A finance department that I'm working with needs a way to archive a ton of Excel files before migration. They're using cross-file links in their formulas (e.g. =xlookup('OtherFile.xlsx',A1)) and were concerned that users would accidentally trigger a refresh after their data was moved into a new SharePoint tenant and change historical records.
They started the manual task of opening each Excel file, selecting all, copying, then pasting values. Lots of Ctrl+A, Ctrl+C, Ctrl+Shift+V, click, Ctrl+S, Ctrl+W.
To make this easier and faster, I created a VBScript that allows you to pick some files and break the links on all of them.
A company I work with is using BioEdit, an old application that's used for DNA sequencing. They recently moved to Intune management for all of their devices and needed this app packaged up for deployment to all of their Windows devices.
I couldn't find any information about this app for deployment or installation, so I had to figure it out on the fly. I wrote this guide for anyone needing to deploy this app in Intune.
Recently, a company I work with submitted a request to give users the ability to power off and deallocate their Azure Virtual Desktop VMs. They currently have the “Start VM on connect” feature enabled on the Host Pool, but there is no foolproof way to shutdown a VM and deallocate it at the same time. Users were clicking “Shutdown”, but this doesn't reduce the cost of the Azure bill and the company wanted to avoid having an Azure administrator make these power changes.
In general, regular users are not familiar with the Azure Portal and can't be expected to navigate through a series of blades to power off a VM. They also should not be expected to know the name of the Virtual Machine they're signed into to identify which resource they need to select.
To work around these issues, you can create a small shortcut on the Public Desktop in the AVD that sends a PowerShell command to deallocate the Virtual Machine. This solution works great for Personal desktop configurations because only one user is expected to be logged on at a time and no other users will be kicked off. Paired with the “Start VM on Connect” feature, users can have the ability to control their VM status and Azure will only allocate it when they need it.
This post will go through the steps for how you can implement this in your environment and give users the ability to power Azure VMs off and deallocate them at the same time.
The Temporary Access Pass (TAP) is a strong authentication method in Azure Active Directory that allows a user to bypass a second MFA method for a short period of time. This feature is intended to be used in both passworded environment and passwordless envrionments (FIDO2, Hello for Business). The TAP's primary use is to give users a temporary second factor for authentication while keeping your existing security controls in place. If a user knows their password, but doesn't have access to a second authentication method (new phone or phone number, network outage, travelling, etc), an Azure AD admin can generate a TAP code and relay it to them so they can sign in.
This post will discuss how to generate Temporary Access Passes in Azure AD and how users will sign in using this code.
Your organization may have a primary domain that's used for sending and receiving email (e.g. email@example.com), but you may also have other domains that aren't used for email routing (company.net, companywebsite.com). You or another administrator may have setup SPF, DMARC, and DKIM records for these externally facing domains that handle email, but there is still a risk of email spoofing attacks on your non-sending domains.
Without SPF, DMARC, and DKIM records in your DNS, there's a potential for anyone to send email as if it comes from your domain. This can cause you a huge headache as an administrator to clean up and organizations can lose brand trust from customers if they receive these emails.
To prevent this spoofing attack, all you need to do is add 3 records to your DNS config for each domain. These records are used by the recipient's email server to verify whether the sender is authenticated to use the domain. If the record check fails, the message is rejected and the recipient doesn't receive the email.
One of the most important pieces of an Azure Virtual Desktop rollout is to add a TXT record in your DNS service. This will allow users to discover their email address when they sign in to the Azure Virtual Desktop client for the first time.
A company I work with is looking to reduce the cost of their Azure environment. After a quick look, I noticed that they have a number of VMs that are running 24/7 and are not used all the time. Some of these VMs are user-facing and only need to be online during business hours during the week. Other VMs are used for batch jobs and are only used once or twice day. The rest of the time they sit idle, consuming resources and costing money.
Adding some logic to the VMs to start and stop them at certain times of the day can reduce your Azure spend and is easy to implement.