Password-less sign-in to Office 365

Today i was busy hardening my Office 365 Security and i came to the topic about Password-less sign-in. I have heard this at some recent events like Experts Live an Ignite. So it was time to configure this.

What is Password-less sign-in

Password-less sign-in is a different way of login in to Azure AD. You will sign in with a number picker instead of a old school password. As you all know Microsoft thinks old school passwords are not safe anymore. And logically this is true. Because a Password is just a set of characters If you take a common password like “Welcome123!@” then these are al characters and there is no difference in character between a capital W or a symbol like @. The only difficulty you can create is the length but if someone want to crack that, then that will just be a matter of time until it is cracked.

How does it work

How does password-less sign-in work. This new method allows you to completely replace your password with a number match on yourAzure Authenticator app as the first factor together with your biometric like Touch ID for the 2nd factor to complete the sign-in.  This 2-way communication with the identity provider (IdP), in this case, Azure AD, makes the phone itself a strong credential and a password is no longer required because we have the number challenge.

I think this way of authentication combined with Windows hello for business is where safe authentication is heading to.

Configuration

To start configuring Password-less sign in We should start up Powershell. I used the cloud based version of Powershell from Azure AD.

Cloud shell Powershell password-less sign-in

When pressing this button in Azure AD a Cloud shell will start “you need a storage account for this”.
When the cloud shell is started it is time to configure the password-less sign-in.

Powershell cloud shell password-less sign-in

type or copy the following command. And no worries you will only make the option available besides the other authentication methods.

New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Powershell commando password-less sign-in

When this is done you have configured Password-less sign in. And it is time to try it out. Make sure you test it first to some pilot users. The impact can be high but you wont lock anyone out.

Issues

There are still some issue due this functionality is still in preview. The current issues are regarding.

  • ADFS integrated with Azure AD
  • Azure MFA
  • Only one device registration is possible

For more info check here for the Microsoft docs. Also check out my other blogs

Please follow and like us:
error

Exchange buildnumbers and versions

I have created a list with all Exchange buildnumbers and version numbers. The list starts from Exchange 2010 because everything before 2010 is end of life. In the future i will mark RU and CU which contain a schema differently.

Exchange buildnumbers Server 2019

Bellow you find a table with all the buildnumbers regarding Exchange server 2019

BuildDescriptionRelease Date
15.02.0330.007Security Update For Exchange Server 2019 CU1 (KB4487563)2019 April 9
15.02.0330.006CU1 For Exchange Server 2019 RTM (KB4471391)2019 February 12
15.02.0221.016Security Update For Exchange Server 2019 RTM (KB4487563)2019 April 9
15.02.0221.014Security Update For Exchange Server 2019 RTM (KB4471389)2019 January 9
15.02.0221.012​Exchange Server 2019 RTM2018 October 22
15.02.0196.000Exchange Server 2019 – Preview2018 July 24

Exchange buildnumbers Server 2016

Bellow you find a table with all the buildnumbers regarding Exchange server 2016

BuildDescriptionRelease Date
15.01.1713.006Security Update For Exchange Server 2016 CU12 (KB4487563)2019 April 9
15.01.1713.005CU12 for Exchange Server 2016 (KB4471392)2019 February 12
15.01.1591.016Security Update For Exchange Server 2016 CU11 (KB4487563)2019 April 9
15.01.1591.013Security Update For Exchange Server 2016 CU11 (KB4471389)2019 January 9
15.01.1591.100CU11 for Exchange Server 2016 (KB4134118)2018 October 16
15.01.1531.010Security Update For Exchange Server 2016 CU10 (KB4471389)2019 January 9
15.01.1531.008Security Update For Exchange Server 2016 CU10 (KB4459266)2018 October 9
15.01.1531.006Security Update For Exchange Server 2016 CU10 (KB4340731)2018 August 14
15.01.1531.003CU10 for Exchange Server 2016 (KB4099852)2018 June 19
15.01.1466.012Security Update For Exchange Server 2016 CU9 (KB4459266)2018 October 9
15.01.1466.010Security Update For Exchange Server 2016 CU9 (KB4340731)2018 August 14
15.01.1466.008Security Update For Exchange Server 2016 CU9 (KB4092041)2018 May 8
15.01.1466.003CU9 for Exchange Server 2016 (KB4055222)2018 March 20
15.01.1415.007Security Update For Exchange Server 2016 CU8 (KB4092041)2018 May 8
15.01.1415.002CU8 for Exchange Server 2016 (KB4035145)2017 December 17
15.01.1261.037Security Update for Exchange Server 2016 CU7 (KB4045655)2017 December 12
15.01.1261.035CU7 for Exchange Server 2016 (KB4018115)2017 September 16
15.01.1034.033Security Update For Exchange Server 2016 CU6 (KB4045655)2017 December 12
15.01.1034.032Security Update For Exchange Server 2016 CU6 (KB4036108)2017 September 12
15.01.1034.026CU6 for Exchange Server 2016 (KB4012108)2017 June 27
15.01.0845.039Security Update For Exchange Server 2016 CU5 (KB4036108)2017 September 12
15.01.0845.036Security Update For Exchange Server 2016 CU5 (KB4018588) 2017 July 11
15.01.0845.034CU5 for Exchange Server 2016 (KB4012106)2017 March 21
15.01.0669.032CU4 for Exchange Server 2016 (KB3177106)2016 December 13
15.01.0544.030MS17-015 Security Update for Exchange Server 2016 CU32017 March 14
15.01.0544.027CU3 for Exchange Server 2016 (KB3152589)2016 September 20
15.01.0466.037MS16-108 Security Update for Exchange Server 2016 CU22016 September 13
15.01.0466.034CU2 for Exchange Server 2016 (KB3135742)2016 June 21
15.01.0396.037MS16-108 Security Update for Exchange Server 2016 CU12016 September 13
15.01.0396.033MS16-079 Security Update for Exchange Server 2016 CU12016 June 14
15.01.0396.030CU1 for Exchange Server 2016 (KB3134844)2016 March 15
15.01.0225.049MS16-079 Security Update for Exchange Server 2016 RTM2016 June 14
15.01.0225.042Exchange Server 2016 RTM2015 September 28
15.01.0225.016Exchange Server 2016 Preview2015 July 15

Exchange buildnumbers Server 2013

Bellow you find a table with all the buildnumbers regarding Exchange server 2013

BuildDescriptionRelease Date
15.00.1473.004Security Update For Exchange Server 2013 CU22 (KB4487563)2019 April 9
15.00.1473.003CU22 for Exchange Server 2013 (KB4345836)2019 February 12
15.00.1395.010Security Update For Exchange Server 2013 CU21 (KB4471389)2019 January 9
15.00.1395.008Security Update For Exchange Server 2013 CU21 (KB4459266)2018 October 9
15.00.1395.007Security Update For Exchange Server 2013 CU21 (KB4340731)2018 August 14
15.00.1395.004CU21 for Exchange Server 2013 (KB4099855)2018 June 19
15.00.1367.009Security Update For Exchange Server 2013 CU20 (KB4340731)2018 August 14
15.00.1367.006Security Update For Exchange Server 2013 CU20 (KB4092041)2018 May 8
15.00.1367.003CU20 for Exchange Server 2013 (KB4055221)2018 March 20
15.00.1365.007Security Update For Exchange Server 2013 CU19 (KB4092041)2018 May 8
15.00.1365.001CU19 for Exchange Server 2013 (KB4037224)2017 December 17
15.00.1347.003Security Update For Exchange Server 2013 CU18 (KB4045655)2017 December 12
15.00.1347.002CU18 for Exchange Server 2013 (KB4022631)2017 September 16
15.00.1320.007Security Update For Exchange Server 2013 CU17 (KB4045655)2017 December 12
15.00.1320.006Security Update For Exchange Server 2013 CU17 (KB4036108)2017 September 12
15.00.1320.004CU17 for Exchange Server 2013 (KB4012114)2017 June 27
15.00.1293.006Security Update For Exchange Server 2013 CU16 (KB4036108)2017 September 12
15.00.1293.004Security Update For Exchange Server 2013 CU16 (KB4018588)2017 July 11
15.00.1293.002CU16 for Exchange Server 2013 (KB4012112)2017 March 21
15.00.1263.005CU15 for Exchange Server 2013 (KB3197044)2016 December 13
15.00.1236.006MS17-015 Security Update for Exchange Server 2013 CU142017 March 14
15.00.1236.003CU14 for Exchange Server 2013 (KB3177670)2016 September 20
15.00.1210.006MS16-108 Security Update for Exchange Server 2013 CU132016 September 13
15.00.1210.003CU13 for Exchange Server 2013 (KB3135743)2016 June 21
15.00.1178.009MS16-108 Security Update for Exchange Server 2013 CU122016 September 13
15.00.1178.006MS16-079 Security Update for Exchange Server 2013 CU122016 June 14
15.00.1178.004CU12 for Exchange Server 2013 (KB3108023)2016 March 15
15.00.1156.010MS16-079 Security Update for Exchange Server 2013 CU112016 June 14
15.00.1156.006CU11 for Exchange Server 2013 (KB3099522)2015 December 10
15.00.1130.007CU10 for Exchange Server 2013 (KB3078678)2015 September 15
15.00.1104.005CU9 for Exchange Server 2013 (KB3049849)2015 June 16
15.00.1076.009CU8 for Exchange Server 2013 (KB3030080)2015 March 17
15.00.1044.025CU7 for Exchange Server 2013 (KB2986485)2014 December 9
15.00.0995.029CU6 for Exchange Server 2013 (KB2961810)2014 August 26
15.00.0913.022CU5 for Exchange Server 2013 (KB2936880)2014 May 27
15.00.0847.062Security Update For Exchange Server 2013 SP1 (KB4092041)2018 May 8
15.00.0847.057Security Update For Exchange Server 2013 SP1 (KB4036108)2017 September 12
15.00.847.055Security Update For Exchange Server 2013 SP1 (KB4018588)2017 July 11
15.00.0847.053MS17-015 Security Update for Exchange Server 2013 SP12017 March 14
15.00.0847.050MS16-108 Security Update for Exchange Server 2013 SP12016 September 13
15.00.0847.047MS16-079 Security Update for Exchange Server 2013 SP12016 June 14
15.00.0847.032Service Pack 1/CU4 for Exchange Server 2013 (KB2926248)2014 February 25
15.00.0775.041CU3 for Exchange Server 2013 (KB2892464)2013 December 5
15.00.0712.024CU2 Version 2 for Exchange Server 2013 (KB2859928)2013 July 29
15.00.0712.022CU2 for Exchange Server 2013 (KB2859928)2013 July 29
15.00.0620.029CU1 for Exchange Server 2013 (KB2816900)2013 April 2
15.00.0516.032Exchange Server 2013 RTM2012 December 3

Exchange buildnumbers Server 2010

Bellow you find a table with all the buildnumbers regarding Exchange server 2010

BuildDescriptionRelease Date
14.03.0442.000Update Rollup 26 for Exchange Server 2010 SP3 (KB4487052)2019 February 12
14.03.0435.000Update Rollup 25 for Exchange Server 2010 SP3 (KB4468742)2019 January 8
14.03.0419.000Update Rollup 24 for Exchange Server 2010 SP3 (KB4458321)2018 September 11
14.03.0417.001Update Rollup 23 for Exchange Server 2010 SP3 (KB4340733)2018 August 14
14.03.0411.000Update Rollup 22 for Exchange Server 2010 SP3 (KB4295699)2018 June 19
14.03.0399.002Update Rollup 21 for Exchange Server 2010 SP3 (KB4091243)2018 May 8
14.03.0399.002Update Rollup 21 for Exchange Server 2010 SP3 (KB4091243)2018 May 8
14.03.0389.001Update Rollup 20 for Exchange Server 2010 SP3 (KB4073537)2018 March 5
14.03.0382.000Update Rollup 19 for Exchange Server 2010 SP3 (KB4035162)2017 December 17
14.03.0361.001Update Rollup 18 for Exchange Server 2010 SP3 (KB4018588)2017 July 11
14.03.0352.000Update Rollup 17 for Exchange Server 2010 SP3 (KB4011326)2017 March 21
14.03.0339.000Update Rollup 16 for Exchange Server 2010 SP3 (KB3184730)2016 December 13
14.03.0319.002Update Rollup 15 (MS16-108) for Exchange Server 2010 SP3 (KB3184728)2016 September 13
14.03.0301.000Update Rollup 14 (MS16-079) for Exchange Server 2010 SP3 (KB3151097)2016 June 14
14.03.0294.000Update Rollup 13 for Exchange Server 2010 SP3 (KB3141339)2016 March 15
14.03.0279.002Update Rollup 12 for Exchange Server 2010 SP3 (KB3096066)2015 December 10
14.03.0266.001Update Rollup 11 for Exchange Server 2010 SP3 (KB3078674)2015 September 15
14.03.0248.002Update Rollup 10 for Exchange Server 2010 SP3 (KB3049853)2015 June 16
14.03.0235.001Update Rollup 9 for Exchange Server 2010 SP3 (KB3030085)2015 March 17
14.03.0224.002Update Rollup 8 v2 for Exchange Server 2010 SP3 (KB2986475)2014 December 12
14.03.0224.001Update Rollup 8 v1 for Exchange Server 2010 SP3 (recalled)2014 December 9
14.03.0210.002Update Rollup 7 for Exchange Server 2010 SP3 (KB2961522)2014 August 26
14.03.0195.001Update Rollup 6 for Exchange Server 2010 SP3 (KB2936871)2014 May 27
14.03.0181.006Update Rollup 5 for Exchange Server 2010 SP3 (KB2917508)2014 February 24
14.03.0174.001Update Rollup 4 for Exchange Server 2010 SP3 (KB2905616)2013 December 9
14.03.0169.001Update Rollup 3 for Exchange Server 2010 SP3 (KB2891587)2013 November 25
14.03.0158.001Update Rollup 2 for Exchange Server 2010 SP3 (KB2866475)2013 August 8
14.03.0146.000Update Rollup 1 for Exchange Server 2010 SP3 (KB2803727)2013 May 29
14.03.0123.004Service Pack 3 for Exchange Server 2010 (KB2808208)2013 February 12
14.02.0247.005Service Pack 2 for Exchange Server 20102011 December 4
14.01.0218.015Service Pack 1 for Exchange Server 20102010 August 23
14.00.0639.021Exchange Server 2010 RTM2009 November 9
Exchange updates and buildnumbers
Please follow and like us:
error

Cheat sheet with all Ports and rules needed for a Exchange Hybrid Infrastructure

Exchange Hybrid Ports Cheat Sheet

When working with Exchange I sometimes come to clients who already have a hybrid exchange configured environment. In many cases this is when the hybrid configuration does not work. To make things easier for myself, I created an overview that eliminates the pain of firewalls and networks.

To help you guys out in these situations i share my ports overview document with you, The document is mentions as a cheat sheet this means that you can adjust it and present it to the customers network team.

Overview

There are always some requirements for a Exchange hybrid environment

  • External IP for a seperate Hybrid flow that resolves to hybrid.domain.nl
  • You need to be sure that the hybrid server is part of the mail environment
  • Make sure autodiscover is set the right way
  • The Exchange server which is used for the Hybrid configuration needs to be in the LAN
  • Do NOT forget the Exchange online and Exchange online protection URL’s
  • If you do not have an external IP use the external IP of the autodiscover.

hybrid exchange ports cheat sheet
hybrid exchange ports cheat sheet

 

Click here to read other posts for more Exchange related posts.

 

Please follow and like us:
error

Monitor Windows AD and Azure AD Health with Microsoft OMS

What is Microsoft Operation Management Suite (OMS)

Oms (Microsoft Operations Management Suite) is Microsoft’s cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. In this case we will use OMS to monitor and sort of “manage” Azure AD connect and Azure AD identities.

Before we start with OMS

Bore we start there are some requirements.

  1.  We need a Valid OMS Subscription – OMS has different level of subscriptions. It is depending on the OMS services you use and amount of data you uploaded. Ther is a free version which provides 500mb daily upload and 7-days of data retention.
  2. Direct Connection to Azure AD
  3. Domain Administrator Account in order to install the agent in the domain controllers we need to have Domain Administrator privileges.
  4. Global admin account to perform some actions in Azure AD

How to enable OMS as an AD Solutions 

Log in to OMS https://login.mms.microsoft.com/signin.aspx?ref=ms_mms as OMS administrator

Click on Solution Gallery

By default, AD Assessment solution is enabled. In order to enable AD Replication Status  click on the tile from the solution list and then click on Add.

Install OMS Agents 
Next step of the configuration is to install monitoring agent in domain controllers and get them connected with OMS.
1. Log in to the domain controller as domain administrator
2. Log in to OMS portal
3. Go to Settings > Connected Sources > Windows Servers > click on Download Windows Agent (64bit). it will download the monitoring agent to the system.
4. Once it is download, double click on the setup and start the installation process.
5. In first windows of the wizard click Next to begin the installation.
6. In next window read and accept the licenses terms.
7. In next window, we can select where it should install. If there is on changes click Next to Continue.
8. In next window, it asks where it will connect to. In our scenario, it will connect to OMS directly.
9. In next window, it asks about OMS Workspace ID and Key. it can be found in OMS portal in Settings > Connected Sources > Windows Servers. if this server is behind proxy server, we also can specify the proxy setting in this window. Once relevant info provided click on Next to continue.
 10. In next window, it asks how I need to check agent updates. It is recommended to use windows updates option. Once selection has made, Click Next.
11. In confirmation page, click Install to begin the installation.
12. Follow same steps for other domain controllers.
13. After few minutes, we can see the newly added servers are connected as data source under Settings > Connected Sources > Windows Servers

How to view analyzed Data

After a few minutes, OMS will start to collect data and virtualize the findings. To view this data, log in to OMS portal and click on relevant solution gallery tile in home page. You will find your analysed/ assessed servers there. You also get a quick overview and some recommendations for these servers.
Once click on the tile it brings you to a page where it displays more details about its findings. You will get a nice overview with all the collected data and it even provides you some fixes

 How to collect Windows logs for Analysis

Using OMS, we also can collect windows logs and use OMS analyzing capabilities to analyze those. When this enabled, OMS space usage and bandwidth usage on organization end will be higher. In order to collect logs,
1. Log in to OMS portal
2. Go to Settings > Data > Windows Event Logs
3. In the box, you can search for the relevant log file name and add it to the list. We also can select which type of events to extract. Once selection is made click Save.
After few minutes, you can start to see the events under log search option. In their using queries we can filter out the data. Also, we can setup email alerts based on the specific events.
*source http://www.rebeladmin.com/
Please follow and like us:
error

Where is the Bitlocker Key stored within Microsoft Azure AD

Storing your Bitlocker key

When you enroll your  Windows 10 devices with  Microsoft Intune, you have the posibility to store your Bitlocker recovery keys in Azure AD. There are two ways to store the Bitlocker key the proper way

  1. Store the Bitlocker key into Active Directory (on-premise)
  2. Store the Key Into Azure AD (Cloud)

When you use the Azure AD join and activate Bitlocker, you get the option to store the Recovery Key in Azure AD. When you walk through the Join or register the device wizard.

The Key will be stored in the Cloud/ Azure AD. To get these keys in the Classic Azure Portal follow the steps below

Classic Azure Portal steps

  1. Open Azure AD in the Management Portal https://manage.windowsazure.com
  2. Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
  3. Go to the Devices tab, and in the View box, select Devices.
  4. Select the affected device, and click View Details.

All registed recovery keys should be visible

(New) Azure Portal

Most of you will probably use the (new) azure Portal, to find the keys here is a little different but not to much. Follow the steps bellow to get the recovery keys from Azure AD

  1. Open Azure AD in the Management Portal https://portal.azure.com
  2. Open the Users and Groups blade and find the user involved.
  3. Go to his registred devices of the user.
  4. Click on the Device where you need the key from,

You will find the recovery key at the bottom of the device information

Please follow and like us:
error