Right now, there's no ability in the Exchange Admin center to list all Shared Mailboxes that a user can access.
To work around this limitation, I wrote a simple PowerShell script to get all Shared Mailboxes, check if the specified user has permissions, then output the report to a .csv file.
Today, I received a request to generate a report of all SharePoint Sites that a user has access to. Currently, the SharePoint admin center portal only has the ability to see which users are members of a group. There's no ability for the inverse: Which Sites does a user have access to?
To do this, I wrote a quick PowerShell script to iterate through all sites, checks if the user is a Member, then outputs the list of sites to a .csv.
A company I'm working with is located in multiple countries and has added Multi-Geo licenses for Microsoft 365. Recently, we rolled out Orchestry to streamline requests and approvals for creating new Teams on behalf of staff.
Currently, one of the shortcomings of Orchestry is the lack of support for Microsoft's multi-geo capabilities. If you have a tenant spanning more than one location, you will need to manually move Teams that were provisioned in Orchestry after they've been created. The lack of multi-geo support is not great—a SharePoint Administrator is required to run PowerShell commands to manually move the site to bring it under compliance with any GDPR or other data governance requirements.
This post will detail the steps for a workflow that allows you to provision Teams in Orchestry and have them automatically moved to the correct location using a webhook and an Azure Automation Runbook.
A finance department that I'm working with needs a way to archive a ton of Excel files before migration. They're using cross-file links in their formulas (e.g. =xlookup('OtherFile.xlsx',A1)) and were concerned that users would accidentally trigger a refresh after their data was moved into a new SharePoint tenant and change historical records.
They started the manual task of opening each Excel file, selecting all, copying, then pasting values. Lots of Ctrl+A, Ctrl+C, Ctrl+Shift+V, click, Ctrl+S, Ctrl+W.
To make this easier and faster, I created a VBScript that allows you to pick some files and break the links on all of them.
A company I work with is using BioEdit, an old application that's used for DNA sequencing. They recently moved to Intune management for all of their devices and needed this app packaged up for deployment to all of their Windows devices.
I couldn't find any information about this app for deployment or installation, so I had to figure it out on the fly. I wrote this guide for anyone needing to deploy this app in Intune.
Recently, a company I work with submitted a request to give users the ability to power off and deallocate their Azure Virtual Desktop VMs. They currently have the “Start VM on connect” feature enabled on the Host Pool, but there is no foolproof way to shutdown a VM and deallocate it at the same time. Users were clicking “Shutdown”, but this doesn't reduce the cost of the Azure bill and the company wanted to avoid having an Azure administrator make these power changes.
In general, regular users are not familiar with the Azure Portal and can't be expected to navigate through a series of blades to power off a VM. They also should not be expected to know the name of the Virtual Machine they're signed into to identify which resource they need to select.
To work around these issues, you can create a small shortcut on the Public Desktop in the AVD that sends a PowerShell command to deallocate the Virtual Machine. This solution works great for Personal desktop configurations because only one user is expected to be logged on at a time and no other users will be kicked off. Paired with the “Start VM on Connect” feature, users can have the ability to control their VM status and Azure will only allocate it when they need it.
This post will go through the steps for how you can implement this in your environment and give users the ability to power Azure VMs off and deallocate them at the same time.
The Temporary Access Pass (TAP) is a strong authentication method in Azure Active Directory that allows a user to bypass a second MFA method for a short period of time. This feature is intended to be used in both passworded environment and passwordless envrionments (FIDO2, Hello for Business). The TAP's primary use is to give users a temporary second factor for authentication while keeping your existing security controls in place. If a user knows their password, but doesn't have access to a second authentication method (new phone or phone number, network outage, travelling, etc), an Azure AD admin can generate a TAP code and relay it to them so they can sign in.
This post will discuss how to generate Temporary Access Passes in Azure AD and how users will sign in using this code.
Your organization may have a primary domain that's used for sending and receiving email (e.g. bill@company.com), but you may also have other domains that aren't used for email routing (company.net, companywebsite.com). You or another administrator may have setup SPF, DMARC, and DKIM records for these externally facing domains that handle email, but there is still a risk of email spoofing attacks on your non-sending domains.
Without SPF, DMARC, and DKIM records in your DNS, there's a potential for anyone to send email as if it comes from your domain. This can cause you a huge headache as an administrator to clean up and organizations can lose brand trust from customers if they receive these emails.
To prevent this spoofing attack, all you need to do is add 3 records to your DNS config for each domain. These records are used by the recipient's email server to verify whether the sender is authenticated to use the domain. If the record check fails, the message is rejected and the recipient doesn't receive the email.
