading anything other than an Excel based report for the search you perform.…

Continue Reading →

AC Brown’s Cloud Guide – Part 1 – The Basics

Cloud Concepts and Terminology

As a consultant who was working on Office 365 migrations shortly after it was released (well, renamed), I have worked on a log of migrations. Migrations are a always a project that can be difficult to manage if not done properly. As with any project, planning for a migration is extremely important.…

Continue Reading →