By Eric Krapf As always, this will be the place where everybody comes together to exchange and debate ideas about the future of communications and collaboration technology.
As cybercriminals continue to exploit unpatched on-premises versions of Exchange Server 2013, 2016, and 2019, we continue to actively work with customers and partners to help them secure their environments and respond to associated threats. To date, we have released a comprehensive Security Update, a one-click interim Exchange On-Premises Mitigation Tool for both current and out-of-support versions of on-premises Exchange Servers, and step-by-step guidance to help address these attacks.
Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on.
The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.
Microsoft will provide guidance to our security partners so that they have the option to make available similar, simple mitigations in their products as well.
We are deeply committed to protecting our customers. To stay up to date please continue to review the content posted at https://aka.ms/exchangevulns.
Frequently Asked Questions
Q: If I have Microsoft Defender Antivirus installed on my Exchange Server do I need to take any further action to get this mitigation?
A: Customers that install Microsoft Defender Antivirus and have automatic definition updates enabled (default setting) do not have to take further action to receive the mitigation.
Q: My organization manages Microsoft Defender Antivirus definition updates. What do I need to do to ensure I have this mitigation?
A: Customers that manage Microsoft Defender Antivirus definition updates need to select the new detection build (1.333.747.0 or newer) and deploy that to the Exchange Server.
Q: After this mitigation, do I still need to install the security update?
A: Yes. This automatic mitigation breaks the attack chain by mitigating CVE-2021-26855. Customers should still prioritize getting current on security updates for Exchange Server to comprehensively address the vulnerabilities.
Q: When does Microsoft Defender Antivirus apply the mitigation?
A: Microsoft Defender Antivirus will automatically identify if a vulnerable version of Exchange Server is installed and apply the mitigations the first time the security intelligence update is deployed. The mitigation is deployed once per machine.
Q: Is cloud protection required to receive the mitigation?
A: No. However, enabling cloud protection is a best practice that will keep you with the most current protections against the ever-changing threat environment. Customers are encouraged to enable cloud protection.
Q: What can I do if I don’t have Microsoft Defender Antivirus?
A: Use the One-Click Microsoft Exchange On-Premises Mitigation Tool found here.
Legal departments are increasingly being called on to not only help navigate a broad range of issues but also to show organizational leadership and become strategic partners to the business.
Summary: MVPs Jan Ketil Skanke and Ståle Hansen will share how they approached a global Teams Rooms deployment for a larger global organization moving to Teams Only Mode. Learn Ståle's thinking on network placement and account configuration. How Jan Ketil deployed the rooms for almost zero touch rollout and monitored the MTR's. In the end they will reflect on Teams Admin Center administration capabilities.
My notes:
There were two main success factors for this project to deploy 1500 Teams Room Systems:
from all locations where you have rooms, it will show you relevant network metrics such as packet loss, latency and jitter.
Use the Network planner found in the Teams Admin Portal to plan the network. It is also possible to populate the network planner from an excel file via a "hack" - here is how.
It is possible to use a separate VLAN for rooms devices in order to avoid MFA requirements.
Teams Room Systems can connect to Zoom and Webex meetings via guest join. For forwarded meeting invites to work you need to run the command
This means that external users can invite the Room to meetings.
Safe Links will reqire some customization: Do not rewrite teams.microsoft.com addresses
Jan Ketil talked about the deployment.
Deployment
Deployment Requirements
Global scalability
Fully automated (F12 to deploy)
Deployment Setup
Configuration Manager for OS Deployment
Based on the Deployment toolkit for MTR
Customized for scale and stability
Custom Room Selector User Interface
Autoconfigure the MTR
Enroll to AAD and Intune
Why was Intune used?
Manageability beyond Teams (Windows)
3rd party software (such as software for a certain camera)
Change the MTR Theme
Blocked the automatic updates from the Windows store in favor for Intune and Azure Monitor was used to create alerts and to build workbooks for deeper reporting.
Yesterday I installed Teams powershell module 2.0.0 from this localtion.
Today the fun begin when I was planning to run some connection to my tenant.
I tried with this stuff
Import-Module MicrosoftTeams
$sfbSession = New-CsOnlineSession
Import-PSSession $sfbSession -allowClobber
and $sfbSession=New-CsOnlineSession did not work. Long list of errors.
I just what, this is strange.
Ran this one: Import-Module MicrosoftTeams
worked fine
then I ran this: Connect-MicrosoftTeams
and it asked about my cred and logged me in. And now I was able to run the rest of it.
Nice to know and now time upgrade my scripts.
Teams Cast away Episode #6
Last night I had a guest at my Podcast, who was Rune Løkke from PointTaken. We talks about, Teams, workfromhome and return to office, apps in Teams, some bot tips and tricks and more. All in Norwegian since this is Norwegian Podcast. You find it here
PowerShell is a powerful scripting language and automation tool. You make changes for one thing or hundreds of things using the same script or function. One amazing feature to add to your functions is the PowerShell -WhatIf parameter. This parameter tells you what the function is going to do before you execute it for real.
In this post, you will learn how to add the PowerShell -WhatIf parameter to your functions using easy-to-follow examples.
What is the PowerShell -WhatIf Parameter?
The PowerShell -WhatIf parameter enables the function to simulate what it will do instead of actually executing. Testing the function in this way allows you to understand the impact of the command. Think of it as a safety net to ensure you don’t break stuff.
For example, you want to remove mailboxes with the string “Shared” in the name. Adding -WhatIf to Remove-Mailbox allows you to verify which mailboxes will be removed before executing the command for real.
By adding -WhatIf to the Remove-Mailbox command, you verify which mailboxes the command will remove. The command doesn’t actually make any changes. It just lets you know what would have happened.
However, the PowerShell -WhatIf parameter does not always guarantee the command will execute successfully. You can still run into issues with permissions or another component that prevents the command from executing successfully. Adding -WhatIf will show what will happen given everything else goes correctly.
You add the PowerShell -WhatIf parameter to functions that have the potential to make changes. Some examples of PowerShell verbs for these commands include Set and Remove. If you are using PSScriptAnalyzer to check your functions and scripts for best practices, one of its rules is to add the PowerShell -WhatIf functionality to these functions if it finds it.
Here I am running PSScriptAnalyzer against the function you will write later in this article. Note the output saying the function is using a verb that makes changes, so the function should support ‘ShouldProcess’ (more on this later).
Adding ShouldProcess to Your PowerShell Code
To use the -WhatIf parameter, you add the SupportsShouldProcess attribute to the [CmdletBinding()] section of your code. The CmdletBinding attribute adds capabilities to functions so the function works more like a compiled cmdlet. These capabilities include automatic parameters like Verbose, Debug, and the WhatIf parameter.
Here is an example function definition that sets a user’s telephone number in Azure Active Directory. The function includes:
CmdletBinding attribute with SupportsShouldProcess
Two parameters for the user principal name and phone number
Code that sets the phone number
Surprisingly enough, the Set-AzureAdUser cmdlet does not include the -WhatIf parameter. Since it is not included, I thought this would be a good example to wrap into a specific function for setting a user’s telephone number.
Adding SupportsShouldProcess to CmdletBinding is not enough. You wrap the code that is making the change into an if block. The if block checks if you specified the -WhatIf parameter by checking the automatic variable $PSCmdlet and the ShouldProcess method. This tells the function to not execute the code in the if block but to display what the function would have done.
The ShouldProcess method accepts multiple arguments, but only one is required. For a single argument, specify the target of the action, such as the user account or file name.
Here is the Set-AzureAdUser command wrapped in this if statement with $UserPrincipalName as the argument for ShouldProcess:
if ($PSCmdlet.ShouldProcess($UserPrincipalName)) {
Set-AzureAdUser -ObjectId $UserPrincipalName -TelephoneNumber $PhoneNumber
}
Here is the output of the function when using the -WhatIf parameter. The output message contains the name of the function and the target of the action, in this case, the user principal name.
Customizing the “What if” Message
The ShouldProcess method accepts more than one argument to customize the “What if” message. In the above example, the first argument specified the target being modified by the command. The next argument customizes the operation name.
This example gives more detailed information on what phone number (the operation) is being assigned to the user (the target). Note the “Assigning $PhoneNumber” appear as the operation in the output screenshot.
To fully customize the message, insert a string in the first argument place while maintaining the existing arguments in the second and third slot.
if ($PSCmdlet.ShouldProcess("Assigning the number $PhoneNumber to user $UserPrincipalName", $UserPrincipalName, "Assigning $PhoneNumber")) {
Set-AzureAdUser -ObjectId $UserPrincipalName -TelephoneNumber $PhoneNumber
}
Closing
Adding the PowerShell -WhatIf parameter takes a few extra lines of code but provides invaluable functionality to your code. If your script or function has complex logic that branches based on different criteria, using what if can show what the code will do before running it for real.
Sammanfattning: Vi går igenom de Teams-nyheter som kom under Ignite. Denna keynote är för dig som vill ha en översiktsvy på vad som är nytt i Teams och vad som rullas ut de närmaste veckorna.
T.ex. Vad är Viva och när ska man använda Microsoft Mesh? Webinar i Teams är nu enklare än någonsin, men hur? Hur har Teams blivit säkrare?
Mina anteckningar:
Linus och panelen i studion
Dynamic view - beroende på hur många som är med så kommer layouten förändras dynamiskt.
View switcher - användaren kan själv välja hur det ska se ut.
Top gallery - gör att det blir lättare att titta in i kameran.
Presenter mode - så att man kan se sina anteckningar i PowerPoint, mer får plats på en skärm.
Standout mode - att man kan ha sig själv framför det man presenterar.
Live reactions gör att man kan skicka emojis till presentatörer under presentationen utan att avbryta.
Microsoft Mesh - VR kommer närmare affärsmöten och affärstillämpningar, även utan Hololens och andra avancerade enheter. Kan ge roligare möten, men kanske lite för roligt för arbetslivet ännu.
Stöd för webinarier - ett vanligt möte med ett anmälningsformulär för upp till 1000 deltagare i ett vanligt möte, och upp till 20,000 deltagare i view-only läge. Webinar bokas precis som vanliga möten i Teams.
Endpoint transfer, flytta enkelt ditt möte från datorn till mobiltelefonen, eller tvärtom.
ACS - Azure Communication Services, APIer för kommunikation för att koppla samman interna Teams användare med externa användare som ansluter på olika sätt.
Teams Connect (Shared channels) gör det lättare att samarbeta mellan Office 365 tenants.
Även om tenant switching har blivit snabbare så är det lite besvärligt att växla från sin egen tenant till andra. Alla i panelen verkar köra privata tabbar i webbläsare för att kunna vara med i flera tenants samtidigt.
Funktionen att stänga av video för deltagare i möten finns nu också i Teams, precis på samma sätt som man kan stänga av mikrofonen för deltagare.
ATP (Safe links) är en viktig säkerhetsfunktion i Teams.
Microsoft Viva - employee experice platform eller en ny plattform ska hjälpa människor att trivas och må bra på jobbet. Ett antal appar och produkter som sätts ihop till en ny plattform i Teams.
Kommer det något som gör det enklare/snabbare mellan olika Teams organisationer?
Man kan tänkas sig att Teams Connect är ett första steg i den riktningen, men inget vi vet än.
När man har ett återkommande möte, där man tar in en föredragande eller gäst så är ett problem att dessa kan se möteschatten även från tidigare möten och de har också access till chatten efter mötet så de ser framtida chatt, såvida man inte aktivt går in och tar bort dem. Kommer det en funktion där man kan ha en skyddad mötes chatt för dem som är inbjudna permanent till mötet?
Det kommer att komma en förändring kring detta så att de som blir inbjudna tillfälligt inte har tillgång till t.ex. chat.