Just passed with 800. SSRP Writes-back required P1 or P2 License Two authentication methods required for AAD admin role Does not need to register least one mobile device (more than 1 way instead of mobile) Has to be turned on before to enforce MD ATP > CAS = MD ATP PORTAL WD ATP > ATP →
MS-500 – Microsoft 365 Security Administration
Free course https://www.fastlane.live/us_en/e-learning/microsoft-365-security-administrator-track.html Sign up and purchase the course (free) Free Practice Test https://www.examtopics.com/exams/microsoft/ms-500/ https://www.itexams.com/info/MS-500 Free Test Dumps: https://master-exam.com/Microsoft/MS-500/ MS Office Pratice Test https://www.measureup.com/ms-500-microsoft-365-security-administration.html Skills measured Implement and manage identity and access (30-35%) Implement and manage threat protection (20-25%) Implement and manage information protection (15-20%) Manage governance and compliance features in Microsoft 365 (20-25%)
[IAM] Explaining Security Assertion Markup Language ( SAML 2.0 )
What is SAML? Security Assertion Markup Language (SAML) is an open standard federation protocol. SAML was introduced in 2001 SAML 2.0 superseded SAML in 2005 SAML protocol is used for authentication (AUTHN), and authorization (AUTHZ), and is often used for SSO (Single Sign-on) to web-based applications. The SAML specification defines three entities or roles: The →
[EXO] Inbox Rule Issues Post Migration
In some instances, users with client side rules may break as they do not get touched in the migration. For any client rules that reference a specific sender/folder/etc they will normally use X500/LegacyDN to identify conditions and will stop working. There is no set limit for the amount of Inbox rules a user can have. →
[EXO] Identifying Validation Errors
$errors = (Get-MsolContact –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolGroup –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolUser -UserPrincipalName “<User_ID>”).Errors $errors | foreach-object {“`nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: ” + $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} →
[EX2010] Identifying Cmd-let associated with Role, and who has it.
$Perms = Get-ManagementRole -Cmdlet remove-remotemailbox $Perms | Foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName} Role RoleAssigneeType RoleAssigneeName —- —————- —————- Mail Recipient Creation RoleGroup Recipient Management Mail Recipient Creation RoleGroup Organization Management Get-ManagementRoleAssignment -Role “Mail Recipient Creation” get-rolegroupmember “organization management”
[EXO] The client and server cannot communicate, because they do not possess a common algorithm
Windows Server 2008 can’t do beyond TLS 1.0. Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default. Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported Check supported protocols: https://www.ssllabs.com/ssltest/index.html Turn off TLS 1.0.1.1 and SSL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 |
Enabling TLS 1.2 Use
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SystemDefaultTLSVersions with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v3.0 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.23026 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.1 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 |
[EXO][EX2010] Removing dual mailboxes
Ensure you have a user mailbox backup prior to starting the following process as there is potential risk of data loss. Options are to have a third party solution to perform a mailbox backup or export to PST (see new-mailboxexport cmdlet). Capture relevant information from on-premise exchange and exchange online. Grab the mailbox information (primary →
[EX2010][EXO] Forwarding Address Export and Import
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
#Load Exchange 2010 Module Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue #Setup Variables $Filename = "C:\temp\tasks\fowarding_address\export.csv" $header = "UPN,ForwardingSmtpAddress,DeliverToMailboxAndForward" $header | Out-File $Filename #Grab Data $Users = Get-Mailbox -ResultSize Unlimited -Filter { (ForwardingAddress -ne $null) -or (ForwardingSmtpAddress -ne $null) } ForEach ($User in $Users) { if ($user.ForwardingSmtpAddress -ne $null) { $forwardingSmtpAddress = $user.ForwardingSmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logstring = "$($user.PrimarySmtpAddress),$($forwardingSmtpAddress),$($DeliverToMailboxAndForward)" $logstring | Out-File $Filename -Append } else { if ($user.ForwardingAddress -ne $null) { $forwardingContact = $user.ForwardingAddress $forwardingContactAddress = (Get-Recipient $forwardingContact).PrimarySmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logString = "$($user.PrimarySmtpAddress),$($forwardingContactAddress),$($DeliverToMailboxAndForward)" $logString | Out-File $Filename -Append } } } #Remove Exchange 2010 Module Remove-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 #Connect to Exchange Online $username = "<user name>" $targetdir = (dir $env:LOCALAPPDATA”\Apps\2.0\” -Include CreateExoPSSession.ps1,Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse | Group Directory | ? {$_.Count -eq 2}).Values | sort LastWriteTime -Descending | select -First 1 | select -ExpandProperty FullName import-Module $targetdir\CreateExoPSSession.ps1 $PasswordFile = "Password.txt" $KeyFile = "AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) connect-exopssession -credential $MyCredential #Reapply forwarding to migrated EXO mailboxes $Users = Import-Csv $Filename ForEach ($user in $users) { $DeliverToMailboxAndForward = [System.Convert]::ToBoolean($User.DeliverToMailboxAndForward) Set-Mailbox -Identity $($user.UPN) -DeliverToMailboxAndForward $DeliverTomailboxAndForward -ForwardingSmtpAddress $($user.ForwardingSmtpAddress) -whatif } #Kill Session and Remove Module Get-PSSession | Remove-PSSession Get-Module | Remove-Module |
Single mailbox export to PST file
Add member of a role group which has the Mailbox Import Export role
|
1 |
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "<user name or alias>" |
Export primary mailbox:
|
1 |
New-MailboxExportRequest -Mailbox <user> -FilePath \\<server FQDN>\<shared folder name>\<PST name>.pst |
Export archive mailbox:
|
1 |
New-MailboxExportRequest -Mailbox <user> -FilePath \\<server FQDN>\<shared folder name>\<PST name>.pst -isarchive |
More details https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/New-MailboxExportRequest?redirectedfrom=MSDN&view=exchange-ps