There's a script for that: June 2017

28 June 2017

Connect-EXOPSSession behind proxy

With the new Exchange Online Remote PowerShell Module you can connect to Exchange Online with MFA enabled on your account.
But what if you are behind a proxy and are unable to connect?
Chances are that there is one process that goes directly to the internet:

When trying to connect you get the error below:

This PowerShell module allows you to connect to Exchange Online service.            
            
To connect, use: Connect-EXOPSSession -UserPrincipalName your UPN            
            
To get additional information, use: Get-Help Connect-EXOPSSession            
            
PS C:\Users\> Connect-EXOPSSession -UserPrincipalName username@yourtenant.onmicrosoft.com            
New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the following error message : WinRM ca            
nnot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the            
 network and that a firewall exception for the WinRM service is enabled and allows access from this computer. By defau            
lt the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. Fo            
r more information, see the about_Remote_Troubleshooting Help topic.            
At C:\Users\username\AppData\Local\Apps\2.0\CCA4XODV.QGQ\BBNHW64J.DHE\micr..tion_c3bce3770c238a49_0010.0000_a5ac7e7ccec31            
8ba\CreateExoPSSession.ps1:179 char:22            
 PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName -C ...            
                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~            
     CategoryInfo          : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException            
     FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang            
   e.Management.ExoPowershellSnapin.NewExoPSSession

We have to force all traffic through the proxy, the easiest way to do this is with netsh:

Check current settings for the PowerShell session:
netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

Set the proxy server:
netsh winhttp set proxy proxy.domain.lan:8080

Current WinHTTP proxy settings:

Proxy Server(s) : proxy.domain.lan:8080
Bypass List : (none)

Reset to no proxy server settings:
netsh winhttp reset proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

21 June 2017

Connect to Exchange Online with MFA enabled

Been searching a little while before I got this thru my skull.

I had enabled MFA for my account over at Exchange Online and tried to connect to the remote PowerShell. Immediately my screen turned red.

New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com 
failed with the following error message : [ClientAccessServer=VI1PR0101CA0080,
BackEndServer=am5pr10m 
b0595.eurprd10.prod.outlook.com RequestId=d3099d49-9287-419a-b22f-91e1bf7b888d,
TimeStamp=6/21/2017 10:43:42 AM] Access Denied For more information, see the 
about_Remote_Troubleshooting Help topic.

The access denied error is what triggered me to search for the MFA solution, because in the Office Portal I could log in just fine.

After some searching on the web I came across this:
https://technet.microsoft.com/library/mt775114.aspx
This just recently became available (for as far as I know), prior MFA had to be disabled for the Organisation Management account. Which is a terrible idea of course.

After installing the Exchange Online Remote PowerShell Module you get a new icon in your start menu.

After starting the new PowerShell module you're greated by this:

As you can see there's a new way to connect to Exchange Online with MFA enabled on your command.
The Connect-EXOPSSession is the new way, and a new commandlet not available in any of the installed modules the PowerShell Module directory.
I tried to find what module is explicitly loaded but was unsuccessful.
I think it downloads the module directly from the cloud, right after starting the module a black screen is briefly displayed and then the PowerShell window is shown.

Change Hyper-V Network Category from Public to Private and from Private to DomainAuthenticated with Powershell

This is one of those things that you can do multiple ways.
In my case however the normal routine of changing the network category type from Public to Private didn't work because my machine is domain joined.

When trying to create a HomeGroup you get this on a domain joined machine:

So PowerShell saves the day once again.
First see what adapters you have and what their current category is:

Get-NetConnectionProfile

Name             : Unidentified network
InterfaceAlias   : vEthernet (Internal Virtual Switch)
InterfaceIndex   : 8
NetworkCategory  : Public
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic

Then set the adapter to category private:

Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private

Check the settings:

Get-NetConnectionProfile

Name             : Unidentified network
InterfaceAlias   : vEthernet (Internal Virtual Switch)
InterfaceIndex   : 8
NetworkCategory  : Private
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic

And from Private to Domain:

Check the current settings:

Get-NetConnectionProfile

Name             : Network
InterfaceAlias   : vEthernet (External V-Switch)
InterfaceIndex   : 17
NetworkCategory  : Private
IPv4Connectivity : LocalNetwork
IPv6Connectivity : LocalNetwork

Set to DomainAuthenticated:

Set-NetConnectionProfile -InterfaceIndex 17 -NetworkCategory DomainAuthenticated

Then restart the Network Location Awereness Service (NLA):

Restart-Service -Name NlaSvc -Force

And check again:

Get-NetConnectionProfile

Name             : domain.lan
InterfaceAlias   : vEthernet (External V-Switch)
InterfaceIndex   : 17
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : Internet

19 June 2017

Remote PowerShell login Office365, SkypeForBusiness Online, SharePoint Online, Exchange Online, Security and how to disconnect

Remote PowerShell login Office 365 all modules

Requisites login into Office 365 Skype for Business Online are:

· Running OS must be 64bit

· Microsoft .NET Framework 4.5.x

· PowerShell Version 3.0 or higher
(if you need to install Version 3.0+, download and install Windows Management Framework 4.0: https://www.microsoft.com/en-us/download/details.aspx?id=40855)

You need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online:
Microsoft Online Service Sign-in Assistant for IT Professionals RTW
Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

Download the Windows PowerShell module for Skype for Business Online
https://www.microsoft.com/en-us/download/details.aspx?id=39366
After installation copy the SkypeOnline and the LyncOnline module folders found in:

C:\Program Files\Common Files\Skype for Business Online\Modules

to:

C:\Windows\System32\WindowsPowerShell\v1.0\Modules

This is because when running Import-Module SkypeOnline the modules can not be found.

By copying them to the default module directory for PowerShell they can be found and load right up.

MicrosoftOnlineLogin

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential

SkypeForBusiness

Import-Module SkypeOnlineConnector
$SfBoSession = New-CsOnlineSession -Credential $credential
Import-PSSession $SfBoSession

SharePoint

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url https://domainhost-admin.sharepoint.com -credential $credential

Exchange

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking

Security

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $ccSession -Prefix cc

Logout

Remove-PSSession $sfboSession
Remove-PSSession $exchangeSession
Remove-PSSession $ccSession
Disconnect-SPOService

There is no disconnect or remove session option for MSOL, just close the PowerShell window.

12 June 2017

Free Azure documentation

After searching for some info on office365 i came across this page:
https://docs.microsoft.com/en-us/azure/#pivot=services

On this page all of Azure's services are displayed categorized by service type.
By clicking one of the subject for instance Storage and the choosing Backup you're presented a page where you can browse in a technet kind of way.
But it also display's a button "Download pdf"

In the pdf is everything that's on the webpage, so you can read it offline. Nice.
I created a list with the most interesting services (for myself that is) for quick downloading:

monitoring + management

networking

security + identity

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/multi-factor-authentication.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/active-directory-domain-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/active-directory.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/key-vault.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/security.pdf

storage

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/site-recovery.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/backup.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/storsimple.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/data-lake-store.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/storage.pdf

web + mobile

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/notification-hubs.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/mobile-engagement.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/search.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/media-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/cdn.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/logic-apps.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/app-service-api.pdf

There's a script for that

Pages