MS-220 Study Guide

Troubleshoot mail flow issues (20–25%)

Troubleshoot Exchange Online mail flow issues

• review and interpret message headers

• review and interpret message trace results and policies associated with those results

• determine whether a transport rule or conditional routing rule is affecting mail flow

• identify rules that are evaluated and policies that are applied when sending or receiving email

• troubleshoot issues where users cannot send or receive email and no NDR is generated or displayed

• troubleshoot issues where mail destined for one tenant is incorrectly routed to another tenant

• troubleshoot delivery delays

Client Access Rules in Exchange Online | Microsoft Docs

A mobile device intermittently can't connect to Exchange Online (microsoft.com)

Exchange Online Device access rules

MS-200 Exam discount code

 Hi everyone.

I came across this code while searching for new exam content. My exam is booked for 9th May 2022. Good luck if you decide to book the discounted exam.

Cheers

PRINCE2 study notes

 PRINCE - Projects IN A Controlled Environment (2!)

BAU must continue so change to upgrade and improve otherwise we are standing still (actually retrograding performance)

Project performance variables:

1. Cost

2. Time

3. Quality

4. Benefits

5. Scope

6. Risk

Project Characteristics:

1. Change - d'uh!

2. Uncertainty - voyage into the unknown embarking on any new project

3. Temporary - project group forms and disbands

4. Unique - May be the same people and product but at a different time

5. Cross-Functional - varied skillsets require different SME's brought together

Powershell Graph

 The pace of change in the Microsoft SaaS space continues at its breakneck rate.

Next to experience this impetus is the retirement of the MSOL and AzureAD powershell modules.

We've used these to create reports on license usage and to reanimate accounts for mailboxes brought back from a deleted state.

We will have a new set of commandlets to learn but are promised greater speed and functionality by way of compensation.

Prequisites

Powershell 5.1 or 7 are required to use these commandlets.

Install-PackageProvider -Name NuGet -Force

Don't forget to set the execution policy to allow scripts to run otherwise these commands will not run

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Installation

Install-Module Microsoft.Graph -Scope AllUsers

Verify Installation

Get-InstalledModule Microsoft.Graph

If the installation was successful then connect using the following command

Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All"

OFFICE 365 MIGRATION FAILURES

MFCMAPI CORRUPT MAILBOX ITEMS

When mailboxes fail to onboard correctly, the two main reasons are invalid folder structures or corrupt mailbox items. This document will deal with the second scenario.

When the Exchange synchronisation engine is synchronizing folder structures, if it encounters any corrupt items and the baditemcount has not been modified, the action will fail with an error:

To solve this error we first need to attempt a mailbox repair using Powershell.

To monitor the restore request we need to examine the application context event logs on the mailbox server hosting the content. Examine the event logs and see the result of the repair request:

Attempt the onboarding request again and examine the migration log. Any failures are likely to be corrupt items in the folder referenced in the failure log. In this example, there are multiple, corrupt items in the deleted items folder.

It is likely that any attempt to delete these using Outlook will fail with the following message:

We will need to use the MFXMAPI tool to delete these objects. Download the latest stable binaries of MFCMAPI from Sourceforge: https://github.com/stephenegriffin/mfcmapi/releases/tag/18.2.18068.37 (correct as of 10/4/2018) Unzip the MFCMAPI and ensure that you have FullAccess permissions to the mailbox within Exchange. We will also need to ensure that we disable cached Exchange mode to allow full availability of all mailbox contents.

Create an Outlook profile in the usual manner and open MFCMAPI with elevated privilege. Then click Session and Logon:

Select your Outlook profile and click OK

Double click the object that is listed as the default store for the profile.

Expand Root Container > Top Of Information Store and right click the folder where the corrupted items are reportedly located and choose Open Contents table.

Locate the corrupted items from their time stamps and group select, right click and select Delete Message:

Select Permanent delete Passing DELETE_HARD_DELETE (unrecoverable) and click OK.

Now click Session and Logoff

Repeat the process until no migration errors are encountered when onboarding the mailbox to Exchange online.

Flexera Clean Machine procedure

This document will outline the process for running the Flexera Remote Repackager on a clean virtual machine.

Locate your Remote Repackager Setup file. This should be located in: C:\Program Files (x86)\AdminStudio\10.0\Repackager\Remote Repackager

You may want to provide this/deploy this to your developers or map a drive to the machine with Admin Studio installed for them to carry out the install.



  Set the Admin Studio Shared location. UNC path \\\Admin Studio Shared ought to do it.

Set the Repackager location. This will be your machine which has Admin Studio installed on it. Possibly a server. You require to provide the location as a UNC e.g. \\TestServer\AdminStudio\10.0\Repackager

You should now have the below shortcut on your VM’s desktop. This starts a wizard which creates an MSI snapshot of your Virtual Machine consisting of file changes detected during an application installation.

Best practice would be to stop the Windows defender service on the clean machine and reboot the machine

Graph API Teams User Activity Reporting

Creating a CSV file of Teams User activity

For tenancies with thousands of users, extracting usage data from Office 365 is no mean feat. This process will allow you to extract a CSV file that contains the usage data for thousands of users.

Make a note of the application ID:

App ID: 849232c6-f6dc-450e-892a-149982db63a6

Create a certificate to authenticate the app when it accesses user data in Azure:

You will need an Azure App Registration with the correct permission assigned:

Read All User Activity Data

# Your tenant name (can something more descriptive as well)

$TenantName        = "<tenancy_name>"

# Where to export the certificate without the private key

$CerOutputPath     = "C:\Temp\PowerShellGraphCert.cer"

# What cert store you want it to be in

$StoreLocation = "Cert:\CurrentUser\My"

# Expiration date of the new certificate$ExpirationDate    = (Get-Date).AddYears(2)

# Splat for readability

$CreateCertificateSplat = @{    

    FriendlyName      = "AzureApp"

    DnsName           = $TenantName

    CertStoreLocation = $StoreLocation

    NotAfter          = $ExpirationDate    

    KeyExportPolicy   = "Exportable"    

    KeySpec           = "Signature"    

    Provider          = "Microsoft Enhanced RSA and AES Cryptographic Provider"

    HashAlgorithm     = "SHA256"

                                }

# Create certificate$Certificate = New-SelfSignedCertificate @CreateCertificateSplat

# Get certificate path$CertificatePath = Join-Path -Path $StoreLocation -ChildPath $Certificate.Thumbprint

# Export certificate without private key

Export-Certificate -Cert $CertificatePath -FilePath $CerOutputPath | Out-Null

Upload the cert to Azure 

Ensure API permissions are granted in the app
Create an access token in Powershell

$TenantName = "<your tenant name>.onmicrosoft.com"
$AppId = "<your application id"
$Certificate = Get-Item Cert:\CurrentUser\My\<self signed and uploaded cert thumbprint>
$Scope = "https://graph.microsoft.com/.default"

# Create base64 hash of certificate
$CertificateBase64Hash = [System.Convert]::ToBase64String($Certificate.GetCertHash())

# Create JWT timestamp for expiration
$StartDate = (Get-Date "1970-01-01T00:00:00Z" ).ToUniversalTime()
$JWTExpirationTimeSpan = (New-TimeSpan -Start $StartDate -End (Get-Date).ToUniversalTime().AddMinutes(2)).TotalSeconds
$JWTExpiration = [math]::Round($JWTExpirationTimeSpan,0)

# Create JWT validity start timestamp
$NotBeforeExpirationTimeSpan = (New-TimeSpan -Start $StartDate -End ((Get-Date).ToUniversalTime())).TotalSeconds
$NotBefore = [math]::Round($NotBeforeExpirationTimeSpan,0)

# Create JWT header
$JWTHeader = @{
    alg = "RS256"
    typ = "JWT"
    # Use the CertificateBase64Hash and replace/strip to match web encoding of base64
    x5t = $CertificateBase64Hash -replace '\+','-' -replace '/','_' -replace '='
}

# Create JWT payload
$JWTPayLoad = @{
    # What endpoint is allowed to use this JWT
    aud = "https://login.microsoftonline.com/$TenantName/oauth2/token"

    # Expiration timestamp
    exp = $JWTExpiration

    # Issuer = your application
    iss = $AppId

    # JWT ID: random guid
    jti = [guid]::NewGuid()

    # Not to be used before
    nbf = $NotBefore

    # JWT Subject
    sub = $AppId
}

# Convert header and payload to base64
$JWTHeaderToByte = [System.Text.Encoding]::UTF8.GetBytes(($JWTHeader | ConvertTo-Json))
$EncodedHeader = [System.Convert]::ToBase64String($JWTHeaderToByte)

$JWTPayLoadToByte =  [System.Text.Encoding]::UTF8.GetBytes(($JWTPayload | ConvertTo-Json))
$EncodedPayload = [System.Convert]::ToBase64String($JWTPayLoadToByte)

# Join header and Payload with "." to create a valid (unsigned) JWT
$JWT = $EncodedHeader + "." + $EncodedPayload

# Get the private key object of your certificate
$PrivateKey = $Certificate.PrivateKey

# Define RSA signature and hashing algorithm
$RSAPadding = [Security.Cryptography.RSASignaturePadding]::Pkcs1
$HashAlgorithm = [Security.Cryptography.HashAlgorithmName]::SHA256

# Create a signature of the JWT
$Signature = [Convert]::ToBase64String(
    $PrivateKey.SignData([System.Text.Encoding]::UTF8.GetBytes($JWT),$HashAlgorithm,$RSAPadding)
) -replace '\+','-' -replace '/','_' -replace '='

# Join the signature to the JWT with "."
$JWT = $JWT + "." + $Signature

# Create a hash with body parameters
$Body = @{
    client_id = $AppId
    client_assertion = $JWT
    client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
    scope = $Scope
    grant_type = "client_credentials"

}

$Url = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token"

# Use the self-generated JWT as Authorization
$Header = @{
    Authorization = "Bearer $JWT"
}

# Splat the parameters for Invoke-Restmethod for cleaner code
$PostSplat = @{
    ContentType = 'application/x-www-form-urlencoded'
    Method = 'POST'
    Body = $Body
    Uri = $Url
    Headers = $Header
}

$Request = Invoke-RestMethod @PostSplat

Reference: https://adamtheautomator.com/microsoft-graph-api-powershell/

Search Unified Audit Log

Audit Stream Activities

When required to audit the creation of Teams meetings or live events videos, the activity of such events is logged to the Office 365 audit logs aka unified audit logs.

The following Powershell command, reliant upon the Exchange Online Powershell module, will search the audit logs over the last 90 days and output the relevant entries from the audit log:

ipmo exchangeonlinemanagement

connect-exchangeonline

$Logs = Search-UnifiedAuditLog -RecordType MicrosoftStream  -StartDate ((Get-date).AddDays(-90)) -EndDate (get-date) -Resultsize 5000

Sway reporting in Powershell

Measure Sway usage in Office 365

This procedure will allow you to extract the number of users who have accessed Sway within Office 365 in the last thirty days. Perfect for keeping the Business Transformation manager  happy.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri '
https://ps.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession -Session $Session -AllowClobber
$logs = Search-UnifiedAuditLog -RecordType Sway -StartDate ((get-date).AddDays(-30)) -EndDate (get-date) -ResultSize 5000 $logs.userids|sort -Unique|measure

Investigate License errors in Office 365

Investigate License errors in Office 365

An important part of any administrators job is the routine investigation of any errors encountered in the Office 365 environment. This short article will describe how to identify if there are any licensing errors in your Office 365 tenancy.

This assumes you already use dynamic groups for assigning Office 365 product licenses as per this Microsoft webpage: 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal

Report on all users who have a license error attached to their MSOL identity

1. Install the MSOnline powershell module

install-module MSOnline

2. Connect to MSOnline powershell

connect-msservice

3. Assign all users to a variable 

$allusers = get-msoluser -all

4. Filter all users with a licensing error into a separate variable

$errorusers = $allusers|where{$_.IndirectLicenseErrors -ne $null}

This will give you a list of all accounts that have a license error attached to them and each instance will require investigation.

Identify suspended Office 365 licensed users

Identify suspended 365 licensed users

This command will identify if there are any users with suspended Office 365 licenses in your tenancy.
There is a requirement of the MSOnline powershell commandlets to be able to access this information.

Get-MsolSubscription|where{$_.status -eq "Suspended"}|fl skupartnumber,ObjectId

Report on Sway usage in Office 365

Report on Sway usage in Office 365

When asked to create a report of Sway usage for a group of users within Office 365, there is no dedicated Sway admin portal so we need some Powershell commands and some audit report data to achieve this.

1. Access https://protection.office.com
2. Sign in using your work or school account.
3. In the left pane of the Security & Compliance Center, click Search, and then click Audit log search.
   The Audit log search page is displayed.
4. Configure your search criteria as 'Viewed Sway'
5. Enter the start and finish dates of your search window
6. Click Search to begin the audit log search process
7. When the search is completed, the results will be displayed in the browser. We need to export these to CSV by clicking the Export Results drop down list.
8. Open the CSV file in Excel and highlight the data in the users column and copy this to the clipboard.
9. Open Powershell ISE and issue the following commands:

$users = get-clipboard

$users|where{$_ -like "user@domain.gov.uk"}|sort -unique

This will return a list of users from a particular domain who have accessed Sway 

Arrays .Indexof()

Microsoft Teams Remote Powershell Workarounds

Remote powershell sessions to the Teams Infrastructure have a habit of disconnecting at the most inopportune moments.

Usually whilst in the midst of a foreach loop.

To recover from this, the .IndexOf() method is most invaluable.

Usage is as follows:

$User = get-aduser <samaccountname>

$ArrayName.IndexOf($User)

Will return the index of the array where the object can be found. The loop can then be continued with the following command

for ($n = <index>; $n -le <ArraySize>; $n++)

     {

          Some Powershell commands here......

     }