Azure

Configuring Microsoft Intune – Apps within your company portal

Leave a comment

Do you have one of the following licencing sets and you are not utilising Microsoft Intune? It would be criminal.

  • Intune
  • Enterprise Mobility + Security E3
  • Enterprise Mobility + Security E5
  • Microsoft 365 E3
  • Microsoft 365 E5
  • Microsoft 365 F1
  • Microsoft 365 Business
  • Microsoft 365 Education A1
  • Microsoft 365 Education A3
  • Microsoft 365 Education A5

Its time roll out the company portal and manage your corporate data across all mobile device.

Microsoft Intune is not available for the following licence sets and you need need to purchase one of the valid sets above.

  • Office 365 F1
  • Office 365 Business Premium
  • Azure Active Directory Free, Basic, Premium P1, Premium P2 None

Launch Microsoft Azure Portal

(https://portal.azure.com)

Open Intune either by using the Search resources, services, and docs or from your favourites. Select Client apps, Apps.

As you can see, there are no applications found currently within Client apps. In this section are able to define a number of different applications types with can be used whole Microsoft Intune platform.

For the purposes of this blog post we are only focusing on Other –> Built-In applications which have been optimised by Microsoft to ensure that all corporate data and general applications are secure.

Built-In applications target most of the Microsoft applications that are used day to day by all corporate enterprises. We will be selecting Adobe Acrobat Reader for Intune as an example of how to configure and publish applications into the company portal.

Click on your chosen app, press “Select” and press “Add”

Select Properties, App information – configure

Within this section you will need we will need configure the app information with the following

  • Category – This is not key but allows you group business, productivity, etc.. applications together
  • Display this as a feature app in the Compant Portal – Yes 
  • Logo – Give the application a logo which will appear in the company portal

Save the changes

Select Assignments, Add group

Under Assignment type, I have selected Available for enrolled devices.

Select Include Groups, Select Yes, Press OK x2 and Save

This will now make this application available within the company portal and you can repeat this process for other built-in applications.

 

This concludes this post

Regards

The Author – Blogabout.Cloud

Big News, Office 365, Windows 10

Big news in the world of the modern desktop: Office 2016 supported extended

Leave a comment

Microsoft announced in April 2017 that they be ceasing support for legacy Office clients into Office 365 services, however this stance has now changed based on customer feedback to Microsoft

  • Office 2013 and below will cease as expected on 13th October 2020
  • Office 2016 will now be extended until October 2023

 

With this announcement it also includes a number of changes to the supported operating system versions of Windows.

Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To support customers already on Office 365 ProPlus through their operating system transitions, we are updating the Windows system requirements for Office 365 ProPlus and revising some announcements that were made in February. We are pleased to announce the following updates to our Office 365 ProPlus system requirements:

  • Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end of support date for Windows 8.1.
  • Office 365 ProPlus will also continue to be supported on Windows Server 2016 until October 2025.
  • Office 365 Pro Plus will also continue to be supported on Windows 7 (ESU) Extended Security Updates through Janaury 2023. Windows 7 ESU will only be available for Windows 7 Pro/Enterprise customers with Volume Licensing.

Other big news is four changes Microsoft have also announced (Longer support windows for Windows 10):

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

Office 365, PowerShell

Populate your Exchange Mailbox with dummy data before migrating to Exchange Online or Vice Versa

Leave a comment

Have you ever had a requirement where you need to populate an Exchange or Office 365 Mailbox with data? This is general a common ask when looking to migrate to/from Exchange Online and can be time consuming if your manually sending emails. The following script has been modified to provide an easy way of sending data using the Send-MailMessage PowerShell cmdlet and also capture better error logging.

I would like to thank Andreas Hähnel for his efforts in creating the original script.

This modified script using Try and Catch variables to ensure the specified File location contains documents which can be used and also provide Help on each parameter. Add-MailboxData.zip (111 downloads)

Add-MailboxData.zip (111 downloads)

Check out the video demonstration below

Microsoft Teams, PowerShell

Detect, Remove, Destroy and Upgrade your Microsoft Teams Module`

Aside Leave a comment

The following script has been designed to detected, remove and upgrade your Microsoft Team PowerShell Module.

How does it work?

The script will initial check if you are running a PowerShell window with evaluated privileges as this is a prerequisites to running this script. Once Administrative privileges have been detected it will compare the installed version of the Microsoft Teams module against the online version located the PSGallery. If the online is greater than the installed version, the script will use the uninstall-module cmdlet to remove the previous version and install the latest version from the PSGallery.

If your installed version matches the online version no actions will be taken.

This script also includes an output of the installed client version of Microsoft Teams with its Ring and Environment information as shown below

Download this script today

Detect-MicrosoftTeams-Version (470 downloads)

Regards

The Author – Blogabout.Cloud

Azure, PowerShell

Install PowerShell for Azure Stack

Leave a comment

Installing PowerShell for Azure Stack has a number of prerequistes which need to be met. The following script has been designed and tested to preform all the necessary tasks within a single script execution.

The following steps have been taken from https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-powershell-install

1. Verify your prerequisites

Before your get started with Azure Stack and PowerShell, you will need to have a few requirements in place.

PowerShell Version 5.0
To check your version, run $PSVersionTable.PSVersion and compare the Major version. If you do not have PowerShell 5.0, follow the link to upgrade to PowerShell 5.0.

Note

PowerShell 5.0 requires a Windows machine.

Run Powershell an elevated prompt
You will need to be able to run PowerShell with administrative privileges.

PowerShell Gallery access
You will need access to the PowerShell Gallery. The gallery is the central repository for PowerShell content. The PowerShellGet module contains cmdlets for discovering, installing, updating, and publishing PowerShell artifacts such as modules, DSC resources, role capabilities, and scripts from the PowerShell Gallery and other private repositories. If you are using PowerShell in a disconnected scenario, you will need to retrieve resources from a machine with a connection to the Internet and store them in a location accessible to your disconnected machine.

2. Validate if the PowerShell Gallery is accessible

Validate if PSGallery is registered as a repository.

Note

This step requires Internet access.

Open an elevated PowerShell prompt, and run the following cmdlets:
PowerShell

Import-Module -Name PowerShellGet -ErrorAction Stop
Import-Module -Name PackageManagement -ErrorAction Stop
Get-PSRepository -Name “PSGallery”

If the repository is not registered, open an elevated PowerShell session and run the following command:
PowerShell

Register-PsRepository -Default
Set-PSRepository -Name “PSGallery” -InstallationPolicy Trusted

3. Uninstall existing versions of the Azure Stack PowerShell modules

Before installing the required version, make sure that you uninstall any previously installed Azure Stack AzureRM PowerShell modules. You can uninstall them by using one of the following two methods:

To uninstall the existing AzureRM PowerShell modules, close all the active PowerShell sessions, and run the following cmdlets:
PowerShell

Uninstall-Module AzureRM.AzureStackAdmin -Force
Uninstall-Module AzureRM.AzureStackStorage -Force
Uninstall-Module -Name AzureStack -Force

Delete all the folders that start with Azure from the C:\Program Files\WindowsPowerShell\Modules and C:\Users\AzureStackAdmin\Documents\WindowsPowerShell\Modules folders. Deleting these folders removes any existing PowerShell modules.

4. Connected: Install PowerShell for Azure Stack with Internet connectivity

Azure Stack requires the 2017-03-09-profile API version profile, which is available by installing the AzureRM.Bootstrapper module. In addition to the AzureRM modules, you should also install the Azure Stack-specific PowerShell modules.

Run the following PowerShell script to install these modules on your development workstation:

Version 1.4.0 (Azure Stack 1804 or greater)
PowerShell

# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper

# Install and import the API Version Profile required by Azure Stack into the current PowerShell session.
Use-AzureRmProfile -Profile 2017-03-09-profile -Force

# Install Module Version 1.4.0 if Azure Stack is running 1804 at a minimum
Install-Module -Name AzureStack -RequiredVersion 1.4.0

Version 1.2.11 (before 1804)
PowerShell

# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper

# Install and import the API Version Profile required by Azure Stack into the current PowerShell session.
Use-AzureRmProfile -Profile 2017-03-09-profile -Force

# Install Module Version 1.2.11 if Azure Stack is running a lower version than 1804
Install-Module -Name AzureStack -RequiredVersion 1.2.11

Confirm the installation by running the following command:
PowerShell

Get-Module -ListAvailable | where-Object {$_.Name -like “Azs*”}

If the installation is successful, the AzureRM and AzureStack modules are displayed in the output.

All seems simple, right?

PowerShell script demonstration

The following video demonstrates the Set-AzureStackPS script, which is available to download via the following URL.

PowerShell for Azure Stack (94 downloads)

Regards

The Author – Blogabout.Cloud

Office 365

Understanding the roles within Office 365 administration

Leave a comment

Are you Office 365 Global Administrator? Do you understand the roles available within Office 365 Administrator for granting access?

The answer is probably no, as in my experience customers or Global Administrators don’t really understand the options that are available without Professor Google.

The below table lists all the available roles that are currently in action within Office 365. So whether you are a Helpdesk Admin or a dedicated Exchange Admin, Office 365 has the correct roles that fits your needs.

Global admin Global administrator

Accesses all administrative features in the Office 365 suite of services in your plan, including Skype for Business. By default the person who signs up to buy Office 365 becomes a global admin.

Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. As a best practice we recommend that only a few people in your company have this role. It reduces the risk to your business.

Tip: Make sure everyone who is a global admin in your organization has a mobile phone number and alternate email address in their contact info. Check out Change your organization’s address, technical contact email, and other information for more details.
Credit card Billing administrator Makes purchases, manages subscriptions, manages support tickets, and monitors service health.
Exchange OnlineExchange administrator Manages mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Office 365 admin center.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.

To learn more, see About the Exchange Online admin role.
SharePoint adminSharePoint administrator Manages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators and term store administrators.

Permissions assigned to SharePoint sites are completely separate from the Office 365 global admin role. You can be a global admin without access to a SharePoint site if you weren’t added to it or didn’t create the site.

People in this role can also can view all the activity reports in the Office 365 admin center.

To learn more, see About the SharePoint admin role.
Key, permissions Password administrator Resets passwords, manages support tickets, and monitors service health. Password admins are limited to resetting passwords for users.
Skype for Business OnlineSkype for Business administrator (Also includes Microsoft Teams) Configures Skype for Business/Microsoft Teams for your organization and can view all the activity reports in the Office 365 admin center.

To learn more, see About the Skype for Business admin role.
Headset Service administrator Opens support tickets with Microsoft, and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them.

Tip: People who are assigned to the Exchange Online, SharePoint Online, and Skype for Business admin roles should also be assigned to the Service admin role. This way they can see important information in the Office 365 admin center, such as the health of the service, and change and release notifications.
User User management administrator Resets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Office 365 groups. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance and Skype for Business admins.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.
Reporting reader admin Reports reader Can view all the activity reports in the Office 365 admin center and any reports exposed through the reporting APIs.
Security and Compliance center roles If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review.

To learn more about them, see Permissions in the Office 365 Security & Compliance Center.
Icon for Dynamics 365Dynamics 365 (online) When a person is assigned to the Office 365 global administrator role, they are automatically assigned to the System Administrator security role in Dynamics 365 (online).

A person assigned to the System Administrator security role in Dynamics 365 can assign other people to Dynamics 365 security roles. With the System Administrator security role, you can manage all aspects of Dynamics 365. For more information about Dynamics 365 security roles, check out Manage subscriptions, licenses, and user accounts.
Icon for Dynamics 365

Dynamics 365 service administrator

 Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.

Check out Use the Dynamics 365 service admin role to manage your tenant to learn more.
Power BI administrator A person assigned to the Power BI admin role will have access to Office 365 Power BI usage metrics. They’ll also be able to control your organization’s usage of Power BI features. For more information about administering Power BI, see Administering Power BI in your organization.
Message Center reader

Monitors changes to the service and can view all posts to the Message center in Office 365 and share Message center posts with others through email. Users assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions

The above information has been taken from Microsoft and reposted for public awareness.

Regards,
The Author

Office 365, On-Premises, PowerShell

Granting permissions to users based on Group Membership with PowerShell

Leave a comment

Hello,

Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?

I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.

I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.

  • You have a basic understanding of PowerShell Scripting
  • You have modified all locations shown with ‘#########’ to your requirements

For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.

clear-host
# Define Service Account
$username = '#########'
$password = '#########'
$pass = Convertto-Securestring -String $password -asPlaintext -Force
$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)

# Connect to Office 365
Import-Module MSOnline
Connect-MsolService -Credential $credential

# Connect to Skype for Business Online
Import-Module -Name SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession -Session $sfboSession -AllowClobber

# Get Group Members
Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

# Import Users
$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv

# Assign CsClientPolicy
Foreach ($row in $csv) {
If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})
{
Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'
}
else
{
Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"
get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt
}
}

You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.

# Get Group Members
Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes

Regards

The Author

PowerShell

Working with PowerShell Global Variables

Leave a comment

Hello,

I have been recently working on a number of PowerShell scripts which have several different “Functions” and found that I need to use variables that may have been previous set in a previous Function action. If a variable has been set in a function we are not able to just use the $Variable name in the following function so, as we don’t want to be prompting for the same information over and over again we can get around this issue by using Global Variables.

Example script without a global variable.

The following script shows that $accountname prompt has been specified in both functions increase the manual input require to action this script. This is an acceptable method if you wanted to be prompted but in a scripting scenario PowerShell can do a lot more to reduce the need for manual input.

Function Get-Mailbox {
$accountname = Read-Host -Prompt 'Please enter - Account Name'
Get-Mailbox -Name $AccountName
}

Function Set-Mailbox{ 
$accountname = Read-Host -Prompt 'Please enter - Account Name'
$password = Read-Host -Prompt 'Please enter - Password'
Set-Mailbox -Name $accountname -Password $password
}

Example script a global variable.

The following script is now using $Global:AccounName which sits outside of the Function blocks and looks at the $accountname variable when it has been specified or called into action. So any other functions within the script which require the $accountname variable will now be defined as $Global:AccountName as shown below.

$Global:AccountName = $accountname

Function Get-Mailbox {
$accountname = Read-Host -Prompt 'Please enter - Account Name'
Get-Mailbox -Name $AccountName
}

Function Set-Mailbox {
$password = Read-Host -Prompt 'Please enter - Password'
Set-Mailbox -Name $Global:AccountName -Password $password
}

This concludes how to use a Global Variable within your PowerShell script.

Remember: PowerShell is one of the most powerful tools available to all IT Professional and the best of it…. It’s FREE. It only requires you to launch the PowerShell Consoles whether that maybe PowerShell or PowerShell ISE. Start your PowerShell journey today and script actions you complete on a day to day basis to reduce the time and effort required.

Regards

The Author – Blogabout.Cloud

Notes from the Field, Skype for Business

Notes from the Field: KB298200 – The update is not applicable to your computer

Leave a comment

Hello Reader,

In this “Notes from the Field” post we will look at a common Skype for Business error which you may encounter when installing a Skype for Business Front End for the first time.

As you can see from the image below we have encountered an error during the the deployment wizard when installing a Skype for Business Front End for the first time on a newly built Windows 2012 R2 Server.

After downloading KB298200 and attempting to install the required Windows Update the following error occurs;

In order to resolve this issue effectively we need to download the latest Skype for Business Server Cumulative Update. This error was resolved in Skype for Business Server cumulative update Janaury 2018. A good point of reference for all Skype for Business Server CU, head over to https://blogs.technet.microsoft.com/uclobby/2015/06/22/skype-for-business-2015-cumulative-update-list/ 

First of all, you will need to stop all Skype for Business Service and this can be done easily using the following PowerShell cmdlet:

Stop-CSWindowsService

Launch the Skype for Business Update Installer and click ‘Install Updates’

Once the installation has been completed you will be able to complete the deployment wizard process with a successful outcome.

Please Note: You will need to re-run the Skype for Business Update Installer to patch the rest of the Skype for Business services.

Regards

Author – Blogabout.Cloud

Windows 10

Windows 10 Fall Creator Update 1709 – Sysprep was not able to validate your Windows installation

Leave a comment

Hello Reader,

In this post, we will look at a known bug within the Windows 10 Fall Creators Update 1709, where you are unable to perform a sysprep of a Windows 10 workstation running update 1709. This is a little annoying bug which prevents sysprep from running.

The error messages as shown below provides you with a bit of detail and a UNC Folder to check the log file for more information.
Sysprep was not able to validate your Windows installation.
Review the log file at:
%WINDIR%\Systems32\Sysprep\Panther\setupact.log for details. After resolving this issue, use sysprep to valiate your installation again.

This error seems to be caused by Windows 10 Store Apps updating within the background, we can prevent this from happening by adding the following reg key either by using regedit or Powershell. As I am a big avodate of PowerShell I will using show the deployment and removal of this key using PowerShell.

Identifiying the Windows 10 Applications.

Using the path provided within the sysprep error message you will be able to easily identify the problem application, this is case the problem was being caused by the SketchBook application. Once removing SketchBook app the problem persisted as a number of other apps needs to be removed also.

Video demostration.

You can find a video of each application being removed until sysprep was able to successfully execute.

We hope that this post has helped your issue.

Regards
Author