Office 365 Password Policy returns Empty Values in PowerShell

o365-logo1Regular readers will be aware of a script I wrote some time ago to remind people to change their password, sending them an email when it was due to be changed. I wanted to extend this up to Office 365 but at the time, when I checked it out the relevant data was not exposed by using the Get-MSOLPasswordPolicy cmdlet. Or so I thought.

Whilst chatting with co-conspirator Tim Barrett yesterday he sent me a link to Spice Works where someone named bbeckers had indeed published a modified version of my original script that was talking to Office 365, and, to my surprise was dated back in 2016.

Of course I wanted to try it out, but on my production tenant, the information returned from Get-MSOLPasswordPolicy was an error saying ‘You do not have permission to call this cmdlet’

Read more of this post

Quick Fix : Clean-up Duplicate Remote Web Access Certificates

SSLI noticed this thread in the forum a while ago, and setup a Lab network to reproduce it. Sure enough after a few days, my local machine certificate store is full of duplicated certificates.

The issue only seems to affect Essentials 2016 and only if you are using the free remotewebaccess.com certificates.

The issue is also discussed here on the MCB Systems blog.

Unfortunately for me work took over and i was not able to spend any more time on it, and with responses from Microsoft for any Essentials related issue being, shall we say, pedestrian, i wont be holding out any hope of a fix soon.

Read more of this post

Solarwinds MSP Script Check – Spectre

Ah, Mr Bond I have been.. no that’s a different Spectre.

If you are reading this then you will know what Spectre is. It is of course a new, vulnerability announced in nearly every device on the planet. Possibly some on Mars and the ISS as well. Definitely on many you look after.

Skipping over the technical details of the problem, which are covered in far greater detail and by those with far superior expertise elsewhere, I wanted to focus on a quick check I implemented for our MSP clients.

Read more of this post

Update to Windows Management Framework 5.1 on Windows 7

mslogo3Over the weekend i read this article about PowerShell Security in the Enterprise. I decided whilst reading it, i should probably make sure my clients machines have the latest WMF installed.

Assuming this was just a KB article i searched WSUS for KB and found nothing. Reading the blog article about the 5.1 release and then the Install and Configure guidance, we see that WMF 5.1 is released to Windows 7, but, manual steps are required to install it.

The download comes as a ZIP file with a PowerShell script (Install-WMF5.1.ps1) and an MSU for the architecture of the PC.

Read more of this post

Configure and Deploy Microsoft LAPS

IT Security is essentially a risk mitigation game. There is no such thing as a totally secure system, certainly nothing you can ‘set and forget’ and so we are left to decide what we can do, to best protect our systems.

We don’t want an unauthorised person to use our computer, so we use a password. We know passwords can be guessed, or cracked, so we choose more difficult passwords. More powerful attackers can crack more difficult passwords, so we use 2 Factor Authentication.

The list goes on and on and on, but with each risk we can look for a mitigation that works in our environment, knowing that there is nothing we can do to fully protect ourselves but we can make things as difficult as possible for a would be attacker, in the hopes that he or she may look for some lower hanging fruit elsewhere.

With that in mind we are going to look at managing the Local Administrator password for your client computers to help prevent lateral movement through your network.

Read more of this post

Using Office 365 to Protect Your Email

exchange-2014No doubt everyone reading this is familiar with spoofed email. Where an attacker crafts a message to appear as though it comes from a legitimate sender, in the hopes the recipient will reveal personal information or part with their hard earned cash.

With the rise in so called ‘spear phishing’, being able to effectively block spoofed email is no longer just desireable, it is critical.

Also bear in mind that whilst technologies like Sender ID and DKIM exist, they require both parties of an email to be using them for them to be effective.

You may think any domain you have moved to Office 365 recently is automatically protected by Exchange Online Protection however, like previous versions of Exchange, SenderID checking is disabled by default, as are advanced spam filtering and malware protection. Read more of this post

PowerShell Password Reminder Script Updated!

mslogoToday I finally released my updated version of the now infamous, PowerShell Password Reminder script.

It has been a long time coming, and I have tried to incorporate a lot of the feedback (if not all from the 230 Q&As from the TechNet Gallery.

Read more of this post

%d bloggers like this: