An important security concept that has cropped up over the past few years is Multi-Factor Authentication (MFA). Its predecessor, 2 Factor Authentication, has been around for decades but has become less common recently due to some inherent flaws. Put simply, both techniques improve security, but how? To get to that, let’s go through the MFA acronym backward, so I can explain how things come together.…
Probably the most annoying thing about email security these days is the fact that there are still organizations out there that don’t offer TLS encryption on their SMTP servers. In my opinion, we are well past the point where this should be enabled on all servers. It’s a very simple configuration change that takes no more than 5 minutes to enable.…
Update: Due to some changes in how MS handles MFA in O365, I’ve had to completely re-write this article. Updated instructions follow.
MFA in O365
Office 365 MFA is probably the best thing to enable for securing the environment. Microsoft has gone through a number of iterations on setting this up, but has finally ended with the existing settings.…
This post will go over some of the many errors that occur when attempting to move a mailbox to Office 365. The error messages you see are discovered when showing the details of a failed migration and then clicking on a failed user in that migration.
Issues
1. “You can’t use the domain because it’s not an accepted domain for your organization”
Office 365 will not accept migration of a mailbox if that mailbox has an email alias that includes a domain that doesn’t exist in Office 365.…
The Problem
A very common issue when moving an organization from an on-premises Exchange environment to Office 365 is non-usable domain names. The issue happens because a domain name of the Active Directory Domain has one of these issues:
- The Domain used by AD is not “owned” by the organization. This issue happens when a company decides to use a specific domain name on their Internal network when they have either lost control of that domain name or never had control of it.
*Deep movie announcer voice* In a world where Email must go through arises a new hero! Only he could fully apply the changes made to receive connectors without destroying the WORLD!
Okay, not really. But I wrote a script that will run through all of the Exchange servers in an environment and restart the transport servers on each.…
For those of you who are still working with a significant on-prem Exchange environment, you are probably in need of a good script to go through the admin logs (IIS Logs, Exchange Functional Logs) to clear things up on occasion. Those logs can take up a lot of space very quickly, so a regular process that does it for you is a big time-saver, and will keep you from running into those horrible midnight inadequate space notices.…
There are lots of permissions that can be delegated in Intune/Microsoft365 Device Management. Understanding what each of those permissions is for and when to assign them is, therefore, a little difficult. With this post, I’ve gone through the task of outlining all of the delegate permissions in Intune as of September 2019. I’ll try to keep this up to date, but if I fail to, just leave a comment telling me something has changed and I’ll get things fixed.…
So far, this guide has covered terminology and theory used to develop Delegated Administrator roles for Intune’s RBAC system and how to create users with limited rights to Intune in Step by Step: Intune Admin Delegation with RBAC #1
Next, we covered building RBAC scope tags and assigning those tags with device groups in Step by Step: Intune Delegation with RBAC #2
For this article, we’ll cover the creation of an actual Role in Intune.…
I was going to include this in part 3 of my Intune RBAC guide, but it’s a lot of stuff, so I’m making a separate post for it. With that said, here are the permissions you will want to set for a normal, run of the mill iOS and Android device manager in Intune. This permission set has no Windows device permissions, so you will need to add those if you want a management role for all devices.…