Outlook Credentials Flashing and Closing Constantly

Challenge : Outlook would connect to one MS365 mailbox but then started constantly flashing for authentication for the disconnected Hotmail mailbox, but the credentials window disappears before being able to click on the box to enter a password.

Cause : Unknown ? Clash of accounts? Glitch in the Matrix?

Solution : More of a workaround solution.

  • Close Outlook
  • Open Word > Create a blank document
  • File > Account > Sign Out

  • Then click sign in, Username and Password prompts. Log in and authenticate.
  • Close Word
  • Open Outlook and everything worked as normal.

“Encrypt” option in Outlook Error

Licenses and Limitations of Encryption and Exchange Online in you Microsoft 365 subscription.

Example Send a New message and there is an “Encrypt” button. Great feature but is there a gotcha you need to configure or another license version you require?

Slightly frustrating a button exists even if its not configured and gives your end users and error message.

“Your machine isn’t set up for Information Rights Management (IRM). To set up IRM, sign in to Office, open and existing IRM protected message or document, or contact your help desk.”

Reason

You created and new message in Outlook, clicked options, Encrypt, and Connect to Rights Management Servers and get templates

Solution

You received this message because RMS isn’t setup in your Microsoft 365 tenancy. Azure Information Protection is only included with certain licenses in Office 365. See License Data Sheet.

OME stands for Office 365 Message Encryption (OME).

OME is offered as part of “Office 365 Enterprise E3 and E5, Microsoft Enterprise E3 and E5, Microsoft 365 Business Premium, Office 365 A1, A3, and A5, and Office 365 Government G3 and G5.”

Microsoft provide this guide to choosing your activation method.

EXO V2 Module – Microsoft 365 Exchange Online – PowerShell Module

EXO v2 Exchange Online PowerShell Module download here

Some PowerShell commands to help you manage your Microsof 365 Exchange. 

More information on the Microsoft Site here

How to load the EXO v2 Module

Run PowerShell ( I used the ISE) as Administrator    (+ be connected to the Internet)

Install-Module -Name ExchangeOnlineManagement    #Execute this command

You will need to say “Yes to All” on Trust the repository prompt (Well that’s what I needed to do)

How do you connect to Exchange Online

Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath C:\temp\logs –LogLevel All

Enter your tenancy credentials

(This will work and prompt for MFA enabled accounts.)

Example EXO V2 PowerShell Commands

Example 1 – Return Mailbox details for a specific user command (Settings you might see in Active Directory)

Get-EXOMailbox -Identity <ENTER EMAIL ADDRESS HERE> -Properties DisplayName,EmailAddresses,Alias

Example 2 – Return Mailbox details for a specific user command ( Settings like MAPI & POP status, Email Addresses)

Get-EXOCASMailbox -Identity “< ENTER EMAIL ADDRESS HERE >” 

Example 3 – Check User Permissions

Get-EXOMailboxPermission -Identity “< ENTER EMAIL ADDRESS HERE >”


Example 4 – What Devices have accessed the mailbox.

This showed multiple devices and which supported remote wipe. If you are reviewing security footprint and what devices have access corporate email, this is a good starting point.

Get-EXOMobileDeviceStatistics -Mailbox “< ENTER EMAIL ADDRESS HERE >” -ActiveSync


Then finally how to Disconnect

DisConnect-ExchangeOnline

Then select “Yes to All”

Disconnected Successfully

Office 365 – Anti Malware Policy/ Mail Flow rule – Detected PS1 file – Email Attachment

A good starting point for this exercise was to find the Microsoft Post on Mail Flow rules to inspect message attachments. Available here. There is also a good reference page on common blocking scenarios.

Recently some of our users received received PS1 files as attachments. We wanted to raise awareness to our users about PS1 files by adding an additional disclaimer in emails received with PS1 attached file types.

If you try to send a PS1 file as an attachment, you will often get a notification, but it allows you to send the email.

Users of Outlook might receive the email still and be notified of a potentially unsafe attachment. Which is good. But what if they weren’t using Outlook?

Web Mail “Outlook” will give you a “No Entry” sign

Challenge : How do we create a mail flow rule to add a disclaimer to inbound emails with PS1 files attached?

How to Guide : Create Mail Flow Rules

Start in “Microsoft 365 Admin Center” and browse to “Exchange” Admin Center

You can created new rules by selecting “Mail Flow” > “Rules” > “+”> “Create a new rule”

This example Appends the Disclaimer when a PS1 file is recieved

Additional options (Optional)

Rule is configured

.. Test Mail example sent to a Microsoft 365 Exchange Mail box – Disclaimer added. See example screen shot below.

What is the difference in Microsoft 365 Enterprise Mobility + Security E3 and E5 Licenses

Today I’m looking at Microsoft 365 Enterprise Mobility + Security E3 and E5 Licenses and trying to work out which licenses I need and what the differences are. I’ve reviewed the guide on features and pricing, visit compare-plans-and-pricing

There are four key areas for Enterprise Mobility + Security:

  • Identity and access management
  • Managed mobile productivity
  • Information protection
  • Identity driven security

If you business it focused on Enterprise Mobility + Security E5 licenses but you need to save costs, its certainly worth reviewing what features your using and what is available / partially included in an Enterprise Mobility + Security E3 license. Microsoft would describe the differences as “Enterprise Mobility + Security E5 includes new and advanced security capabilities that make up our holistic and innovative approach to security for the mobile enterprise. Some E5 capabilities were previously only available as standalone products, such as Microsoft Cloud App Security, or as products in preview, such as Microsoft Azure Active Directory Identity Protection, Azure Active Directory Privileged Identity Management, and Azure Information Protection.”

A break down of the Key Additional Features in E5 and not in E3.

This is a quick break down of the additional features in the E5 license you don’t get in E3 currently. (Please check again, this is not a live feature list)

  • Risk-based conditional access (Explained further)
    • Register MFA – All Users
    • Password changed (High risk users)
    • Require MFA for medium to high risk users
  • Privileged identity management (PIM) – (Explained Futher)
    • Manage, Control and monitor important information or resources
  • Intelligent data classification and labelling (Azure Active Directory Identity Protection)
    • Automate the classification and labelling process ( Personal interpretation, not sure if that terminology is correct)
    • Azure identity Protection which can be leveraged in CA. Identity Protection Policies example
  • Microsoft Cloud App Security (Explained Further)
    • CASB Cloud Access Security Broker
  • Azure Advanced Threat Protection (ATP) – (Getting started with Azure ATP)
    • Detect, Identify Abnormalities, Advanced Attacks

So does you business have any other 3rd party tools already providing the features of E5? It might be worth noting some components Enterprise Mobility + Security E5 can be purchased separately, but the logic is a suite gives more value in a bundle.

Another good option to get hands on and try the full E5 license, why not run a PoC to see if the features of Enterprise Mobility + Security E5 with a free Trial (90 days offered when I wrote this)?

I hope this post helped, additional information is available direct from the Microsoft Site.

Apologise if any information is incorrect, this is just a personal review and no way related to Microsoft.

Office 365 – Alert Policy – Detected Malware in File – OneDrive or SharePoint

Security and Compliance Admin Center in Office 365 you can create alert policys.

Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.

Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy

I started by creating an Alert, selecting Threat Management & High Severity

Set the Trigger “Detected malware in file”

Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.

Then “Finish” you have the option to turn the policy on or off

View “Alert polices”

Office 365 Additional Security, Require MFA to Domain Join Devices in Azure Active Directory

How to enable the feature to prompt for Multi Factor Authentication when joining a device to an Azure Active Directory domain. We would also like to limit the number of devices a user can have to 5.

Start in Azure Active Directory Admin Center

Select Azure Active Directory > Devices

Under Devices click “Device Settings”

Now you can set the max number of devices per user and enforce MFA to join devices

Office 365 – Configure Users To Reset Non-Administrators Passwords

The support desk will require the function to reset users passwords in your environment. Their is a pre-configured role already available in Office 365. Follow these basic steps to assign the “Password Administrator” role to a user.

Open Azure Active Directory Admin Center > Select “Users”> Select a user> Click “Assigned Roles”>”Add Assignment” and Select “Password Administrator” role.

Office 365 How To Configure External Collaboration Settings with Domain Restrictions

In Office 365, how do you configure external collaboration settings but restrict certain domains from collaboration.

This is all configured under Azure Active Directory Admin Center.

A few clicks and your configured

User settings> External Collaboration Settings > Set the level of restrictions and Save. This example is restricting collaboration with *.outlook.com and *.hotmail.com domains

or if security if a higher priority over flexibility, Disable Members and Guests invite and set “Allow invitations only to the specified domains” Example :

How To Configure Office 365 Email Supervision

To allow another user to supervise a users outbound email, you will need to create a new policy under “Supervision”

Start by opening the “Security” center from the Microsoft Admin Center

Click “Supervision” and “Create”

Name your policy and click next

Add the users or groups. You have the option to select teams chats also. Untick if not required and click next

Select Inbound / Outbound / Internal to review

Select the % to review

Add the reviewers (Supervisors)

Review and Click Finish