Category: Microsoft 365

Fixing Windows / Azure / 365 User Connections with dsregcmd
article #1550, updated 70 days ago

Sometimes Windows’ relationship with 365, or a user’s profile, or just a user on a PC or terminal server, will not log into 365. This appears to be the result of corruption of cached credentials.

The most straightforward way is probably to nuke all User/Windows/Azure relationship and recreate. As written, this would probably be very bad on a terminal server, because it will nuke the relationship for all users and all profiles. So far, no per-user commands identified.:

Remove 365 accounts from “Access Work and School”, then run these:

dsregcmd /debug /cleanupaccounts
dsregcmd /debug /leave

from administrative CMD, and also from SYSTEM (paexec or psexec can do this), then reboot, then remove from Access Work and School if still there, then set up user relationship(s) again.

But today we have a report that dsregcmd /status did something, unknown, which fixed one terminal server user. Not sure what. Next time I plan to run many tests with this info:

ss64.com/nt/dsregcmd.html

And if you see error CAA5021, do this:

Search for Manage user certificates in the search bar and open it from Best match. Then navigate to Current User\Personal\Certificates and make sure the MS-Organization-Access and MS-Organization-P2P-Access entries are deleted.

No reboot needed for that last.

Categories:      

==============

Download Microsoft Teams (newest)
article #1568, updated 245 days ago

Here’s the download page:

www.microsoft.com/en-us/microsoft-teams/download-app

This downloads an .MSIX, which one can usually double-click effectively. The link appears to be nicely static at this writing:

statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix

And some Powershell to do the download and the install:

cd $env:TEMP
curl.exe -O "https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix"
Add-AppxPackage -Path '.\MSTeams-x64.msix'
# placeholder for Enter

Categories:      

==============

Block personal use of Microsoft Teams
article #1567, updated 356 days ago

If you want to prevent non-M365 login to Teams:

answers.microsoft.com/en-us/msteams/forum/all/how-to-disable-the-access-to-team-for-personal-use/79c67ef8-e58f-4ebb-9f82-8e5937348c57

Categories:      

==============

Microsoft Entra Connect - Rename of Azure AD Connect - Download
article #1564, updated 366 days ago

OK, so it started as DirSync, is still being called on some pages “Azure AD Connect”, including the download page as of this writing:

www.microsoft.com/en-us/download/details.aspx?id=47594

but it is, apparently, officially renamed Microsoft Entra Connect:

learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect-v2

except within the URL itself :-)

Please note that this is NOT the same as Microsoft Entra Cloud Sync. The above does LDAP, Cloud Sync does not.

Categories:      

==============

New Microsoft firewall needs
article #1553, updated 443 days ago

A new needs page has been put up. Major changes. If you have a strict firewall, try opening all of these up. IPv6 is listed within the required sections, not clear how much that is true.

learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

Categories:      

==============

Sign-in Event Log for Microsoft 365
article #1552, updated 454 days ago

A nice tool:

entra.microsoft.com/#view/Microsoft_AAD_IAM/SignInEventsV3Blade?Microsoft_AAD_IAM_legacyAADRedirect=true

Categories:      

==============

Purge/Delete Deleted Users and Mailboxes in Office 365
article #1481, updated 469 days ago

First we connect to Exchange Online via Powershell. First we install or update the MSOnline module.

#Install
Set-Executionpolicy RemoteSigned -Scope Process
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
#Update
Set-Executionpolicy RemoteSigned -Scope Process
Update-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

Then we connect:

Connect-MsolService

Now get a list of deleted users:

Get-MsolUser -ReturnDeletedUsers

And here’s how we permanently purge all of them. Do this ONLY if you are certain. There is no going back after this.

Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Categories:      

==============

Connect Powershell to Exchange Online
article #804, updated 469 days ago

There are different methods for 365/Azure. But to get directly to Exchange Online from Powershell running on Windows, a current update of longstanding methods is as follows.

To install the module:

Set-Executionpolicy RemoteSigned -Scope Process
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

To update the module:

Set-Executionpolicy RemoteSigned -Scope Process
Update-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

To connect:

Connect-ExchangeOnline -UserPrincipalName admin@domain.com

Current reference, including methods for MacOS and Linux as well:

learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2

Categories:      

==============

Connect to Microsoft 365 (starting 2023; Microsoft Graph)
article #1535, updated 497 days ago

This is at the 365 level, not the Exchange level. To connect:

Connect-MgGraph -Scope User.Read.All 

(or User.ReadWrite.All)

To get user info:

Get-MgUser -UserID username@domain.com

To change immutable ID to “a”:

Update-MgUser -UserID username@domain.com -OnPremisesImmutableId "a"

One cannot change ImmutableID to $null, but it can be changed, so an AD/AZ ‘hard match’ is probably still possible. Have not verified yet.

The Exchange Online direct connection from Powershell, does remain, and is freshly updated.

Categories:      

==============

Microsoft Graph for Microsoft 365, Utilitarian Primer
article #1538, updated 497 days ago

Microsoft is getting rid of Powershell modules we have been learning for years, in favor of something radically different, called Microsoft Graph. Here’s a page which gives us the profoundly different pattern of Graph usage for some nice things to have:

blog.raindrops.dev/blog/force-password-change-for-all-users-in-office-365/

The Exchange Online direct connection from Powershell, does remain, and is freshly updated.

Categories: