The following steps show how to Add the E5 Subscriptions in your 365 Developer Subscription. Follow steps to register for the developer subscription 1st
After the “Welcome to the Microsoft 365 Developer Program.”
Click Set up E5 Subscription
Follow the setup steps below:
Microsoft have a developer subscription option Microsoft 365 Developer Program FAQ | Microsoft Docs
“subscription is good for 90 days and is renewable based on valid developer activity. If you’re using your subscription for development, it will be renewed every 3 months and will last indefinitely.”
Set up a Microsoft 365 developer subscription | Microsoft Docs
Join the Microsoft 365 Developer Program | Microsoft Docs
Steps to setup – “Join the Microsoft 365 Developer Program today!”
Click : https://developer.microsoft.com/en-us/microsoft-365/dev-program
Joining the program and Create a new account (I Created a new email just for this developer work)
We then get presented with a Dashboard – Microsoft developer center and technical documentation
Time to Explore > click Microsoft 365 > Learn more > Join Now
Clicked “Join Now” and got a missing info prompt.
Join the Developer Program
Select an options
Now you are Setup. Continue to steps for adding E5 license
Scenario: Anyone using MCAS, Conditional Access, Window 10 Endpoints and Google Chrome.
Challenge: How do you get Google Chrome to be recognised by Azure Conditional Access policies.
Issue : Azure Sign In’s, by default will not see Google Chrome as Azure AD Joined.
Browser = Chrome & Joined Type = [Blank]
However, by default Microsoft Edge does report as Azure AD Joined
Browser = Edge & Joined Type = Azure AD Joined
Solution : chrome://extensions/
Conditions in Conditional Access policy – Azure Active Directory | Microsoft Docs
“For Chrome support in Windows 10 Creators Update (version 1703) or later, install the Windows 10 Accounts extension. This extension is required when a Conditional Access policy requires device-specific details.
To automatically deploy this extension to Chrome browsers, create the following registry key:”
Path HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist
Name 1
Type REG_SZ (String)
Data ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx
Or Add manually
Extension now appears for Windows 10 Accounts show below
Then the next Azure/265 Sign in with show Azure AD Joined using Google Chrome
How to remove the download, save as or print option from the MS Teams thick client application on unmanaged device, logged into your corporate tenancy via a conditional access policy.
Useful links:
Block Access From Unmanaged Devices To SharePoint
From SharePoint Admin Center > Polices > Access Control
Click Unmanaged Devices
Note “To use this setting, get a subscription to Enterprise Mobility + Security and assign a license to yourself. ” See Microsoft Endpoint Manager | Microsoft 365 for more information
Select Block Access > Save
Block Access From Unmanaged Devices To SharePoint Specific Sites and Limit access using PowerShell.
Examples block download, save and print on unmanaged devices for a specific SharePoint site (SharePoint, OneDrive)
Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS
What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:
Azure Active Directory security defaults | Microsoft Docs
How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save
Useful links:
Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine
Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)
Stephen Hackers – Exam PASSED – Managing Microsoft Teams MS700
#Teams #MSTeams #Exam #AlwaysBeLearning #MS365
Maintain groups in Azure AD with dynamic groups and set expiration settings.
Example scenario : Controlling remote access to sub contractors working on a short term project. The project owner should remove all access for sub contractors after the project completes
How to guide :
If we combine Dynamic Groups and Expiration settings, we can automatically populate groups and then invoke regular check to maintain groups are still required. Group owners will be reminded regularly to verify groups are required. Owners will have a better understanding of who has access and this help assist with your security policies.
Dynamic Group Example
Steps: Azure Active Directory > New Group > Type : Office 365 > Name, Description, Dynamic User > Owner > Dynamic user Members
Group Name : Sub Contractors – Set the value for department equals “Sub Contractor”
Dynamic User Members – Add Experssion
(user.department -eq “Sub Contractor”)
Configure Group lifetime / Expiration Settings
Steps: Azure Active Directory > Groups > Expiration > Days > No Owner email > Selected > Group > Save
“Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and PowerBI.” Info from the portal Expiration settings.
When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.
This example file is called HR.doc and is stored in OneDrive.
This is how we created an alert policy for file activity of the file “HR.doc”.
Open Office 365 Security & Compliance
https://protection.office.com/alertpolicies
Alerts > Alert Policies > New Policy
Options selected
Test the alert by trying to modify or access the file.
Result
Alert email notification as shown below.
This logs an alert which then should be reviewed and investigated
Action the Alert
If you’re doing some compliance investigation work, you may need to search a user’s mailbox for specific words.
This is how To Search Email Content in Office 365 Security & Compliance for a specific user which sent email containing a specific word then export results.
Reference guides – Content search
Microsoft Docs Content Search
Microsoft Docs Export Search
Content Search : How to search a mailbox for specific keywords and export the data
Mircosoft 365 Admin Center -> Compliance Admin Center
Content Search > + New Search
New Search > Keywords “Blog” example > Specific Locations > Modify > Choose Users, Groups or Teams
Enter users name > Select > Choose
Done > Save > Save & Run > Save Search
This search will trigger a default alert email to be sent out
Next step, Export the results
Unable to preview results problem or export?
If you cannot preview, you need to add a role to the user account, eDiscovery Administrator role (Example) or eDiscovery Manager for specific cases / Compliance Admin / Compliance Data Administrator
You must sign out and sign in for the groups to take effect.
Now back to the search
After the you can see the preview, now you can click Export
Click Export > ReportsOnly or Export > Copy to clipboard export key > Download report > Install eDiscovery Export Tool
Export tool installs
Use the Export Key and Set a directory.
File Downloads
Now you can open the report exported